Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Add docker images built using FIPS binaries #7392

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Razeen-Abdal-Rahman wants to merge 1 commit into release-5.8
base: release-5.8
Choose a base branch
Loading
from TT-15334/release-5.8
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions .github/workflows/release.yml
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ jobs:
debvers: 'ubuntu/xenial ubuntu/bionic ubuntu/focal ubuntu/jammy ubuntu/noble debian/jessie debian/buster debian/bullseye debian/bookworm debian/trixie'
outputs:
ee_tags: ${{ steps.ci_metadata_ee.outputs.tags }}
fips_tags: ${{ steps.ci_metadata_fips.outputs.tags }}
std_tags: ${{ steps.ci_metadata_std.outputs.tags }}
commit_author: ${{ steps.set_outputs.outputs.commit_author}}
steps:
Expand Down Expand Up @@ -197,6 +198,71 @@ jobs:
labels: ${{ steps.tag_metadata_ee.outputs.labels }}
build-args: |
BUILD_PACKAGE_NAME=tyk-gateway-ee
- name: Docker metadata for fips CI
id: ci_metadata_fips
if: ${{ matrix.golang_cross == '1.24-bullseye' }}
uses: docker/metadata-action@v5
with:
images: |
${{ steps.ecr.outputs.registry }}/tyk
flavor: |
latest=false
tags: |
type=ref,event=branch
type=ref,event=pr
type=sha,format=long
type=semver,pattern={{major}},prefix=v
type=semver,pattern={{major}}.{{minor}},prefix=v
type=semver,pattern={{version}},prefix=v
- name: push fips image to CI
if: ${{ matrix.golang_cross == '1.24-bullseye' }}
uses: docker/build-push-action@v6
with:
context: "dist"
platforms: linux/amd64,linux/arm64,linux/s390x
file: ci/Dockerfile.distroless
provenance: mode=max
sbom: true
push: true
cache-from: type=gha
cache-to: type=gha,mode=max
tags: ${{ steps.ci_metadata_fips.outputs.tags }}
labels: ${{ steps.ci_metadata_fips.outputs.labels }}
build-args: |
BUILD_PACKAGE_NAME=tyk-gateway-fips
- name: Docker metadata for fips tag push
id: tag_metadata_fips
uses: docker/metadata-action@v5
with:
images: |
tykio/tyk-gateway
flavor: |
latest=false
prefix=v
tags: |
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{version}}
labels: |
org.opencontainers.image.title=Tyk Gateway FIPS
org.opencontainers.image.description=Tyk Open Source API Gateway written in Go, supporting REST, GraphQL, TCP and gRPC protocols Built with boringssl
org.opencontainers.image.vendor=tyk.io
org.opencontainers.image.version=${{ github.ref_name }}
- name: push fips image to prod
if: ${{ matrix.golang_cross == '1.24-bullseye' }}
uses: docker/build-push-action@v6
with:
context: "dist"
platforms: linux/amd64,linux/arm64,linux/s390x
file: ci/Dockerfile.distroless
provenance: mode=max
sbom: true
cache-from: type=gha
cache-to: type=gha,mode=max
push: ${{ startsWith(github.ref, 'refs/tags') }}
tags: ${{ steps.tag_metadata_fips.outputs.tags }}
labels: ${{ steps.tag_metadata_fips.outputs.labels }}
build-args: |
BUILD_PACKAGE_NAME=tyk-gateway-fips
- name: Docker metadata for std CI
id: ci_metadata_std
if: ${{ matrix.golang_cross == '1.24-bullseye' }}
Expand Down
10 changes: 5 additions & 5 deletions ci/Dockerfile.std
View file Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,17 +13,17 @@ RUN apt-get update \
RUN dpkg --purge --force-remove-essential curl ncurses-base || true
RUN rm -fv /usr/bin/passwd /usr/sbin/adduser || true

# Comment this to test in dev
COPY dist/${BUILD_PACKAGE_NAME}_*_${TARGETARCH}.deb /
RUN dpkg -i /${BUILD_PACKAGE_NAME}_*_${TARGETARCH}.deb && find / -maxdepth 1 -name "*.deb" -delete

# Clean up caches, unwanted .a and .o files
RUN rm -rf /root/.cache \
&& apt-get -y autoremove \
&& apt-get clean \
&& rm -rf /usr/include/* /var/cache/apt/archives /var/lib/{apt,dpkg,cache,log} \
&& rm -rf /usr/include/* /var/cache/apt/archives /var/lib/apt /var/lib/cache /var/log/* \
&& find /usr/lib -type f -name '*.a' -o -name '*.o' -delete

# Comment this to test in dev
COPY ${BUILD_PACKAGE_NAME}_*${TARGETARCH}.deb /
RUN dpkg -i /${BUILD_PACKAGE_NAME}*${TARGETARCH}.deb && rm /*.deb

ARG PORTS

EXPOSE $PORTS
Expand Down
Loading
Loading

AltStyle によって変換されたページ (->オリジナル) /