Commit Graph

1149 Commits

Author SHA1 Message Date
Daniel Weiße
edc0c7068e
ci: fix delete artifact conditional (#3067)
* Fix state exists check
* Dont fail if folder to remove does not exist

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-07 08:48:38 +02:00
Thomas Tendyck
012937740f
Update action.yml 2024-05-07 01:52:35 +02:00
miampf
bd26cb592d
ci: correctly clean up failed windows e2e tests (#3059) 2024-05-03 10:54:08 +00:00
Daniel Weiße
f6999084c9
terraform: set empty default value for additional_tags (#3052)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-03 10:27:46 +02:00
Daniel Weiße
35bd805bec
ci: enable gcp-sev-snp for daily tests (#3058)
* Run gcp-sev-snp debug e2e test in daily
* Fix verify e2e test not creating json file for gcp-sev-snp

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-03 08:18:21 +02:00
Daniel Weiße
259e85d9c1
ci: reduce noise from warnings (#3055)
* Fix whitespace errors
* Remove usage of external action to URI encode component
* Upgrade Azure login action to v2.1
* Remove GitHub actions warning when running e2e test with NOP payload
* Only try to upload updated tf state if it exists
* Upgrade out of date aws credential actions

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-03 08:17:40 +02:00
miampf
0c0d87aa4c
ci: Delete e2e terraform state (#2874) 2024-04-26 10:06:01 +00:00
Daniel Weiße
680d3318af
ci: ensure --tags flag is only set if the CLI supports it (#3044)
* Use github.run_id to correctly tag resources with the run id
* Ensure `--tags` flag is only set if CLI supports it

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-26 09:34:21 +02:00
miampf
3f7a4e4313
ci: tag resources created by e2e tests with the run name (#3035) 2024-04-25 12:02:23 +00:00
Daniel Weiße
056f991f58
ci: add missing permission for e2e-windows test in weekly run (#3037)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-22 15:21:56 +02:00
Markus Rudy
9b52ec403b
deps: auto-assign reviewer for deps PRs (#3032)
* deps: auto-assign reviewer for deps PRs

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2024-04-17 20:38:32 +02:00
Moritz Sanft
35e19a45bb
ci: disable SEV-SNP tests that need stable images (#3031) 2024-04-17 09:12:52 +02:00
Moritz Sanft
913b09aeb8
Support SEV-SNP on GCP (#3011)
* terraform: enable creation of SEV-SNP VMs on GCP

* variant: add SEV-SNP attestation variant

* config: add SEV-SNP config options for GCP

* measurements: add GCP SEV-SNP measurements

* gcp: separate package for SEV-ES

* attestation: add GCP SEV-SNP attestation logic

* gcp: factor out common logic

* choose: add GCP SEV-SNP

* cli: add TF variable passthrough for GCP SEV-SNP variables

* cli: support GCP SEV-SNP for `constellation verify`

* Adjust usage of GCP SEV-SNP throughout codebase

* ci: add GCP SEV-SNP

* terraform-provider: support GCP SEV-SNP

* docs: add GCP SEV-SNP reference

* linter fixes

* gcp: only run test with TPM simulator

* gcp: remove nonsense test

* Update cli/internal/cmd/verify.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update docs/docs/overview/clouds.md

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update terraform-provider-constellation/internal/provider/attestation_data_source_test.go

Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>

* linter fixes

* terraform_provider: correctly pass down CC technology

* config: mark attestationconfigapi as unimplemented

* gcp: fix comments and typos

* snp: use nonce and PK hash in SNP report

* snp: ensure we never use ARK supplied by Issuer (#3025)

* Make sure SNP ARK is always loaded from config, or fetched from AMD KDS
* GCP: Set validator `reportData` correctly

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* attestationconfigapi: add GCP to uploading

* snp: use correct cert

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: enable fetching of attestation config values for GCP SEV-SNP

* linter fixes

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2024-04-16 18:13:47 +02:00
davidweisse
e89d8e4d72
ci: add error handling to e2e windows liveness probe (#3018)
* workflows: add error handling to e2e windows liveness probe

* update retry condition in last iteration

* Update liveness probe to check for correct number of nodes

* ci: fix Windows e2e test not pushing required container images (#3021)

* More output when waiting for nodes to get ready
* Create unique resource group name for Windows e2e test
* Push container images on windows CLI build to fix e2e test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

* Fix resource group naming

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2024-04-11 11:27:12 +02:00
Daniel Weiße
6e31223ff9
ci: suppress license check on windows e2e (#3020)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-10 10:51:09 +02:00
Daniel Weiße
cddbba1898
ci: bump fromVersion for e2e tests to v2.16.2 (#3016)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-08 11:13:44 +02:00
Daniel Weiße
a2737e8f61
ci: bump slsa-verifier to v2.5.1 (#3015)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-05 21:00:33 +02:00
Daniel Weiße
408eb31422
ci: fix slsa generator action by updating to new version (#3014)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-05 14:29:52 +02:00
Malte Poll
2a226fd8e9
deps: update Go toolchain to 1.22.2 (#3010)
* deps: update Go toolchain to 1.22.2
* deps: update vulnerable dependencies (govulncheck)
2024-04-05 12:14:48 +02:00
miampf
febe8f0801
ci: add a delete artifact action (#2999) 2024-03-25 13:36:09 +00:00
Thomas Tendyck
b97f2b905a
ci: fix unwanted license checks for some e2e test configs (#3001)
* ci: fix unwanted license checks for some e2e test configs

* fixup! ci: fix unwanted
2024-03-22 20:45:45 +01:00
Daniel Weiße
0da6f0d014
ci: fix pvc clean-up on non deletable namespaces (#2994)
* Only delete namespace if its deletable
  * For "default" namespace, delete all resources in that namespace
  * For "kube-system" namespace, delete all PVCs in that namespace
* Don't abort terminate action if PVC deletion fails

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-19 14:53:58 +01:00
Markus Rudy
1a10cf645d
ci: query identity directly instead of searching in list (#2985)
* ci: add debug information when UAMI is missing

* ci: query identity directly instead of searching in list
2024-03-18 08:40:15 +01:00
Markus Rudy
85b44f7f57
ci: make waiting for nodes more robust (#2981)
* ci: make waiting for nodes more robust

After initializing the cluster, a lot of things happen in parallel and
are potentially getting in each others' way: nodes are joining,
daemonsets are proliferating, the network is being set up. During this
period, it's not unusual that the Kubernetes API server is unavailable
for a short time, e.g. due to etcd loosing quorum or load balancing
changes.

This period of instability has the potential to affect all kubectl
commands negatively, leading to problems especially for tests, where
command failures often lead to test failures. On the other hand, we'd
expect everything to be quite stable after the initial dust settles.

Therefore, this commit changes how we wait after initializing a cluster.
Until we have a reasonable expectation of readiness, we ignore command
failures and wait for things to stabilize. The cluster is considered
stable once all configured nodes and all API servers report ready.
2024-03-13 09:42:18 +01:00
Malte Poll
5e241bcb45 deps: update Go to v1.22.1 2024-03-06 14:50:01 +01:00
Daniel Weiße
d5b3d4fd6f
ci: use collision resistant name for Terraform e2e test (#2967)
* Use collision resistant name for Terraform e2e test
* Remove test suffix from Terraform provider examples

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-03-04 13:48:30 +01:00
Malte Poll
c513c3f40c ci: v2.16 post-release cleanup 2024-02-29 18:36:07 +01:00
Malte Poll
93eb8f0694
release: use cosign sign-blob in non-interative mode (#2953) 2024-02-29 09:40:13 +01:00
Malte Poll
0b6eeb3747
ci: match version of actions/download-artifact for slsa provenance (#2957) 2024-02-29 09:39:41 +01:00
Daniel Weiße
80518379c4
ci: fix artifact naming problems in e2e test (#2948)
* Fix potentially artifact naming in weekly tests
* Use e2e prefix for artifact naming in e2e-benchmark

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-02-27 08:59:22 +01:00
renovate[bot]
62acec17f6
deps: update Constellation containers (#2921)
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2024-02-22 14:04:42 +01:00
Malte Poll
2300a31276 deps: update all 3rdparty github actions 2024-02-21 17:53:53 +01:00
Daniel Weiße
7edd6259d1
ci: fix duplicate benchmark artificat name (#2934)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-02-21 15:34:30 +01:00
Markus Rudy
98a1cfa2ca
ci: fetch latest console logs on aws (#2926) 2024-02-21 13:46:25 +01:00
renovate[bot]
abf6b4924a deps: update Python dependencies 2024-02-21 13:32:15 +01:00
Malte Poll
38ef546362 deps: update Go to 1.22.0 2024-02-20 18:27:16 +01:00
Malte Poll
5ef12895fa bazel: remove deprecated Bazel container
It doesn't work properly with nix and a nix shell exists for all developers.
2024-02-20 12:50:13 +01:00
Malte Poll
980b2f0e87 ci: login to OpenStack provider 2024-02-19 18:16:45 +01:00
Moritz Sanft
ffb1ef9185
ci: fix artifact overwriting in upgrade test (#2913) 2024-02-19 15:12:04 +01:00
renovate[bot]
cdf1282996
deps: update dependency cryptography to v42.0.2 [SECURITY] (#2916)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-19 15:11:19 +01:00
Moritz Sanft
68cfa0addf
ci: update fromVersion to v2.15.1 (#2914) 2024-02-16 13:35:57 +01:00
Daniel Weiße
c5b17fb828
ci: prevent duplicate artifact naming in same workflow (#2903)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-02-12 09:56:53 +01:00
renovate[bot]
3765cb0762
deps: update actions/upload-artifact and actions/download-artifact action to v4 (#2756)
* deps: update actions/upload-artifact action to v4
* deps: update actions/download-artifacts action to v4

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-07 14:50:15 +01:00
renovate[bot]
b1dc427108
deps: update dependency cryptography to v42 [SECURITY] (#2894)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-02-07 13:57:49 +01:00
Moritz Sanft
dde3430da8
terraform: support AWS marketplace images (#2888)
* terraform: support AWS marketplace images

* terraform-provider: support AWS marketplace images

* docs: add instructions on AWS marketplace images

* ci: adapt marketplace image test for AWS

* Update internal/config/config.go

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>

* docs: update config

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: update license information

* docs: use CSP tabs for marketplace overview

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

---------

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2024-02-06 12:13:59 +01:00
Daniel Weiße
64c32c2236
ci: make instance type configurable for provider sample (#2893)
* Make default instance type configurable for provider sample
* Set TDX instance type when running TDX provider e2e test
* Fix missing attestation variant when setting up stub config in provider e2e test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-02-05 15:46:57 +01:00
Daniel Weiße
f21252c57d
ci: fix workspace related errors when setting up k8s version for test (#2891)
* Fail workflow on error in subshell
* Remove relative paths from workflow
* Set up MMA only for SEV-SNP, not for Azure TDX

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-02-05 13:29:03 +01:00
Markus Rudy
c020f7ac20
cleanup: various minor debugging improvements (#2889)
* ci: improve constellation_create error message

When we hit a timeout due to nodes not coming up, the actual error
message is hard to make out because it's buried in a group. With the
right formatting, the error message will be highlighted in the UI.

Another improvement is to output the state of nodes, which helps
debugging the cause of nodes not joining or not becoming ready.

* cleanup: use NodeVersionResourceName constant

... instead of literal strings.

* ci: correctly notify on e2e upgrade error

* atls: report cert extension OIDs on mismatch

If the certificate contains an attestation document for SEV-SNP, but the
given validator is for Nitro, verifyEmbeddedReport should not claim that
there is no attestation document, but that there is no _compatible_ one
and what the incompatible ones were.
2024-02-02 16:46:28 +01:00
Moritz Sanft
d5e4435e3d
ci: reduce amount of regular tests (#2885)
* .github: add e2e test to pr checklist

* ci: use sonobuoy quick where possible

* ci: run malicious join test on release

* ci: remove self managed infra test

* ci: remove non-example terraform test from weekly

* ci: run Sonobuoy full on the latest k8s version weekly

* ci: run weekly sonobuoy quick on all k8s versions

* ci: don't run double sonobuoy tests on latest k8s version
2024-02-01 15:05:07 +01:00
Daniel Weiße
befc7cdf63
ci: don't delete local cached providers when uploading Terraform state (#2884)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-02-01 09:54:40 +01:00
Adrian Stobbe
9b547bced0
ci: v2.15 post-release cleanup (#2881)
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2024-01-31 16:45:20 +01:00
miampf
eabcdbe931
ci: Upload e2e terraform state as artifact (#2853) 2024-01-31 15:22:05 +00:00
Adrian Stobbe
d873ddb09d
fix self managed azure tdx (#2878) 2024-01-31 08:18:51 +01:00
Adrian Stobbe
efc7290454
ci: fix upload CLI path line splitting (#2877) 2024-01-30 09:26:40 +01:00
Daniel Weiße
40c4109dc2
ci: fix empty run-id in OpenSearch URL (#2876)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-30 08:57:27 +01:00
Adrian Stobbe
3799525103
ci: set board fields for tf example test (#2867) 2024-01-29 16:45:26 +01:00
Markus Rudy
f78f5540bc
ci: pin the kube-bench plugin definitions for sonobuoy (#2861) 2024-01-29 14:50:27 +01:00
Daniel Weiße
d372130bfd
ci: safely set attestation variant in OpenSearch URL (#2864)
* Add attestation variant to notify hooks
* Quote all inputs in OpenSearch URL
* Add clusterCreation field to OpenSearch URL
* Omit empty fields in OpenSearch URL

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-29 11:52:41 +01:00
Daniel Weiße
64e5efb49d Fix evaluation statement
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-26 17:06:28 +01:00
Daniel Weiße
d17e7459db Choose TDX supported region for TDX tests
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-26 17:06:28 +01:00
Daniel Weiße
65d28f913f Allow starting e2e tests based on attestation variant instead of csp
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-26 17:06:28 +01:00
Daniel Weiße
78b9b0fc96
terraform-provider: enable Azure TDX (#2854)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-26 15:46:21 +01:00
renovate[bot]
d58d888f54 deps: update dependency Pillow to v10.2.0 [SECURITY] 2024-01-26 15:41:44 +01:00
Moritz Eckert
26f6fd074f
ci: fix e2e_benchmark comparison 2024-01-25 11:12:32 +01:00
Adrian Stobbe
77276cb4ca
add provider example test to weekly (#2840) 2024-01-25 11:09:27 +01:00
Adrian Stobbe
4431ac3233
ci: fix missing quotes in Opensearch link (#2852) 2024-01-24 17:29:19 +01:00
Thomas Tendyck
ad5ff6e1bb ci: update vale 2024-01-24 09:07:19 +01:00
Adrian Stobbe
4db0662b06
ci: remove broken label from OpenSearch query link (#2839) 2024-01-23 08:32:02 +01:00
Malte Poll
66faa5493f deps: Go 1.21.6 2024-01-22 13:11:58 +01:00
Moritz Sanft
0030a26eaf
ci: parallelize upgrade e2e test (#2724)
* ci: parallelize upgrade e2e test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* ci: revert name change

* ci: upgrade checkout action

* ci: add target version before building target cli

* ci: rename input

* ci: upload service account key

* ci: download sa key on GCP

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2024-01-19 16:34:47 +01:00
Malte Poll
9181705299
ci: use sonobuoy 0.57.1 (#2821) 2024-01-16 13:19:46 +01:00
Moritz Sanft
bf02680477
ci: mirror GCP images to MPI project on release (#2820) 2024-01-15 13:58:30 +01:00
Malte Poll
8a74893461 ci: build and upload OS image in single job 2024-01-15 13:53:15 +01:00
Adrian Stobbe
60a0a6020e
ci: add upgrade to provider example test (#2775) 2024-01-13 13:13:10 +01:00
Markus Rudy
bdca822d8a
ci: remove derpsteb from e2e assignee list (#2816) 2024-01-12 08:09:38 +01:00
Markus Rudy
b267457541
ci: fix OpenSearch link for e2e notifications (#2813)
* ci: fix OpenSearch link for e2e notifications
2024-01-10 09:49:47 +01:00
Markus Rudy
49ecb2415f
ci: remove reference to absent go.mod file (#2811) 2024-01-09 23:07:16 +01:00
Markus Rudy
ef6f63dc48
Fix various small things throughout the codebase (#2800)
* bootstrapper: remove obsolete log statement

* ci: simplify variable usage

Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>

* cli: add missing formatting directive

* helm: fix rm invocation

* ci: document reproducible-builds workflow

* constants: use variables for measurement files

* constants: use variables for CDN distribution ID

* ci: make Helm version explicit

* api: prettify versionsapi-list output

* ci: remove obsolete docstring

---------

Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>
2024-01-09 19:37:56 +01:00
renovate[bot]
bacb8ff886
deps: update AWS SDK (#2809)
* deps: update AWS SDK

* deps: fix AWS SDK upgrade breakage

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Markus Rudy <mr@edgeless.systems>
2024-01-09 16:18:33 +01:00
Malte Poll
a8bca88eeb
k8s: add 1.29, remove 1.26, default 1.28 (#2803)
undefined
2024-01-08 16:53:12 +01:00
Moritz Sanft
e691e26bd3
cli: support for GCP marketplace images (#2792)
* cli: support GCP marketplace images

* ci: support GCP marketplace images

* docs: support GCP marketplace images

* bazel: generate

* ci: allow GCP for mpi e2e test

* Update docs/docs/overview/license.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* terraform-provider: allow GCP MPIs

* terraform-provider: fix error message

---------

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2024-01-08 15:51:39 +01:00
Malte Poll
d3b951300d
ci: explicitly build s3proxy container image tag before referencing (#2806)
Otherwise, the file might not exist.
2024-01-08 14:32:08 +01:00
Daniel Weiße
1271e95c0c Fix missing Kubernetes version for Terraform e2e test
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-08 13:52:55 +01:00
Malte Poll
c936ec510d
ci: reproducible builds test on artifacts v2 (#2801)
* ci: test download-artifacts@v4 for reproducible builds test

* ci: reproducible builds test: use unique artifact names and patterns
2024-01-05 16:57:21 +01:00
Markus Rudy
8e8e861d5f
ci: ignore Wireguard pdf in lychee (#2797)
* ci: use a config file for lychee

* ci: don't pass token to lychee action

* ci: ignore wireguard.pdf in lychee
2024-01-05 14:07:33 +01:00
Markus Rudy
c23aef344d
ci: don't export e2e metrics to OpenSearch (#2794)
* ci: don't export e2e metrics to OpenSearch
* debugd: don't export metrics
2024-01-05 10:15:53 +01:00
renovate[bot]
136a69e7c8
deps: update actions/setup-python action to v5 (#2755)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-01-05 09:29:16 +01:00
Adrian Stobbe
f41ce43919
terraform-provider: require kubernetes and microservice version (#2791) 2024-01-04 16:25:24 +01:00
Adrian Stobbe
8730e72319
ci: e2e test for Terraform provider examples (#2745) 2024-01-04 10:00:21 +01:00
3u13r
07c884b945
ci: remove artifact encryption for public artifacts (#2776)
* ci: remove artifact encryption for public artifacts

* revert parts of  #2765

* ci: add unused action exception for encrypted artifact download
2023-12-29 11:02:37 +01:00
Adrian Stobbe
539e6eac48
ci: give exec permission to provider binaries (#2779) 2023-12-28 10:19:47 +01:00
Adrian Stobbe
903411edae
fix Terraform release zipping (#2778) 2023-12-27 17:43:57 +01:00
Markus Rudy
130bed0eb2 ci: selectively remove artifact encryption 2023-12-22 17:50:40 +01:00
Moritz Sanft
5871ff5508
ci: adhere to action restriction when uploading scorecard (#2771) 2023-12-22 13:13:20 +01:00
Daniel Weiße
8c1972c335
ci: fix artifact upload in image build pipeline (#2765)
* Fix parameter expansion when uploading multiple files
* On download, ensure target directory exists
* Rename encryption-secret -> encryptionSecret
* Remove incorrect secret access from e2e test action
* Add missing checkout action to workflows using our download action
* Fix spacing
* Fix upload action uploading whole directory structure instead of target files
* Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-21 19:28:18 +01:00
Malte Poll
66c0b581b2
ci: update bash on darwin to support newer bash features (#2672) 2023-12-21 18:12:07 +01:00
Daniel Weiße
6e4c0bd8aa
ci: fix artifacts download/upload for release draft workflow (#2759)
* Pin upload and download actions by hash
* Dont expect encrypted artifacts in release pipeline

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-21 15:52:58 +01:00
Daniel Weiße
945152d049
Revert "deps: update actions/download-artifact action to v4 (#2753)" (#2767)
This reverts commit b550c92ac9.
2023-12-21 15:44:40 +01:00
renovate[bot]
8644b958ea
deps: update actions/setup-go action to v5 (#2754)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-21 12:54:39 +01:00
renovate[bot]
b550c92ac9
deps: update actions/download-artifact action to v4 (#2753)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-21 08:44:52 +01:00