mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-12-28 17:09:30 -05:00
ci: remove azure-snp-reporter workflow
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
parent
2fb829294b
commit
f43888bb6f
12
.github/actions/azure_snp_reporter/action.yaml
vendored
12
.github/actions/azure_snp_reporter/action.yaml
vendored
@ -1,12 +0,0 @@
|
||||
name: Azure SNP Reporter
|
||||
description: "Get SNP MAA statement from Azure."
|
||||
inputs:
|
||||
outputPath:
|
||||
description: "Path to put signed JWT into."
|
||||
required: true
|
||||
runs:
|
||||
using: "composite" # some azure SNP-enabled machine.
|
||||
steps:
|
||||
- name: Fetch report
|
||||
shell: bash
|
||||
run: docker run --rm --privileged -v/sys/kernel/security:/sys/kernel/security ghcr.io/edgelesssys/constellation/azure-snp-reporter | tail -n 1 > ${{ inputs.outputPath }}
|
93
.github/workflows/azure-snp-reporter.yml
vendored
93
.github/workflows/azure-snp-reporter.yml
vendored
@ -1,93 +0,0 @@
|
||||
name: Fetch, validate and report SNP report data.
|
||||
on:
|
||||
workflow_dispatch:
|
||||
schedule:
|
||||
- cron: "0 14 * * 0"
|
||||
|
||||
jobs:
|
||||
build-snp-reporter:
|
||||
name: "Build SNP-reporter container"
|
||||
runs-on: ubuntu-22.04
|
||||
permissions:
|
||||
packages: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Build and upload azure SNP reporter container image
|
||||
id: build-and-upload
|
||||
uses: ./.github/actions/build_micro_service
|
||||
with:
|
||||
name: azure-snp-reporter
|
||||
dockerfile: ./hack/azure-snp-report-verify/Dockerfile
|
||||
githubToken: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
fetch-snp-report:
|
||||
needs: build-snp-reporter
|
||||
name: "Fetch SNP report"
|
||||
runs-on: [self-hosted, azure-cvm]
|
||||
env:
|
||||
SHELL: /bin/bash
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Fetch SNP report
|
||||
uses: ./.github/actions/azure_snp_reporter
|
||||
with:
|
||||
outputPath: ${{ github.workspace }}/maa-report.jwt
|
||||
|
||||
- name: Upload report JWT
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: maa-report.jwt
|
||||
path: "${{ github.workspace }}/maa-report.jwt"
|
||||
|
||||
validate-snp-report:
|
||||
needs: fetch-snp-report
|
||||
name: "Validate SNP report and update Attestation API"
|
||||
permissions:
|
||||
id-token: write
|
||||
contents: read
|
||||
runs-on: ubuntu-22.04
|
||||
env:
|
||||
SHELL: /bin/bash
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0
|
||||
with:
|
||||
go-version: "1.20.7"
|
||||
cache: false
|
||||
|
||||
- name: Download report JWT
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: "maa-report.jwt"
|
||||
path: "."
|
||||
|
||||
- name: Verify report
|
||||
shell: bash
|
||||
run: go run ./hack/azure-snp-report-verify/verify.go --report "$(cat ./maa-report.jwt)" --export-path azure-snp-version.json
|
||||
|
||||
- name: Login to AWS
|
||||
uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
|
||||
with:
|
||||
role-to-assume: arn:aws:iam::795746500882:role/GitHubConstellationImagePipeline
|
||||
aws-region: eu-central-1
|
||||
|
||||
- name: Update Attestation API
|
||||
shell: bash
|
||||
env:
|
||||
COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
|
||||
COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
|
||||
run: |
|
||||
go run ./hack/configapi/main.go --version-file azure-snp-version.json
|
Loading…
Reference in New Issue
Block a user