Ensure `go-fips` container is rebuilt when the version of Go is updated
What does this MR do?
This MR adds .gitlab/ci/_common.gitlab-ci.yml
to the build-rules for the go-fips
image to ensure it's built when GO_FIPS_VERSION
changes.
It also updates the default value for the name of the go go-fips
image.
Why was this MR needed?
The rules to rebuild the go-fips
image are when any of the following files are changed:
- dockerfiles/ci/go.fips.Dockerfile
- dockerfiles/ci/go.fips.Dockerfile.rebuild
- .gitlab/ci/prepare.gitlab-ci.yml
However, the GO_FIPS_VERSION
variable used in .gitlab/ci/prepare.gitlab-ci.yml
is defined in .gitlab/ci/_common.gitlab-ci.yml
, which is imported by .gitlab/ci/prepare.gitlab-ci.yml
. Because _common.gitlab-ci.yml
is not in the above list, changing the value of that variable won't trigger a rebuild of the image, which is wrong.
What's the best way to test this MR?
I've added a commit that pokes .gitlab/ci/_common.gitlab-ci.yml
to ensure the prepare go fips
job is triggered (https://gitlab.com/gitlab-org/gitlab-runner/-/jobs/3233396466), and ensured the downstream scan of that image is also triggered (https://gitlab.com/gitlab-com/gl-security/appsec/container-scanners/-/jobs/3233418125). I'll remove that commit before merging the MR.