Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

This change adds requirements for FIPS #172

Merged
merged 1 commit into from
Feb 16, 2024
Merged

This change adds requirements for FIPS #172

merged 1 commit into from
Feb 16, 2024

Conversation

bshephar
Copy link
Contributor

This change ensures the infra-operator is built with FIPS compliance.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jan 30, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/edb26460bed84488b8deb71fc07c9757

✔️ openstack-k8s-operators-content-provider SUCCESS in 55m 32s
podified-multinode-edpm-deployment-crc FAILURE in 36m 18s
cifmw-crc-podified-edpm-baremetal FAILURE in 36m 09s

@bshephar bshephar marked this pull request as ready for review February 8, 2024 04:02
@openshift-ci openshift-ci bot requested review from olliewalsh and stuggi February 8, 2024 04:03
@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/f6c7130028b845f8b43070ac1f3b80ab

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 29m 14s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 08m 43s
cifmw-crc-podified-edpm-baremetal RETRY_LIMIT in 12m 02s

@bshephar
Copy link
Contributor Author

/recheck

@abays
Copy link
Contributor

abays commented Feb 13, 2024

recheck

abays
abays approved these changes Feb 13, 2024
View reviewed changes
Copy link
Contributor

@abays abays left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Feb 13, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Feb 13, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: abays, bshephar

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/0a5d14056ec740898afdc9092b9152ca

✔️ openstack-k8s-operators-content-provider SUCCESS in 1h 27m 03s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 04m 24s
cifmw-crc-podified-edpm-baremetal FAILURE in 35m 01s

@abays
Copy link
Contributor

abays commented Feb 14, 2024

recheck

@bshephar @gibizer
This change adds requirements for FIPS
d8c48d8 
- Changed the build image to ubi9/go-toolkit
- Changed the base image to ubi9/minimal
- Added the default GO_BUILD_EXTRA_ARGS="-tags strictfipsruntime"
- Added the GO_BUILD_EXTRA_ENV_ARGS build argument to allow custom build arguments at build time. It defaults to "CGO_ENABLED=1 GO111MODULE=on"
- Those default parameters have been added to enable FIPS compliance
- Fixed indentation
- Removed TARGETOS and TARGETARCH env vars.
- Added DOCKER_BUILD_ARGS variable in Makefile to pass custom parameters during podman build
- Added export FAIL_FIPS_CHECK=true in .prow_ci.env file

Signed-off-by: Brendan Shephard <[email protected]>
@openshift-ci openshift-ci bot removed the lgtm label Feb 16, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Feb 16, 2024

New changes are detected. LGTM label has been removed.

@gibizer
Copy link
Contributor

gibizer commented Feb 16, 2024

rebased and adapated it to golang 1.20

@softwarefactory-project-zuul softwarefactory-project-zuul
Copy link

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://review.rdoproject.org/zuul/buildset/9d667e4b426f41e8836a79a2232a2033

openstack-k8s-operators-content-provider FAILURE in 11m 41s
⚠️ podified-multinode-edpm-deployment-crc SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider
⚠️ cifmw-crc-podified-edpm-baremetal SKIPPED Skipped due to failed job openstack-k8s-operators-content-provider

@gibizer
Copy link
Contributor

gibizer commented Feb 16, 2024

Content provider still failing. We probably need to land openstack-k8s-operators/openstack-operator#668 first

@gibizer
Copy link
Contributor

gibizer commented Feb 16, 2024

recheck

@gibizer
Copy link
Contributor

gibizer commented Feb 16, 2024

/test infra-operator-build-deploy-kuttl

@gibizer
Copy link
Contributor

gibizer commented Feb 16, 2024

openstack-k8s-operators/openstack-operator#668 merged so hopefully it helps here too

@gibizer
Copy link
Contributor

gibizer commented Feb 16, 2024

/test infra-operator-build-deploy-kuttl

The other two kuttl tests passed so this probably some race

=== CONT  kuttl/harness/redis
    logger.go:42: 14:02:04 | redis | Skipping creation of user-supplied namespace: infra-kuttl-tests
    logger.go:42: 14:02:04 | redis/1-deploy-redis | starting test step 1-deploy-redis
    case.go:364: failed in step 1-deploy-redis
    case.go:366: Internal error occurred: failed calling webhook "mredis.kb.io": failed to call webhook: Post "https://infra-operator-controller-manager-service.openstack-operators.svc:443/mutate-redis-openstack-org-v1beta1-redis?timeout=10s": dial tcp 10.129.0.81:9443: connect: connection refused

@gibizer gibizer mentioned this pull request Feb 16, 2024
Merged
@abays abays added the lgtm label Feb 16, 2024
@openshift-merge-bot openshift-merge-bot bot merged commit 990c7cf into openstack-k8s-operators:main Feb 16, 2024
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abays abays abays approved these changes

@olliewalsh olliewalsh Awaiting requested review from olliewalsh

@stuggi stuggi Awaiting requested review from stuggi

Assignees

@abays abays

Labels
approved lgtm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@bshephar @abays @gibizer @openshift-merge-robot