2023-01-09 02:54:41 -05:00
|
|
|
name: Constellation verify
|
|
|
|
description: "Verify a Constellation cluster."
|
|
|
|
|
|
|
|
inputs:
|
|
|
|
osImage:
|
|
|
|
description: "The OS image used in the cluster."
|
|
|
|
required: true
|
|
|
|
cloudProvider:
|
|
|
|
description: "The cloud provider used in the cluster."
|
|
|
|
required: true
|
|
|
|
|
|
|
|
runs:
|
|
|
|
using: "composite"
|
|
|
|
steps:
|
|
|
|
- name: Clear current measurements
|
|
|
|
shell: bash
|
|
|
|
run: |
|
|
|
|
yq -i 'del(.provider.${{ inputs.cloudProvider }}.measurements)' constellation-conf.yaml
|
2023-01-18 04:15:58 -05:00
|
|
|
|
2023-01-09 02:54:41 -05:00
|
|
|
- name: Fetch & write measurements
|
|
|
|
shell: bash
|
|
|
|
run: |
|
2023-02-09 07:33:17 -05:00
|
|
|
MEASUREMENTS=$(curl -fsSL https://cdn.confidential.cloud/constellation/v1/${{ inputs.osImage }}/image/csp/${{ inputs.cloudProvider }}/measurements.json | jq '.measurements' -r)
|
2023-01-09 02:54:41 -05:00
|
|
|
for key in $(echo $MEASUREMENTS | jq 'keys[]' -r); do
|
|
|
|
echo Updating $key to $(echo $MEASUREMENTS | jq ".\"$key\"" -r)
|
2023-01-19 04:14:10 -05:00
|
|
|
yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key] = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml
|
2023-01-09 02:54:41 -05:00
|
|
|
yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key].warnOnly = false" constellation-conf.yaml
|
|
|
|
done
|
|
|
|
yq -i '.provider.${{ inputs.cloudProvider }}.measurements |= array_to_map' constellation-conf.yaml
|
|
|
|
cat constellation-conf.yaml
|
2023-01-18 04:15:58 -05:00
|
|
|
|
2023-01-09 02:54:41 -05:00
|
|
|
- name: Constellation verify
|
|
|
|
shell: bash
|
|
|
|
run: constellation verify --cluster-id $(jq -r ".clusterID" constellation-id.json)
|