This change ensures the openstack-ansibleee-operator is built with FI…

…PS compliance

* Changed the the build image to ubi9/go-toolkit
* Changed the the base image to ubi9/minimal
* Added the default GO_BUILD_EXTRA_ARGS="-tags strictfipsruntime"
* Added the GO_BUILD_EXTRA_ENV_ARGS build argument to allow
  custom build arguments at build time. It defaults to
  "CGO_ENABLED=1 GO111MODULE=on"
* Those default parameters have been added to enable FIPS compliance
* Fixed indentation
* Removed TARGETOS and TARGETARCH env vars
* Added DOCKER_BUILD_ARGS variable in Makefile to pass custom parameters
  during `podman build`

Closes: https://issues.redhat.com/browse/OSPRH-3396

Signed-off-by: Roberto Alfieri <[email protected]>

Dockerfile

@@ -1,5 +1,5 @@
-ARG GOLANG_BUILDER=quay.io/projectquay/golang:1.19
-ARG OPERATOR_BASE_IMAGE=gcr.io/distroless/static:nonroot
+ARG GOLANG_BUILDER=registry.access.redhat.com/ubi9/go-toolset:1.19
+ARG OPERATOR_BASE_IMAGE=registry.access.redhat.com/ubi9/ubi-minimal:latest
 
 # Build the manager binary
 FROM $GOLANG_BUILDER AS builder
@@ -12,12 +12,13 @@ ARG REMOTE_SOURCE_DIR=/remote-source
 ARG REMOTE_SOURCE_SUBDIR=
 ARG DEST_ROOT=/dest-root
 
-ARG GO_BUILD_EXTRA_ARGS=
+ARG GO_BUILD_EXTRA_ARGS="-tags strictfipsruntime"
 ARG GO_BUILD_EXTRA_ENV_ARGS="CGO_ENABLED=1 GO111MODULE=on"
 
 COPY $REMOTE_SOURCE $REMOTE_SOURCE_DIR
 WORKDIR $REMOTE_SOURCE_DIR/$REMOTE_SOURCE_SUBDIR
 
+USER root
 RUN mkdir -p ${DEST_ROOT}/usr/local/bin/
 
 # cache deps before building and copying source so that we don't need to re-download as much