next: add golang fips tags, and use ubi instead of minimal

add fips GOEXPERIMENT and golang build tags
use ubi and not ubi minimal as the openssh-clients package
has dependencies which are available in ubi and not
ubi-minimal

Author: waveywaves

.konflux/dockerfiles/git-init.Dockerfile

@@ -1,5 +1,6 @@
 ARG GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:v1.23
-ARG RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal:latest@sha256:92b1d5747a93608b6adb64dfd54515c3c5a360802db4706765ff3d8470df6290
+# note: use ubi image instead of ubi-minimal to avoid issues openssh-clients needing deps only available in ubi
+ARG RUNTIME=registry.access.redhat.com/ubi9/ubi@sha256:304b50df1ea4db9706d8a30f4bbf26f582936ebc80c7e075c72ff2af99292a54
 
 FROM $GO_BUILDER AS builder
 
@@ -9,7 +10,8 @@ COPY .konflux/patches patches/
 RUN set -e; for f in patches/*.patch; do echo ${f}; [[ -f ${f} ]] || continue; git apply ${f}; done
 COPY head HEAD
 ENV GODEBUG="http2server=0"
-RUN cd image/git-init && go build -ldflags="-X 'knative.dev/pkg/changeset.rev=$(cat HEAD)'" -mod=vendor -v -o /tmp/tektoncd-catalog-git-clone
+ENV GOEXPERIMENT=strictfipsruntime
+RUN cd image/git-init && go build -ldflags="-X 'knative.dev/pkg/changeset.rev=$(cat HEAD)'" -mod=vendor -tags strictfipsruntime -v -o /tmp/tektoncd-catalog-git-clone
 
 FROM $RUNTIME
 ARG VERSION=git-init-next
@@ -18,7 +20,7 @@ ENV BINARY=git-init \
     KO_APP=/ko-app \
     KO_DATA_PATH=/kodata
 
-RUN microdnf install -y openssh-clients git git-lfs shadow-utils
+RUN dnf install -y openssh-clients git git-lfs shadow-utils
 
 COPY --from=builder /tmp/tektoncd-catalog-git-clone ${KO_APP}/${BINARY}
 COPY head ${KO_DATA_PATH}/HEAD