Fips fixes

[tesshuflower]

Describe what this PR does

• Restrict metrics to TLS 1.2 (was TLS 1.3). TLS 1.3 has issues with FIPS envs in older OpenShift envs
• also USE CGO_ENABLED=1 when building. This is really only required when using the openshift go toolset to build (for FIPS support) - but changing here so we're consistent with downstream builds.

See: https://access.redhat.com/security/vulnerabilities/RHSB-2023-001

Is there anything that requires special attention?

Related issues:

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tesshuflower

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [tesshuflower]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
0.0% Duplication

[tesshuflower]

Will need to pull into the release-0.7 stream

/cherry-pick release-0.7

[openshift-cherrypick-robot]

@tesshuflower: once the present PR merges, I will cherry-pick it on top of release-0.7 in a new PR and assign it to you.

In response to this:

Will need to pull into the release-0.7 stream

/cherry-pick release-0.7

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[JohnStrunk]

Looking at where the CGO_ENABLED=0 came in, I think it may be needed for the multi-arch builds (that we don't use)

[JohnStrunk]

/lgtm

[codecov]

Codecov Report

Merging #789 (6b02591) into main (ec4bcc2) will increase coverage by 0.0%.
The diff coverage is n/a.

Additional details and impacted files

@@          Coverage Diff          @@
##            main    #789   +/-   ##
=====================================
  Coverage   66.8%   66.9%           
=====================================
  Files         55      55           
  Lines       7054    7055    +1     
=====================================
+ Hits        4719    4725    +6     
+ Misses      2056    2053    -3     
+ Partials     279     277    -2     

see 1 file with indirect coverage changes

[openshift-cherrypick-robot]

@tesshuflower: #789 failed to apply on top of branch "release-0.7":

Applying: restrict metrics to TLS1.2
Using index info to reconstruct a base tree...
M	bundle/manifests/volsync.clusterserviceversion.yaml
Falling back to patching base and 3-way merge...
Auto-merging bundle/manifests/volsync.clusterserviceversion.yaml
CONFLICT (content): Merge conflict in bundle/manifests/volsync.clusterserviceversion.yaml
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 restrict metrics to TLS1.2
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

Will need to pull into the release-0.7 stream

/cherry-pick release-0.7

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.