What kind of request is this?
Improvement of existing experience
What is your request or suggestion?
Go binary patching (#1388) clones source using the VCS commit hash from go version -m. When that metadata is stripped — common in distroless/scratch images built with -trimpath or -buildvcs=false — the clone fails and Copa falls back to a synthetic go.mod that often produces broken rebuilds. This affects roughly half of production Go images.
Two fallback strategies would cover most of these cases:
Image tag heuristic — extract the tag from the image ref (e.g. prometheus:v3.9.1 → v3.9.1), try it as a git ref against the repo derived from the module path. Works whenever image tags match git tags (common convention).
--go-vcs-url override — let users provide repo@ref explicitly for binaries where neither VCS metadata nor tag matching works.
Resolution order: user override → VCS commit (existing) → image tag heuristic.
Separately, deriveRepoFromModulePath could handle more vanity imports that currently return empty (cloud.google.com/go, go.uber.org, go.etcd.io, go.opentelemetry.io, google.golang.org/grpc, google.golang.org/protobuf).
Are you willing to submit PRs to contribute to this feature request?
What kind of request is this?
Improvement of existing experience
What is your request or suggestion?
Go binary patching (#1388) clones source using the VCS commit hash from go version -m. When that metadata is stripped — common in distroless/scratch images built with -trimpath or -buildvcs=false — the clone fails and Copa falls back to a synthetic go.mod that often produces broken rebuilds. This affects roughly half of production Go images.
Two fallback strategies would cover most of these cases:
Image tag heuristic — extract the tag from the image ref (e.g. prometheus:v3.9.1 → v3.9.1), try it as a git ref against the repo derived from the module path. Works whenever image tags match git tags (common convention).
--go-vcs-url override — let users provide repo@ref explicitly for binaries where neither VCS metadata nor tag matching works.
Resolution order: user override → VCS commit (existing) → image tag heuristic.
Separately, deriveRepoFromModulePath could handle more vanity imports that currently return empty (cloud.google.com/go, go.uber.org, go.etcd.io, go.opentelemetry.io, google.golang.org/grpc, google.golang.org/protobuf).
Are you willing to submit PRs to contribute to this feature request?