pipelines: test/compiler-hardening-check: Disable branchprotection ch…

…eck (wolfi-dev#41199) We reverted the use of OpenSSF compiler options in glibc for now due to a regression, which makes the branchprotection check fail. Signed-off-by: dann frazier <[email protected]>
techalchemy · Feb 3, 2025 · 66b4b79 · 66b4b79
1 parent 49fe27b
commit 66b4b79
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/pipelines/test/compiler-hardening-check.yaml b/pipelines/test/compiler-hardening-check.yaml
@@ -60,6 +60,12 @@ pipeline:
       # the branch protection check is ARM only for now
       [ "${{build.arch}}" = "aarch64" ] || arch_skip=--nobranchprotection
 
+      ### <DELETE WHEN GLIBC OPENSSF HARDENING IS RE-ENABLED>
+      if [ "${{build.arch}}" = "aarch64" ]; then
+          arch_skip="$arch_skip --nobranchprotection"
+      fi
+      ### </DELETE>
+
       # Test disabling hardening flags
       hardening-check --nostackprotector $arch_skip ${{inputs.args}} --color hello-disabled && exit 1