Epic Goal

Make the Argo CD Operator and GitOps Operator container image for RHEL 8 from CPaaS and Konflux CI systems, FIPS compliant

 Crypto library is a indirect dependency (https://github.com/argoproj-labs/argocd-operator/blob/master/go.mod) and so requires special

Technical Work

• Enable CGO builds by setting environment variable CGO_ENABLED=1
• Enable Strict FIPS compliance by setting environment variable GO_EXPERIMENT=strictfipsruntime.
• Set build tags to include strictfipsruntime when building the binaries using go build
  • For eg:  go build -tags strictfipstruntime cmd/main.go

• Ensure that the base image for go build phase use the latest golang 1.22 based images which has the required go-toolset for ensuring FIPS compliance.

Binaries to build for FIPS compliance.

• argocd-operator
• gitops-operator

NOTE: If some of the upstream projects does not the required overrides for enabling these compiler options, make the required changes upstream and use those overrides for building the binaries in the downstream Dockerfile.

Acceptance Criteria

Use the new check tool to scan images
https://github.com/openshift/check-payload : Checks CGO_ENABLED=1 , presence of openssl, strictfipsruntime tag, no_openssl tag, dynamic linking
All existing acceptance tests should pass when run against an OCP cluster with FIPS enabled.
All existing acceptance tests should pass when run against an OCP cluster with FIPS enabled.