Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BUILD-1190: Add FIPS compliance #1200

Merged
merged 1 commit into from
Jan 7, 2025
Merged

BUILD-1190: Add FIPS compliance #1200

merged 1 commit into from
Jan 7, 2025

Conversation

sayan-biswas
Copy link
Contributor

@sayan-biswas sayan-biswas commented Jan 5, 2025
edited
Loading

Changes:

  • Update Go to 1.22
  • Update Dockerfile for FIPS compliance
  • Disable btrfs to prevent build error due to missing library btrfs/ioct.h

@openshift-ci-robot
Copy link

openshift-ci-robot commented Jan 5, 2025
edited by openshift-ci bot
Loading

@sayan-biswas: This pull request references BUILD-1190 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.19." or "openshift-4.19.", but it targets "s2i-1.5" instead.

In response to this:

Changes:

  • Update golang to 1.22
  • Update to RHEL9
  • FIPS related changes to Docker build

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jan 5, 2025
@openshift-ci openshift-ci bot requested review from divyansh42 and jkhelil January 5, 2025 12:46
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 5, 2025
@sayan-biswas sayan-biswas force-pushed the fips branch 6 times, most recently from 380ab5a to 5dfc871 Compare January 6, 2025 13:56
@openshift-ci-robot
Copy link

openshift-ci-robot commented Jan 6, 2025
edited by openshift-ci bot
Loading

@sayan-biswas: This pull request references BUILD-1190 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.19." or "openshift-4.19.", but it targets "s2i-1.5" instead.

In response to this:

Changes:

  • Update golang to 1.22
  • FIPS related changes to Docker build

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@sayan-biswas sayan-biswas force-pushed the fips branch 6 times, most recently from 221130c to 52ceb81 Compare January 6, 2025 16:40
@sayan-biswas
Copy link
Contributor Author

/test "ci/prow/verify"
/override "Red Hat Konflux / source-to-image-enterprise-contract / source-to-image"

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jan 6, 2025

@sayan-biswas: The specified target(s) for /test were not found.
The following commands are available to trigger required jobs:

/test integration

/test unit

/test verify

The following commands are available to trigger optional jobs:

/test security

Use /test all to run all jobs.

In response to this:

/test "ci/prow/verify"
/override "Red Hat Konflux / source-to-image-enterprise-contract / source-to-image"

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@sayan-biswas
Copy link
Contributor Author

/test verify

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jan 6, 2025

@sayan-biswas: Overrode contexts on behalf of sayan-biswas: Red Hat Konflux / source-to-image-enterprise-contract / source-to-image

In response to this:

/test "ci/prow/verify"
/override "Red Hat Konflux / source-to-image-enterprise-contract / source-to-image"

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@sayan-biswas
Copy link
Contributor Author

/test verify

@openshift-ci-robot
Copy link

openshift-ci-robot commented Jan 6, 2025
edited by openshift-ci bot
Loading

@sayan-biswas: This pull request references BUILD-1190 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target either version "4.19." or "openshift-4.19.", but it targets "s2i-1.5" instead.

In response to this:

Changes:

  • Update Go to 1.22
  • Update Dockerfile for FIPS compliance
  • Disable btrfs to prevent build error due to missing library btrfs/ioct.h

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@sayan-biswas sayan-biswas changed the title BUILD-1190: Changes to make source-to-image FIPS compliant BUILD-1190: Add FIPS compliance Jan 6, 2025
@sayan-biswas
Add FIPS compliance
9773489 
Changes:
- Update Go to 1.22
- Update Dockerfile for FIPS compliance
- Disable btrfs to prevent build error due to missing library btrfs/ioct.h
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jan 6, 2025

@sayan-biswas: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/security 9773489 link false /test security

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@sayan-biswas
Copy link
Contributor Author

EC check fails because of CVE-2024-45338, which will be fixed in a follow up PR.

@sayan-biswas sayan-biswas mentioned this pull request Jan 6, 2025
Closed
@sayan-biswas
Copy link
Contributor Author

/override "Red Hat Konflux / source-to-image-enterprise-contract / source-to-image"

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jan 6, 2025

@sayan-biswas: Overrode contexts on behalf of sayan-biswas: Red Hat Konflux / source-to-image-enterprise-contract / source-to-image

In response to this:

/override "Red Hat Konflux / source-to-image-enterprise-contract / source-to-image"

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

adambkaplan
adambkaplan approved these changes Jan 7, 2025
View reviewed changes
Copy link
Contributor

@adambkaplan adambkaplan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

.tekton/source-to-image-pull-request.yaml
Comment on lines +40 to +41
- linux/ppc64le
- linux/s390x
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit for follow-up - we don't need to build for power + z on pull requests.

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Jan 7, 2025
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented Jan 7, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: adambkaplan, sayan-biswas

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [adambkaplan,sayan-biswas]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot openshift-merge-bot bot merged commit 156e942 into openshift:master Jan 7, 2025
6 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adambkaplan adambkaplan adambkaplan approved these changes

@divyansh42 divyansh42 Awaiting requested review from divyansh42

@jkhelil jkhelil Awaiting requested review from jkhelil

Assignees

@adambkaplan adambkaplan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@sayan-biswas @openshift-ci-robot @adambkaplan