chore(ci): build fips binary w/glibc 2.26

Signed-off-by: Justin Kolberg <[email protected]>
SumoLogic · Sep 22, 2023 · 4e71231 · 4e71231
1 parent 50dfb0e
commit 4e71231
Show file tree

Hide file tree

Showing 4 changed files with 52 additions and 5 deletions.
diff --git a/.github/workflows/workflow-build.yml b/.github/workflows/workflow-build.yml
@@ -92,23 +92,30 @@ jobs:
             ${{ steps.get-cache-key.outputs.restore-keys }}
 
       - name: Set default BUILDER_BIN_PATH
-        if: ${{ ! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true' }}
+        if: ${{ ! inputs.fips && (! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true') }}
         run: echo "BUILDER_BIN_PATH=${HOME}/bin" >> $GITHUB_ENV
 
       - name: Add opentelemetry-collector-builder installation dir to PATH
-        if: ${{ ! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true' }}
+        if: ${{ ! inputs.fips && (! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true') }}
         run: echo "$BUILDER_BIN_PATH" >> $GITHUB_PATH
 
       - name: Install opentelemetry-collector-builder
-        if: ${{ ! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true' }}
+        if: ${{ ! inputs.fips && (! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true') }}
         run: make install-builder
         working-directory: ./otelcolbuilder
 
       - name: Build
-        if: ${{ ! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true' }}
-        run: make otelcol-sumo-${{inputs.arch_os}}${{ inputs.fips && ' FIPS_SUFFIX="$OTELCOL_FIPS_SUFFIX" CGO_ENABLED=1' || '' }}
+        if: ${{ ! inputs.fips && (! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true') }}
+        run: make otelcol-sumo-${{inputs.arch_os}}
         working-directory: ./otelcolbuilder
 
+      - name: Build (FIPS)
+        if: ${{ inputs.fips && (! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true') }}
+        id: containerized-build
+        uses: ./ci/build-fips-action
+        with:
+          go-version: ${{ env.GO_VERSION }}
+
       - name: Set binary name
         id: set-binary-name
         if: ${{ ! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true' }}

diff --git a/ci/build-fips-action/Dockerfile b/ci/build-fips-action/Dockerfile
@@ -0,0 +1,12 @@
+FROM amazonlinux:2
+    MAINTAINER Justin Kolberg <[email protected]>
+
+ARG TARGETARCH
+
+ENV TARGETARCH=$TARGETARCH
+
+RUN yum groupinstall -y "Development Tools" && yum install -y curl git
+
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/ci/build-fips-action/action.yml b/ci/build-fips-action/action.yml
@@ -0,0 +1,9 @@
+name: 'Build FIPS'
+description: 'Build the otelcol-sumo FIPS binary'
+inputs:
+  go-version:
+    description: 'The version of Go to use'
+    required: true
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
diff --git a/ci/build-fips-action/entrypoint.sh b/ci/build-fips-action/entrypoint.sh
@@ -0,0 +1,19 @@
+#!/usr/bin/env sh
+
+git config --global --add safe.directory /github/workspace
+
+# Install Go
+url="https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz"
+echo "Downloading ${url}"
+curl -Lo go.tar.gz "$url"
+tar -zxvf go.tar.gz -C /usr/local
+export PATH="/usr/local/go/bin:${PATH}"
+
+# Install builder
+cd otelcolbuilder || exit 1
+mkdir "${HOME}/bin"
+export PATH="${HOME}/bin:${PATH}"
+make install-builder
+
+# Build otelcol-sumo
+make otelcol-sumo-linux_amd64 FIPS_SUFFIX="-fips" CGO_ENABLED="1"