core: bump oss/go/microsoft/golang from 1.23-fips-bookworm to 1.24-fips-bookworm (#13027)

* core: bump oss/go/microsoft/golang Bumps oss/go/microsoft/golang from 1.23-fips-bookworm to 1.24-fips-bookworm. --- updated-dependencies: - dependency-name: oss/go/microsoft/golang dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * upstream docker image, use native fips Signed-off-by: Jens Langhammer <jens@goauthentik.io> * bump go version Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2025-03-30 03:26:30 +02:00
parent 64f1b8207d
commit 7826e7a605
9 changed files with 13 additions and 24 deletions
--- a/proxy.Dockerfile
+++ b/proxy.Dockerfile
@ -17,7 +17,7 @@ COPY web .
 RUN npm run build-proxy

 # Stage 2: Build
-FROM --platform=${BUILDPLATFORM} mcr.microsoft.com/oss/go/microsoft/golang:1.23-fips-bookworm AS builder
+FROM --platform=${BUILDPLATFORM} docker.io/library/golang:1.24-bookworm AS builder

 ARG TARGETOS
 ARG TARGETARCH
@ -43,7 +43,7 @@ COPY . .
 RUN --mount=type=cache,sharing=locked,target=/go/pkg/mod \
    --mount=type=cache,id=go-build-$TARGETARCH$TARGETVARIANT,sharing=locked,target=/root/.cache/go-build \
    if [ "$TARGETARCH" = "arm64" ]; then export CC=aarch64-linux-gnu-gcc && export CC_FOR_TARGET=gcc-aarch64-linux-gnu; fi && \
-    CGO_ENABLED=1 GOEXPERIMENT="systemcrypto" GOFLAGS="-tags=requirefips" GOARM="${TARGETVARIANT#v}" \
+    CGO_ENABLED=1 GOFIPS140=latest GOARM="${TARGETVARIANT#v}" \
    go build -o /go/proxy ./cmd/proxy

 # Stage 3: Run