diff --git a/.tekton/governance-policy-addon-controller-acm-213-pull-request.yaml b/.tekton/governance-policy-addon-controller-acm-213-pull-request.yaml index 88949bb..b80b19c 100644 --- a/.tekton/governance-policy-addon-controller-acm-213-pull-request.yaml +++ b/.tekton/governance-policy-addon-controller-acm-213-pull-request.yaml @@ -32,6 +32,8 @@ spec: value: build/Dockerfile.rhtap - name: path-context value: . + - name: hermetic + value: true pipelineSpec: description: | This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization. diff --git a/.tekton/governance-policy-addon-controller-acm-213-push.yaml b/.tekton/governance-policy-addon-controller-acm-213-push.yaml index 7d4e866..24c0c4f 100644 --- a/.tekton/governance-policy-addon-controller-acm-213-push.yaml +++ b/.tekton/governance-policy-addon-controller-acm-213-push.yaml @@ -29,6 +29,8 @@ spec: value: build/Dockerfile.rhtap - name: path-context value: . + - name: hermetic + value: true pipelineSpec: description: | This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization. diff --git a/Makefile b/Makefile index 6cd71d5..6ba7cc2 100644 --- a/Makefile +++ b/Makefile @@ -76,7 +76,7 @@ gosec-scan: .PHONY: build build: ## Build manager binary. - CGO_ENABLED=1 go build -o build/_output/bin/$(IMG) main.go + CGO_ENABLED=1 go build -mod=readonly -o build/_output/bin/$(IMG) main.go ############################################################ # images section diff --git a/build/Dockerfile.rhtap b/build/Dockerfile.rhtap index af6c3f0..2a8f0e0 100644 --- a/build/Dockerfile.rhtap +++ b/build/Dockerfile.rhtap @@ -7,7 +7,6 @@ ENV COMPONENT=governance-policy-addon-controller ENV REPO_PATH=/go/src/github.com/stolostron/${COMPONENT} WORKDIR ${REPO_PATH} COPY . . -RUN go mod vendor RUN make build # Stage 2: Copy the binaries from the image builder to the base image