diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 22b0ca38f..d5598128c 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -87,6 +87,17 @@ steps: - build/*.xml - build/coverage*.out + - label: ":smartbear-testexecute: Run FIPS unit tests" + key: unit-test-fips + command: ".buildkite/scripts/unit_test.sh" + env: + FIPS: "true" + agents: + provider: "gcp" + artifact_paths: + - build/*.xml + - build/coverage*.out + - label: ":smartbear-testexecute: Run unit tests: MacOS 13" key: unit-test-macos-13 command: ".buildkite/scripts/unit_test.sh" diff --git a/.buildkite/scripts/unit_test.sh b/.buildkite/scripts/unit_test.sh index 5a2eb87ae..a60877730 100755 --- a/.buildkite/scripts/unit_test.sh +++ b/.buildkite/scripts/unit_test.sh @@ -9,4 +9,8 @@ add_bin_path with_go echo "Starting the unit tests..." -make test-unit junit-report +if [[ ${FIPS:-} == "true" ]]; then + make test-unit-fips junit-report +else + make test-unit junit-report +fi diff --git a/Makefile b/Makefile index 58d883ac2..688f6d1fc 100644 --- a/Makefile +++ b/Makefile @@ -221,9 +221,16 @@ test: prepare-test-context ## - Run all tests test-release: ## - Check that all release binaries are created ./.buildkite/scripts/test-release.sh $(DEFAULT_VERSION) +# If FIPS=true unit tests need microsoft/go + OpenSSL with FIPS .PHONY: test-unit test-unit: prepare-test-context ## - Run unit tests only - set -o pipefail; go test ${GO_TEST_FLAG} -tags=$(GOBUILDTAGS) -v -race -coverprofile=build/coverage-${OS_NAME}.out ./... | tee build/test-unit-${OS_NAME}.out + set -o pipefail; ${GOFIPSEXPERIMENT} go test ${GO_TEST_FLAG} -tags=$(GOBUILDTAGS) -v -race -coverprofile=build/coverage-${OS_NAME}.out ./... | tee build/test-unit-${OS_NAME}.out + +# FIPS unit tests are meant to use go v1.24 to check FIPS compliance. +# This check is very strict, and should be thought of as a static-code analysis tool. +.PHONY: test-unit-fips +test-unit-fips: prepare-test-context ## - Run unit tests with go 1.24's fips140=only for testing + set -o pipefail; GOFIPS140=latest GODEBUG=fips140=only go test ${GO_TEST_FLAG} -tags=$(GOBUILDTAGS) -v -race -coverprofile=build/coverage-${OS_NAME}.out ./... | tee build/test-unit-fips-${OS_NAME}.out .PHONY: benchmark benchmark: prepare-test-context install-benchstat ## - Run benchmark tests only