Spectro FIPS and CICD

.github/workflows/spectro-release.yaml

@@ -0,0 +1,67 @@
+name: Spectro Release
+run-name: Release for Kube-VIP ${{ github.event.inputs.release_version }}
+on:
+  workflow_dispatch:
+    inputs:
+      release_version:
+        description: 'Version to Build'
+        required: true
+        default: '0.0.0'
+jobs:
+  builder:
+    # edge-runner machine group is a bunch of machines in US Datacenter
+    runs-on: ubuntu-latest
+    # Initialize all secrets required for the job
+    # Ensure that the credentials are provided as encrypted secrets
+    env:
+      SPECTRO_VERSION: ${{ github.event.inputs.release_version }}
+    steps:
+      -
+        uses: mukunku/[email protected]
+        id: checkTag
+        with:
+          tag: spectro-v${{ github.event.inputs.release_version }}
+      -
+        if: ${{ steps.checkTag.outputs.exists == 'true' }}
+        run: |
+          echo "Tag already exists for spectro-v${{ github.event.inputs.release_version }}..."
+          exit 1
+      -
+        uses: actions/checkout@v3
+      -
+        name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      -
+        name: Login to private registry
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ secrets.REGISTRY_URL }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+      -
+        name: Build Image
+        env:
+          REGISTRY: gcr.io/spectro-images-public/release/kube-vip
+        run: |
+          make docker
+      -
+        name: Build Image - FIPS Mode
+        env:
+          FIPS_ENABLE: yes
+          REGISTRY: gcr.io/spectro-images-public/release-fips/kube-vip
+        run: |
+          make docker
+      -
+        name: Create Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: spectro-v${{ github.event.inputs.release_version }}
+          release_name: Release spectro-v${{ github.event.inputs.release_version }}
+          body: |
+            Release version ${{ github.event.inputs.release_version }}
+          draft: false
+          prerelease: false
+

Dockerfile

@@ -1,6 +1,10 @@
 # syntax=docker/dockerfile:experimental
 
 FROM golang:1.21.4-alpine3.18 as dev
+# FIPS
+ARG CRYPTO_LIB
+ENV GOEXPERIMENT=${CRYPTO_LIB:+boringcrypto}
+
 RUN apk add --no-cache git ca-certificates make
 RUN adduser -D appuser
 COPY . /src/

Makefile

@@ -4,9 +4,19 @@ SHELL := /bin/sh
 TARGET := kube-vip
 .DEFAULT_GOAL := $(TARGET)
 
+# Fips Flags
+FIPS_ENABLE ?= ""
+
+RELEASE_LOC := release
+ifeq ($(FIPS_ENABLE),yes)
+  CGO_ENABLED := 1
+  RELEASE_LOC := release-fips
+endif
+
 # These will be provided to the target
 VERSION := v0.6.4
 
+SPECTRO_VERSION ?= 4.0.0-dev
 BUILD := `git rev-parse HEAD`
 
 # Operating System Default (LINUX)
@@ -17,6 +27,14 @@ LDFLAGS=-ldflags "-s -w -X=main.Version=$(VERSION) -X=main.Build=$(BUILD) -extld
 DOCKERTAG ?= $(VERSION)
 REPOSITORY ?= plndr
 
+IMAGE_NAME := kube-vip
+REGISTRY ?= gcr.io/spectro-dev-public/$(USER)/${RELEASE_LOC}
+IMG_TAG ?= v0.4.0-spectro-${SPECTRO_VERSION}
+IMG ?= ${REGISTRY}/${IMAGE_NAME}:${IMG_TAG}
+
+RELEASE_REGISTRY := gcr.io/spectro-images-public/release/kube-vip
+RELEASE_CONTROLLER_IMG := $(RELEASE_REGISTRY)/$(IMAGE_NAME)
+
 .PHONY: all build clean install uninstall fmt simplify check run e2e-tests
 
 all: check install
@@ -42,7 +60,7 @@ fmt:
 
 demo:
 	@cd demo
-	@docker buildx build  --platform linux/amd64,linux/arm64,linux/arm/v7,linux/ppc64le,linux/s390x --push -t $(REPOSITORY)/$(TARGET):$(DOCKERTAG) .
+	@docker buildx build  --platform linux/amd64,linux/arm64,linux/arm/v7,linux/ppc64le,linux/s390x --push -t ${IMG} .
 	@echo New Multi Architecture Docker image created
 	@cd ..
 
@@ -66,7 +84,7 @@ dockerx86:
 
 docker:
 	@-rm ./kube-vip
-	@docker buildx build  --platform linux/amd64,linux/arm64,linux/arm/v7,linux/ppc64le,linux/s390x --push -t $(REPOSITORY)/$(TARGET):$(DOCKERTAG) .
+	@docker buildx build --build-arg CRYPTO_LIB=${FIPS_ENABLE}  --platform linux/amd64 --push -t ${IMG} .
 	@echo New Multi Architecture Docker image created
 
 ## Local (docker load of images)