diff --git a/:qa b/:qa new file mode 100644 index 00000000..23964c43 --- /dev/null +++ b/:qa @@ -0,0 +1,43 @@ +FROM mcr.microsoft.com/oss/go/microsoft/golang:1.23.5-fips-cbl-mariner2.0 AS builder + +ENV GOPATH=/go \ + PATH=/usr/local/go/bin:/go/bin:/usr/local/bin:/usr/bin:$PATH \ + CGO_ENABLED=1 \ + FIPS_ENABLED=1 + +RUN mkdir -p /go && \ + tdnf install -y \ + gcc gcc-c++ \ + ca-certificates \ + build-essential \ + shadow-utils && \ + tdnf clean all + +WORKDIR /app +COPY . . + +ARG LD_FLAGS + +ARG TARGETARCH +RUN GOOS=linux GOARCH=$TARGETARCH \ + BUILD_TAGS=fips GOEXPERIMENT=systemcrypto \ + CGO_ENABLED=1 FIPS_ENABLED=1 \ + go build -ldflags="-s -w" -o /app/reports-server ./ + +RUN groupadd --system appgroup && \ + useradd --system --uid 1001 --gid appgroup --home-dir /nonexistent --shell /usr/sbin/nologin appuser && \ + chown appuser:appgroup /app/reports-server + +FROM mcr.microsoft.com/cbl-mariner/distroless/base:2.0-nonroot + +COPY --from=builder /etc/passwd /etc/passwd + +COPY --from=builder /etc/group /etc/group + +COPY --from=builder /app/reports-server /reports-server + +COPY --from=builder /etc/ssl/certs /etc/ssl/certs + +USER 1001 + +ENTRYPOINT ["/reports-server"] diff --git a/Dockerfile.fips b/Dockerfile.fips index 1fb49a61..23964c43 100644 --- a/Dockerfile.fips +++ b/Dockerfile.fips @@ -7,6 +7,7 @@ ENV GOPATH=/go \ RUN mkdir -p /go && \ tdnf install -y \ + gcc gcc-c++ \ ca-certificates \ build-essential \ shadow-utils && \ diff --git a/Makefile b/Makefile index 8f7a9b3b..0217d67e 100644 --- a/Makefile +++ b/Makefile @@ -317,7 +317,7 @@ docker-publish-reports-server-fips: docker-buildx-builder docker-build-and-push- docker-build-and-push-reports-server-fips: docker-buildx-builder @docker buildx build --file $(PWD)/Dockerfile.fips \ --progress plain \ - --platform linux/amd64,linux/arm64 \ + --platform linux/amd64 \ --tag $(REPO_REPORTS_SERVER_FIPS)$(IMAGE_TAG) \ . \ --build-arg LD_FLAGS=$(LD_FLAGS) \