From 3b45fb0985e389552d3f23f0da4e91ee61ba055c Mon Sep 17 00:00:00 2001
From: Kris Buno <krisbuno@asana.com>
Date: Mon, 21 Jul 2025 11:38:05 -0700
Subject: [PATCH 1/3] Remove unused workflow parameters

---
 .github/workflows/build-node-openssl-fips.yml | 77 ++++---------------
 1 file changed, 14 insertions(+), 63 deletions(-)

diff --git a/.github/workflows/build-node-openssl-fips.yml b/.github/workflows/build-node-openssl-fips.yml
index 524f20d42cb787..74a1ff0993838e 100644
--- a/.github/workflows/build-node-openssl-fips.yml
+++ b/.github/workflows/build-node-openssl-fips.yml
@@ -3,35 +3,20 @@ name: Build Node with options around OpenSSL dynamic linking and FIPS
 on:
   workflow_dispatch:
     inputs:
-      enableFips:
-        description: 'Whether OpenSSL should be FIPS-enabled'
-        default: true
-        type: boolean
-      dynamicLink:
-        description: 'If OpenSSL should be dynamically linked with node (rather than statically linked)'
-        default: false
-        type: boolean
-      sharedOpenSSLIncludes:
-        description: 'dir containing header files for OpenSSL'
-        default: ''
-        type: string
-      sharedOpenSSLLibname:
-        description: 'libname for dynamically linking to OpenSSL'
-        default: ''
-        type: string
-      sharedOpenSSLLibpath:
-        description: 'dir for searching for shared OpenSSL dlls'
-        default: ''
-        type: string
       BUILD_REF:
-        description: 'ref to build'
+        description: 'ref to build Node.js from'
         required: true
         default: 'main'
         type: string
+      DOCKER_FILE:
+        description: 'Dockerfile to use for building Node.js'
+        required: true
+        default: 'Dockerfile.Node20fips'
+        type: string
 
 jobs:
   build-node:
-    name: Build ${{ matrix.platform }}-${{ matrix.arch }} with statically-linked FIPS OpenSSL
+    name: Build ${{ matrix.platform }}-${{ matrix.arch }} with dynamically-linked FIPS OpenSSL
     strategy:
       matrix:
         include:
@@ -53,7 +38,7 @@ jobs:
         with:
           repository: Asana/node
           path: node
-          ref: ${{ BUILD_REF }}
+          ref: ${{ inputs.BUILD_REF }}
           token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Extract Node Version
@@ -79,51 +64,17 @@ jobs:
         run: |
           sudo apt-get update
           sudo apt-get install -y python3 g++ make curl tar xz-utils
-          
-      - name: Configure OpenSSL for fips
-        id: openssl-is-fips
-        if: inputs.enableFips
-        run: |
-          ./configure --openssl-is-fips
-
-      - name: Dynamically link OpenSSL in Node.js
-        id: openssl-dynamic-link
-        if: inputs.dynamicLink
-        run: |
-          ./configure --shared-openssl
 
-      - name: Define headers for OpenSSL
-        id: openssl-dynamic-link-headers
-        if: ${{ !empty(inputs.sharedOpenSSLIncludes) }}
-        run: |
-          ./configure --shared-openssl-includes ${{inputs.sharedOpenSSLIncludes}}
-
-      - name: alternative libname for openssl
-        id: openssl-dynamic-link-libname
-        if: ${{ !empty(inputs.sharedOpenSSLLibname) }}
-        run: |
-          ./configure --shared-openssl-libname ${{inputs.sharedOpenSSLLibname}}
-
-      - name: Define headers for OpenSSL
-        id: openssl-dynamic-link-libpath
-        if: ${{ !empty(inputs.sharedOpenSSLLibpath) }}
-        run: |
-          ./configure --shared-openssl-includes ${{inputs.sharedOpenSSLLibpath}}
-
-
-      - name: Build Node (linux)
+      - name: Execute the Dockerfile
         working-directory: node
-        if: matrix.platform == 'linux'
         run: |
-          ./configure --experimental-enable-pointer-compression
-          make -j4 install DESTDIR=$GITHUB_WORKSPACE/node-install
+          docker build -t node20_build -f ./${{inputs.DOCKER_FILE}} .
 
-      - name: Build Node (darwin)
-        working-directory: node
-        if: matrix.platform == 'darwin'
+      - name: Extract resources
         run: |
-          ./configure --experimental-enable-pointer-compression --without-snapshot
-          make -j2 install DESTDIR=$GITHUB_WORKSPACE/node-install
+          docker create --name temp_node_extract node20_build
+          docker cp temp_node_extract:/usr/src/node/node-install $GITHUB_WORKSPACE/node-install
+          docker rm temp_node_extract
 
       - name: Archive Node
         run: |

From 3df8445d74713e6f77fab205afa6758d6910b983 Mon Sep 17 00:00:00 2001
From: Kris Buno <krisbuno@asana.com>
Date: Mon, 21 Jul 2025 11:41:59 -0700
Subject: [PATCH 2/3] Cut down unused args in Dockerfile.Node20fips

---
 Dockerfile.Node20fips | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 Dockerfile.Node20fips

diff --git a/Dockerfile.Node20fips b/Dockerfile.Node20fips
new file mode 100644
index 00000000000000..4c47d8b3315a7f
--- /dev/null
+++ b/Dockerfile.Node20fips
@@ -0,0 +1,29 @@
+# Stage 1
+FROM ubuntu:22.04 AS base
+ARG ENABLE_FIPS
+ARG DYNAMIC_LINK
+ARG SHARED_OPENSSL_INCLUDES
+ARG SHARED_OPENSSL_LIBNAME
+ARG SHARED_OPENSSL_LIBPATH
+
+# Set non-interactive mode to avoid prompts during installation
+ENV DEBIAN_FRONTEND=noninteractive
+
+# Install necessary dependencies
+RUN apt-get update
+RUN apt-get install -y software-properties-common
+RUN add-apt-repository -y ppa:ubuntu-toolchain-r/test
+RUN apt-get update && apt-get install -y build-essential python3 python3-distutils g++-10 make curl git pkg-config libssl-dev libffi-dev libgmp-dev libtool autoconf automake cmake wget xz-utils unzip vim
+RUN rm -rf /var/lib/apt/lists/*
+
+# Set g++ 10 as the default
+RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-10 100
+
+# Copy local Node.js source into the image
+WORKDIR /usr/src/node
+COPY . .
+
+RUN ./configure --shared-openssl --experimental-enable-pointer-compression --openssl-conf-name 'openssl_conf'
+RUN make -j4 install DESTDIR=./node-install
+
+CMD ["bash"]

From 05504ecd42d4a2aa13ce74553f5332869aa30bfa Mon Sep 17 00:00:00 2001
From: Kris Buno <krisbuno@asana.com>
Date: Mon, 21 Jul 2025 11:42:30 -0700
Subject: [PATCH 3/3] Actually remove unused args (what was the last commit
 about?)

---
 Dockerfile.Node20fips | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/Dockerfile.Node20fips b/Dockerfile.Node20fips
index 4c47d8b3315a7f..1679b638b33930 100644
--- a/Dockerfile.Node20fips
+++ b/Dockerfile.Node20fips
@@ -1,10 +1,5 @@
 # Stage 1
 FROM ubuntu:22.04 AS base
-ARG ENABLE_FIPS
-ARG DYNAMIC_LINK
-ARG SHARED_OPENSSL_INCLUDES
-ARG SHARED_OPENSSL_LIBNAME
-ARG SHARED_OPENSSL_LIBPATH
 
 # Set non-interactive mode to avoid prompts during installation
 ENV DEBIAN_FRONTEND=noninteractive
@@ -23,6 +18,7 @@ RUN update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-10 100
 WORKDIR /usr/src/node
 COPY . .
 
+# Enable dynamic linking for OpenSSL, pointer compression,  and using `openssl_conf` as the default OpenSSL configuration for Node.js
 RUN ./configure --shared-openssl --experimental-enable-pointer-compression --openssl-conf-name 'openssl_conf'
 RUN make -j4 install DESTDIR=./node-install