Add boringcrypto image

.github/workflows/ci.yaml

@@ -23,6 +23,7 @@ jobs:
           go-version: '1.20'
           check-latest: true
       - run: make test
+      - run: make test-boringcrypto
 
   integration:
     runs-on: ubuntu-latest
@@ -35,6 +36,17 @@ jobs:
       - run: make build-image
       - run: make integration
 
+  integration-boringcrypto:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '1.20'
+          check-latest: true
+      - run: make build-image-boringcrypto
+      - run: make integration
+
   lint:
     runs-on: ubuntu-latest
     steps:

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 ## main / unreleased
 
+* [FEATURE] Publish boringcrypto image for amd64. #71
 * [ENHANCEMENT] Update the intermediate build container for the Docker image to `golang:1.20-bookworm`. #66 #67
 
 ## v0.6.0

Dockerfile

@@ -1,14 +1,15 @@
-FROM --platform=$BUILDPLATFORM golang:1.20-bookworm AS build
+FROM golang:1.20-bookworm AS build
 
 ARG TARGETOS
 ARG TARGETARCH
+ARG BUILDTARGET=rollout-operator
 
 COPY . /src/rollout-operator
 WORKDIR /src/rollout-operator
-RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} make
+RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} make ${BUILDTARGET}
 
 FROM alpine:3.18
-RUN apk add --no-cache ca-certificates
+RUN apk add --no-cache ca-certificates libc6-compat gcompat
 
 COPY --from=build /src/rollout-operator/rollout-operator /bin/rollout-operator
 ENTRYPOINT [ "/bin/rollout-operator" ]

Makefile

@@ -2,7 +2,7 @@
 GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD)
 GIT_REVISION := $(shell git rev-parse --short HEAD)
 IMAGE_PREFIX ?= grafana
-IMAGE_TAG ?= $(GIT_BRANCH)-$(GIT_REVISION)
+IMAGE_TAG ?= $(subst /,-,$(GIT_BRANCH))-$(GIT_REVISION)
 
 GOOS ?= $(shell go env GOOS)
 GOARCH ?= $(shell go env GOARCH)
@@ -13,18 +13,28 @@ GO_FILES := $(shell find . $(DONT_FIND) -o -type f -name '*.go' -print)
 rollout-operator: $(GO_FILES)
 	GOOS=$(GOOS) GOARCH=$(GOARCH) CGO_ENABLED=0 go build -ldflags '-extldflags "-static"' ./cmd/rollout-operator
 
+rollout-operator-boringcrypto: $(GO_FILES)
+	GOEXPERIMENT=boringcrypto GOOS=$(GOOS) GOARCH=$(GOARCH) CGO_ENABLED=1 go build -tags netgo ./cmd/rollout-operator
+
 .PHONY: build-image
 build-image: clean
 	docker buildx build --load --platform linux/amd64 --build-arg revision=$(GIT_REVISION) -t rollout-operator:latest -t rollout-operator:$(IMAGE_TAG) .
 
-.PHONY: publish-image
-publish-image: clean
-	docker buildx build --push --platform linux/amd64,linux/arm64 --build-arg revision=$(GIT_REVISION) -t $(IMAGE_PREFIX)/rollout-operator:$(IMAGE_TAG) .
+build-image-boringcrypto: clean ## Build the rollout-operator image with boringcrypto and tag with the regular image repo, so that it can be used in integration tests.
+	docker buildx build --load --platform linux/amd64 --build-arg revision=$(GIT_REVISION) --build-arg BUILDTARGET=rollout-operator-boringcrypto -t rollout-operator:latest -t rollout-operator:$(IMAGE_TAG) .
+
+.PHONY: publish-images
+publish-images: clean
+	docker buildx build --push --platform linux/amd64,linux/arm64 --build-arg revision=$(GIT_REVISION) --build-arg BUILDTARGET=rollout-operator -t $(IMAGE_PREFIX)/rollout-operator:$(IMAGE_TAG) .
+	docker buildx build --push --platform linux/amd64,linux/arm64 --build-arg revision=$(GIT_REVISION) --build-arg BUILDTARGET=rollout-operator-boringcrypto -t $(IMAGE_PREFIX)/rollout-operator-boringcrypto:$(IMAGE_TAG) .
 
 .PHONY: test
 test:
 	go test ./...
 
+test-boringcrypto:
+	GOEXPERIMENT=boringcrypto go test ./...
+
 .PHONY: integration
 integration: integration/mock-service/.uptodate
 	go test -v -tags requires_docker -count 1 -timeout 1h ./integration/...

RELEASE.md

@@ -10,5 +10,5 @@
     ```
 1. Publish the updated Docker image
     ```bash
-    $ IMAGE_TAG="${tag}" make publish-image
+    $ IMAGE_TAG="${tag}" make publish-images
     ```

cmd/rollout-operator/boringcrypto.go

@@ -0,0 +1,6 @@
+//go:build boringcrypto
+// +build boringcrypto
+
+package main
+
+import _ "crypto/tls/fipsonly"