Make the build consistent across archs for Go to correctly report the package path inside the binary

[macedogm]

Problem:

The build process is passing directly the main.go file for the build. According to Go's spec, this results in Go not properly identifying the package and module path and then marking the compiled binary as command-line-arguments.

Before:

> go version -m main
main: go1.22.9
	path	command-line-arguments

Now:

> go version -m webhook 
webhook: go1.22.9
	path	github.com/harvester/harvester-network-controller/cmd/webhook
	mod	github.com/harvester/harvester-network-controller	(devel)

Although this is a minor thing and that doesn't affect the binary itself, it actually blocks security scanners, for example Trivy, from correctly matching the binary (and its path/module origin) with a VEX entry.

This was identified internally when a false-positive vulnerability that was supposed to be suppressed was still being reported in the scanning reports.

Solution:

Only pass the directory that contains the Go file to build, not the file itself.

Related Issue:
N/A

Test plan:

See above.

[macedogm]

PTAL @bk201

[ihcsim]

This makes sense to me. It also makes thing consistent with the h/h repo.

[rrajendran17]

LGTM,Thanks

[ihcsim]

@mergify backport v0.4.x v0.5.x

[mergify]

backport v0.4.x v0.5.x

✅ Backports have been created

• #132 Make the build consistent across archs for Go to correctly report the package path inside the binary (backport #127) has been created for branch v0.4.x
• #133 Make the build consistent across archs for Go to correctly report the package path inside the binary (backport #127) has been created for branch v0.5.x