mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
Update GitHub action dependencies (#902)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
This commit is contained in:
parent
49534d463d
commit
f62f8e5d79
@ -226,7 +226,7 @@ runs:
|
||||
|
||||
- name: Upload boot logs
|
||||
if: ${{ always() && !env.ACT }}
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: serial-logs-${{ inputs.cloudProvider }}
|
||||
path: "*.log"
|
||||
|
4
.github/actions/e2e_kbench/action.yml
vendored
4
.github/actions/e2e_kbench/action.yml
vendored
@ -68,7 +68,7 @@ runs:
|
||||
cat ./out/kbench-constellation-${{ inputs.cloudProvider }}/*/kbench.log
|
||||
|
||||
- name: Upload original benchmark results
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
if: ${{ !env.ACT }}
|
||||
with:
|
||||
path: "k-bench/out/kbench-constellation-${{ inputs.cloudProvider }}"
|
||||
@ -113,7 +113,7 @@ runs:
|
||||
CSP: ${{ inputs.cloudProvider }}
|
||||
|
||||
- name: Upload benchmark results and graphs to action run
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
if: ${{ !env.ACT }}
|
||||
with:
|
||||
path: |
|
||||
|
2
.github/actions/e2e_sonobuoy/action.yml
vendored
2
.github/actions/e2e_sonobuoy/action.yml
vendored
@ -45,7 +45,7 @@ runs:
|
||||
|
||||
- name: Upload test results
|
||||
if: ${{ always() && !env.ACT }}
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: "sonobuoy_logs_${{ inputs.cloudProvider}}.tar.gz"
|
||||
path: "*_sonobuoy_*.tar.gz"
|
||||
|
4
.github/workflows/azure-snp-reporter.yml
vendored
4
.github/workflows/azure-snp-reporter.yml
vendored
@ -45,7 +45,7 @@ jobs:
|
||||
outputPath: ${{ github.workspace }}/maa-report.jwt
|
||||
|
||||
- name: Upload report JWT
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: maa-report.jwt
|
||||
path: "${{ github.workspace }}/maa-report.jwt"
|
||||
@ -68,7 +68,7 @@ jobs:
|
||||
go-version: 1.19.4
|
||||
|
||||
- name: Download report JWT
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: "maa-report.jwt"
|
||||
path: "."
|
||||
|
24
.github/workflows/build-os-image.yml
vendored
24
.github/workflows/build-os-image.yml
vendored
@ -61,7 +61,7 @@ jobs:
|
||||
outputPath: ${{ github.workspace }}/build/upgrade-agent
|
||||
|
||||
- name: Upload dependencies
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: dependencies
|
||||
path: |
|
||||
@ -212,7 +212,7 @@ jobs:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Download build dependencies
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: dependencies
|
||||
path: ${{ github.workspace }}/build
|
||||
@ -270,7 +270,7 @@ jobs:
|
||||
continue-on-error: true
|
||||
|
||||
- name: Upload raw OS image as artifact
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: image-${{ matrix.csp }}
|
||||
path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37/image.raw
|
||||
@ -278,7 +278,7 @@ jobs:
|
||||
continue-on-error: true
|
||||
|
||||
- name: Upload individual OS parts as artifacts
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: parts-${{ matrix.csp }}
|
||||
path: |
|
||||
@ -293,7 +293,7 @@ jobs:
|
||||
continue-on-error: true
|
||||
|
||||
- name: Upload manifest as artifact
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: manifest-${{ matrix.csp }}
|
||||
path: |
|
||||
@ -324,7 +324,7 @@ jobs:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Download OS image artifact
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: image-${{ matrix.csp }}
|
||||
path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}/fedora~37
|
||||
@ -488,7 +488,7 @@ jobs:
|
||||
IMAGE_VERSION: ${{needs.build-settings.outputs.imageVersion }}
|
||||
|
||||
- name: Upload image lookup table as artifact
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: lookup-table
|
||||
path: ${{ github.workspace }}/image/mkosi.output.*/*/image-upload*.json
|
||||
@ -517,7 +517,7 @@ jobs:
|
||||
aws-region: eu-central-1
|
||||
|
||||
- name: Download OS image artifact
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: image-${{ matrix.csp }}
|
||||
|
||||
@ -543,7 +543,7 @@ jobs:
|
||||
working-directory: ${{ github.workspace }}/image/measured-boot
|
||||
|
||||
- name: Upload expected PCRs as artifact
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: pcrs
|
||||
path: pcrs-${{ matrix.csp }}.json
|
||||
@ -578,14 +578,14 @@ jobs:
|
||||
echo "::endgroup::"
|
||||
|
||||
- name: Download rootfs
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
# downloading / using only the QEMU rootfs is fine
|
||||
# since the images only differ in the ESP partition
|
||||
name: parts-qemu
|
||||
|
||||
- name: Download manifest
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
# downloading / using only the QEMU manifest is fine
|
||||
# since the images only differ in the ESP partition
|
||||
@ -682,7 +682,7 @@ jobs:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Download image lookup table
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3
|
||||
with:
|
||||
name: lookup-table
|
||||
|
||||
|
10
.github/workflows/generate-measurements.yml
vendored
10
.github/workflows/generate-measurements.yml
vendored
@ -160,7 +160,7 @@ jobs:
|
||||
CSP: ${{ matrix.provider }}
|
||||
|
||||
- name: Upload measurements as artifact
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: measurements-${{ matrix.provider }}.json
|
||||
path: "${{ github.workspace }}/generated-measurements"
|
||||
@ -256,7 +256,7 @@ jobs:
|
||||
rm rekor-cli-linux-amd64
|
||||
|
||||
- name: Download measurements from artifact
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: measurements-${{ matrix.provider }}.json
|
||||
path: "${{ github.workspace }}/generated-measurements"
|
||||
@ -280,7 +280,7 @@ jobs:
|
||||
cosign verify-blob --key cosign.pub --signature <(echo "${sig}") "${{ github.workspace }}/generated-measurements/measurements-${{ matrix.provider }}.json"
|
||||
|
||||
- name: Upload signed measurements as artifact
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: measurements-${{ matrix.provider }}.json.sig
|
||||
path: "${{ github.workspace }}/generated-measurements"
|
||||
@ -300,13 +300,13 @@ jobs:
|
||||
contents: read
|
||||
steps:
|
||||
- name: Download measurements from artifact
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: measurements-${{ matrix.provider }}.json
|
||||
path: "${{ github.workspace }}/generated-measurements"
|
||||
|
||||
- name: Download signature from artifact
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: measurements-${{ matrix.provider }}.json.sig
|
||||
path: "${{ github.workspace }}/generated-measurements"
|
||||
|
46
.github/workflows/release-cli.yml
vendored
46
.github/workflows/release-cli.yml
vendored
@ -31,7 +31,7 @@ jobs:
|
||||
cosignPrivateKey: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
|
||||
cosignPassword: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
|
||||
- name: Upload CLI as artifact
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: constellation-${{ matrix.os }}-${{ matrix.arch }}
|
||||
path: build/constellation-${{ matrix.os }}-${{ matrix.arch }}
|
||||
@ -45,23 +45,23 @@ jobs:
|
||||
provenance-subjects: ${{ steps.provenance-subjects.outputs.provenance-subjects }}
|
||||
steps:
|
||||
- name: Download CLI binaries darwin-amd64
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation-darwin-amd64
|
||||
- name: Download CLI binaries darwin-arm64
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation-darwin-arm64
|
||||
- name: Download CLI binaries linux-amd64
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation-linux-amd64
|
||||
- name: Download CLI binaries linux-arm64
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation-linux-arm64
|
||||
- name: Download CLI SBOM
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation.spdx.sbom
|
||||
- name: Generate provenance subjects
|
||||
@ -100,7 +100,7 @@ jobs:
|
||||
AZURE_SUBSCRIPTION_ID=0d202bbb-4fa7-4af8-8125-58c269a05435 go run . > ${{ github.workspace }}/versions-manifest.json
|
||||
cat ${{ github.workspace }}/versions-manifest.json
|
||||
- name: Upload versions-manifest
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: versions-manifest.json
|
||||
path: versions-manifest.json
|
||||
@ -138,12 +138,12 @@ jobs:
|
||||
COSIGN_PRIVATE_KEY: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PRIVATE_KEY || secrets.COSIGN_DEV_PRIVATE_KEY }}
|
||||
COSIGN_PASSWORD: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
|
||||
- name: Upload Constellation CLI SBOM
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: constellation.spdx.sbom
|
||||
path: constellation.spdx.sbom
|
||||
- name: Upload Constellation CLI SBOM's signature
|
||||
uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # tag=v3.1.1
|
||||
uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
|
||||
with:
|
||||
name: constellation.spdx.sbom.sig
|
||||
path: constellation.spdx.sbom.sig
|
||||
@ -170,27 +170,27 @@ jobs:
|
||||
- provenance
|
||||
steps:
|
||||
- name: Download CLI binaries darwin-amd64
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation-darwin-amd64
|
||||
- name: Download CLI binaries darwin-arm64
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation-darwin-arm64
|
||||
- name: Download CLI binaries linux-amd64
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation-linux-amd64
|
||||
- name: Download CLI binaries linux-arm64
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation-linux-arm64
|
||||
- name: Download CLI SBOM
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation.spdx.sbom
|
||||
- name: Download provenance
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: ${{ needs.provenance.outputs.provenance-name }}
|
||||
- name: Install slsa-verifier
|
||||
@ -229,35 +229,35 @@ jobs:
|
||||
env:
|
||||
COSIGN_PUBLIC_KEY: ${{ startsWith(github.ref, 'refs/tags/v') && secrets.COSIGN_PUBLIC_KEY || secrets.COSIGN_DEV_PUBLIC_KEY }}
|
||||
- name: Download CLI binaries darwin-amd64
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation-darwin-amd64
|
||||
- name: Download CLI binaries darwin-arm64
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation-darwin-arm64
|
||||
- name: Download CLI binaries linux-amd64
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation-linux-amd64
|
||||
- name: Download CLI binaries linux-arm64
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation-linux-arm64
|
||||
- name: Download versions-manifest.json
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: versions-manifest.json
|
||||
- name: Download Constellation CLI SBOM
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation.spdx.sbom
|
||||
- name: Download Constellation CLI SBOM's signature
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: constellation.spdx.sbom.sig
|
||||
- name: Download Constellation provenance
|
||||
uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # tag=v3.0.1
|
||||
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
|
||||
with:
|
||||
name: ${{ needs.provenance.outputs.provenance-name }}
|
||||
- name: Rename provenance file
|
||||
|
Loading…
Reference in New Issue
Block a user