Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

This change ensures the baremetal-operator is built with FIPS compliance #125

Merged
merged 1 commit into from
Feb 7, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .prow_ci.env
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
export USE_IMAGE_DIGESTS=true
export FAIL_FIPS_CHECK=true
26 changes: 13 additions & 13 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
ARG GOLANG_BUILDER=golang:1.19
ARG OPERATOR_BASE_IMAGE=gcr.io/distroless/static:nonroot
ARG TARGETOS
ARG TARGETARCH
ARG GOLANG_BUILDER=registry.access.redhat.com/ubi9/go-toolset:1.19
ARG OPERATOR_BASE_IMAGE=registry.access.redhat.com/ubi9/ubi-minimal:latest

# Build the manager binary
FROM $GOLANG_BUILDER AS builder
Expand All @@ -14,19 +12,21 @@ ARG REMOTE_SOURCE_DIR=/remote-source
ARG REMOTE_SOURCE_SUBDIR=
ARG DEST_ROOT=/dest-root

ARG GO_BUILD_EXTRA_ARGS=
ARG GO_BUILD_EXTRA_ARGS="-tags strictfipsruntime"
ARG GO_BUILD_EXTRA_ENV_ARGS="CGO_ENABLED=1 GO111MODULE=on"

COPY $REMOTE_SOURCE $REMOTE_SOURCE_DIR
WORKDIR $REMOTE_SOURCE_DIR/$REMOTE_SOURCE_SUBDIR

USER root
RUN mkdir -p ${DEST_ROOT}/usr/local/bin/

# cache deps before building and copying source so that we don't need to re-download as much
# and so that source changes don't invalidate our downloaded layer
RUN if [ ! -f $CACHITO_ENV_FILE ]; then go mod download ; fi

# Build manager
RUN if [ -f $CACHITO_ENV_FILE ] ; then source $CACHITO_ENV_FILE ; fi ; CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} GO111MODULE=on go build ${GO_BUILD_EXTRA_ARGS} -a -o ${DEST_ROOT}/manager main.go
RUN if [ -f $CACHITO_ENV_FILE ] ; then source $CACHITO_ENV_FILE ; fi ; env ${GO_BUILD_EXTRA_ENV_ARGS} go build ${GO_BUILD_EXTRA_ARGS} -a -o ${DEST_ROOT}/manager main.go

RUN cp -r templates ${DEST_ROOT}/templates

Expand All @@ -51,16 +51,16 @@ ARG IMAGE_TAGS="cn-openstack openstack"

# Labels required by upstream and osbs build system
LABEL com.redhat.component="${IMAGE_COMPONENT}" \
name="${IMAGE_NAME}" \
version="${IMAGE_VERSION}" \
summary="${IMAGE_SUMMARY}" \
io.k8s.name="${IMAGE_NAME}" \
io.k8s.description="${IMAGE_DESC}" \
io.openshift.tags="${IMAGE_TAGS}"
name="${IMAGE_NAME}" \
version="${IMAGE_VERSION}" \
summary="${IMAGE_SUMMARY}" \
io.k8s.name="${IMAGE_NAME}" \
io.k8s.description="${IMAGE_DESC}" \
io.openshift.tags="${IMAGE_TAGS}"
### DO NOT EDIT LINES ABOVE

ENV USER_UID=$USER_ID \
OPERATOR_TEMPLATES=/usr/share/openstack-baremetal-operator/templates/
OPERATOR_TEMPLATES=/usr/share/openstack-baremetal-operator/templates/

WORKDIR /

Expand Down
5 changes: 4 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,9 @@ endif
SHELL = /usr/bin/env bash -o pipefail
.SHELLFLAGS = -ec

# Extra vars which will be passed to the Docker-build
DOCKER_BUILD_ARGS ?=

.PHONY: all
all: build

Expand Down Expand Up @@ -142,7 +145,7 @@ run: manifests generate fmt vet ## Run a controller from your host.
# More info: https://docs.docker.com/develop/develop-images/build_enhancements/
.PHONY: docker-build
docker-build: test ## Build docker image with the manager.
podman build -t ${IMG} .
podman build -t ${IMG} . ${DOCKER_BUILD_ARGS}

.PHONY: docker-push
docker-push: ## Push docker image with the manager.
Expand Down
Loading