e2e screencast generation and docs embedding

Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2025-06-26 15:10:43 -04:00 · 2023-02-08 12:40:02 +00:00 · 2023-02-08 12:40:02 +00:00 · 5f9cc52f50
commit 5f9cc52f50
parent e0a4b26e5c
10 changed files with 1248 additions and 1038 deletions
--- a/docs/screencasts/docker/Dockerfile
+++ b/docs/screencasts/docker/Dockerfile
@ -0,0 +1,25 @@
+FROM ubuntu:20.04
+
+# Install requirements
+RUN apt update
+RUN apt install -y software-properties-common
+RUN apt-add-repository ppa:zanchey/asciinema
+RUN apt update
+RUN apt install -y curl expect asciinema sudo
+RUN curl -LO https://go.dev/dl/go1.19.5.linux-amd64.tar.gz && rm -rf /usr/local/go && tar -C /usr/local -xzf go1.19.5.linux-amd64.tar.gz
+RUN echo 'export PATH="${PATH}:/usr/local/go/bin:/root/go/bin"' >> /root/.bashrc
+ENV PATH="${PATH}:/usr/local/go/bin:/root/go/bin"
+
+# Install cosign & rekor (speedup in recording)
+RUN go install github.com/sigstore/cosign/cmd/cosign@latest
+RUN go install github.com/sigstore/rekor/cmd/rekor-cli@latest
+
+# Set prompt
+ENV PS1='$ '
+
+# Copy install scripts
+COPY ./*.sh /root/
+
+WORKDIR /root
+ENTRYPOINT ["/usr/bin/expect", "-f"]
+CMD ["verify-cli.sh", "/recordings/verify-cli.cast"]
--- a/docs/screencasts/docker/check-sbom.sh
+++ b/docs/screencasts/docker/check-sbom.sh
@ -0,0 +1,53 @@
+#!/usr/bin/expect -f
+# Note: Expects to be able to run 'sudo install' without a password
+
+set timeout -1
+set send_human {0.05 0 1 0.05 0.3}
+set CTRLC \003
+set record_name [lindex $argv 0];
+
+proc expect_prompt {} {
+    # make sure this matches your prompt
+    expect "$ "
+}
+
+proc run_command {cmd} {
+    send -h "$cmd"
+    send "\r"
+    expect -timeout 1
+}
+
+proc send_keystroke_to_interactive_process {key {addl_sleep 2}} {
+    send "$key"
+    expect -timeout 1
+    sleep $addl_sleep
+}
+
+# Start recording
+spawn asciinema rec --overwrite $record_name
+send "\r"
+expect_prompt
+
+### Step 0: Requirements
+run_command "echo Step 0: Installing requirements"
+expect_prompt
+run_command "curl -sLO https://github.com/anchore/grype/releases/download/v0.56.0/grype_0.56.0_linux_amd64.tar.gz"
+expect_prompt
+run_command "tar -xvzf grype_0.56.0_linux_amd64.tar.gz"
+expect_prompt
+run_command "sudo install grype /usr/local/bin/grype"
+expect_prompt
+run_command "grype --help"
+expect_prompt
+
+### Step 1: Download & check SBOM
+run_command "echo Step 1: Download Constellation SBOM"
+expect_prompt
+run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation.spdx.sbom"
+expect_prompt
+run_command "grype constellation.spdx.sbom -o table -q"
+expect_prompt
+run_command "echo We are safe! :)"
+
+# Stop recording
+send "exit"
--- a/docs/screencasts/docker/verify-cli.sh
+++ b/docs/screencasts/docker/verify-cli.sh
@ -0,0 +1,73 @@
+#!/usr/bin/expect -f
+# Note: Expects to be able to run 'sudo install' without a password
+
+set timeout -1
+set send_human {0.05 0 1 0.05 0.3}
+set CTRLC \003
+set record_name [lindex $argv 0];
+
+proc expect_prompt {} {
+    # make sure this matches your prompt
+    expect "$ "
+}
+
+proc run_command {cmd} {
+    send -h "$cmd"
+    send "\r"
+    expect -timeout 1
+}
+
+proc send_keystroke_to_interactive_process {key {addl_sleep 2}} {
+    send "$key"
+    expect -timeout 1
+    sleep $addl_sleep
+}
+
+# Start recording
+spawn asciinema rec $record_name
+send "\r"
+expect_prompt
+
+### Step 0: Requirements
+run_command "echo Step 0: Installing requirements"
+expect_prompt
+run_command "go install github.com/sigstore/cosign/cmd/cosign@latest"
+expect_prompt
+run_command "go install github.com/sigstore/rekor/cmd/rekor-cli@latest"
+expect_prompt
+
+### Step 1: Download CLI
+run_command "echo Step 1: Download CLI and signature"
+expect_prompt
+run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64"
+expect_prompt
+run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64.sig"
+expect_prompt
+
+### Step 2: Verify the CLI using cosign
+run_command "echo Step 2: Verify the CLI using cosign and the public Rekor transparency log"
+expect_prompt
+run_command "COSIGN_EXPERIMENTAL=1 cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64"
+expect_prompt
+
+### Step 2b: Verify the CLI manually
+run_command "echo Optional Step 2b: Manually inspect the Rekor transparency log"
+expect_prompt
+run_command "rekor-cli search --artifact constellation-linux-amd64"
+expect -re "\n(\[a-f0-9]+)\r"
+set uuid '$expect_out(1,string)'
+expect_prompt
+run_command "rekor-cli get --uuid=$uuid"
+expect_prompt
+
+### Step 3: Install the CLI
+run_command "echo Step 4: Install the CLI"
+expect_prompt
+run_command "sudo install constellation-linux-amd64 /usr/local/bin/constellation"
+expect_prompt
+run_command "echo Done! You can now use the verified CLI"
+expect_prompt
+run_command "constellation -h"
+
+# Stop recording
+send "exit"