Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use fips endpoints #136

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Use fips endpoints #136

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1c13b2c
use fips endpoints
spgreenberg Sep 27, 2024
f348f48
use custom docker file to set the fips endpoint envar
spgreenberg Sep 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions ci/container/external/registry-image-resource/vars.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
base-image: ubuntu-hardened
base-image-tag: "latest"
image-repository: registry-image-resource
oci-build-params: {}
oci-build-params:
DOCKERFILE: common-dockerfiles/container/dockerfiles/registry-image-resource/Dockerfile
src-source:
uri: https://github.com/concourse/registry-image-resource
branch: master
# Since src is a repo outside the cloud-gov org, don't verify commits.
common-pipelines-trigger: false
dockerfile-path: []
dockerfile-trigger: false
dockerfile-path: ["container/dockerfiles/registry-image-resource/Dockerfile"]
dockerfile-trigger: true
53 changes: 53 additions & 0 deletions container/dockerfiles/registry-image-resource/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
ARG base_image
ARG builder_image=concourse/golang-builder

FROM ${builder_image} as builder
WORKDIR /src

COPY go.mod .
COPY go.sum .
RUN go mod download

COPY . .
ENV CGO_ENABLED=0
ENV AWS_USE_FIPS_ENDPOINT=true
RUN go build -o /assets/in ./cmd/in
RUN go build -o /assets/out ./cmd/out
RUN go build -o /assets/check ./cmd/check
RUN set -e; for pkg in $(go list ./...); do \
go test -o "/tests/$(basename $pkg).test" -c $pkg; \
done

FROM ${base_image} AS resource
USER root
ENV DEBIAN_FRONTEND=noninteractive
ENV AWS_USE_FIPS_ENDPOINT=true
RUN apt update && apt upgrade -y -o Dpkg::Options::="--force-confdef"
RUN apt update \
&& apt install -y --no-install-recommends \
tzdata \
ca-certificates \
unzip \
zip \
&& rm -rf /var/lib/apt/lists/*
COPY --from=builder assets/ /opt/resource/
RUN chmod +x /opt/resource/*

FROM resource AS tests
COPY --from=builder /tests /tests
ADD . /docker-image-resource
ARG DOCKER_PRIVATE_USERNAME
ARG DOCKER_PRIVATE_PASSWORD
ARG DOCKER_PRIVATE_REPO
ARG DOCKER_PUSH_USERNAME
ARG DOCKER_PUSH_PASSWORD
ARG DOCKER_PUSH_REPO
ARG GCR_PUSH_SERVICE_ACCOUNT_KEY
ARG GCR_PUSH_REPO
ENV AWS_USE_FIPS_ENDPOINT=true
RUN set -e; for test in /tests/*.test; do \
$test -ginkgo.v; \
done

FROM resource
ENV AWS_USE_FIPS_ENDPOINT=true