github.com/minio/minio@v0.0.0-20240328213742-3f72439b8a27/.github/workflows/go-fips.yml (about) 1 name: FIPS Build Test 2 3 on: 4 pull_request: 5 branches: 6 - master 7 - next 8 9 # This ensures that previous jobs for the PR are canceled when the PR is 10 # updated. 11 concurrency: 12 group: ${{ github.workflow }}-${{ github.head_ref }} 13 cancel-in-progress: true 14 15 permissions: 16 contents: read 17 18 jobs: 19 build: 20 name: Go BoringCrypto ${{ matrix.go-version }} on ${{ matrix.os }} 21 runs-on: ${{ matrix.os }} 22 strategy: 23 matrix: 24 go-version: [1.21.x] 25 os: [ubuntu-latest] 26 steps: 27 - uses: actions/checkout@v3 28 - uses: actions/setup-go@v3 29 with: 30 go-version: ${{ matrix.go-version }} 31 32 - name: Set up Docker Buildx 33 uses: docker/setup-buildx-action@v2 34 35 - name: Setup dockerfile for build test 36 run: | 37 GO_VERSION=$(go version | cut -d ' ' -f 3 | sed 's/go//') 38 echo Detected go version $GO_VERSION 39 cat > Dockerfile.fips.test <<EOF 40 FROM golang:${GO_VERSION} 41 COPY . /minio 42 WORKDIR /minio 43 ENV GOEXPERIMENT=boringcrypto 44 RUN make 45 EOF 46 47 - name: Build 48 uses: docker/build-push-action@v3 49 with: 50 context: . 51 file: Dockerfile.fips.test 52 push: false 53 load: true 54 tags: minio/fips-test:latest 55 56 # This should fail if grep returns non-zero exit 57 - name: Test binary 58 run: | 59 docker run --rm minio/fips-test:latest ./minio --version 60 docker run --rm -i minio/fips-test:latest /bin/bash -c 'go tool nm ./minio | grep FIPS | grep -q FIPS'