Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-06-06 21:59:12 -04:00
Code Issues Projects Releases Packages Wiki Activity

Only upload the lowest version for each verify test

Browse source 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
This commit is contained in:
Daniel Weiße 2024-07-09 11:00:53 +02:00
parent 1cf267155e
commit 6e88f8933c
No known key found for this signature in database
GPG key ID: 7DD3015F3DDE4B9C
3 changed files with 19 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

16
.github/actions/e2e_verify/action.yml vendored
View file

@ -94,13 +94,11 @@ runs:
COSIGN_PASSWORD: ${{ inputs.cosignPassword }} COSIGN_PASSWORD: ${{ inputs.cosignPassword }}
COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }} COSIGN_PRIVATE_KEY: ${{ inputs.cosignPrivateKey }}
run: | run: |
reports=(attestation-report-*.json) reports=attestation-report-*.json
if [ -z ${#reports[@]} ]; then
exit 1
fi
for file in "${reports[@]}"; do report=$(bazel run //internal/api/attestationconfigapi/cli -- compare ${{ inputs.attestationVariant }} ${report})
path=$(realpath "${file}")
cat "${path}" path=$(realpath "${report}")
bazel run //internal/api/attestationconfigapi/cli -- upload ${{ inputs.attestationVariant }} attestation-report "${path}" cat "${path}"
done
bazel run //internal/api/attestationconfigapi/cli -- upload ${{ inputs.attestationVariant }} attestation-report "${path}"

8
internal/api/attestationconfigapi/cli/main.go
View file

@ -27,8 +27,11 @@ const (
distributionID = constants.CDNDefaultDistributionID distributionID = constants.CDNDefaultDistributionID
envCosignPwd = "COSIGN_PASSWORD" envCosignPwd = "COSIGN_PASSWORD"
envCosignPrivateKey = "COSIGN_PRIVATE_KEY" envCosignPrivateKey = "COSIGN_PRIVATE_KEY"
// versionWindowSize defines the number of versions to be considered for the latest version. Each week 5 versions are uploaded for each node of the verify cluster. // versionWindowSize defines the number of versions to be considered for the latest version.
versionWindowSize = 15 // Through our weekly e2e tests, each week 2 versions are uploaded:
// One from a stable release, and one from a debug image.
// A window size of 6 ensures we update only after a version has been "stable" for 3 weeks.
versionWindowSize = 6
) )
var ( var (
@ -56,6 +59,7 @@ func newRootCmd() *cobra.Command {
rootCmd.AddCommand(newUploadCmd()) rootCmd.AddCommand(newUploadCmd())
rootCmd.AddCommand(newDeleteCmd()) rootCmd.AddCommand(newDeleteCmd())
rootCmd.AddCommand(newCompareCmd())
return rootCmd return rootCmd
} }

16
internal/api/attestationconfigapi/cli/upload.go
View file

@ -120,24 +120,20 @@ func uploadReport(
latestVersion = latestVersionInAPI.SEVSNPVersion latestVersion = latestVersionInAPI.SEVSNPVersion
log.Info(fmt.Sprintf("Reading SNP report from file: %s", cfg.path)) log.Info(fmt.Sprintf("Reading SNP report from file: %s", cfg.path))
var report verify.Report newVersion, err = readSNPReport(cfg.path, fs)
if err := fs.ReadJSON(cfg.path, &report); err != nil { if err != nil {
return fmt.Errorf("reading snp report: %w", err) return err
} }
newVersion = convertTCBVersionToSNPVersion(report.SNPReport.LaunchTCB)
log.Info(fmt.Sprintf("Input SNP report: %+v", newVersion)) log.Info(fmt.Sprintf("Input SNP report: %+v", newVersion))
case variant.AzureTDX{}: case variant.AzureTDX{}:
latestVersion = latestVersionInAPI.TDXVersion latestVersion = latestVersionInAPI.TDXVersion
log.Info(fmt.Sprintf("Reading TDX report from file: %s", cfg.path)) log.Info(fmt.Sprintf("Reading TDX report from file: %s", cfg.path))
var report *tdx.QuoteV4 newVersion, err = readTDXReport(cfg.path, fs)
if err := fs.ReadJSON(cfg.path, &report); err != nil { if err != nil {
return fmt.Errorf("reading tdx report: %w", err) return err
} }
newVersion = convertQuoteToTDXVersion(report)
log.Info(fmt.Sprintf("Input TDX report: %+v", newVersion)) log.Info(fmt.Sprintf("Input TDX report: %+v", newVersion))
default: default: