CRW-4582 FIPS support (#1728)

Change-Id: Ibc152062a57cc670fafb17ba2389802906bfc64b move CGO_ENABLED=1 to ENV Change-Id: I58795da72824b587d916e785dbd4e20251fa7e11 Signed-off-by: Nick Boldt <nboldt@redhat.com>
eclipse-che · Jul 11, 2023 · 1c98b9a · 1c98b9a
1 parent c4188e1
commit 1c98b9a
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -11,11 +11,15 @@
 
 # https://registry.access.redhat.com/ubi8/go-toolset
 FROM registry.access.redhat.com/ubi8/go-toolset:1.19.10-3 as builder
-ENV GOPATH=/go/
+ENV GOPATH=/go/ \
+    CGO_ENABLED=1
 ARG DEV_HEADER_REWRITE_TRAEFIK_PLUGIN="main"
 ARG SKIP_TESTS="false"
 USER root
 
+# update RPMs
+RUN dnf -y update
+
 # upstream, download zips for every build
 # downstream, copy prefetched asset-*.zip into /tmp
 RUN curl -sSLo /tmp/asset-header-rewrite-traefik-plugin.zip https://api.github.com/repos/che-incubator/header-rewrite-traefik-plugin/zipball/${DEV_HEADER_REWRITE_TRAEFIK_PLUGIN}
@@ -40,9 +44,10 @@ COPY controllers/ controllers/
 COPY pkg/ pkg/
 
 # build operator
+# to test FIPS compliance, run https://github.com/openshift/check-payload#scan-a-container-or-operator-image against a built image
 RUN export ARCH="$(uname -m)" && if [[ ${ARCH} == "x86_64" ]]; then export ARCH="amd64"; elif [[ ${ARCH} == "aarch64" ]]; then export ARCH="arm64"; fi && \
     if [[ ${SKIP_TESTS} == "false" ]]; then export MOCK_API=true && go test -mod=vendor -v ./...; fi && \
-    CGO_ENABLED=0 GOOS=linux GOARCH=${ARCH} GO111MODULE=on go build -mod=vendor -a -o che-operator main.go
+    GOOS=linux GOARCH=${ARCH} GO111MODULE=on go build -mod=vendor -a -o che-operator main.go
 
 # https://registry.access.redhat.com/ubi8-minimal
 FROM registry.access.redhat.com/ubi8-minimal:8.8-1014