From 4e71231526df39d9e8081f1c5a97477553c66532 Mon Sep 17 00:00:00 2001 From: Justin Kolberg Date: Thu, 21 Sep 2023 13:37:41 -0700 Subject: [PATCH] chore(ci): build fips binary w/glibc 2.26 Signed-off-by: Justin Kolberg --- .github/workflows/workflow-build.yml | 17 ++++++++++++----- ci/build-fips-action/Dockerfile | 12 ++++++++++++ ci/build-fips-action/action.yml | 9 +++++++++ ci/build-fips-action/entrypoint.sh | 19 +++++++++++++++++++ 4 files changed, 52 insertions(+), 5 deletions(-) create mode 100644 ci/build-fips-action/Dockerfile create mode 100644 ci/build-fips-action/action.yml create mode 100755 ci/build-fips-action/entrypoint.sh diff --git a/.github/workflows/workflow-build.yml b/.github/workflows/workflow-build.yml index eae82997be..ea6385dd4a 100644 --- a/.github/workflows/workflow-build.yml +++ b/.github/workflows/workflow-build.yml @@ -92,23 +92,30 @@ jobs: ${{ steps.get-cache-key.outputs.restore-keys }} - name: Set default BUILDER_BIN_PATH - if: ${{ ! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true' }} + if: ${{ ! inputs.fips && (! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true') }} run: echo "BUILDER_BIN_PATH=${HOME}/bin" >> $GITHUB_ENV - name: Add opentelemetry-collector-builder installation dir to PATH - if: ${{ ! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true' }} + if: ${{ ! inputs.fips && (! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true') }} run: echo "$BUILDER_BIN_PATH" >> $GITHUB_PATH - name: Install opentelemetry-collector-builder - if: ${{ ! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true' }} + if: ${{ ! inputs.fips && (! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true') }} run: make install-builder working-directory: ./otelcolbuilder - name: Build - if: ${{ ! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true' }} - run: make otelcol-sumo-${{inputs.arch_os}}${{ inputs.fips && ' FIPS_SUFFIX="$OTELCOL_FIPS_SUFFIX" CGO_ENABLED=1' || '' }} + if: ${{ ! inputs.fips && (! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true') }} + run: make otelcol-sumo-${{inputs.arch_os}} working-directory: ./otelcolbuilder + - name: Build (FIPS) + if: ${{ inputs.fips && (! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true') }} + id: containerized-build + uses: ./ci/build-fips-action + with: + go-version: ${{ env.GO_VERSION }} + - name: Set binary name id: set-binary-name if: ${{ ! inputs.only-if-changed || steps.changed-files.outputs.any_changed == 'true' }} diff --git a/ci/build-fips-action/Dockerfile b/ci/build-fips-action/Dockerfile new file mode 100644 index 0000000000..67b5a70df7 --- /dev/null +++ b/ci/build-fips-action/Dockerfile @@ -0,0 +1,12 @@ +FROM amazonlinux:2 + MAINTAINER Justin Kolberg + +ARG TARGETARCH + +ENV TARGETARCH=$TARGETARCH + +RUN yum groupinstall -y "Development Tools" && yum install -y curl git + +COPY entrypoint.sh /entrypoint.sh + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/ci/build-fips-action/action.yml b/ci/build-fips-action/action.yml new file mode 100644 index 0000000000..4dfd74e993 --- /dev/null +++ b/ci/build-fips-action/action.yml @@ -0,0 +1,9 @@ +name: 'Build FIPS' +description: 'Build the otelcol-sumo FIPS binary' +inputs: + go-version: + description: 'The version of Go to use' + required: true +runs: + using: 'docker' + image: 'Dockerfile' diff --git a/ci/build-fips-action/entrypoint.sh b/ci/build-fips-action/entrypoint.sh new file mode 100755 index 0000000000..f27f2cb6e6 --- /dev/null +++ b/ci/build-fips-action/entrypoint.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env sh + +git config --global --add safe.directory /github/workspace + +# Install Go +url="https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz" +echo "Downloading ${url}" +curl -Lo go.tar.gz "$url" +tar -zxvf go.tar.gz -C /usr/local +export PATH="/usr/local/go/bin:${PATH}" + +# Install builder +cd otelcolbuilder || exit 1 +mkdir "${HOME}/bin" +export PATH="${HOME}/bin:${PATH}" +make install-builder + +# Build otelcol-sumo +make otelcol-sumo-linux_amd64 FIPS_SUFFIX="-fips" CGO_ENABLED="1"