constellation/.github/actions/e2e_verify/action.yml

name: Constellation verify
description: "Verify a Constellation cluster."

inputs:
  osImage:
    description: "The OS image used in the cluster."
    required: true
  cloudProvider:
    description: "The cloud provider used in the cluster."
    required: true

runs:
  using: "composite"
  steps:
    - name: Clear current measurements
      shell: bash
      run: |
        if [[ $(yq '.version' constellation-conf.yaml) == "v2" ]]
        then
          yq -i 'del(.provider.${{ inputs.cloudProvider }}.measurements)' constellation-conf.yaml
        else
          yq -i 'del(.attestation.awsNitroTPM.measurements)' constellation-conf.yaml
          yq -i 'del(.attestation.azureSEVSNP.measurements)' constellation-conf.yaml
          yq -i 'del(.attestation.azureTrustedLaunch.measurements)' constellation-conf.yaml
          yq -i 'del(.attestation.gcpSEVES.measurements)' constellation-conf.yaml
          yq -i 'del(.attestation.qemuVTPM.measurements)' constellation-conf.yaml
        fi

    - name: Expand version path
      id: expand-version
      uses: ./.github/actions/shortname
      with:
        shortname: ${{ inputs.osImage }}

    - name: Constellation fetch measurements
      shell: bash
      run: |
        if [[ ${{ steps.expand-version.outputs.stream }} == "debug" ]]
        then
          constellation config fetch-measurements --insecure
        else
          constellation config fetch-measurements
        fi

    - name: Constellation verify
      shell: bash
      run: constellation verify --cluster-id $(jq -r ".clusterID" constellation-id.json) --force
AB2564 Add constellation verify e2e test (#875) 2023-01-09 02:54:41 -05:00			`name: Constellation verify`
			`description: "Verify a Constellation cluster."`

			`inputs:`
			`osImage:`
			`description: "The OS image used in the cluster."`
			`required: true`
			`cloudProvider:`
			`description: "The cloud provider used in the cluster."`
			`required: true`

			`runs:`
			`using: "composite"`
			`steps:`
			`- name: Clear current measurements`
			`shell: bash`
			`run: \|`
Select attestation variant for verify test (#1755) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2023-05-12 05:06:49 -04:00			`if [[ $(yq '.version' constellation-conf.yaml) == "v2" ]]`
			`then`
			`yq -i 'del(.provider.${{ inputs.cloudProvider }}.measurements)' constellation-conf.yaml`
			`else`
			`yq -i 'del(.attestation.awsNitroTPM.measurements)' constellation-conf.yaml`
			`yq -i 'del(.attestation.azureSEVSNP.measurements)' constellation-conf.yaml`
			`yq -i 'del(.attestation.azureTrustedLaunch.measurements)' constellation-conf.yaml`
			`yq -i 'del(.attestation.gcpSEVES.measurements)' constellation-conf.yaml`
			`yq -i 'del(.attestation.qemuVTPM.measurements)' constellation-conf.yaml`
			`fi`
ci: unified order and style of workflows/actions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 04:15:58 -05:00
ci: add missing version expansion to verify test Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-03-21 12:35:07 -04:00			`- name: Expand version path`
			`id: expand-version`
			`uses: ./.github/actions/shortname`
			`with:`
			`shortname: ${{ inputs.osImage }}`

Add --insecure to config fetch-measurement (#1879) * cli: add --insecure to fetch-measurements * cli: rename fake to stub * ci: upload measurements for debug images * fix cli docs 2023-06-06 04:32:22 -04:00			`- name: Constellation fetch measurements`
Select attestation variant for verify test (#1755) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2023-05-12 05:06:49 -04:00			`shell: bash`
			`run: \|`
Add --insecure to config fetch-measurement (#1879) * cli: add --insecure to fetch-measurements * cli: rename fake to stub * ci: upload measurements for debug images * fix cli docs 2023-06-06 04:32:22 -04:00			`if [[ ${{ steps.expand-version.outputs.stream }} == "debug" ]]`
Select attestation variant for verify test (#1755) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2023-05-12 05:06:49 -04:00			`then`
Add --insecure to config fetch-measurement (#1879) * cli: add --insecure to fetch-measurements * cli: rename fake to stub * ci: upload measurements for debug images * fix cli docs 2023-06-06 04:32:22 -04:00			`constellation config fetch-measurements --insecure`
Select attestation variant for verify test (#1755) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2023-05-12 05:06:49 -04:00			`else`
Add --insecure to config fetch-measurement (#1879) * cli: add --insecure to fetch-measurements * cli: rename fake to stub * ci: upload measurements for debug images * fix cli docs 2023-06-06 04:32:22 -04:00			`constellation config fetch-measurements`
Select attestation variant for verify test (#1755) Signed-off-by: Daniel Weiße <dw@edgeless.systems> 2023-05-12 05:06:49 -04:00			`fi`
ci: unified order and style of workflows/actions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> 2023-01-18 04:15:58 -05:00
AB2564 Add constellation verify e2e test (#875) 2023-01-09 02:54:41 -05:00			`- name: Constellation verify`
			`shell: bash`
ci: add force flag to remaining constellation cmds In the CI most configs use prerelease images. Config validation prevents this. Therefore we need to use the force flag for now. 2023-02-14 03:15:01 -05:00			`run: constellation verify --cluster-id $(jq -r ".clusterID" constellation-id.json) --force`