Merge pull request #47 from kairos-io/fips

fips package build
2025-04-27 19:07:05 +00:00 · 2023-08-09 16:09:38 +05:30 · 2023-08-09 16:09:38 +05:30 · 1e2baa0c2b
commit 1e2baa0c2b
parent a872b0ac13 2b47553bd3
2 changed files with 38 additions and 0 deletions
--- a/.github/workflows/provider-packaging.yaml
+++ b/.github/workflows/provider-packaging.yaml
@ -34,3 +34,19 @@ jobs:
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }} 
      - run: earthly --ci --push +provider-package-all-platforms --IMAGE_REPOSITORY=ghcr.io/kairos-io
+  build-provider-fips-package:
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    steps:
+      - uses: actions/checkout@v2
+      - uses: docker-practice/actions-setup-docker@master
+      - uses: earthly/actions-setup@v1
+        with:
+          version: "v0.6.30"
+      - uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - run: earthly --ci --push +provider-fips-package-all-platforms --IMAGE_REPOSITORY=ghcr.io/kairos-io --FIPS_ENABLED=true
--- a/22
+++ b/22
@ -12,6 +12,7 @@ ARG RKE2_VERSION=latest
 ARG BASE_IMAGE_NAME=$(echo $BASE_IMAGE | grep -o [^/]*: | rev | cut -c2- | rev)
 ARG BASE_IMAGE_TAG=$(echo $BASE_IMAGE | grep -o :.* | cut -c2-)
 ARG RKE2_VERSION_TAG=$(echo $RKE2_VERSION | sed s/+/-/)
+ARG FIPS_ENABLED=false

 luet:
    FROM quay.io/luet/base:$LUET_VERSION
@ -37,6 +38,15 @@ BUILD_GOLANG:
    ARG BIN
    ARG SRC

+    IF $FIPS_ENABLED
+        ARG LDFLAGS=-s -w -linkmode=external -extldflags=-static
+        ENV CGO_ENABLED=1
+        ENV GOEXPERIMENT=boringcrypto
+    ELSE
+        ARG LDFLAGS=-s -w
+        ENV CGO_ENABLED=0
+    END
+
    RUN go build -ldflags "-s -w" -o ${BIN} ./${SRC}
    SAVE ARTIFACT ${BIN} ${BIN} AS LOCAL build/${BIN}

@ -63,6 +73,14 @@ build-provider-package:
    COPY scripts /opt/rke2/scripts
    SAVE IMAGE --push $IMAGE_REPOSITORY/provider-rke2:${VERSION}

+build-provider-fips-package:
+    DO +VERSION
+    ARG VERSION=$(cat VERSION)
+    FROM scratch
+    COPY +build-provider/agent-provider-rke2 /system/providers/agent-provider-rke2
+    COPY scripts /opt/rke2/scripts
+    SAVE IMAGE --push $IMAGE_REPOSITORY/provider-rke2-fips:${VERSION}
+
 lint:
    FROM golang:$GOLANG_VERSION
    RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s $GOLINT_VERSION
@ -137,3 +155,7 @@ cosign:
 provider-package-all-platforms:
     BUILD --platform=linux/amd64 +build-provider-package
     BUILD --platform=linux/arm64 +build-provider-package
+
+provider-fips-package-all-platforms:
+     BUILD --platform=linux/amd64 +build-provider-fips-package
+     BUILD --platform=linux/arm64 +build-provider-fips-package