Add a CI job to test changes with FIPS enabled
Follows on from #624 (closed).
Fault
As described in the previous MR, there's a sequence of cryptic errors when attempting to add a CI job that enables FIPS_MODE
for gitlab-shell.
The initial error when enabling that env var is:
package gitlab.com/gitlab-org/gitlab-shell/v14/cmd/gitlab-shell
imports gitlab.com/gitlab-org/labkit/fips
imports crypto/boring: build constraints exclude all Go files in /usr/local/go/src/crypto/boring
I tried adding the following in cmd/gitlab-shell/main.go
:
//go:build boringcrypto
// +build boringcrypto
But this results in another error:
cmd/gitlab-shell/main.go:14:2: cannot find package
Reproduction
Add the following CI job to .gitlab-ci.yml
:
tests_with_fips:
extends:
- .cached-job
- .go-matrix-job
- .test-job
variables:
FIPS_MODE: 1
CGO_ENABLED: 0 # this should be toggled on in the Makefile so this is disabled in order to test that
script:
- make verify test_fancy