From 9a2529ad998e7fc7a583d05c44f19a21838f1c22 Mon Sep 17 00:00:00 2001 From: alxbxbx Date: Wed, 18 Dec 2024 10:06:55 +0100 Subject: [PATCH] [SECCOMP-31580] FIPS suport --- .github/workflows/build.yaml | 3 +++ .github/workflows/golangci-lint.yml | 3 +++ .promu.yml | 1 + Dockerfile | 5 ++++- Makefile.common | 3 +++ build/Jenkinsfile | 6 ++++-- main.go | 2 ++ 7 files changed, 20 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 41e1c477..e90bef78 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -21,6 +21,9 @@ jobs: docker: ['scratch','ubi'] # The type of runner that the job will run on runs-on: ubuntu-latest + env: + CGO_ENABLED: 1 + GOEXPERIMENT: boringcrypto name: ${{ matrix.docker }} steps: - name: Login to Quay.io diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml index ad826630..27763418 100644 --- a/.github/workflows/golangci-lint.yml +++ b/.github/workflows/golangci-lint.yml @@ -14,6 +14,9 @@ jobs: golangci: name: lint runs-on: ubuntu-latest + env: + CGO_ENABLED: 1 + GOEXPERIMENT: boringcrypto steps: - name: Checkout repository uses: actions/checkout@v3 diff --git a/.promu.yml b/.promu.yml index 9f6d8a0d..ccef5476 100644 --- a/.promu.yml +++ b/.promu.yml @@ -1,6 +1,7 @@ go: # This must match .circle/config.yml. version: 1.18 + cgo: true repository: path: github.com/prometheus-community/elasticsearch_exporter build: diff --git a/Dockerfile b/Dockerfile index e94de825..99edd0d2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,8 @@ FROM quay.io/prometheus/golang-builder AS builder +ENV CGO_ENABLED=1 +ENV GOEXPERIMENT=boringcrypto + ARG PROMU_VERSION=0.13.0 ADD https://github.com/prometheus/promu/releases/download/v${PROMU_VERSION}/promu-${PROMU_VERSION}.linux-amd64.tar.gz ./ RUN tar -xvzf promu-${PROMU_VERSION}.linux-amd64.tar.gz && mv promu-${PROMU_VERSION}.linux-amd64/promu /go/bin @@ -8,7 +11,7 @@ ADD . /go/src/github.com/prometheus-community/elasticsearch_exporter WORKDIR /go/src/github.com/prometheus-community/elasticsearch_exporter RUN go mod download -RUN make +RUN make FROM scratch AS scratch diff --git a/Makefile.common b/Makefile.common index 6c8e3e21..d744c375 100644 --- a/Makefile.common +++ b/Makefile.common @@ -36,6 +36,9 @@ GO_VERSION ?= $(shell $(GO) version) GO_VERSION_NUMBER ?= $(word 3, $(GO_VERSION)) PRE_GO_111 ?= $(shell echo $(GO_VERSION_NUMBER) | grep -E 'go1\.(10|[0-9])\.') +export CGO_ENABLED := 1 +export GOEXPERIMENT := boringcrypto + PROMU := $(FIRST_GOPATH)/bin/promu pkgs = ./... diff --git a/build/Jenkinsfile b/build/Jenkinsfile index 82a30509..996f4880 100644 --- a/build/Jenkinsfile +++ b/build/Jenkinsfile @@ -12,13 +12,15 @@ pipeline { ARTIFACTORY_URL = 'docker.internal.sysdig.com' EXPORTER = 'elasticsearch-exporter' VERSION = '1.2.1' + CGO_ENABLED = '1' + GOEXPERIMENT = 'boringcrypto' } stages { stage('Pull image from artifactory') { steps { script { - docker.withRegistry("https://${env.ARTIFACTORY_URL}", registryCredential) { + docker.withRegistry("https://${env.ARTIFACTORY_URL}", registryCredential) { sh """docker pull ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION}""" sh """docker pull ${env.ARTIFACTORY_URL}/${env.EXPORTER}:${env.VERSION}-ubi""" } @@ -40,4 +42,4 @@ pipeline { } } } -} \ No newline at end of file +} diff --git a/main.go b/main.go index dae302a1..874b93cb 100644 --- a/main.go +++ b/main.go @@ -23,6 +23,8 @@ import ( "context" + _ "crypto/tls/fipsonly" + "github.com/go-kit/log/level" "github.com/prometheus-community/elasticsearch_exporter/collector" "github.com/prometheus-community/elasticsearch_exporter/pkg/clusterinfo"