diff --git a/.gitignore b/.gitignore index 73713a2db78c8..61698b791d9fa 100644 --- a/.gitignore +++ b/.gitignore @@ -80,3 +80,5 @@ shellcheck-reports # These files need to be ignored in order for `make tag` return a clean version string. repository-to-cpe.json container-name-repos-map.json +/pkg/version/internal/GIT_SHORT_SHA_VERSION +/pkg/version/internal/MAIN_VERSION diff --git a/pkg/version/internal/EMPTY_VERSION b/pkg/version/internal/EMPTY_VERSION new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/pkg/version/internal/version_data.go b/pkg/version/internal/version_data.go index 47b7af84355c7..78c598dd43011 100644 --- a/pkg/version/internal/version_data.go +++ b/pkg/version/internal/version_data.go @@ -1,7 +1,12 @@ package internal +import ( + "embed" +) + var ( - // MainVersion is the Rox version. + // MainVersion is the Rox version. Set to base tag via ldflags (//XDef:). + // For builds, GetMainVersion() overrides with the full version from MAIN_VERSION. MainVersion string //XDef:STABLE_MAIN_VERSION // CollectorVersion is the collector version to be used by default. CollectorVersion string //XDef:STABLE_COLLECTOR_VERSION @@ -10,5 +15,31 @@ var ( // ScannerVersion is the scanner version to be used with this Rox version. ScannerVersion string //XDef:STABLE_SCANNER_VERSION // GitShortSha is the (short) Git SHA that was built. - GitShortSha string //XDef:STABLE_GIT_SHORT_SHA + GitShortSha string ) + +// Optional untracked files written by go-tool.sh for builds. +// The *_VERSION glob matches them when present; when absent +// (tests, fresh clone, go vet), it matches EMPTY_VERSION. +// +//go:embed *_VERSION +var versionFS embed.FS + +// GetMainVersion returns the full version string. For builds, this is the +// detailed version from MAIN_VERSION (e.g. 4.7.0-123-gabcdef1234). +// For tests or when the file is absent, returns the ldflags value. +func GetMainVersion() string { + if data, err := versionFS.ReadFile("MAIN_VERSION"); err == nil { + return string(data) + } + return MainVersion +} + +// GetGitShortSha returns the git short SHA from the embedded file, +// or the value set by test code if the file is absent. +func GetGitShortSha() string { + if data, err := versionFS.ReadFile("GIT_SHORT_SHA_VERSION"); err == nil { + return string(data) + } + return GitShortSha +} diff --git a/pkg/version/version.go b/pkg/version/version.go index 214224773b35b..80fe363ba9709 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -21,7 +21,7 @@ var ( // GetMainVersion returns the tag of Rox. func GetMainVersion() string { - return internal.MainVersion + return internal.GetMainVersion() } // getCollectorVersion returns the current Collector tag. @@ -65,7 +65,7 @@ type Versions struct { func GetAllVersionsDevelopment() Versions { return Versions{ CollectorVersion: getCollectorVersion(), - GitCommit: internal.GitShortSha, + GitCommit: internal.GetGitShortSha(), GoVersion: runtime.Version(), MainVersion: GetMainVersion(), Platform: runtime.GOOS + "/" + runtime.GOARCH, diff --git a/scripts/go-tool.sh b/scripts/go-tool.sh index 85fb9e9c06db3..ad6676921fc4c 100755 --- a/scripts/go-tool.sh +++ b/scripts/go-tool.sh @@ -62,6 +62,16 @@ else printf >&2 "%s\n" "${x_def_errors[@]}" exit 1 fi + + # Write per-commit version info as untracked files for go:embed. + # These are NOT in ldflags so that link ActionIDs stay stable. + VERSION_DIR="${REPO_ROOT}/pkg/version/internal" + if [[ -n "${BUILD_TAG:-}" ]]; then + printf '%s' "${BUILD_TAG}" > "${VERSION_DIR}/MAIN_VERSION" + else + printf '%s' "$(cd "${REPO_ROOT}"; git describe --tags --abbrev=10 --long --exclude '*-nightly-*')" > "${VERSION_DIR}/MAIN_VERSION" + fi + printf '%s' "${status_STABLE_GIT_SHORT_SHA}" > "${VERSION_DIR}/GIT_SHORT_SHA_VERSION" fi ldflags=("${x_defs[@]}") @@ -75,13 +85,19 @@ if [[ "${CGO_ENABLED}" != 0 ]]; then fi function invoke_go() { - tool="$1" + local tool="${1:?"invoke_go tool argument required"}" shift + local args=() + local CGO_ENABLED + + args+=("-buildvcs=false") + args+=(-ldflags="${ldflags[*]}") + args+=(-tags "$(tr , ' ' <<<"$GOTAGS")") if [[ "$RACE" == "true" ]]; then - CGO_ENABLED=1 go "$tool" -race -ldflags="${ldflags[*]}" -tags "$(tr , ' ' <<<"$GOTAGS")" "$@" - else - go "$tool" -ldflags="${ldflags[*]}" -tags "$(tr , ' ' <<<"$GOTAGS")" "$@" + export CGO_ENABLED=1 + args+=("-race") fi + go "$tool" "${args[@]}" "$@" } function go_build() ( diff --git a/status.sh b/status.sh index cb93f0946c8e0..3799a9d703801 100755 --- a/status.sh +++ b/status.sh @@ -1,7 +1,7 @@ #!/bin/sh # Note: This requires .git directory in the build context (e.g. builder container) -echo "STABLE_MAIN_VERSION $(make --quiet --no-print-directory tag)" +echo "STABLE_MAIN_VERSION $(git describe --tags --abbrev=0 --exclude '*-nightly-*')" echo "STABLE_COLLECTOR_VERSION $(make --quiet --no-print-directory collector-tag)" echo "STABLE_FACT_VERSION $(make --quiet --no-print-directory fact-tag)" echo "STABLE_SCANNER_VERSION $(make --quiet --no-print-directory scanner-tag)"