diff --git a/.github/workflows/build-os-image-scheduled.yml b/.github/workflows/build-os-image-scheduled.yml index 01f927360..276f245f0 100644 --- a/.github/workflows/build-os-image-scheduled.yml +++ b/.github/workflows/build-os-image-scheduled.yml @@ -1,10 +1,14 @@ name: Build and Upload OS image (scheduled) on: + workflow_dispatch: schedule: - - cron: "0 21 * * 5" # At 21:00 on Friday. - - cron: "10 21 * * 5" # At 21:10 on Friday. - - cron: "20 21 * * 5" # At 21:20 on Friday. + - cron: "0 21 * * 2" # At 21:00 on Tuesday. + - cron: "10 21 * * 2" # At 21:10 on Tuesday. + - cron: "20 21 * * 2" # At 21:20 on Tuesday. + - cron: "0 21 * * 4" # At 21:00 on Thursday. + - cron: "10 21 * * 4" # At 21:10 on Thursday. + - cron: "20 21 * * 4" # At 21:20 on Thursday. jobs: stream: @@ -15,14 +19,19 @@ jobs: - name: Determine stream id: stream run: | + if [[ ${{ github.event_name }} == "workflow_dispatch" ]]; then + echo "stream=nightly" | tee -a "$GITHUB_OUTPUT" + exit 0 + fi + case "${{ github.event.schedule }}" in - "0 21 * * 5") + "0 21 * * 5" | "0 21 * * 2") echo "stream=debug" | tee -a "$GITHUB_OUTPUT" ;; - "10 21 * * 5") + "10 21 * * 5" | "10 21 * * 2") echo "stream=console" | tee -a "$GITHUB_OUTPUT" ;; - "20 21 * * 5") + "20 21 * * 5" | "20 21 * * 2") echo "stream=nightly" | tee -a "$GITHUB_OUTPUT" ;; *) @@ -41,4 +50,58 @@ jobs: secrets: inherit with: stream: ${{ needs.stream.outputs.stream }} - ref: main + ref: ${{ github.head_ref }} + + update-code: + # On nightly stream only. + if: | + github.event_name == 'workflow_dispatch' || + github.event.schedule == '20 21 * * 5' || + github.event.schedule == '20 21 * * 2' + needs: build-image + runs-on: ubuntu-22.04 + steps: + - name: Checkout + uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 + with: + ref: ${{ github.head_ref }} + + - name: Setup Go environment + uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0 + with: + go-version: "1.20.3" + + - name: Determine version + id: version + uses: ./.github/actions/pseudo_version + + - name: Update QEMU/MiniConstellation image version + run: sed -i "s/defaultImage = \"v[0-9]\+\.[0-9]\+\.[0-9]\+\"/defaultImage = \"ref\/${{ steps.version.outputs.branchName }}\/stream\/nightly\/${{ steps.version.outputs.version }}\"/" internal/config/image.go + + - name: Build generateMeasurements tool + working-directory: internal/attestation/measurements/measurement-generator + run: go build -o generate . + + - name: Update hardcoded measurements + working-directory: internal/attestation/measurements + run: ./measurement-generator/generate + + - name: Cleanup + run: rm -f internal/attestation/measurements/measurement-generator/generate + + - name: Create pull request + uses: peter-evans/create-pull-request@38e0b6e68b4c852a5500a94740f0e535e0d7ba54 # v4.2.4 + with: + branch: "image/automated/update-measurements-${{ github.run_number }}" + base: main + title: "image: update measurements and image version" + body: | + :robot: *This is an automated PR.* :robot: + + The PR is triggered as part of the scheduled image build on main. + It updates the hardcoded measurements and the image version (for QEMU/MiniConstellation). + commit-message: "image: update measurements and image version" + committer: edgelessci + labels: no changelog + # We need to push changes using a token, otherwise triggers like on:push and on:pull_request won't work. + token: ${{ !github.event.pull_request.head.repo.fork && secrets.CI_COMMIT_PUSH_PR || '' }} diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml index 1c68f846d..5a5dc5cc2 100644 --- a/.github/workflows/build-os-image.yml +++ b/.github/workflows/build-os-image.yml @@ -987,7 +987,7 @@ jobs: add_latest: true add-cli-version-to-versionsapi: - needs: [upload-artifacts, build-settings] + needs: [upload-artifacts, build-settings, add-image-version-to-versionsapi] name: "Add CLI version to versionsapi" if: needs.build-settings.outputs.ref != '-' permissions: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 558c9ff2b..7b7613b00 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -144,8 +144,8 @@ jobs: - name: Update enterprise image version run: | - sed -i "s/defaultImage = \"v[0-9]\+\.[0-9]\+\.[0-9]\+\"/defaultImage = \"${VERSION}\"/" internal/config/images_enterprise.go - git add internal/config/images_enterprise.go + sed -i "s/defaultImage = \"v[0-9]\+\.[0-9]\+\.[0-9]\+\"/defaultImage = \"${VERSION}\"/" internal/config/image.go + git add internal/config/image.go - name: Commit run: | diff --git a/internal/config/BUILD.bazel b/internal/config/BUILD.bazel index aa7b29669..5345bd69c 100644 --- a/internal/config/BUILD.bazel +++ b/internal/config/BUILD.bazel @@ -7,10 +7,7 @@ go_library( "attestation.go", "config.go", "config_doc.go", - # keep - "images_enterprise.go", - # keep - "images_oss.go", + "image.go", "validation.go", ], importpath = "github.com/edgelesssys/constellation/v2/internal/config", diff --git a/internal/config/images_enterprise.go b/internal/config/image.go similarity index 60% rename from internal/config/images_enterprise.go rename to internal/config/image.go index d4ebdcf62..7db62e080 100644 --- a/internal/config/images_enterprise.go +++ b/internal/config/image.go @@ -1,5 +1,3 @@ -//go:build enterprise - /* Copyright (c) Edgeless Systems GmbH @@ -9,6 +7,6 @@ SPDX-License-Identifier: AGPL-3.0-only package config const ( - // defaultImage is the default image for the enterprise build. + // defaultImage is the default image to use. defaultImage = "v2.6.0" ) diff --git a/internal/config/images_oss.go b/internal/config/images_oss.go deleted file mode 100644 index ca61f45e0..000000000 --- a/internal/config/images_oss.go +++ /dev/null @@ -1,14 +0,0 @@ -//go:build !enterprise - -/* -Copyright (c) Edgeless Systems GmbH - -SPDX-License-Identifier: AGPL-3.0-only -*/ - -package config - -const ( - // defaultImage is not set for OSS build. - defaultImage = "" -)