Add FIPS pipeline
What does this MR do?
As part of being FIPS compliant, we need docker images of go/gitlab-pages/other components which are FIPS compliant.
Initial approach was to have separate images for fips variant. e.g.
-
gitlab-go-fips
- Installs go that uses FIPS compliant crypto functions -
gitlab-pages-fips
- Installs Pages usinggitlab-go-fips
However, most of the code for gitlab-pages-fips
is very similar to gitlab-pages
. It would become more of a maintenance problem going forward. Based on the discussion , @stanhu
made changes in !976 (closed) to have a FIPS pipeline similar to UBI pipeline. This MR builds up on top of that to mainly add support for multiple openshift.metadata
files based on the type of pipeline
Summary of changes
- Add support for FIPS pipeline
- Add support for multiple
openshift.metadata
files with backwards compatability- For FIPS pipelines, it will try to read first from
openshift.metadata.fips
. If that is not available, it will fall back toopenshift.metadata
- For UBI pipelines, it will try to read first from
openshift.metadata.ubi8
. If that is not available, it will fall back toopenshift.metadata
- For FIPS pipelines, it will try to read first from
Related issues
Checklist
See Definition of done.
For anything in this list which will not be completed, please provide a reason in the MR discussion
Required
-
Merge Request Title, and Description are up to date, accurate, and descriptive -
MR targeting the appropriate branch -
MR has a green pipeline on GitLab.com
Expected (please provide an explanation if not completing)
-
Test plan indicating conditions for success has been posted and passes -
Documentation created/updated -
Integration tests added to GitLab QA -
The impact any change in container size has should be evaluated