Merge pull request #14 from anirudhAgniRedhat/fix-go-version-build-fix

NO-JIRA: Downgrades the go versions for spire-server, spire-agents and spire-oidc-discovery-provider builds

Author: openshift-merge-bot[bot]

.gitignore

@@ -1,3 +1,2 @@
 .idea
-
-bin
+bin/

Containerfile.spiffe-spiffe-csi

@@ -12,6 +12,8 @@ ENV GOEXPERIMENT=strictfipsruntime
 ENV CGO_ENABLED=1
 ENV GOFLAGS=""
 
+RUN sed -i 's/^go 1\.24/go 1.23/' go.mod
+
 RUN go build -o bin/spiffe-csi-driver -ldflags '-w -s' -tags ${GO_BUILD_TAGS} cmd/spiffe-csi-driver/main.go
 
 FROM registry.redhat.io/rhel9-4-els/rhel:9.4

Containerfile.spire-agent

@@ -6,6 +6,11 @@ WORKDIR ${SOURCE_DIR}
 COPY spiffe-spire .
 COPY spiffe-spire/LICENSE /licenses/.
 
+# 1. Clean up .go-version and go.mod to support Go 1.23.6
+RUN echo "1.23.6" > .go-version && \
+    sed -i '/^tool /d' go.mod && \
+    sed -i 's/^go 1\.24\.1$/go 1.23.6/' go.mod
+
 ENV CGO_ENABLED=1
 ENV GOFLAGS=""
 ENV GO_BUILD_TAGS=strictfipsruntime,openssl

Containerfile.spire-oidc-discovery-provider

@@ -7,14 +7,20 @@ WORKDIR ${SOURCE_DIR}
 COPY spiffe-spire .
 COPY spiffe-spire/LICENSE /licenses/.
 
-# 3. Build the entire package (not just main.go)
+# 1. Clean up .go-version and go.mod to support Go 1.23.6
+RUN echo "1.23.6" > .go-version && \
+    sed -i '/^tool /d' go.mod && \
+    sed -i 's/^go 1\.24\.1$/go 1.23.6/' go.mod
+
+# 2. Build the binary
 ENV CGO_ENABLED=1
 ENV GOFLAGS=""
 ENV GO_BUILD_TAGS=strictfipsruntime,openssl
 ENV GOEXPERIMENT=strictfipsruntime
 
 RUN go build -o bin/oidc-discovery-provider -ldflags '-w -s' -tags ${GO_BUILD_TAGS} ./support/oidc-discovery-provider
 
+# Stage 2: Minimal runtime image
 FROM registry.redhat.io/rhel9-4-els/rhel:9.4
 
 ARG RELEASE_VERSION
@@ -42,4 +48,4 @@ LABEL com.redhat.component="oidc-discovery-provider-container" \
       io.k8s.display-name="OIDC Discovery Provider" \
       io.k8s.description="Container for OIDC Discovery Provider to expose SPIFFE identities via standard OIDC interfaces"
 
-ENTRYPOINT ["/oidc-discovery-provider"]
+ENTRYPOINT ["/oidc-discovery-provider"]

Containerfile.spire-server

@@ -20,6 +20,12 @@ ENV GOCACHE=/go-cache
 ENV GOMODCACHE=/go-mod
 RUN mkdir -p ${GOTMPDIR} ${GOCACHE} ${GOMODCACHE}
 
+# 1. Clean up .go-version and go.mod to support Go 1.23.6
+RUN echo "1.23.6" > .go-version && \
+    sed -i '/^tool /d' go.mod && \
+    sed -i 's/^go 1\.24\.1$/go 1.23.6/' go.mod
+
+
 # Build the binary and clean up Go build artifacts to free up space
 RUN go build -o bin/spire-server -ldflags '-w -s' -tags ${GO_BUILD_TAGS} cmd/spire-server/main.go \
     && go clean -cache -modcache -i -r \

Makefile

@@ -5,7 +5,6 @@ zero_trust_workload_identity_manager_containerfile_name = Containerfile.zero-tru
 zero_trust_workload_identity_manager_bundle_containerfile_name = Containerfile.zero-trust-workload-identity-manager.bundle
 
 spiffe_spire_submodule_dir = spiffe-spire
-spiffe_spire_containerfile_name = Containerfile.spiffe-spire
 
 spiffe_spire_controller_manager_submodule_dir = spiffe-spire-controller-manager
 spiffe_spire_controller_manager_containerfile_name = Containerfile.spiffe-spire-controller-manager
@@ -67,13 +66,11 @@ SPIFFE_SPIFFE_CSI_IMAGE ?= spiffe-spiffe-csi
 
 
 ## image version to tag the created images with.
-IMAGE_VERSION ?= $(release_version)
+IMAGE_VERSION ?= 0.1.0
 
-## image tag makes use of the branch name and
-## when branch name is `main` use `latest` as the tag.
-ifeq ($(release_version), main)
-IMAGE_VERSION = latest
-endif
+SPIFFE_SPIRE_IMAGE_VERSION ?= v1.12.0
+SPIFFE_CSI_IMAGE_VERSION ?= v0.2.7
+SPIFFE_SPIRE_CONTROLLER_MANAGER_IMAGE_VERSION ?= v0.6.2
 
 ## args to pass during image build
 IMAGE_BUILD_ARGS ?= --build-arg RELEASE_VERSION=$(release_version) --build-arg COMMIT_SHA=$(commit_sha) --build-arg SOURCE_URL=$(source_url)
@@ -133,40 +130,34 @@ build-operator-image:
 ## build spiffe-csi image.
 .PHONY: build-spiffe-csi-image
 build-spiffe-csi-image:
-	$(IMAGE_BUILD_CMD) -f $(spiffe_spiffe_csi_containerfile_name) -t $(SPIFFE_SPIFFE_CSI_IMAGE):$(IMAGE_VERSION) .
+	$(IMAGE_BUILD_CMD) -f $(spiffe_spiffe_csi_containerfile_name) -t $(SPIFFE_SPIFFE_CSI_IMAGE):$(SPIFFE_CSI_IMAGE_VERSION) .
 
 ## build all operand images
 .PHONY: build-operand-images
-build-operand-images: build-spiffe-spire-image
+build-operand-images: build-spiffe-csi-image build-spire-agent-image build-spire-controller-manager-image build-spire-server-image build-spire-oidc-discovery-provider-image
 
 ## build operator bundle image.
 .PHONY: build-bundle-image
 build-bundle-image:
 	$(IMAGE_BUILD_CMD) -f $(zero_trust_workload_identity_manager_bundle_containerfile_name) -t $(ZERO_TRUST_WORKLOAD_IDENTITY_MANAGER_BUNDLE_IMAGE):$(IMAGE_VERSION) .
 
-## build operand spiffe-spire image.
-.PHONY: build-spiffe-spire-image
-build-spiffe-spire-image:
-	$(IMAGE_BUILD_CMD) -f $(spiffe_spire_containerfile_name) -t $(SPIFFE_SPIRE_IMAGE):$(IMAGE_VERSION) .
-
-
 ## build operand spire-controller-manager image.
 .PHONY: build-spire-controller-manager-image
 build-spire-controller-manager-image:
-	$(IMAGE_BUILD_CMD) -f $(spiffe_spire_controller_manager_containerfile_name) -t $(SPIFFE_SPIRE_CONTROLLER_MANAGER_IMAGE):$(IMAGE_VERSION) .
+	$(IMAGE_BUILD_CMD) -f $(spiffe_spire_controller_manager_containerfile_name) -t $(SPIFFE_SPIRE_CONTROLLER_MANAGER_IMAGE):$(SPIFFE_SPIRE_CONTROLLER_MANAGER_IMAGE_VERSION) .
 
 ## build operand spire-controller-manager image.
 .PHONY: build-spire-server-image
 build-spire-server-image:
-	$(IMAGE_BUILD_CMD) -f $(spiffe_spire_server_containerfile_name) -t $(SPIFFE_SPIRE_SERVER_IMAGE):$(IMAGE_VERSION) .
+	$(IMAGE_BUILD_CMD) -f $(spiffe_spire_server_containerfile_name) -t $(SPIFFE_SPIRE_SERVER_IMAGE):$(SPIFFE_SPIRE_IMAGE_VERSION) .
 
 .PHONY: build-spire-agent-image
 build-spire-agent-image:
-	$(IMAGE_BUILD_CMD) -f $(spiffe_spire_agent_containerfile_name) -t $(SPIFFE_SPIRE_AGENT_IMAGE):$(IMAGE_VERSION) .
+	$(IMAGE_BUILD_CMD) -f $(spiffe_spire_agent_containerfile_name) -t $(SPIFFE_SPIRE_AGENT_IMAGE):$(SPIFFE_SPIRE_IMAGE_VERSION) .
 
 .PHONY: build-spire-oidc-discovery-provider-image
 build-spire-oidc-discovery-provider-image:
-	$(IMAGE_BUILD_CMD) -f $(spiffe_spire_oidc_discovery_provider_containerfile_name) -t $(SPIFFE_SPIRE_OIDC_DISCOVERY_PROVIDER_IMAGE):$(IMAGE_VERSION) .
+	$(IMAGE_BUILD_CMD) -f $(spiffe_spire_oidc_discovery_provider_containerfile_name) -t $(SPIFFE_SPIRE_OIDC_DISCOVERY_PROVIDER_IMAGE):$(SPIFFE_SPIRE_IMAGE_VERSION) .
 
 ## check shell scripts.
 .PHONY: verify-shell-scripts
@@ -189,11 +180,16 @@ update: update-submodules
 ## clean up temp dirs, images.
 .PHONY: clean
 clean:
-	podman rmi -i $(ZERO_TRUST_WORKLOAD_IDENTITY_MANAGER_IMAGE):$(IMAGE_VERSION) \
-$(SPIFFE_SPIRE_IMAGE):$(IMAGE_VERSION) \
-$(SPIFFE_SPIRE_CONTROLLER_MANAGER_IMAGE):$(IMAGE_VERSION) \
-$(SPIFFE_SPIFFE_CSI_IMAGE):$(IMAGE_VERSION) \
-$(ZERO_TRUST_WORKLOAD_IDENTITY_MANAGER_BUNDLE_IMAGE):$(IMAGE_VERSION)
+	$(CONTAINER_ENGINE) rmi \
+		$(ZERO_TRUST_WORKLOAD_IDENTITY_MANAGER_IMAGE):$(IMAGE_VERSION) \
+		$(SPIFFE_SPIRE_SERVER_IMAGE):$(SPIFFE_SPIRE_IMAGE_VERSION) \
+		$(SPIFFE_SPIRE_AGENT_IMAGE):$(SPIFFE_SPIRE_IMAGE_VERSION) \
+		$(SPIFFE_SPIRE_OIDC_DISCOVERY_PROVIDER_IMAGE):$(SPIFFE_SPIRE_IMAGE_VERSION) \
+		$(SPIFFE_SPIRE_CONTROLLER_MANAGER_IMAGE):$(IMAGE_VERSION) \
+		$(SPIFFE_SPIFFE_CSI_IMAGE):$(SPIFFE_CSI_IMAGE_VERSION) \
+		$(ZERO_TRUST_WORKLOAD_IDENTITY_MANAGER_BUNDLE_IMAGE):$(IMAGE_VERSION)
+
+
 
 ## validate renovate config.
 .PHONY: validate-renovate-config

README.md

@@ -28,8 +28,6 @@ outside the main code repository for better management.
 - [spiffe-spire](https://github.com/openshift/spiffe-spire)
 - [spiffe-spire-controller-manager](https://github.com/openshift/spiffe-spire-controller-manager)
 - [spiffe-spiffe-csi](https://github.com/openshift/spiffe-spiffe-csi)
-- [spiffe-spiffe-helper](https://github.com/openshift/spiffe-spiffe-helper)
-- [spiffe-go-spiffe](https://github.com/openshift/spiffe-go-spiffe)
 
 In each release branch the git submodules are configured with equivalent release branch in their respective origin
 repositories. And when switching the parent repository between different branches, the submodule branches will not be