Only upload the lowest version for each verify test

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2025-04-20 23:36:29 -04:00 · 2024-07-09 11:00:53 +02:00 · 2024-07-09 11:00:53 +02:00 · 6e88f8933c
commit 6e88f8933c
parent 1cf267155e
3 changed files with 19 additions and 21 deletions
--- a/.github/actions/e2e_verify/action.yml
+++ b/.github/actions/e2e_verify/action.yml
@ -94,13 +94,11 @@ runs:
        COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
        COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
      run: |
-        reports=(attestation-report-*.json)
-        if [ -z ${#reports[@]} ]; then
-            exit 1
-        fi
+        reports=attestation-report-*.json

-        for file in "${reports[@]}"; do
-          path=$(realpath "${file}")
-          cat "${path}"
-          bazel run //internal/api/attestationconfigapi/cli -- upload ${{ inputs.attestationVariant }} attestation-report "${path}"
-        done
+        report=$(bazel run //internal/api/attestationconfigapi/cli -- compare ${{ inputs.attestationVariant }} ${report})
+
+        path=$(realpath "${report}")
+        cat "${path}"
+
+        bazel run //internal/api/attestationconfigapi/cli -- upload ${{ inputs.attestationVariant }} attestation-report "${path}"
--- a/internal/api/attestationconfigapi/cli/main.go
+++ b/internal/api/attestationconfigapi/cli/main.go
@ -27,8 +27,11 @@ const (
 	distributionID      = constants.CDNDefaultDistributionID
 	envCosignPwd        = "COSIGN_PASSWORD"
 	envCosignPrivateKey = "COSIGN_PRIVATE_KEY"
-	// versionWindowSize defines the number of versions to be considered for the latest version. Each week 5 versions are uploaded for each node of the verify cluster.
-	versionWindowSize = 15
+	// versionWindowSize defines the number of versions to be considered for the latest version.
+	// Through our weekly e2e tests, each week 2 versions are uploaded:
+	// One from a stable release, and one from a debug image.
+	// A window size of 6 ensures we update only after a version has been "stable" for 3 weeks.
+	versionWindowSize = 6
 )

 var (
@ -56,6 +59,7 @@ func newRootCmd() *cobra.Command {

 	rootCmd.AddCommand(newUploadCmd())
 	rootCmd.AddCommand(newDeleteCmd())
+	rootCmd.AddCommand(newCompareCmd())

 	return rootCmd
 }
--- a/internal/api/attestationconfigapi/cli/upload.go
+++ b/internal/api/attestationconfigapi/cli/upload.go
@ -120,24 +120,20 @@ func uploadReport(
 		latestVersion = latestVersionInAPI.SEVSNPVersion

 		log.Info(fmt.Sprintf("Reading SNP report from file: %s", cfg.path))
-		var report verify.Report
-		if err := fs.ReadJSON(cfg.path, &report); err != nil {
-			return fmt.Errorf("reading snp report: %w", err)
+		newVersion, err = readSNPReport(cfg.path, fs)
+		if err != nil {
+			return err
 		}
-
-		newVersion = convertTCBVersionToSNPVersion(report.SNPReport.LaunchTCB)
 		log.Info(fmt.Sprintf("Input SNP report: %+v", newVersion))

 	case variant.AzureTDX{}:
 		latestVersion = latestVersionInAPI.TDXVersion

 		log.Info(fmt.Sprintf("Reading TDX report from file: %s", cfg.path))
-		var report *tdx.QuoteV4
-		if err := fs.ReadJSON(cfg.path, &report); err != nil {
-			return fmt.Errorf("reading tdx report: %w", err)
+		newVersion, err = readTDXReport(cfg.path, fs)
+		if err != nil {
+			return err
 		}
-
-		newVersion = convertQuoteToTDXVersion(report)
 		log.Info(fmt.Sprintf("Input TDX report: %+v", newVersion))

 	default: