From 9327e1233cbf6d26f00a5ba992d20998088b675f Mon Sep 17 00:00:00 2001 From: Nick Boldt Date: Mon, 10 Jul 2023 15:33:34 -0300 Subject: [PATCH] CRW-4582 FIPS support Change-Id: Ibc152062a57cc670fafb17ba2389802906bfc64b Signed-off-by: Nick Boldt move CGO_ENABLED=1 to ENV Change-Id: I58795da72824b587d916e785dbd4e20251fa7e11 Signed-off-by: Nick Boldt --- Dockerfile | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3a5dc7fc0a..e48fb94a50 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,11 +11,15 @@ # https://registry.access.redhat.com/ubi8/go-toolset FROM registry.access.redhat.com/ubi8/go-toolset:1.19.10-3 as builder -ENV GOPATH=/go/ +ENV GOPATH=/go/ \ + CGO_ENABLED=1 ARG DEV_HEADER_REWRITE_TRAEFIK_PLUGIN="main" ARG SKIP_TESTS="false" USER root +# update RPMs +RUN dnf -y update + # upstream, download zips for every build # downstream, copy prefetched asset-*.zip into /tmp RUN curl -sSLo /tmp/asset-header-rewrite-traefik-plugin.zip https://api.github.com/repos/che-incubator/header-rewrite-traefik-plugin/zipball/${DEV_HEADER_REWRITE_TRAEFIK_PLUGIN} @@ -40,9 +44,10 @@ COPY controllers/ controllers/ COPY pkg/ pkg/ # build operator +# to test FIPS compliance, run https://github.com/openshift/check-payload#scan-a-container-or-operator-image against a built image RUN export ARCH="$(uname -m)" && if [[ ${ARCH} == "x86_64" ]]; then export ARCH="amd64"; elif [[ ${ARCH} == "aarch64" ]]; then export ARCH="arm64"; fi && \ if [[ ${SKIP_TESTS} == "false" ]]; then export MOCK_API=true && go test -mod=vendor -v ./...; fi && \ - CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} GO111MODULE=on go build -mod=vendor -a -o che-operator main.go + GOOS=linux GOARCH=${ARCH} GO111MODULE=on go build -mod=vendor -a -o che-operator main.go # https://registry.access.redhat.com/ubi8-minimal FROM registry.access.redhat.com/ubi8-minimal:8.8-1014