mirror of
https://github.com/edgelesssys/constellation.git
synced 2025-02-25 09:11:24 -05:00
ci: curl flags
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
Paul Meyer
parent
a6d35c6fd1
commit
a31d79e9cb
2
.github/actions/build_cli/action.yml
vendored
2
.github/actions/build_cli/action.yml
vendored
@ -68,7 +68,7 @@ runs:
|
|||||||
run: |
|
run: |
|
||||||
HOSTOS="$(go env GOOS)"
|
HOSTOS="$(go env GOOS)"
|
||||||
HOSTARCH="$(go env GOARCH)"
|
HOSTARCH="$(go env GOARCH)"
|
||||||
curl -sLO https://github.com/sigstore/rekor/releases/download/v0.12.0/rekor-cli-${HOSTOS}-${HOSTARCH}
|
curl -fsSLO https://github.com/sigstore/rekor/releases/download/v0.12.0/rekor-cli-${HOSTOS}-${HOSTARCH}
|
||||||
sudo install rekor-cli-${HOSTOS}-${HOSTARCH} /usr/local/bin/rekor-cli
|
sudo install rekor-cli-${HOSTOS}-${HOSTARCH} /usr/local/bin/rekor-cli
|
||||||
rm rekor-cli-${HOSTOS}-${HOSTARCH}
|
rm rekor-cli-${HOSTOS}-${HOSTARCH}
|
||||||
|
|
||||||
|
|||||||
@ -29,7 +29,7 @@ for scaleset in ${scalesetslist}; do
|
|||||||
jq '.serialConsoleLogBlobUri' -r
|
jq '.serialConsoleLogBlobUri' -r
|
||||||
)
|
)
|
||||||
sleep 4
|
sleep 4
|
||||||
curl -sL -o "./${scaleset}-${instanceid}.log" "${bloburi}"
|
curl -fsSL -o "./${scaleset}-${instanceid}.log" "${bloburi}"
|
||||||
realpath "./${scaleset}-${instanceid}.log"
|
realpath "./${scaleset}-${instanceid}.log"
|
||||||
done
|
done
|
||||||
done
|
done
|
||||||
|
|||||||
2
.github/actions/e2e_mini/run-e2e.sh
vendored
2
.github/actions/e2e_mini/run-e2e.sh
vendored
@ -39,7 +39,7 @@ sudo sh -c 'echo "127.0.0.1 license.confidential.cloud" >> /etc/hosts'
|
|||||||
|
|
||||||
./constellation mini up
|
./constellation mini up
|
||||||
|
|
||||||
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
curl -fsSLO "https://dl.k8s.io/release/$(curl -fsSL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
|
||||||
sudo install kubectl /usr/local/bin/kubectl
|
sudo install kubectl /usr/local/bin/kubectl
|
||||||
|
|
||||||
export KUBECONFIG="$PWD/constellation-admin.conf"
|
export KUBECONFIG="$PWD/constellation-admin.conf"
|
||||||
|
|||||||
2
.github/actions/e2e_sonobuoy/action.yml
vendored
2
.github/actions/e2e_sonobuoy/action.yml
vendored
@ -23,7 +23,7 @@ runs:
|
|||||||
run: |
|
run: |
|
||||||
HOSTOS="$(go env GOOS)"
|
HOSTOS="$(go env GOOS)"
|
||||||
HOSTARCH="$(go env GOARCH)"
|
HOSTARCH="$(go env GOARCH)"
|
||||||
curl -sLO https://github.com/vmware-tanzu/sonobuoy/releases/download/v${{ inputs.sonobuoyVersion }}/sonobuoy_${{ inputs.sonobuoyVersion }}_${HOSTOS}_${HOSTARCH}.tar.gz
|
curl -fsSLO https://github.com/vmware-tanzu/sonobuoy/releases/download/v${{ inputs.sonobuoyVersion }}/sonobuoy_${{ inputs.sonobuoyVersion }}_${HOSTOS}_${HOSTARCH}.tar.gz
|
||||||
tar -xzf sonobuoy_${{ inputs.sonobuoyVersion }}_${HOSTOS}_${HOSTARCH}.tar.gz
|
tar -xzf sonobuoy_${{ inputs.sonobuoyVersion }}_${HOSTOS}_${HOSTARCH}.tar.gz
|
||||||
install sonobuoy /usr/local/bin
|
install sonobuoy /usr/local/bin
|
||||||
|
|
||||||
|
|||||||
2
.github/actions/e2e_verify/action.yml
vendored
2
.github/actions/e2e_verify/action.yml
vendored
@ -20,7 +20,7 @@ runs:
|
|||||||
- name: Fetch & write measurements
|
- name: Fetch & write measurements
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
MEASUREMENTS=$(curl -sS https://cdn.confidential.cloud/constellation/v1/${{ inputs.osImage }}/image/csp/${{ inputs.cloudProvider }}/measurements.image.json | jq '.measurements' -r)
|
MEASUREMENTS=$(curl -fsSL https://cdn.confidential.cloud/constellation/v1/${{ inputs.osImage }}/image/csp/${{ inputs.cloudProvider }}/measurements.image.json | jq '.measurements' -r)
|
||||||
for key in $(echo $MEASUREMENTS | jq 'keys[]' -r); do
|
for key in $(echo $MEASUREMENTS | jq 'keys[]' -r); do
|
||||||
echo Updating $key to $(echo $MEASUREMENTS | jq ".\"$key\"" -r)
|
echo Updating $key to $(echo $MEASUREMENTS | jq ".\"$key\"" -r)
|
||||||
yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key] = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml
|
yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key] = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml
|
||||||
|
|||||||
@ -14,10 +14,10 @@ runs:
|
|||||||
export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac)
|
export ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac)
|
||||||
export OS=$(uname | awk '{print tolower($0)}')
|
export OS=$(uname | awk '{print tolower($0)}')
|
||||||
export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/${{ inputs.version }}
|
export OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/${{ inputs.version }}
|
||||||
curl -sLO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH}
|
curl -fsSLO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH}
|
||||||
gpg --keyserver keyserver.ubuntu.com --recv-keys 052996E2A20B5C7E
|
gpg --keyserver keyserver.ubuntu.com --recv-keys 052996E2A20B5C7E
|
||||||
curl -sLO ${OPERATOR_SDK_DL_URL}/checksums.txt
|
curl -fsSLO ${OPERATOR_SDK_DL_URL}/checksums.txt
|
||||||
curl -sLO ${OPERATOR_SDK_DL_URL}/checksums.txt.asc
|
curl -fsSLO ${OPERATOR_SDK_DL_URL}/checksums.txt.asc
|
||||||
gpg -u "Operator SDK (release) <cncf-operator-sdk@cncf.io>" --verify checksums.txt.asc
|
gpg -u "Operator SDK (release) <cncf-operator-sdk@cncf.io>" --verify checksums.txt.asc
|
||||||
grep operator-sdk_${OS}_${ARCH} checksums.txt | sha256sum -c -
|
grep operator-sdk_${OS}_${ARCH} checksums.txt | sha256sum -c -
|
||||||
chmod +x operator-sdk_${OS}_${ARCH} && sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk
|
chmod +x operator-sdk_${OS}_${ARCH} && sudo mv operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk
|
||||||
|
|||||||
2
.github/actions/setup_linux/action.yml
vendored
2
.github/actions/setup_linux/action.yml
vendored
@ -8,7 +8,7 @@ runs:
|
|||||||
run: |
|
run: |
|
||||||
sudo apt-get update
|
sudo apt-get update
|
||||||
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg -y
|
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg -y
|
||||||
curl -sL https://packages.microsoft.com/keys/microsoft.asc |
|
curl -fsSL https://packages.microsoft.com/keys/microsoft.asc |
|
||||||
gpg --dearmor |
|
gpg --dearmor |
|
||||||
sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
|
sudo tee /etc/apt/trusted.gpg.d/microsoft.gpg > /dev/null
|
||||||
AZ_REPO=$(lsb_release -cs)
|
AZ_REPO=$(lsb_release -cs)
|
||||||
|
|||||||
2
.github/workflows/generate-measurements.yml
vendored
2
.github/workflows/generate-measurements.yml
vendored
@ -310,7 +310,7 @@ jobs:
|
|||||||
- name: Install Rekor
|
- name: Install Rekor
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
curl -sLO https://github.com/sigstore/rekor/releases/download/v0.12.0/rekor-cli-linux-amd64
|
curl -fsSLO https://github.com/sigstore/rekor/releases/download/v0.12.0/rekor-cli-linux-amd64
|
||||||
sudo install rekor-cli-linux-amd64 /usr/local/bin/rekor-cli
|
sudo install rekor-cli-linux-amd64 /usr/local/bin/rekor-cli
|
||||||
rm rekor-cli-linux-amd64
|
rm rekor-cli-linux-amd64
|
||||||
|
|
||||||
|
|||||||
2
.github/workflows/release-cli.yml
vendored
2
.github/workflows/release-cli.yml
vendored
@ -205,7 +205,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Install slsa-verifier
|
- name: Install slsa-verifier
|
||||||
run: |
|
run: |
|
||||||
curl -LO https://github.com/slsa-framework/slsa-verifier/releases/download/v${{ env.SLSA_VERIFIER_VERSION }}/slsa-verifier-linux-amd64
|
curl -fsSLO https://github.com/slsa-framework/slsa-verifier/releases/download/v${{ env.SLSA_VERIFIER_VERSION }}/slsa-verifier-linux-amd64
|
||||||
install slsa-verifier-linux-amd64 /usr/local/bin/slsa-verifier
|
install slsa-verifier-linux-amd64 /usr/local/bin/slsa-verifier
|
||||||
|
|
||||||
- name: Verify provenance
|
- name: Verify provenance
|
||||||
|
|||||||
@ -2,7 +2,7 @@ FROM fedora:37@sha256:99aa8919afd1880064ec915dba44cdc5b52808667717f605750329d550
|
|||||||
|
|
||||||
ARG LOGSTASH_VER=8.4.0
|
ARG LOGSTASH_VER=8.4.0
|
||||||
|
|
||||||
RUN curl -sLO https://artifacts.opensearch.org/logstash/logstash-oss-with-opensearch-output-plugin-$LOGSTASH_VER-linux-x64.tar.gz
|
RUN curl -fsSLO https://artifacts.opensearch.org/logstash/logstash-oss-with-opensearch-output-plugin-$LOGSTASH_VER-linux-x64.tar.gz
|
||||||
RUN tar -zxvf logstash-oss-with-opensearch-output-plugin-$LOGSTASH_VER-linux-x64.tar.gz
|
RUN tar -zxvf logstash-oss-with-opensearch-output-plugin-$LOGSTASH_VER-linux-x64.tar.gz
|
||||||
|
|
||||||
FROM fedora:37@sha256:99aa8919afd1880064ec915dba44cdc5b52808667717f605750329d55006538a AS release
|
FROM fedora:37@sha256:99aa8919afd1880064ec915dba44cdc5b52808667717f605750329d55006538a AS release
|
||||||
|
|||||||
@ -28,12 +28,12 @@ $(csps): %: mkosi.output.%/fedora~37/image.raw
|
|||||||
prebuilt/rpms/gcp/%.rpm:
|
prebuilt/rpms/gcp/%.rpm:
|
||||||
@echo "Downloading $*"
|
@echo "Downloading $*"
|
||||||
@mkdir -p $(@D)
|
@mkdir -p $(@D)
|
||||||
@curl -sL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/5.19.17/300.fc37/x86_64/$*.rpm
|
@curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/5.19.17/300.fc37/x86_64/$*.rpm
|
||||||
|
|
||||||
prebuilt/rpms/azure/%.rpm:
|
prebuilt/rpms/azure/%.rpm:
|
||||||
@echo "Downloading $*"
|
@echo "Downloading $*"
|
||||||
@mkdir -p $(@D)
|
@mkdir -p $(@D)
|
||||||
@curl -sL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/6.1.7/200.fc37/x86_64/$*.rpm
|
@curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/6.1.7/200.fc37/x86_64/$*.rpm
|
||||||
|
|
||||||
mkosi.output.%/fedora~37/image.raw: mkosi.files/mkosi.%.conf inject-bins inject-certs
|
mkosi.output.%/fedora~37/image.raw: mkosi.files/mkosi.%.conf inject-bins inject-certs
|
||||||
mkosi --config mkosi.files/mkosi.$*.conf --image-version=$(IMAGE_VERSION) $(AUTOLOGIN_ARGS) --environment=CONSOLE_MOTD build
|
mkosi --config mkosi.files/mkosi.$*.conf --image-version=$(IMAGE_VERSION) $(AUTOLOGIN_ARGS) --environment=CONSOLE_MOTD build
|
||||||
|
|||||||
@ -57,7 +57,7 @@ sleep 10
|
|||||||
ACCESS=$(az rest --method get --url "${ASYNC_OPERATION_URI}")
|
ACCESS=$(az rest --method get --url "${ASYNC_OPERATION_URI}")
|
||||||
VMGS_URL=$(echo "${ACCESS}" | jq -r '.properties.output.securityDataAccessSAS')
|
VMGS_URL=$(echo "${ACCESS}" | jq -r '.properties.output.securityDataAccessSAS')
|
||||||
|
|
||||||
curl -L -o "${AZURE_VMGS_FILENAME}" "${VMGS_URL}"
|
curl -fsSL -o "${AZURE_VMGS_FILENAME}" "${VMGS_URL}"
|
||||||
|
|
||||||
az snapshot revoke-access \
|
az snapshot revoke-access \
|
||||||
--name "${AZURE_SNAPSHOT_NAME}" \
|
--name "${AZURE_SNAPSHOT_NAME}" \
|
||||||
|
|||||||
@ -37,7 +37,7 @@ gen_pki() {
|
|||||||
done
|
done
|
||||||
|
|
||||||
for key in MicWinProPCA2011_2011-10-19.crt MicCorUEFCA2011_2011-06-27.crt MicCorKEKCA2011_2011-06-24.crt; do
|
for key in MicWinProPCA2011_2011-10-19.crt MicCorUEFCA2011_2011-06-27.crt MicCorKEKCA2011_2011-06-24.crt; do
|
||||||
curl -sL "https://www.microsoft.com/pkiops/certs/${key}" --output "${key}"
|
curl -fsSL "https://www.microsoft.com/pkiops/certs/${key}" --output "${key}"
|
||||||
sbsiglist --owner 77fa9abd-0359-4d32-bd60-28f4e78f784b --type x509 --output "${key%crt}esl" "${key}"
|
sbsiglist --owner 77fa9abd-0359-4d32-bd60-28f4e78f784b --type x509 --output "${key%crt}esl" "${key}"
|
||||||
done
|
done
|
||||||
|
|
||||||
|
|||||||
@ -21,7 +21,7 @@ TMPDIR=$(mktemp -d)
|
|||||||
|
|
||||||
pushd "${TMPDIR}"
|
pushd "${TMPDIR}"
|
||||||
|
|
||||||
curl -sL -o shim.rpm "${SOURCE}"
|
curl -fsSL -o shim.rpm "${SOURCE}"
|
||||||
echo "Checking SHA512 checksum of signed shim..."
|
echo "Checking SHA512 checksum of signed shim..."
|
||||||
sha512sum -c <<< "${EXPECTED_SHA512} shim.rpm"
|
sha512sum -c <<< "${EXPECTED_SHA512} shim.rpm"
|
||||||
rpm2cpio shim.rpm | cpio -idmv
|
rpm2cpio shim.rpm | cpio -idmv
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user