Asana · asana-kristoferbuno · Jun 5, 2025 · Jun 6, 2025 · Jun 9, 2025 · Jun 9, 2025
diff --git a/.github/workflows/Dockerfile.node20fips b/.github/workflows/Dockerfile.node20fips
@@ -0,0 +1,32 @@
+# Stage 1
+FROM ubuntu:20.04 AS base
+ARG ENABLE_FIPS
+ARG DYNAMIC_LINK
+ARG SHARED_OPENSSL_INCLUDES
+ARG SHARED_OPENSSL_LIBNAME
+ARG SHARED_OPENSSL_LIBPATH
+
+# Set non-interactive mode to avoid prompts during installation
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install necessary dependencies
+RUN apt-get update
+RUN apt-get install -y software-properties-common
+RUN add-apt-repository -y ppa:ubuntu-toolchain-r/test
+RUN apt-get update && apt-get install -y build-essential python3 python3-distutils g++-10 make curl git pkg-config libssl-dev libffi-dev libgmp-dev libtool autoconf automake cmake wget xz-utils unzip vim
+RUN rm -rf /var/lib/apt/lists/*
+
+# Set g++ 10 as the default
+RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-10 100
+
+# Copy local Node.js source into the image
+WORKDIR /usr/src/node
+COPY . .
+
+RUN ./configure --openssl-is-fips
+RUN ./configure --shared-openssl
+
+RUN ./configure --experimental-enable-pointer-compression
+RUN make -j4 install DESTDIR=./node-install
+
+CMD ["bash"]
diff --git a/.github/workflows/build-node-openssl-fips.yml b/.github/workflows/build-node-openssl-fips.yml
@@ -28,6 +28,11 @@ on:
         required: true
         default: 'main'
         type: string
+      DOCKER_FILE:
+        description: 'Dockerfile to use for building Node.js'
+        required: true
+        default: 'Dockerfile.Node20fips'
+        type: string
 
 jobs:
   build-node:
@@ -53,7 +58,7 @@ jobs:
         with:
           repository: Asana/node
           path: node
-          ref: ${{ BUILD_REF }}
+          ref: ${{ inputs.BUILD_REF }}
           token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract Node Version
@@ -79,51 +84,62 @@ jobs:
         run: |
           sudo apt-get update
           sudo apt-get install -y python3 g++ make curl tar xz-utils
-
-      - name: Configure OpenSSL for fips
-        id: openssl-is-fips
-        if: inputs.enableFips
-        run: |
-          ./configure --openssl-is-fips
-
-      - name: Dynamically link OpenSSL in Node.js
-        id: openssl-dynamic-link
-        if: inputs.dynamicLink
-        run: |
-          ./configure --shared-openssl
-
-      - name: Define headers for OpenSSL
-        id: openssl-dynamic-link-headers
-        if: ${{ !empty(inputs.sharedOpenSSLIncludes) }}
-        run: |
-          ./configure --shared-openssl-includes ${{inputs.sharedOpenSSLIncludes}}
 
-      - name: alternative libname for openssl
-        id: openssl-dynamic-link-libname
-        if: ${{ !empty(inputs.sharedOpenSSLLibname) }}
-        run: |
-          ./configure --shared-openssl-libname ${{inputs.sharedOpenSSLLibname}}
-
-      - name: Define headers for OpenSSL
-        id: openssl-dynamic-link-libpath
-        if: ${{ !empty(inputs.sharedOpenSSLLibpath) }}
-        run: |
-          ./configure --shared-openssl-includes ${{inputs.sharedOpenSSLLibpath}}
-
-
-      - name: Build Node (linux)
+      # - name: Configure OpenSSL for fips
+      #   id: openssl-is-fips
+      #   if: inputs.enableFips
+      #   run: |
+      #     ./configure --openssl-is-fips
+
+      # - name: Dynamically link OpenSSL in Node.js
+      #   id: openssl-dynamic-link
+      #   if: inputs.dynamicLink
+      #   run: |
+      #     ./configure --shared-openssl
+
+      # - name: Define headers for OpenSSL
+      #   id: openssl-dynamic-link-headers
+      #   if: ${{ !empty(inputs.sharedOpenSSLIncludes) }}
+      #   run: |
+      #     ./configure --shared-openssl-includes ${{inputs.sharedOpenSSLIncludes}}
+
+      # - name: alternative libname for openssl
+      #   id: openssl-dynamic-link-libname
+      #   if: ${{ !empty(inputs.sharedOpenSSLLibname) }}
+      #   run: |
+      #     ./configure --shared-openssl-libname ${{inputs.sharedOpenSSLLibname}}
+
+      # - name: Define headers for OpenSSL
+      #   id: openssl-dynamic-link-libpath
+      #   if: ${{ !empty(inputs.sharedOpenSSLLibpath) }}
+      #   run: |
+      #     ./configure --shared-openssl-includes ${{inputs.sharedOpenSSLLibpath}}
+
+
+      # - name: Build Node (linux)
+      #   working-directory: node
+      #   if: matrix.platform == 'linux'
+      #   run: |
+      #     ./configure --experimental-enable-pointer-compression
+      #     make -j4 install DESTDIR=$GITHUB_WORKSPACE/node-install
+
+      # - name: Build Node (darwin)
+      #   working-directory: node
+      #   if: matrix.platform == 'darwin'
+      #   run: |
+      #     ./configure --experimental-enable-pointer-compression --without-snapshot
+      #     make -j2 install DESTDIR=$GITHUB_WORKSPACE/node-install
+
+      - name: Execute the Dockerfile
         working-directory: node
-        if: matrix.platform == 'linux'
         run: |
-          ./configure --experimental-enable-pointer-compression
-          make -j4 install DESTDIR=$GITHUB_WORKSPACE/node-install
+          docker build -t node20_build -f ./${{inputs.DOCKER_FILE}} . --build-arg ENABLE_FIPS=true --build-arg DYNAMIC_LINK=true
 
-      - name: Build Node (darwin)
-        working-directory: node
-        if: matrix.platform == 'darwin'
+      - name: Extract resources
         run: |
-          ./configure --experimental-enable-pointer-compression --without-snapshot
-          make -j2 install DESTDIR=$GITHUB_WORKSPACE/node-install
+          docker create --name temp_node_extract node20_build
+          docker cp temp_node_extract:/usr/src/node/node-install $GITHUB_WORKSPACE/node-install
+          docker rm temp_node_extract
 
       - name: Archive Node
         run: |