mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
ci: curl flags
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
parent
a6d35c6fd1
commit
a31d79e9cb
2
.github/actions/build_cli/action.yml
vendored
2
.github/actions/build_cli/action.yml
vendored
@ -68,7 +68,7 @@ runs:
|
||||
run: |
|
||||
HOSTOS="$(go env GOOS)"
|
||||
HOSTARCH="$(go env GOARCH)"
|
||||
curl -sLO https://github.com/sigstore/rekor/releases/download/v0.12.0/rekor-cli-${HOSTOS}-${HOSTARCH}
|
||||
curl -fsSLO https://github.com/sigstore/rekor/releases/download/v0.12.0/rekor-cli-${HOSTOS}-${HOSTARCH}
|
||||
sudo install rekor-cli-${HOSTOS}-${HOSTARCH} /usr/local/bin/rekor-cli
|
||||
rm rekor-cli-${HOSTOS}-${HOSTARCH}
|
||||
|
||||
|
@ -29,7 +29,7 @@ for scaleset in ${scalesetslist}; do
|
||||
jq '.serialConsoleLogBlobUri' -r
|
||||
)
|
||||
sleep 4
|
||||
curl -sL -o "./${scaleset}-${instanceid}.log" "${bloburi}"
|
||||
curl -fsSL -o "./${scaleset}-${instanceid}.log" "${bloburi}"
|
||||
realpath "./${scaleset}-${instanceid}.log"
|
||||
done
|
||||
done
|
||||
|
2
.github/actions/e2e_mini/run-e2e.sh
vendored
2
.github/actions/e2e_mini/run-e2e.sh
vendored
@ -39,7 +39,7 @@ sudo sh -c 'echo "127.0.0.1 license.confidential.cloud" >> /etc/hosts'
|
||||
|
||||
./constellation mini up
|
||||
|
||||
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
||||
curl -fsSLO "https://dl.k8s.io/release/$(curl -fsSL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
||||
sudo install kubectl /usr/local/bin/kubectl
|
||||
|
||||
export KUBECONFIG="$PWD/constellation-admin.conf"
|
||||
|
2
.github/actions/e2e_sonobuoy/action.yml
vendored
2
.github/actions/e2e_sonobuoy/action.yml
vendored
@ -23,7 +23,7 @@ runs:
|
||||
run: |
|
||||
HOSTOS="$(go env GOOS)"
|
||||
HOSTARCH="$(go env GOARCH)"
|
||||
curl -sLO https://github.com/vmware-tanzu/sonobuoy/releases/download/v${{ inputs.sonobuoyVersion }}/sonobuoy_${{ inputs.sonobuoyVersion }}_${HOSTOS}_${HOSTARCH}.tar.gz
|
||||
curl -fsSLO https://github.com/vmware-tanzu/sonobuoy/releases/download/v${{ inputs.sonobuoyVersion }}/sonobuoy_${{ inputs.sonobuoyVersion }}_${HOSTOS}_${HOSTARCH}.tar.gz
|
||||
tar -xzf sonobuoy_${{ inputs.sonobuoyVersion }}_${HOSTOS}_${HOSTARCH}.tar.gz
|
||||
install sonobuoy /usr/local/bin
|
||||
|
||||
|
2
.github/actions/e2e_verify/action.yml
vendored
2
.github/actions/e2e_verify/action.yml
vendored
@ -20,7 +20,7 @@ runs:
|
||||
- name: Fetch & write measurements
|
||||
shell: bash
|
||||
run: |
|
||||
MEASUREMENTS=$(curl -sS https://cdn.confidential.cloud/constellation/v1/${{ inputs.osImage }}/image/csp/${{ inputs.cloudProvider }}/measurements.image.json | jq '.measurements' -r)
|
||||
MEASUREMENTS=$(curl -fsSL https://cdn.confidential.cloud/constellation/v1/${{ inputs.osImage }}/image/csp/${{ inputs.cloudProvider }}/measurements.image.json | jq '.measurements' -r)
|
||||
for key in $(echo $MEASUREMENTS | jq 'keys[]' -r); do
|
||||
echo Updating $key to $(echo $MEASUREMENTS | jq ".\"$key\"" -r)
|
||||
yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key] = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml
|
||||
|
@ -14,10 +14,10 @@ runs:
|
||||
export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac)
|
||||
export OS=$(uname | awk '{print tolower($0)}')
|
||||
export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/${{ inputs.version }}
|
||||
curl -sLO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH}
|
||||
curl -fsSLO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH}
|
||||
gpg --keyserver keyserver.ubuntu.com --recv-keys 052996E2A20B5C7E
|
||||
curl -sLO ${OPERATOR_SDK_DL_URL}/checksums.txt
|
||||
curl -sLO ${OPERATOR_SDK_DL_URL}/checksums.txt.asc
|
||||
curl -fsSLO ${OPERATOR_SDK_DL_URL}/checksums.txt
|
||||
curl -fsSLO ${OPERATOR_SDK_DL_URL}/checksums.txt.asc
|
||||
gpg -u "Operator SDK (release) <cncf-operator-sdk@cncf.io>" --verify checksums.txt.asc
|
||||
grep operator-sdk_${OS}_${ARCH} checksums.txt | sha256sum -c -
|
||||
chmod +x operator-sdk_${OS}_${ARCH} && sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk
|
||||
|
2
.github/actions/setup_linux/action.yml
vendored
2
.github/actions/setup_linux/action.yml
vendored
@ -8,7 +8,7 @@ runs:
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg -y
|
||||
curl -sL https://packages.microsoft.com/keys/microsoft.asc |
|
||||
curl -fsSL https://packages.microsoft.com/keys/microsoft.asc |
|
||||
gpg --dearmor |
|
||||
sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
|
||||
AZ_REPO=$(lsb_release -cs)
|
||||
|
2
.github/workflows/generate-measurements.yml
vendored
2
.github/workflows/generate-measurements.yml
vendored
@ -310,7 +310,7 @@ jobs:
|
||||
- name: Install Rekor
|
||||
shell: bash
|
||||
run: |
|
||||
curl -sLO https://github.com/sigstore/rekor/releases/download/v0.12.0/rekor-cli-linux-amd64
|
||||
curl -fsSLO https://github.com/sigstore/rekor/releases/download/v0.12.0/rekor-cli-linux-amd64
|
||||
sudo install rekor-cli-linux-amd64 /usr/local/bin/rekor-cli
|
||||
rm rekor-cli-linux-amd64
|
||||
|
||||
|
2
.github/workflows/release-cli.yml
vendored
2
.github/workflows/release-cli.yml
vendored
@ -205,7 +205,7 @@ jobs:
|
||||
|
||||
- name: Install slsa-verifier
|
||||
run: |
|
||||
curl -LO https://github.com/slsa-framework/slsa-verifier/releases/download/v${{ env.SLSA_VERIFIER_VERSION }}/slsa-verifier-linux-amd64
|
||||
curl -fsSLO https://github.com/slsa-framework/slsa-verifier/releases/download/v${{ env.SLSA_VERIFIER_VERSION }}/slsa-verifier-linux-amd64
|
||||
install slsa-verifier-linux-amd64 /usr/local/bin/slsa-verifier
|
||||
|
||||
- name: Verify provenance
|
||||
|
@ -2,7 +2,7 @@ FROM fedora:37@sha256:99aa8919afd1880064ec915dba44cdc5b52808667717f605750329d550
|
||||
|
||||
ARG LOGSTASH_VER=8.4.0
|
||||
|
||||
RUN curl -sLO https://artifacts.opensearch.org/logstash/logstash-oss-with-opensearch-output-plugin-$LOGSTASH_VER-linux-x64.tar.gz
|
||||
RUN curl -fsSLO https://artifacts.opensearch.org/logstash/logstash-oss-with-opensearch-output-plugin-$LOGSTASH_VER-linux-x64.tar.gz
|
||||
RUN tar -zxvf logstash-oss-with-opensearch-output-plugin-$LOGSTASH_VER-linux-x64.tar.gz
|
||||
|
||||
FROM fedora:37@sha256:99aa8919afd1880064ec915dba44cdc5b52808667717f605750329d55006538a AS release
|
||||
|
@ -28,12 +28,12 @@ $(csps): %: mkosi.output.%/fedora~37/image.raw
|
||||
prebuilt/rpms/gcp/%.rpm:
|
||||
@echo "Downloading $*"
|
||||
@mkdir -p $(@D)
|
||||
@curl -sL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/5.19.17/300.fc37/x86_64/$*.rpm
|
||||
@curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/5.19.17/300.fc37/x86_64/$*.rpm
|
||||
|
||||
prebuilt/rpms/azure/%.rpm:
|
||||
@echo "Downloading $*"
|
||||
@mkdir -p $(@D)
|
||||
@curl -sL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/6.1.7/200.fc37/x86_64/$*.rpm
|
||||
@curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/6.1.7/200.fc37/x86_64/$*.rpm
|
||||
|
||||
mkosi.output.%/fedora~37/image.raw: mkosi.files/mkosi.%.conf inject-bins inject-certs
|
||||
mkosi --config mkosi.files/mkosi.$*.conf --image-version=$(IMAGE_VERSION) $(AUTOLOGIN_ARGS) --environment=CONSOLE_MOTD build
|
||||
|
@ -57,7 +57,7 @@ sleep 10
|
||||
ACCESS=$(az rest --method get --url "${ASYNC_OPERATION_URI}")
|
||||
VMGS_URL=$(echo "${ACCESS}" | jq -r '.properties.output.securityDataAccessSAS')
|
||||
|
||||
curl -L -o "${AZURE_VMGS_FILENAME}" "${VMGS_URL}"
|
||||
curl -fsSL -o "${AZURE_VMGS_FILENAME}" "${VMGS_URL}"
|
||||
|
||||
az snapshot revoke-access \
|
||||
--name "${AZURE_SNAPSHOT_NAME}" \
|
||||
|
@ -37,7 +37,7 @@ gen_pki() {
|
||||
done
|
||||
|
||||
for key in MicWinProPCA2011_2011-10-19.crt MicCorUEFCA2011_2011-06-27.crt MicCorKEKCA2011_2011-06-24.crt; do
|
||||
curl -sL "https://www.microsoft.com/pkiops/certs/${key}" --output "${key}"
|
||||
curl -fsSL "https://www.microsoft.com/pkiops/certs/${key}" --output "${key}"
|
||||
sbsiglist --owner 77fa9abd-0359-4d32-bd60-28f4e78f784b --type x509 --output "${key%crt}esl" "${key}"
|
||||
done
|
||||
|
||||
|
@ -21,7 +21,7 @@ TMPDIR=$(mktemp -d)
|
||||
|
||||
pushd "${TMPDIR}"
|
||||
|
||||
curl -sL -o shim.rpm "${SOURCE}"
|
||||
curl -fsSL -o shim.rpm "${SOURCE}"
|
||||
echo "Checking SHA512 checksum of signed shim..."
|
||||
sha512sum -c <<< "${EXPECTED_SHA512} shim.rpm"
|
||||
rpm2cpio shim.rpm | cpio -idmv
|
||||
|
Loading…
Reference in New Issue
Block a user