diff --git a/.github/workflows/provider-packaging.yaml b/.github/workflows/provider-packaging.yaml index 463af0a..b686276 100644 --- a/.github/workflows/provider-packaging.yaml +++ b/.github/workflows/provider-packaging.yaml @@ -34,3 +34,19 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - run: earthly --ci --push +provider-package-all-platforms --IMAGE_REPOSITORY=ghcr.io/kairos-io + build-provider-fips-package: + runs-on: ubuntu-latest + permissions: + packages: write + steps: + - uses: actions/checkout@v2 + - uses: docker-practice/actions-setup-docker@master + - uses: earthly/actions-setup@v1 + with: + version: "v0.6.30" + - uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.repository_owner }} + password: ${{ secrets.GITHUB_TOKEN }} + - run: earthly --ci --push +provider-fips-package-all-platforms --IMAGE_REPOSITORY=ghcr.io/kairos-io --FIPS_ENABLED=true diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml index 2fa7286..19bd30c 100644 --- a/.github/workflows/publish.yaml +++ b/.github/workflows/publish.yaml @@ -13,9 +13,9 @@ jobs: strategy: matrix: base-image: - - quay.io/kairos/core-opensuse-leap:v2.3.0 - - quay.io/kairos/core-ubuntu-20-lts:v2.3.0 - - quay.io/kairos/core-ubuntu-22-lts:v2.3.0 + - quay.io/kairos/core-opensuse-leap:v2.3.2 + - quay.io/kairos/core-ubuntu-20-lts:v2.3.2 + - quay.io/kairos/core-ubuntu-22-lts:v2.3.2 rke2-version: - v1.26.4+rke2r1 - v1.25.3+rke2r1 diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index f757101..7546200 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -42,9 +42,9 @@ jobs: strategy: matrix: base-image: - - quay.io/kairos/core-opensuse-leap:v2.3.0 - - quay.io/kairos/core-ubuntu-20-lts:v2.3.0 - - quay.io/kairos/core-ubuntu-22-lts:v2.3.0 + - quay.io/kairos/core-opensuse-leap:v2.3.2 + - quay.io/kairos/core-ubuntu-20-lts:v2.3.2 + - quay.io/kairos/core-ubuntu-22-lts:v2.3.2 rke2-version: - v1.26.4+rke2r1 - v1.25.2+rke2r1 diff --git a/Earthfile b/Earthfile index cc4be79..895eb94 100644 --- a/Earthfile +++ b/Earthfile @@ -1,7 +1,7 @@ VERSION 0.6 FROM alpine -ARG BASE_IMAGE=quay.io/kairos/core-opensuse-leap:v2.3.0 +ARG BASE_IMAGE=quay.io/kairos/core-opensuse-leap:v2.3.2 ARG IMAGE_REPOSITORY=quay.io/kairos ARG LUET_VERSION=0.34.0 @@ -12,6 +12,7 @@ ARG RKE2_VERSION=latest ARG BASE_IMAGE_NAME=$(echo $BASE_IMAGE | grep -o [^/]*: | rev | cut -c2- | rev) ARG BASE_IMAGE_TAG=$(echo $BASE_IMAGE | grep -o :.* | cut -c2-) ARG RKE2_VERSION_TAG=$(echo $RKE2_VERSION | sed s/+/-/) +ARG FIPS_ENABLED=false luet: FROM quay.io/luet/base:$LUET_VERSION @@ -22,7 +23,7 @@ build-cosign: SAVE ARTIFACT /ko-app/cosign cosign go-deps: - FROM golang:$GOLANG_VERSION + FROM gcr.io/spectro-dev-public/golang:1.19-debian WORKDIR /build COPY go.mod go.sum ./ RUN go mod download @@ -37,6 +38,15 @@ BUILD_GOLANG: ARG BIN ARG SRC + IF $FIPS_ENABLED + ARG LDFLAGS=-s -w -linkmode=external -extldflags=-static + ENV CGO_ENABLED=1 + ENV GOEXPERIMENT=boringcrypto + ELSE + ARG LDFLAGS=-s -w + ENV CGO_ENABLED=0 + END + RUN go build -ldflags "-s -w" -o ${BIN} ./${SRC} SAVE ARTIFACT ${BIN} ${BIN} AS LOCAL build/${BIN} @@ -63,6 +73,14 @@ build-provider-package: COPY scripts /opt/rke2/scripts SAVE IMAGE --push $IMAGE_REPOSITORY/provider-rke2:${VERSION} +build-provider-fips-package: + DO +VERSION + ARG VERSION=$(cat VERSION) + FROM scratch + COPY +build-provider/agent-provider-rke2 /system/providers/agent-provider-rke2 + COPY scripts /opt/rke2/scripts + SAVE IMAGE --push $IMAGE_REPOSITORY/provider-rke2-fips:${VERSION} + lint: FROM golang:$GOLANG_VERSION RUN wget -O- -nv https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s $GOLINT_VERSION @@ -137,3 +155,7 @@ cosign: provider-package-all-platforms: BUILD --platform=linux/amd64 +build-provider-package BUILD --platform=linux/arm64 +build-provider-package + +provider-fips-package-all-platforms: + BUILD --platform=linux/amd64 +build-provider-fips-package + #BUILD --platform=linux/arm64 +build-provider-fips-package