Merge pull request #57 from anchore/fips-build

feat: add a build that uses boring crypto to run on fips enabled hosts
anchore · May 15, 2023 · 910eb1e · 910eb1e
2 parents 1bc36ad + 3d5b3b6
commit 910eb1e
Showing 1 changed file with 50 additions and 2 deletions.
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -3,6 +3,7 @@ release:
 
 builds:
   - binary: anchore-ecs-inventory
+    id: generic
     env:
       - CGO_ENABLED=0
     goos:
@@ -21,10 +22,38 @@ builds:
       -X github.com/anchore/ecs-inventory/internal/version.gitCommit={{.Commit}}
       -X github.com/anchore/ecs-inventory/internal/version.buildDate={{.Date}}
       -X github.com/anchore/ecs-inventory/internal/version.gitDescription={{.Summary}}
-
+  - binary: anchore-ecs-inventory
+    id: fips
+    env:
+      - CGO_ENABLED=1
+      - GOEXPERIMENT=boringcrypto
+    goos:
+      - linux
+    goarch:
+      - amd64
+    # Set the modified timestamp on the output binary to the git timestamp (to ensure a reproducible build)
+    mod_timestamp: '{{ .CommitTimestamp }}'
+    ldflags: |
+      -w
+      -linkmode=external
+      -extldflags '-static'
+      -X github.com/anchore/ecs-inventory/internal/version.version={{.Version}}
+      -X github.com/anchore/ecs-inventory/internal/version.gitCommit={{.Commit}}
+      -X github.com/anchore/ecs-inventory/internal/version.buildDate={{.Date}}
+      -X github.com/anchore/ecs-inventory/internal/version.gitDescription={{.Summary}}
 
 archives:
-  - format: tar.gz
+  - id: archive-generic
+    format: tar.gz
+    builds:
+      - generic
+    name_template: 'anchore-ecs-inventory_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
+  - id: archive-fips
+    format: tar.gz
+    builds:
+      - fips
+    name_template: 'anchore-ecs-inventory-fips_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
+
 
 changelog:
   sort: asc
@@ -41,6 +70,8 @@ dockers:
       - "anchore/ecs-inventory:v{{ .Major }}.{{ .Minor }}-amd64"
     dockerfile: Dockerfile
     use: buildx
+    ids:
+      - generic
     build_flag_templates:
       - "--platform=linux/amd64"
       - "--build-arg=BUILD_DATE={{.Date}}"
@@ -55,17 +86,33 @@ dockers:
     goarch: arm64
     dockerfile: Dockerfile
     use: buildx
+    ids:
+      - generic
     build_flag_templates:
       - "--platform=linux/arm64/v8"
       - "--build-arg=BUILD_DATE={{.Date}}"
       - "--build-arg=BUILD_VERSION={{.Version}}"
       - "--build-arg=VCS_REF={{.FullCommit}}"
       - "--build-arg=VCS_URL={{.GitURL}}"
 
+  - image_templates:
+      - "anchore/ecs-inventory:{{ .Tag }}-fips-amd64"
+    dockerfile: Dockerfile
+    use: buildx
+    ids:
+      - fips
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--build-arg=BUILD_DATE={{.Date}}"
+      - "--build-arg=BUILD_VERSION={{.Version}}"
+      - "--build-arg=VCS_REF={{.FullCommit}}"
+      - "--build-arg=VCS_URL={{.GitURL}}"
+
 docker_manifests:
   - name_template: anchore/ecs-inventory:{{ .Tag }}
     image_templates:
       - anchore/ecs-inventory:{{ .Tag }}-amd64
+      - anchore/ecs-inventory:{{ .Tag }}-fips-amd64
       - anchore/ecs-inventory:v{{ .Major }}-amd64
       - anchore/ecs-inventory:v{{ .Major }}.{{ .Minor }}-amd64
       - anchore/ecs-inventory:{{ .Tag }}-arm64v8
@@ -74,6 +121,7 @@ docker_manifests:
   - name_template: anchore/ecs-inventory:latest
     image_templates:
       - anchore/ecs-inventory:{{ .Tag }}-amd64
+      - anchore/ecs-inventory:{{ .Tag }}-fips-amd64
       - anchore/ecs-inventory:v{{ .Major }}-amd64
       - anchore/ecs-inventory:v{{ .Major }}.{{ .Minor }}-amd64
       - anchore/ecs-inventory:{{ .Tag }}-arm64v8