chore(ci): build fips binary w/glibc 2.26 #1257
Conversation
github-actions
bot
added
the
github_actions
|
Could we add only Dockerfile like for other builds and add makefile target. W have makefile to be independent on the CI provider and to be able to easily run everything locally |
ci/build-fips-action/entrypoint.sh
Outdated
| # Install Go | ||
| url="https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz" | ||
| echo "Downloading ${url}" | ||
| curl -Lo go.tar.gz "$url" | ||
| tar -zxvf go.tar.gz -C /usr/local | ||
| export PATH="/usr/local/go/bin:${PATH}" | ||
|
|
||
| # Install builder | ||
| cd otelcolbuilder || exit 1 | ||
| mkdir "${HOME}/bin" | ||
| export PATH="${HOME}/bin:${PATH}" | ||
| make install-builder |
There was a problem hiding this comment.
These install commands seem like they'd be more at home in the Dockerfile.
There was a problem hiding this comment.
I couldn't find a way of passing the Go version into the Dockerfile itself from GitHub Actions.
There was a problem hiding this comment.
I moved the Go installation steps to the Dockerfile and hardcoded the Go version for now. I was hoping to minimize the amount of places where we need to bump the Go version but it does cut down on runtimes.
I don't think it's possible to use anything except the ci/build-fips-action directory as the context when GitHub Actions builds the Docker image. I've left the builder installation in entrypoint.sh as a result.
amdprophet
force-pushed
the
chore/glibc-2.26
branch
from
4e71231 to
55792eb
Compare
I can try adding a makefile target to run this locally. |
amdprophet
force-pushed
the
chore/glibc-2.26
branch
from
fd4f532 to
7e405a1
Compare
Signed-off-by: Justin Kolberg <[email protected]>
Signed-off-by: Justin Kolberg <[email protected]>
Signed-off-by: Justin Kolberg <[email protected]>
amdprophet
force-pushed
the
chore/glibc-2.26
branch
from
7e405a1 to
dce1a7e
Compare
github-actions
bot
added
the
documentation
Co-authored-by: Dominik Rosiek <[email protected]>
|
|
||
| RUN yum groupinstall -y "Development Tools" && yum install -y curl git | ||
|
|
||
| RUN curl -Lo go.tar.gz https://go.dev/dl/go1.20.5.linux-$TARGETARCH.tar.gz |
There was a problem hiding this comment.
Not happy about the hard-coded go version here, but I understand why it is. Going to be a bit of a pain when we update go.
| @@ -134,6 +134,11 @@ build-debug: ensure-correct-builder-version | |||
| @$(MAKE) generate-sources | |||
| @$(MAKE) _gobuild_debug | |||
|
|
|||
| .PHONY: build-fips | |||
There was a problem hiding this comment.
I was able to successfully build locally.
Signed-off-by: Justin Kolberg <[email protected]>
The
linux/amd64FIPS binary is currently built using GLIBC 2.28. Some supported Linux distributions use an older version of GLIBC and the binary we produce is incompatible as a result. This change updates CI to build the binary using theamazonlinux:2container image which has GLIBC 2.26.