diff --git a/.github/actions/e2e_verify/action.yml b/.github/actions/e2e_verify/action.yml index 07abb7a88..a9c2a51bd 100644 --- a/.github/actions/e2e_verify/action.yml +++ b/.github/actions/e2e_verify/action.yml @@ -94,13 +94,11 @@ runs: COSIGN_PASSWORD: ${{ inputs.cosignPassword }} COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }} run: | - reports=(attestation-report-*.json) - if [ -z ${#reports[@]} ]; then - exit 1 - fi + reports=attestation-report-*.json - for file in "${reports[@]}"; do - path=$(realpath "${file}") - cat "${path}" - bazel run //internal/api/attestationconfigapi/cli -- upload ${{ inputs.attestationVariant }} attestation-report "${path}" - done + report=$(bazel run //internal/api/attestationconfigapi/cli -- compare ${{ inputs.attestationVariant }} ${report}) + + path=$(realpath "${report}") + cat "${path}" + + bazel run //internal/api/attestationconfigapi/cli -- upload ${{ inputs.attestationVariant }} attestation-report "${path}" diff --git a/internal/api/attestationconfigapi/cli/main.go b/internal/api/attestationconfigapi/cli/main.go index e6e951f1b..ee1b0c354 100644 --- a/internal/api/attestationconfigapi/cli/main.go +++ b/internal/api/attestationconfigapi/cli/main.go @@ -27,8 +27,11 @@ const ( distributionID = constants.CDNDefaultDistributionID envCosignPwd = "COSIGN_PASSWORD" envCosignPrivateKey = "COSIGN_PRIVATE_KEY" - // versionWindowSize defines the number of versions to be considered for the latest version. Each week 5 versions are uploaded for each node of the verify cluster. - versionWindowSize = 15 + // versionWindowSize defines the number of versions to be considered for the latest version. + // Through our weekly e2e tests, each week 2 versions are uploaded: + // One from a stable release, and one from a debug image. + // A window size of 6 ensures we update only after a version has been "stable" for 3 weeks. + versionWindowSize = 6 ) var ( @@ -56,6 +59,7 @@ func newRootCmd() *cobra.Command { rootCmd.AddCommand(newUploadCmd()) rootCmd.AddCommand(newDeleteCmd()) + rootCmd.AddCommand(newCompareCmd()) return rootCmd } diff --git a/internal/api/attestationconfigapi/cli/upload.go b/internal/api/attestationconfigapi/cli/upload.go index 54edb01c6..5f35be6da 100644 --- a/internal/api/attestationconfigapi/cli/upload.go +++ b/internal/api/attestationconfigapi/cli/upload.go @@ -120,24 +120,20 @@ func uploadReport( latestVersion = latestVersionInAPI.SEVSNPVersion log.Info(fmt.Sprintf("Reading SNP report from file: %s", cfg.path)) - var report verify.Report - if err := fs.ReadJSON(cfg.path, &report); err != nil { - return fmt.Errorf("reading snp report: %w", err) + newVersion, err = readSNPReport(cfg.path, fs) + if err != nil { + return err } - - newVersion = convertTCBVersionToSNPVersion(report.SNPReport.LaunchTCB) log.Info(fmt.Sprintf("Input SNP report: %+v", newVersion)) case variant.AzureTDX{}: latestVersion = latestVersionInAPI.TDXVersion log.Info(fmt.Sprintf("Reading TDX report from file: %s", cfg.path)) - var report *tdx.QuoteV4 - if err := fs.ReadJSON(cfg.path, &report); err != nil { - return fmt.Errorf("reading tdx report: %w", err) + newVersion, err = readTDXReport(cfg.path, fs) + if err != nil { + return err } - - newVersion = convertQuoteToTDXVersion(report) log.Info(fmt.Sprintf("Input TDX report: %+v", newVersion)) default: