enable CGO to meet go compliance for dpu-operator dpu-intel-ipu-vsp and dpu-daemon #499
Conversation
| @@ -14,7 +14,7 @@ COPY . . | |||
|
|
|||
| # Due to https://github.com/golang/go/issues/70329 cross-compilation hangs at times. | |||
| # As a temporary workaround, we can try specifying GOMAXPROCS=2 to relieve this issue | |||
| RUN GOMAXPROCS=2 CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} make build-manager | |||
| RUN GOMAXPROCS=2 CGO_ENABLED=1 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} make build-manager | |||
There was a problem hiding this comment.
Could you please explain in the commit message why "[it] should be enabled"?
Also, please summarize in one sentence what this environment variable does and what CGO is.
It would also be interesting, why we currently have CGO_ENABLED=0, and what now changed so we enable it. But the git history is not clear about that, so we might not know. If you know, please elaborate. If you don't know, say "I don't know why it was CGO_ENABLED=0 from the beginning. We shouldn' do that anymore.".
Please explain why things are done!
There was a problem hiding this comment.
well, you said "to meet go compliance".
Please elaborate on what that means. And do so in the commit message.
There was a problem hiding this comment.
thanks, description updated
There was a problem hiding this comment.
operators should enable FIPS support, this is a reference doc https://docs.google.com/document/d/1CTpSwITQfOgoOTlPITZNJZy0ltYz60hxkmWsLemCqw0/edit?tab=t.0#heading=h.xyd5bvyfbwmm
There was a problem hiding this comment.
why we currently have CGO_ENABLED=0, and what now changed so we enable it.
This should be found earlier once FIPS is enabled, somehow it didn't find until now, this means this may need backport to lower releases(4.16-4.19).
There was a problem hiding this comment.
Might as well do it for all docker files. The pattern is the same for all of them.
|
/test make-e2e-test |
|
/retest |
|
/test make-e2e-test /lgtm |
openshift-ci
bot
added
lgtm
|
@Ximinhan can you update all dockerfiles? |
1 similar comment
|
@Ximinhan can you update all dockerfiles? |
Ximinhan
changed the title
|
/lgtm |
openshift-ci-robot
added
the
verified
|
@bn222: The In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bn222, Ximinhan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/retest |
|
/test make-test |
|
/retest |
|
@Ximinhan: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
CGO_ENABLED should be enabled, the dpu-operator builds in 4.20 can't be released because it failed the go FIPS check, all images in ocp should meet go compliance check.
the failed job is(not sure you can access): https://konflux-ui.apps.kflux-ocp-p01.7ayg.p1.openshiftapps.com/ns/ocp-art-tenant/applications/fbc-openshift-4-20/pipelineruns/fbc-ose-4-20-dpu-operator-jpl4b
dpu-operator-container,/manager,go binary is not CGO_ENABLEDI asked in the slack thread https://redhat-internal.slack.com/archives/CB95J6R4N/p1754988189100909, since I am not the member of this repo, If owner know better how to adjuest it feel free to close this pr.