Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-03-19 13:36:15 -04:00
Code Issues Packages Projects Releases Wiki Activity

GitHub action pin-by-hash & dependabot (#283)

Browse Source 
* remove Sunday and Monday morning runs, little value
* run test lint on main, as we do for all linters
* fixup outdated instructions
* use version hash instead of tags
* use dependabot for github actions
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
This commit is contained in:
Fabian Kammel 2022-07-20 10:48:01 +02:00 committed by GitHub
parent 3842e50c49
commit 085f548333
28 changed files with 82 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.github/actions/azure_login/action.yml vendored
View File

@ -24,6 +24,6 @@ runs:
# As described at:
# https://github.com/Azure/login#configure-deployment-credentials
- name: Login to Azure
uses: azure/login@v1
uses: azure/login@24848bc889cfc0a8313c2b3e378ac0d625b9bc16
with:
creds: ${{ inputs.azure_credentials }}

6
.github/actions/build_cli/action.yml vendored
View File

@ -30,7 +30,7 @@ runs:
# TODO: Replace with https://github.com/sigstore/sigstore-installer/tree/initial
# once it has the functionality
- name: Install Cosign
uses: sigstore/cosign-installer@main
uses: sigstore/cosign-installer@48866aa521d8bf870604709cd43ec2f602d03ff2
- name: Install Rekor
run: |
curl -LO https://github.com/sigstore/rekor/releases/download/v0.9.0/rekor-cli-linux-amd64
@ -44,7 +44,7 @@ runs:
shell: bash
- name: Install Go
uses: actions/setup-go@v3
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
with:
go-version: "1.18"
- name: Build hack/pcr-reader
@ -90,7 +90,7 @@ runs:
- name: Release CLI
# GitHub endorsed release project. See: https://github.com/actions/create-release
uses: softprops/action-gh-release@v1
uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5
if: startsWith(github.ref, 'refs/tags/v')
with:
draft: true

8
.github/actions/build_micro_service/action.yml vendored
View File

@ -28,7 +28,7 @@ runs:
- name: Docker metadata
id: meta
uses: docker/metadata-action@v3
uses: docker/metadata-action@b2391d37b4157fa4aa2e118d643f417910ff3242
with:
images: |
ghcr.io/${{ github.repository }}/${{ inputs.name }}
@ -40,11 +40,11 @@ runs:
- name: Set up Docker Buildx
id: docker-setup
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@f211e3e9ded2d9377c8cadc4489a4e38014bc4c9
- name: Log in to the Container registry
id: docker-login
uses: docker/login-action@v1
uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7
with:
registry: ghcr.io
username: ${{ github.actor }}
@ -52,7 +52,7 @@ runs:
- name: Build and push container image
id: build-micro-service
uses: docker/build-push-action@v2
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
with:
context: .
file: ${{ inputs.dockerfile }}

2
.github/actions/constellation_create/action.yml vendored
View File

@ -61,7 +61,7 @@ runs:
constellation create ${{ inputs.cloudProvider }} -c ${{ inputs.controlNodesCount }} -w ${{ inputs.workerNodesCount }} -t ${{ inputs.machineType }} --name e2e-test -y
shell: bash
- name: Upload constellation-state.json
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
with:
name: constellation-state.json
path: constellation-state.json

2
.github/actions/constellation_measure/action.yml vendored
View File

@ -60,7 +60,7 @@ runs:
# TODO: Replace with https://github.com/sigstore/sigstore-installer/tree/initial
# once it has the functionality
- name: Install Cosign
uses: sigstore/cosign-installer@main
uses: sigstore/cosign-installer@48866aa521d8bf870604709cd43ec2f602d03ff2
if: ${{ inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != '' }}
- name: Install Rekor
run: |

4
.github/actions/gcp_login/action.yml vendored
View File

@ -10,11 +10,11 @@ runs:
# As described at:
# https://github.com/google-github-actions/setup-gcloud#service-account-key-json
- name: Authorize GCP access
uses: google-github-actions/auth@v0
uses: google-github-actions/auth@ceee102ec2387dd9e844e01b530ccd4ec87ce955
with:
credentials_json: ${{ inputs.gcp_service_account_json }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v0
uses: google-github-actions/setup-gcloud@877d4953d2c70a0ba7ef3290ae968eb24af233bb
- name: Verify logged in
run: gcloud info
shell: bash

2
.github/actions/pseudo_version/action.yml vendored
View File

@ -8,7 +8,7 @@ runs:
using: 'composite'
steps:
- name: Install Go
uses: actions/setup-go@v3
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
with:
go-version: "1.18"
- name: get pseudo version

4
.github/actions/sonobuoy/action.yml vendored
View File

@ -28,13 +28,13 @@ runs:
run: sonobuoy retrieve -x --kubeconfig constellation-admin.conf
shell: bash
- name: Upload test results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8
with:
name: 'junit_01.xml'
path: '**/junit_01.xml'
if: ${{ always() && !env.ACT }}
- name: Publish test results
uses: mikepenz/action-junit-report@v3
uses: mikepenz/action-junit-report@1b47bb811362f3d8d753fc148cb7a13ec9e55570
if: ${{ !env.ACT }}
with:
report_paths: '**/junit_01.xml'

6
.github/dependabot.yml vendored Normal file
View File

@ -0,0 +1,6 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"

6
.github/docs/README.md vendored
View File

@ -5,7 +5,7 @@
It is currently not possible to run a `workflow_dispatch` based workflow on a specific branch, while it is not yet available in `main` branch, from the WebUI. If you would like to test your pipeline changes on a branch, use the [GitHub CLI](https://github.com/cli/cli):
```bash
gh workflow run e2e-test.yml \
gh workflow run e2e-test-manual.yml \
--ref feat/e2e_pipeline \ # On your specific branch!
-F autoscale=false -F cloudProvider=gcp \ # With your ...
-F controlNodesCount=1 -F workerNodesCount=2 \ # ... settings
@ -34,7 +34,7 @@ Using [nektos/act](https://github.com/nektos/act) you can run GitHub actions loc
### Specific Jobs
```bash
act -j e2e-test
act -j e2e-test-gcp
```
### Simulate a `workflow_dispatch` event
@ -58,7 +58,7 @@ Create a new JSON file to describe the event ([relevant issue](https://github.co
Then run act with the event as input:
```bash
act -j e2e-test --eventpath event.json
act -j e2e-test-manual --eventpath event.json
```
### Authorizing GCP

11
.github/templates/micro-service-image.yml.template vendored
View File

@ -20,11 +20,12 @@ jobs:
contents: read
packages: write
steps:
- uses: actions/checkout@v1
- name: Checkout
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Docker meta
id: meta
uses: docker/metadata-action@v3
uses: docker/metadata-action@b2391d37b4157fa4aa2e118d643f417910ff3242
with:
images: |
${{ env.REGISTRY }}/${{ github.repository }}/${{ env.IMAGE_NAME }}
@ -33,11 +34,11 @@ jobs:
type=ref,event=branch
- name: Set up Docker Buildx
id: docker-setup
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@f211e3e9ded2d9377c8cadc4489a4e38014bc4c9
- name: Log in to the Container registry
id: docker-login
uses: docker/login-action@v1
uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
@ -45,7 +46,7 @@ jobs:
- name: Build and push constellation-{{ micro-service }} container image
id: build-constellation-{{ micro-service }}
uses: docker/build-push-action@v2
uses: docker/build-push-action@ac9327eae2b366085ac7f6a2d02df8aa8ead720a
with:
context: .
file: {{ micro-service }}/Dockerfile

2
.github/workflows/build-access-manager-image.yml vendored
View File

@ -26,7 +26,7 @@ jobs:
steps:
- name: Check out repository
id: checkout
uses: actions/checkout@v3
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Build and upload access-manager container image
id: build-and-upload

4
.github/workflows/build-bootstrapper.yml vendored
View File

@ -26,10 +26,10 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
uses: docker/setup-buildx-action@f211e3e9ded2d9377c8cadc4489a4e38014bc4c9
- name: Install Dependencies
id: prepare

2
.github/workflows/build-cli.yml vendored
View File

@ -19,7 +19,7 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Build cli
uses: ./.github/actions/build_cli

11
.github/workflows/build-coreos-debug.yml vendored
View File

@ -5,7 +5,7 @@ env:
on:
workflow_dispatch:
jobs:
build-enclave:
build-coreos-debug:
name: "Build CoreOS debug image using customized COSA"
runs-on: [self-hosted, linux, nested-virt]
permissions:
@ -23,14 +23,14 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
with:
submodules: recursive
token: ${{ secrets.CI_GITHUB_REPOSITORY }}
- name: Log in to the Container registry
id: docker-login
uses: docker/login-action@v1
uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
@ -45,12 +45,13 @@ jobs:
rm azcopy.tar.gz
echo "$(pwd)" >> $GITHUB_PATH
- uses: azure/login@v1
- name: Login to Azure
uses: azure/login@24848bc889cfc0a8313c2b3e378ac0d625b9bc16
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Setup Go environment
uses: actions/setup-go@v2.2.0
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
with:
go-version: "1.18"

11
.github/workflows/build-coreos.yml vendored
View File

@ -33,7 +33,7 @@ on:
required: true
jobs:
build-enclave:
build-coreos:
name: "Build CoreOS using customized COSA"
runs-on: [self-hosted, linux, nested-virt]
permissions:
@ -48,14 +48,14 @@ jobs:
steps:
- name: Checkout
id: checkout
uses: actions/checkout@v2
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
with:
submodules: recursive
token: ${{ secrets.CI_GITHUB_REPOSITORY }}
- name: Log in to the Container registry
id: docker-login
uses: docker/login-action@v1
uses: docker/login-action@dd4fa0671be5250ee6f50aedf4cb05514abda2c7
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
@ -70,12 +70,13 @@ jobs:
rm azcopy.tar.gz
echo "$(pwd)" >> $GITHUB_PATH
- uses: azure/login@v1
- name: Login to Azure
uses: azure/login@24848bc889cfc0a8313c2b3e378ac0d625b9bc16
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Setup Go environment
uses: actions/setup-go@v2.2.0
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
with:
go-version: "1.18"

2
.github/workflows/build-joinservice-image.yml vendored
View File

@ -28,7 +28,7 @@ jobs:
steps:
- name: Check out repository
id: checkout
uses: actions/checkout@v3
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Build and upload join-service container image
id: build-and-upload

2
.github/workflows/build-kms-image.yml vendored
View File

@ -27,7 +27,7 @@ jobs:
steps:
- name: Check out repository
id: checkout
uses: actions/checkout@v3
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Build and upload KMS server container image
id: build-and-upload

2
.github/workflows/build-micro-service-manual.yml vendored
View File

@ -31,7 +31,7 @@ jobs:
steps:
- name: Check out repository
id: checkout
uses: actions/checkout@v3
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
# choose the correct Dockerfile depending on what micro-service is being build
- name: Set Dockerfile variable

2
.github/workflows/build-verification-service.yml vendored
View File

@ -19,7 +19,7 @@ jobs:
steps:
- name: Check out repository
id: checkout
uses: actions/checkout@v3
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Build and upload verification-service container image
id: build-and-upload

4
.github/workflows/e2e-test-azure.yml vendored
View File

@ -3,7 +3,7 @@ name: e2e Test Azure
on:
workflow_dispatch:
schedule:
- cron: '0 2 * * *'
- cron: '0 2 * * 2-6'
jobs:
e2e-test-azure:
runs-on: [self-hosted, edgserver]
@ -12,7 +12,7 @@ jobs:
options: --privileged
steps:
- name: Check out repository
uses: actions/checkout@v3
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
with:
fetch-depth: 0
- name: Run Azure E2E test

4
.github/workflows/e2e-test-gcp.yml vendored
View File

@ -3,7 +3,7 @@ name: e2e Test GCP
on:
workflow_dispatch:
schedule:
- cron: '0 4 * * *'
- cron: '0 4 * * 2-6'
jobs:
e2e-test-gcp:
runs-on: [self-hosted, edgserver]
@ -12,7 +12,7 @@ jobs:
options: --privileged
steps:
- name: Check out repository
uses: actions/checkout@v3
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
with:
fetch-depth: 0
- name: Run GCP E2E test

2
.github/workflows/e2e-test-manual.yml vendored
View File

@ -47,7 +47,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v3
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Run manual E2E test
uses: ./.github/actions/e2e_test
with:

5
.github/workflows/test-integration.yml vendored
View File

@ -19,9 +19,10 @@ jobs:
GOPRIVATE: github.com/edgelesssys/*
CTEST_OUTPUT_ON_FAILURE: True
steps:
- uses: actions/checkout@v2
- name: Checkout
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Setup Go environment
uses: actions/setup-go@v2.1.4
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
with:
go-version: "1.18"

16
.github/workflows/test-lint.yml vendored
View File

@ -1,6 +1,9 @@
name: Golangci-lint
on:
push:
branches:
- main
pull_request:
permissions:
@ -20,12 +23,19 @@ jobs:
env:
GOPRIVATE: github.com/edgelesssys/*
steps:
- uses: actions/checkout@v2
- name: Checkout
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Install Dependencies
run: sudo apt-get update && sudo apt-get -y install libcryptsetup-dev
- name: golangci-lint
uses: golangci/golangci-lint-action@v2
- name: Setup Go environment
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
with:
go-version: "1.18"
- name: golangci-lint
uses: golangci/golangci-lint-action@537aa1903e5d359d0b27dbc19ddd22c5087f3fbc
with:
# show only new issues if it's a pull request
only-new-issues: true

5
.github/workflows/test-shellcheck.yml vendored
View File

@ -15,9 +15,10 @@ jobs:
name: Shellcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Checkout
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Run ShellCheck
uses: ludeeus/action-shellcheck@master
uses: ludeeus/action-shellcheck@94e0aab03ca135d11a35e5bfc14e6746dc56e7e9
with:
severity: error
ignore_names: merge_config.sh

5
.github/workflows/test-unittest.yml vendored
View File

@ -19,10 +19,11 @@ jobs:
GOPRIVATE: github.com/edgelesssys/*
CTEST_OUTPUT_ON_FAILURE: True
steps:
- uses: actions/checkout@v2
- name: Checkout
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
with:
go-version: 1.18

10
.github/workflows/update-cli-reference.yml vendored
View File

@ -10,19 +10,19 @@ jobs:
steps:
- name: Checkout Constellation
uses: actions/checkout@v3
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
with:
path: constellation
- name: Checkout docs
uses: actions/checkout@v3
uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
with:
repository: edgelesssys/constellation-docs
token: ${{ secrets.CI_GITHUB_REPOSITORY }}
path: docs
- name: Set up Go
uses: actions/setup-go@v2
uses: actions/setup-go@84cbf8094393cdc5fe1fe1671ff2647332956b1a
with:
go-version: 1.18
@ -44,7 +44,7 @@ jobs:
- name: Publish new reference (create new branch)
if: ${{ env.EXISTS == 0 }}
uses: dmnemec/copy_file_to_another_repo_action@v1.1.1
uses: dmnemec/copy_file_to_another_repo_action@c93037aa10fa8893de271f19978c980d0c1a9b37
env:
API_TOKEN_GITHUB: ${{ secrets.CI_GITHUB_REPOSITORY }}
with:
@ -58,7 +58,7 @@ jobs:
- name: Publish new reference (update branch)
if: ${{ env.EXISTS == 1 }}
uses: dmnemec/copy_file_to_another_repo_action@v1.1.1
uses: dmnemec/copy_file_to_another_repo_action@c93037aa10fa8893de271f19978c980d0c1a9b37
env:
API_TOKEN_GITHUB: ${{ secrets.CI_GITHUB_REPOSITORY }}
with: