e2e screencast generation and docs embedding

Signed-off-by: Fabian Kammel <fk@edgeless.systems>

docs/docs/workflows/sbom.md

@@ -1,5 +1,9 @@
 # Consume software bill of materials (SBOMs)
 
+import AsciinemaWidget from '../../src/components/AsciinemaWidget';
+
+<AsciinemaWidget src="/constellation/assets/check-sbom.cast" fontSize={16} rows={18} cols={80} idleTimeLimit={3} preload={true} />
+
 Constellation builds produce a [software bill of materials (SBOM)](https://www.ntia.gov/SBOM) for each generated [artifact](../architecture/microservices.md).
 You can use SBOMs to make informed decisions about dependencies and vulnerabilities in a given application. Enterprises rely on SBOMs to maintain an inventory of used applications, which allows them to take data-driven approaches to managing risks related to vulnerabilities.
 

docs/docs/workflows/verify-cli.md

@@ -2,11 +2,7 @@
 
 import AsciinemaWidget from '../../src/components/AsciinemaWidget';
 
-local path:
-<AsciinemaWidget src="/assets/constellation-install-cli.cast" fontSize={16} rows={18} cols={80} idleTimeLimit={3} preload={true} />
-
-URL:
-<AsciinemaWidget src="https://asciinema.org/a/8M4AUPRDWCBN2VuVlhGRM0BZM.cast" fontSize={16} rows={18} cols={80} idleTimeLimit={3} preload={true} />
+<AsciinemaWidget src="/constellation/assets/verify-cli.cast" fontSize={16} rows={18} cols={80} idleTimeLimit={3} preload={true} />
 
 Edgeless Systems uses [sigstore](https://www.sigstore.dev/) and [SLSA](https://slsa.dev) to ensure supply-chain security for the Constellation CLI and node images ("artifacts"). sigstore consists of three components: [Cosign](https://docs.sigstore.dev/cosign/overview), [Rekor](https://docs.sigstore.dev/rekor/overview), and Fulcio. Edgeless Systems uses Cosign to sign artifacts. All signatures are uploaded to the public Rekor transparency log, which resides at https://rekor.sigstore.dev/.
 

docs/screencasts/.gitignore

@@ -0,0 +1 @@
+recordings

docs/screencasts/docker/Dockerfile

@@ -0,0 +1,25 @@
+FROM ubuntu:20.04
+
+# Install requirements
+RUN apt update
+RUN apt install -y software-properties-common
+RUN apt-add-repository ppa:zanchey/asciinema
+RUN apt update
+RUN apt install -y curl expect asciinema sudo
+RUN curl -LO https://go.dev/dl/go1.19.5.linux-amd64.tar.gz && rm -rf /usr/local/go && tar -C /usr/local -xzf go1.19.5.linux-amd64.tar.gz
+RUN echo 'export PATH="${PATH}:/usr/local/go/bin:/root/go/bin"' >> /root/.bashrc
+ENV PATH="${PATH}:/usr/local/go/bin:/root/go/bin"
+
+# Install cosign & rekor (speedup in recording)
+RUN go install github.com/sigstore/cosign/cmd/cosign@latest
+RUN go install github.com/sigstore/rekor/cmd/rekor-cli@latest
+
+# Set prompt
+ENV PS1='$ '
+
+# Copy install scripts
+COPY ./*.sh /root/
+
+WORKDIR /root
+ENTRYPOINT ["/usr/bin/expect", "-f"]
+CMD ["verify-cli.sh", "/recordings/verify-cli.cast"]

docs/screencasts/docker/check-sbom.sh

@@ -0,0 +1,53 @@
+#!/usr/bin/expect -f
+# Note: Expects to be able to run 'sudo install' without a password
+
+set timeout -1
+set send_human {0.05 0 1 0.05 0.3}
+set CTRLC \003
+set record_name [lindex $argv 0];
+
+proc expect_prompt {} {
+    # make sure this matches your prompt
+    expect "$ "
+}
+
+proc run_command {cmd} {
+    send -h "$cmd"
+    send "\r"
+    expect -timeout 1
+}
+
+proc send_keystroke_to_interactive_process {key {addl_sleep 2}} {
+    send "$key"
+    expect -timeout 1
+    sleep $addl_sleep
+}
+
+# Start recording
+spawn asciinema rec --overwrite $record_name
+send "\r"
+expect_prompt
+
+### Step 0: Requirements
+run_command "echo Step 0: Installing requirements"
+expect_prompt
+run_command "curl -sLO https://github.com/anchore/grype/releases/download/v0.56.0/grype_0.56.0_linux_amd64.tar.gz"
+expect_prompt
+run_command "tar -xvzf grype_0.56.0_linux_amd64.tar.gz"
+expect_prompt
+run_command "sudo install grype /usr/local/bin/grype"
+expect_prompt
+run_command "grype --help"
+expect_prompt
+
+### Step 1: Download & check SBOM
+run_command "echo Step 1: Download Constellation SBOM"
+expect_prompt
+run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation.spdx.sbom"
+expect_prompt
+run_command "grype constellation.spdx.sbom -o table -q"
+expect_prompt
+run_command "echo We are safe! :)"
+
+# Stop recording
+send "exit"

docs/screencasts/docker/verify-cli.sh

@@ -0,0 +1,73 @@
+#!/usr/bin/expect -f
+# Note: Expects to be able to run 'sudo install' without a password
+
+set timeout -1
+set send_human {0.05 0 1 0.05 0.3}
+set CTRLC \003
+set record_name [lindex $argv 0];
+
+proc expect_prompt {} {
+    # make sure this matches your prompt
+    expect "$ "
+}
+
+proc run_command {cmd} {
+    send -h "$cmd"
+    send "\r"
+    expect -timeout 1
+}
+
+proc send_keystroke_to_interactive_process {key {addl_sleep 2}} {
+    send "$key"
+    expect -timeout 1
+    sleep $addl_sleep
+}
+
+# Start recording
+spawn asciinema rec $record_name
+send "\r"
+expect_prompt
+
+### Step 0: Requirements
+run_command "echo Step 0: Installing requirements"
+expect_prompt
+run_command "go install github.com/sigstore/cosign/cmd/cosign@latest"
+expect_prompt
+run_command "go install github.com/sigstore/rekor/cmd/rekor-cli@latest"
+expect_prompt
+
+### Step 1: Download CLI
+run_command "echo Step 1: Download CLI and signature"
+expect_prompt
+run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64"
+expect_prompt
+run_command "curl -sLO https://github.com/edgelesssys/constellation/releases/latest/download/constellation-linux-amd64.sig"
+expect_prompt
+
+### Step 2: Verify the CLI using cosign
+run_command "echo Step 2: Verify the CLI using cosign and the public Rekor transparency log"
+expect_prompt
+run_command "COSIGN_EXPERIMENTAL=1 cosign verify-blob --key https://edgeless.systems/es.pub --signature constellation-linux-amd64.sig constellation-linux-amd64"
+expect_prompt
+
+### Step 2b: Verify the CLI manually
+run_command "echo Optional Step 2b: Manually inspect the Rekor transparency log"
+expect_prompt
+run_command "rekor-cli search --artifact constellation-linux-amd64"
+expect -re "\n(\[a-f0-9]+)\r"
+set uuid '$expect_out(1,string)'
+expect_prompt
+run_command "rekor-cli get --uuid=$uuid"
+expect_prompt
+
+### Step 3: Install the CLI
+run_command "echo Step 4: Install the CLI"
+expect_prompt
+run_command "sudo install constellation-linux-amd64 /usr/local/bin/constellation"
+expect_prompt
+run_command "echo Done! You can now use the verified CLI"
+expect_prompt
+run_command "constellation -h"
+
+# Stop recording
+send "exit"

docs/screencasts/generate-screencasts.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+docker build -t screenrecodings docker
+
+# Generate cast to verify CLI
+docker run -it -v "$(pwd)"/recordings:/recordings screenrecodings
+cp recordings/verify-cli.cast ../static/assets/verify-cli.cast
+
+# Generate cast to check SBOM
+docker run -it -v "$(pwd)"/recordings:/recordings screenrecodings check-sbom.sh /recordings/check-sbom.cast
+cp recordings/check-sbom.cast ../static/assets/check-sbom.cast

docs/static/assets/check-sbom.cast

@@ -0,0 +1,46 @@
+{"version": 2, "width": 0, "height": 0, "timestamp": 1675859957, "env": {"SHELL": null, "TERM": "xterm"}}
+[0.003825, "o", "$ "]
+[0.00491, "o", "e"]
+[0.137328, "o", "c"]
+[0.187967, "o", "h"]
+[0.240046, "o", "o"]
+[0.290357, "o", " "]
+[0.340857, "o", "S"]
+[0.390951, "o", "t"]
+[0.511681, "o", "e"]
+[0.56956, "o", "p"]
+[0.61976, "o", " "]
+[0.672456, "o", "0"]
+[0.723166, "o", ":"]
+[0.773122, "o", " "]
+[0.860846, "o", "I"]
+[0.919429, "o", "n"]
+[0.970394, "o", "s"]
+[1.159058, "o", "t"]
+[1.237391, "o", "a"]
+[1.35056, "o", "l"]
+[1.403067, "o", "l"]
+[1.561877, "o", "i"]
+[1.619898, "o", "n"]
+[1.683962, "o", "g"]
+[1.734714, "o", " "]
+[1.788163, "o", "r"]
+[1.846651, "o", "e"]
+[1.910593, "o", "q"]
+[1.979596, "o", "u"]
+[2.03013, "o", "i"]
+[2.080866, "o", "r"]
+[2.184044, "o", "e"]
+[2.239835, "o", "m"]
+[2.289997, "o", "e"]
+[2.34052, "o", "n"]
+[2.394017, "o", "t"]
+[2.447544, "o", "s\r\n"]
+[2.44777, "o", "Step 0: Installing requirements\r\n$ "]
+[3.481334, "o", "c"]
+[3.630236, "o", "u"]
+[3.687787, "o", "r"]
+[3.753317, "o", "l"]
+[3.805315, "o", " "]
+[3.873631, "o", "-"]
+[3.925427, "o", "s"]