From 419185dd3fb2c975968b4bf99d8c149c45fc07eb Mon Sep 17 00:00:00 2001
From: DJ Mountney <dj@gitlab.com>
Date: Thu, 13 Apr 2023 03:09:27 +0000
Subject: [PATCH] Use workhorse build image with exiftool

- Update workhorse ci to use a build image
  with exiftool already installed
---
 .gitlab-ci.yml                     | 1 +
 .gitlab/ci/workhorse.gitlab-ci.yml | 8 +++++---
 workhorse/Makefile                 | 6 ++++++
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6624d31a51d3c..3c11a35a97526 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -139,6 +139,7 @@ variables:
   GIT_SUBMODULE_STRATEGY: "none"
   GET_SOURCES_ATTEMPTS: "3"
   DEBIAN_VERSION: "bullseye"
+  UBI_VERSION: "8.6"
   CHROME_VERSION: "109"
   DOCKER_VERSION: "23.0.1"
   RUBY_VERSION: "2.7"
diff --git a/.gitlab/ci/workhorse.gitlab-ci.yml b/.gitlab/ci/workhorse.gitlab-ci.yml
index 389906dbbffa4..ae0b15bbdb8aa 100644
--- a/.gitlab/ci/workhorse.gitlab-ci.yml
+++ b/.gitlab/ci/workhorse.gitlab-ci.yml
@@ -10,7 +10,7 @@ workhorse:verify:
 
 .workhorse:test:
   extends: .workhorse:rules:workhorse
-  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-golang-${GO_VERSION}:git-2.36
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/debian-${DEBIAN_VERSION}-ruby-${RUBY_VERSION}-golang-${GO_VERSION}-rust-${RUST_VERSION}:rubygems-${RUBYGEMS_VERSION}-git-2.36-exiftool-12.60
   variables:
     GITALY_ADDRESS: "tcp://127.0.0.1:8075"
   stage: test
@@ -18,7 +18,6 @@ workhorse:verify:
     - setup-test-env
   before_script:
     - go version
-    - apt-get update && apt-get -y install libimage-exiftool-perl
     - scripts/gitaly-test-build
   script:
     - make -C workhorse test
@@ -37,7 +36,10 @@ workhorse:test go:
 
 workhorse:test fips:
   extends: .workhorse:test
-  image: registry.gitlab.com/gitlab-org/gitlab-omnibus-builder/ubuntu_20.04_fips:4.0.0
+  parallel:
+    matrix:
+      - GO_VERSION: ["1.18", "1.19"]
+  image: ${REGISTRY_HOST}/${REGISTRY_GROUP}/gitlab-build-images/ubi-${UBI_VERSION}-ruby-${RUBY_VERSION}-golang-${GO_VERSION}-rust-${RUST_VERSION}:rubygems-${RUBYGEMS_VERSION}-git-2.36-exiftool-12.60
   variables:
     FIPS_MODE: 1
 
diff --git a/workhorse/Makefile b/workhorse/Makefile
index 4236a1a0d8eac..ba99276d1bef3 100644
--- a/workhorse/Makefile
+++ b/workhorse/Makefile
@@ -27,6 +27,12 @@ ifeq (${FIPS_MODE}, 1)
     # If the golang-fips compiler is built with CGO_ENABLED=0, this needs to be
     # explicitly switched on.
     export CGO_ENABLED=1
+    # Go 1.19+ now requires GOEXPERIMENT=boringcrypto for FIPS compilation.
+    # See https://github.com/golang/go/issues/51940 for more details.
+    BORINGCRYPTO_SUPPORT := $(shell GOEXPERIMENT=boringcrypto go version &> /dev/null; echo $$?)
+    ifeq ($(BORINGCRYPTO_SUPPORT), 0)
+      export GOEXPERIMENT=boringcrypto
+    endif
 endif
 
 MINIMUM_SUPPORTED_GO_VERSION := 1.11
-- 
GitLab