chore: update go build to be fips enabled

waveywaves · waveywaves · commit c65b56b18487 · 2025-05-28T06:23:59.000+05:30
diff --git a/.konflux/dockerfiles/controller.Dockerfile b/.konflux/dockerfiles/controller.Dockerfile
@@ -7,9 +7,10 @@ WORKDIR /go/src/github.com/openshift-pipelines/manual-approval-gate
 COPY . .
 RUN set -e; for f in patches/*.patch; do echo ${f}; [[ -f ${f} ]] || continue; git apply ${f}; done
 ENV GODEBUG="http2server=0"
+ENV GOEXPERIMENT=strictfipsruntime
 RUN git rev-parse HEAD > /tmp/HEAD
 RUN CGO_ENABLED=0 \
-    go build -ldflags="-X 'knative.dev/pkg/changeset.rev=$(cat /tmp/HEAD)'" -mod=vendor -tags disable_gcp -v -o /tmp/manual-approval-gate-controller \
+    go build -ldflags="-X 'knative.dev/pkg/changeset.rev=$(cat /tmp/HEAD)'" -mod=vendor -tags disable_gcp -tags strictfipsruntime  -v -o /tmp/manual-approval-gate-controller \
     ./cmd/controller
 
 FROM $RUNTIME
diff --git a/.konflux/dockerfiles/webhook.Dockerfile b/.konflux/dockerfiles/webhook.Dockerfile
@@ -7,9 +7,10 @@ WORKDIR /go/src/github.com/openshift-pipelines/manual-approval-gate
 COPY . .
 RUN set -e; for f in patches/*.patch; do echo ${f}; [[ -f ${f} ]] || continue; git apply ${f}; done
 ENV GODEBUG="http2server=0"
+ENV GOEXPERIMENT=strictfipsruntime
 RUN git rev-parse HEAD > /tmp/HEAD
 RUN CGO_ENABLED=0 \
-    go build -ldflags="-X 'knative.dev/pkg/changeset.rev=$(cat /tmp/HEAD)'" -mod=vendor -tags disable_gcp -v -o /tmp/manual-approval-gate-webhook \
+    go build -ldflags="-X 'knative.dev/pkg/changeset.rev=$(cat /tmp/HEAD)'" -mod=vendor -tags disable_gcp -tags strictfipsruntime  -v -o /tmp/manual-approval-gate-webhook \
     ./cmd/webhook
 
 FROM $RUNTIME
