jackgopack4
commented
2 weeks ago my bad, I think I branched this one off of that one; I will make sure to remove those changes from here
Open jackgopack4 opened 2 weeks ago
jackgopack4
commented
2 weeks ago my bad, I think I branched this one off of that one; I will make sure to remove those changes from here
jackgopack4
commented
2 weeks ago ok I've completely separated the two. I don't mind which one merges first, whichever one I'll be able to rebase/merge the remaining branch
jackgopack4
commented
2 weeks ago marked as draft until I can resolve merge conflicts after #708 merge
TylerHelmuth
commented
6 days ago @jackgopack4 this is ready to pick up again since https://github.com/open-telemetry/opentelemetry-collector-releases/pull/708 is merged
jackgopack4
commented
6 days ago Thanks, yes I hadn't gotten a chance but I'll take another crack at it this week
jackgopack4
commented
5 days ago PR is ready for review, the release artifacts in my fork match exactly the release artifacts in the open-telemetry repo. https://github.com/jackgopack4/opentelemetry-collector-releases/releases/tag/v0.114.0 https://github.com/jackgopack4/opentelemetry-collector-releases/releases/tag/cmd%2Fbuilder%2Fv0.114.0
Currently, the collector distributions and OCB are not built as position-independent executables. According to the OTel Collector Security Audit, this could cause potential vulnerabilities: https://github.com/open-telemetry/opentelemetry-collector-releases/issues/618
This PR updates the goreleaser template and the corresponding YAML files to run two separate builds for each distribution that come together for one release each; if the platform and architecture support Internal Linking in Golang, they are built with flag
-buildmode=pie. If not, they are built the same way as before.You can see the sample releases in my forked repository: https://github.com/jackgopack4/opentelemetry-collector-releases/releases/tag/v0.114.0 https://github.com/jackgopack4/opentelemetry-collector-releases/releases/tag/cmd%2Fbuilder%2Fv0.114.0 https://hub.docker.com/r/johnpeterson785/opentelemetry-collector/tags https://hub.docker.com/r/johnpeterson785/opentelemetry-collector-contrib/tags https://hub.docker.com/r/johnpeterson785/opentelemetry-collector-otlp/tags https://hub.docker.com/r/johnpeterson785/opentelemetry-collector-k8s/tags
I took the approach of generating an "ignore" list for PIE vs not-PIE and otherwise leaving everything else the same.