-
Notifications
You must be signed in to change notification settings - Fork 82
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TT-12103 Pump FIPS compliant #825
Closed
Changes from all commits
Commits
Show all changes
27 commits
Select commit
Hold shift + click to select a range
0875ad4
adding boringcrypto
mativm02 8497730
removing unused binary
mativm02 0507b94
adding GOEXPERIMENT
mativm02 40d437e
Merge branch 'master' into TT-12103
mativm02 8dceb61
improving ci-test.sh
mativm02 8b5256d
Merge branch 'TT-12103' of github.com:TykTechnologies/tyk-pump into T…
mativm02 8a97e57
adding boringcrypto to goreleaser
mativm02 800be75
Merge branch 'master' into TT-12103
mativm02 8aea109
commenting new step
mativm02 fe76404
Merge branch 'TT-12103' of github.com:TykTechnologies/tyk-pump into T…
mativm02 691570c
removing duplicated 'jobs'
mativm02 2794b3c
uncommenting job
mativm02 400e05f
adding if statement within the same step
mativm02 42cab62
chore: Update Dockerfile.std with GOEXPERIMENT environment variable
mativm02 f24f28e
formatting
mativm02 c66c8ed
formatting 2
mativm02 c79fb59
commenting borincrypto
mativm02 6d8966b
chore: Update Dockerfile.std with GOEXPERIMENT environment variable
mativm02 cf5feba
modifying go_tags to tags
mativm02 bed98e3
adding build tag
mativm02 c1e90ec
refactor: Update build tag logic in release workflow
mativm02 eeac37f
refactor: Update build tag logic in release workflow
mativm02 666e3ad
refactor: Improve accuracy of build tag logic in release workflow
mativm02 8804bda
refactor: Improve accuracy of build tag logic in release workflow
mativm02 fdb5739
refactor: Update build tag logic in release workflow to include borin…
mativm02 e77c76c
refactor: Update build tag logic in release workflow to include borin…
mativm02 5ee1f94
refactor: Update build tag logic in release workflow to include borin…
mativm02 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,100 @@ | ||
# ci/goreleaser/goreleaser-boringcrypto.yml | ||
# Similar to the existing goreleaser.yml but with boringcrypto tags | ||
builds: | ||
- id: std | ||
ldflags: | ||
- -X github.com/TykTechnologies/tyk-pump/pumps.Version={{.Version}} | ||
- -X github.com/TykTechnologies/tyk-pump/pumps.Commit={{.FullCommit}} | ||
- -X github.com/TykTechnologies/tyk-pump/pumps.BuildDate={{.Date}} | ||
- -X github.com/TykTechnologies/tyk-pump/pumps.BuiltBy=goreleaser | ||
goos: | ||
- linux | ||
goarch: | ||
- amd64 | ||
binary: tyk-pump | ||
tags: | ||
- boringcrypto | ||
dockers: | ||
- ids: | ||
- std | ||
image_templates: | ||
- "tykio/tyk-pump-docker-pub:{{.Tag}}-amd64-boringcrypto" | ||
build_flag_templates: | ||
- "--build-arg=PORTS=80" | ||
- "--platform=linux/amd64" | ||
- "--label=org.opencontainers.image.created={{.Date}}" | ||
- "--label=org.opencontainers.image.title={{.ProjectName}}" | ||
- "--label=org.opencontainers.image.revision={{.FullCommit}}" | ||
- "--label=org.opencontainers.image.version={{.Version}}" | ||
use: buildx | ||
goarch: amd64 | ||
goos: linux | ||
dockerfile: ci/Dockerfile.std | ||
extra_files: | ||
- "ci/install/" | ||
- "README.md" | ||
- "LICENSE.md" | ||
- "pump.example.conf" | ||
docker_manifests: | ||
- name_template: tykio/tyk-pump-docker-pub:{{ .Tag }}-boringcrypto | ||
image_templates: | ||
- tykio/tyk-pump-docker-pub:{{ .Tag }}-amd64-boringcrypto | ||
nfpms: | ||
- id: std | ||
vendor: "Tyk Technologies Ltd" | ||
homepage: "https://tyk.io" | ||
maintainer: "Tyk <info@tyk.io>" | ||
description: Tyk Analytics Pump to move analytics data from Redis to any supported back end (multiple back ends can be written to at once). | ||
package_name: tyk-pump | ||
file_name_template: "{{ .ConventionalFileName }}" | ||
builds: | ||
- std | ||
formats: | ||
- deb | ||
- rpm | ||
contents: | ||
- src: "README.md" | ||
dst: "/opt/share/docs/tyk-pump/README.md" | ||
- src: "ci/install/*" | ||
dst: "/opt/tyk-pump/install" | ||
- src: ci/install/inits/systemd/system/tyk-pump.service | ||
dst: /lib/systemd/system/tyk-pump.service | ||
- src: ci/install/inits/sysv/init.d/tyk-pump | ||
dst: /etc/init.d/tyk-pump | ||
- src: "LICENSE.md" | ||
dst: "/opt/share/docs/tyk-pump/LICENSE.md" | ||
- src: pump.example.conf | ||
dst: /opt/tyk-pump/pump.conf | ||
type: "config|noreplace" | ||
scripts: | ||
preinstall: "ci/install/before_install.sh" | ||
postinstall: "ci/install/post_install.sh" | ||
postremove: "ci/install/post_remove.sh" | ||
bindir: "/opt/tyk-pump" | ||
rpm: | ||
scripts: | ||
posttrans: ci/install/post_trans.sh | ||
signature: | ||
key_file: tyk.io.signing.key | ||
deb: | ||
signature: | ||
key_file: tyk.io.signing.key | ||
type: origin | ||
publishers: | ||
- name: tyk-pump-unstable | ||
env: | ||
- PACKAGECLOUD_TOKEN={{ .Env.PACKAGECLOUD_TOKEN }} | ||
cmd: packagecloud publish --debvers "{{ .Env.DEBVERS }}" --rpmvers "{{ .Env.RPMVERS }}" tyk/tyk-pump-unstable {{ .ArtifactPath }} | ||
archives: | ||
- format: binary | ||
allow_different_binary_count: true | ||
checksum: | ||
disable: true | ||
release: | ||
disable: true | ||
github: | ||
owner: TykTechnologies | ||
name: tyk-pump | ||
prerelease: auto | ||
draft: true | ||
name_template: "{{.ProjectName}}-v{{.Version}}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
//go:build boringcrypto | ||
// +build boringcrypto | ||
|
||
package pumps | ||
|
||
import _ "crypto/tls/fipsonly" |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At the moment, all the crypto-related functions are within the
pumps
package, but this test is running over all the packages. Should we run it only forpumps
package, or leave it as it is?