Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-02-26 01:31:26 -05:00
Code Issues Packages Projects Releases Wiki Activity

Select attestation variant for verify test (#1755)

Browse Source 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2023-05-12 11:06:49 +02:00 committed by GitHub
parent fe115bdb16
commit 0e7d50b465
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 43 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
.github/actions/e2e_verify/action.yml vendored
View File

@ -15,7 +15,16 @@ runs:
- name: Clear current measurements - name: Clear current measurements
shell: bash shell: bash
run: | run: |
if [[ $(yq '.version' constellation-conf.yaml) == "v2" ]]
then
yq -i 'del(.provider.${{ inputs.cloudProvider }}.measurements)' constellation-conf.yaml yq -i 'del(.provider.${{ inputs.cloudProvider }}.measurements)' constellation-conf.yaml
else
yq -i 'del(.attestation.awsNitroTPM.measurements)' constellation-conf.yaml
yq -i 'del(.attestation.azureSEVSNP.measurements)' constellation-conf.yaml
yq -i 'del(.attestation.azureTrustedLaunch.measurements)' constellation-conf.yaml
yq -i 'del(.attestation.gcpSEVES.measurements)' constellation-conf.yaml
yq -i 'del(.attestation.qemuVTPM.measurements)' constellation-conf.yaml
fi
- name: Expand version path - name: Expand version path
id: expand-version id: expand-version
@ -23,6 +32,26 @@ runs:
with: with:
shortname: ${{ inputs.osImage }} shortname: ${{ inputs.osImage }}
- name: Get attestation variant
id: get-variant
shell: bash
run: |
# TODO(AB#3144): Refactor when API is update for attestation variants
case ${{ inputs.cloudProvider }} in
aws)
echo ATTESTATION_VARIANT=awsNitroTPM >> $GITHUB_OUTPUT
;;
azure)
echo ATTESTATION_VARIANT=azureSEVSNP >> $GITHUB_OUTPUT
;;
gcp)
echo ATTESTATION_VARIANT=gcpSEVES >> $GITHUB_OUTPUT
;;
qemu)
echo ATTESTATION_VARIANT=qemuVTPM >> $GITHUB_OUTPUT
;;
esac
- name: Fetch & write measurements - name: Fetch & write measurements
shell: bash shell: bash
run: | run: |
@ -33,9 +62,20 @@ runs:
MEASUREMENTS=$(curl -fsSL https://cdn.confidential.cloud/constellation/v1/${verPath}/image/csp/${{ inputs.cloudProvider }}/measurements.json | jq '.measurements' -r) MEASUREMENTS=$(curl -fsSL https://cdn.confidential.cloud/constellation/v1/${verPath}/image/csp/${{ inputs.cloudProvider }}/measurements.json | jq '.measurements' -r)
for key in $(echo $MEASUREMENTS | jq 'keys[]' -r); do for key in $(echo $MEASUREMENTS | jq 'keys[]' -r); do
echo Updating $key to $(echo $MEASUREMENTS | jq ".\"$key\"" -r) echo Updating $key to $(echo $MEASUREMENTS | jq ".\"$key\"" -r)
if [[ $(yq '.version' constellation-conf.yaml) == "v2" ]]
then
yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key] = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key] = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml
else
yq -i ".attestation.${{ steps.get-variant.outputs.ATTESTATION_VARIANT }}.measurements.[$key] = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml
fi
done done
if [[ $(yq '.version' constellation-conf.yaml) == "v2" ]]
then
yq -i '.provider.${{ inputs.cloudProvider }}.measurements |= array_to_map' constellation-conf.yaml yq -i '.provider.${{ inputs.cloudProvider }}.measurements |= array_to_map' constellation-conf.yaml
else
yq -i '.attestation.${{ steps.get-variant.outputs.ATTESTATION_VARIANT }}.measurements |= array_to_map' constellation-conf.yaml
fi
cat constellation-conf.yaml cat constellation-conf.yaml
- name: Constellation verify - name: Constellation verify