Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fips-v1.7.1 #3

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
+209 −72
Draft

fips-v1.7.1 #3

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions .acquia/Dockerfile.ci
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
FROM jfrog.ais.acquia.io/devops-pipeline/acq-aws:2 as fips-golang-builder

# Update packages
USER root
RUN yum makecache \
&& yum update -y \
&& yum install -y tar gcc git curl \
&& yum clean all \
&& rm -rf /var/cache/yum

ARG TARGETOS=linux
ARG TARGETARCH=amd64

# Install Go
ARG GOLANG_VERSION=1.20
RUN curl -LO "https://go.dev/dl/go${GOLANG_VERSION}.${TARGETOS}-${TARGETARCH}.tar.gz" && \
tar -C /usr/local -xzf "go${GOLANG_VERSION}.${TARGETOS}-${TARGETARCH}.tar.gz" && \
rm -f "go${GOLANG_VERSION}.${TARGETOS}-${TARGETARCH}.tar.gz" && \
ls -la /usr/local/go/bin && \
chmod +x /usr/local/go/bin/go

# Set Golang environment variables
ENV GOPATH="/go"
ENV GOROOT="/usr/local/go"
ENV GOBIN="${GOPATH}/bin"
ENV GO111MODULE="on"
ENV GOOS=${TARGETOS}
ENV GOARCH=${TARGETARCH}
ENV GOPRIVATE=github.com/acquia

# FIPS
ENV GOEXPERIMENT=boringcrypto
ENV CGO_ENABLED=1

# Add path to go binaries
ENV PATH="${PATH}:${GOROOT}/bin:${GOBIN}"

WORKDIR /argo-rollouts

RUN git config --global --add safe.directory '*'

# Perform the build
COPY . .
42 changes: 42 additions & 0 deletions .acquia/pipeline.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
type: default
team: KCS
group: platform
service: argo-rollouts

# Validate the formatting of the pipeline.yaml file.
validate_config: true

environment_image:
file: ".acquia/Dockerfile.ci"
context: "."
build_args:
- secrets:
- type: vault
key: SSH_KEY
value: GIT_SSH_KEY
path: secret/pipeline-default/GIT_SSH_KEY

pre_build:
code_analysis:
required: false
check_fips:
- steps:
- cd /argo-rollouts
- make check-fips

build:
service_image:
- name: argo-rollouts/rollouts-controller
file: "Dockerfile-FIPS"
context: "."
build_args:
- secrets:
- type: vault
key: SSH_KEY
value: GIT_SSH_KEY
path: secret/pipeline-default/GIT_SSH_KEY

security_scan:
scanner: orca
ignore_failures: true
reason: This service is only used for building base FIPS complaint image
54 changes: 54 additions & 0 deletions Dockerfile-FIPS
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
FROM jfrog.ais.acquia.io/devops-pipeline/acq-aws:2 as argo-rollouts-builder

# Update packages
USER root
RUN yum makecache \
&& yum update -y \
&& yum install -y tar gcc git curl \
&& yum clean all \
&& rm -rf /var/cache/yum

ARG TARGETOS=linux
ARG TARGETARCH=amd64

# Install Go
ARG GOLANG_VERSION=1.20
RUN curl -LO "https://go.dev/dl/go${GOLANG_VERSION}.${TARGETOS}-${TARGETARCH}.tar.gz" && \
tar -C /usr/local -xzf "go${GOLANG_VERSION}.${TARGETOS}-${TARGETARCH}.tar.gz" && \
rm -f "go${GOLANG_VERSION}.${TARGETOS}-${TARGETARCH}.tar.gz" && \
ls -la /usr/local/go/bin && \
chmod +x /usr/local/go/bin/go

# Set Golang environment variables
ENV GOPATH="/go"
ENV GOROOT="/usr/local/go"
ENV GOBIN="${GOPATH}/bin"
ENV GO111MODULE="on"
ENV GOOS=${TARGETOS}
ENV GOARCH=${TARGETARCH}
ENV GOPRIVATE=github.com/acquia

# FIPS
ENV GOEXPERIMENT=boringcrypto
ENV CGO_ENABLED=1

# Add path to go binaries
ENV PATH="${PATH}:${GOROOT}/bin:${GOBIN}"

WORKDIR /go/src/github.com/argoproj/argo-rollouts

# Perform the build
COPY . .

ARG MAKE_TARGET="controller-fips"
RUN GOOS=$TARGETOS GOARCH=$TARGETARCH make ${MAKE_TARGET}

#####################################################################################################
## Final image
#####################################################################################################
FROM jfrog.ais.acquia.io/devops-pipeline/acq-aws:2
COPY --from=argo-rollouts-builder /go/src/github.com/argoproj/argo-rollouts/dist/rollouts-controller /bin/

USER 999

ENTRYPOINT [ "/bin/rollouts-controller" ]
Loading