Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-20 08:15:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,375 Commits 131 Branches 43 Tags 105 MiB
1a141c3972
Commit Graph

109 Commits

Author SHA1 Message Date
Malte Poll
1a141c3972
image: add rpm database as build output (#2442) 
For reproducibility reasons, the final OS image does not ship the rpm database in sqlite format.
For supply chain security and license compliance reasons, we want to keep the rpm database of os images as a detached build artifact.
We now ship a reproducible, human readable manifest of installed rpms in the image under "/usr/share/constellation/packagemanifest" and upload the full rpm database as a build artifact (rpmdb.tar).
 2023-10-17 14:04:41 +02:00
Malte Poll
e93de82c0b
image: use systemd-dissect from the host when calculating measurements (#2473) 
* image: use systemd-dissect from the host when calculating measurements

* ci: setup bazel and nix toolchains before merging os image measurements
 2023-10-17 13:26:07 +02:00
Malte Poll
e80e6076b4 ci: install nix together with Bazel 2023-10-12 14:42:24 +02:00
Malte Poll
d22f53d7cc bazel: always use nix 2023-10-12 14:42:24 +02:00
renovate[bot]
a1c84cb080
deps: update GitHub action dependencies (#2437) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-10-11 13:49:50 +02:00
Daniel Weiße
8bb23c373b
ci: ensure API is only updated if image and measurements are uploaded (#2413) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-10-06 14:34:06 +02:00
Malte Poll
b4fb8439d0
ci: use larger runners for os image pipeline (#2399) 2023-10-04 10:13:43 +02:00
Malte Poll
627a4b6cbb ci: enable nix binary cache 2023-09-29 14:09:58 +02:00
Malte Poll
055fb32918 ci: stop using raw "go run" 2023-09-29 14:09:58 +02:00
Malte Poll
85b4101dc3
deps: update go to 1.21.1 (#2389) 2023-09-28 22:29:14 +02:00
Malte Poll
1da5153627 ci: use nix + mkosi during os image build 2023-09-27 17:58:19 +02:00
3u13r
6cb506bca7
deps: bump go version (#2318) 2023-09-08 10:19:07 +02:00
renovate[bot]
841463d11e
deps: update GitHub action dependencies (#2234) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-08-15 14:38:48 +02:00
3u13r
a983b08262
deps: bump go version (#2156) 2023-08-03 12:07:27 +02:00
Otto Bittner
6ed8fce6b0
ci: separate PCR0 value for aws-sev-snp variant (#2100) 
Co-authored-by: Malte Poll <mp@edgeless.systems>
 2023-07-13 11:37:47 +02:00
Paul Meyer
01f518f0a4
deps: update to Go v1.20.6 (#2093) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-07-12 09:51:40 +02:00
renovate[bot]
576b48c8b7
deps: update GitHub action dependencies (#1848) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-07-03 08:19:10 +02:00
Malte Poll
6dd8a571ec
ci: fix expected value for PCR7 on AWS (#1979) 
This has changed when upgrading to Fedora 38.
It didn't surface as a bug since the PCR is marked as warnOnly.
 2023-06-28 15:33:14 +02:00
Malte Poll
264b2df902
deps: upgrade to Fedora 38 (#1909) 
* image: upgrade mkosi distro version to Fedora 38
* image: remove downgrade of GCP kernel
* ci: upgrade expected measurements for Fedora 38
* deps: upgrade bazeldnf packages to Fedora 38
* deps: upgrade container images to Fedora 38
 2023-06-15 16:50:35 +02:00
Otto Bittner
3a54ca91a7
deps: bump go patch version (#1903) 2023-06-09 10:53:17 +02:00
3u13r
7c07e3be18
Add --insecure to config fetch-measurement (#1879) 
* cli: add --insecure to fetch-measurements

* cli: rename fake to stub

* ci: upload measurements for debug images

* fix cli docs
 2023-06-06 10:32:22 +02:00
3u13r
e0285c122e
todo responsibilities and cleanup (#1837) 
* chore: add TODO responsibilities

* chore: remove not needed TODOs

* chore: remove outdated migrations

* chore: remove resolved goleak exception

* chore: remove not needed cosign env

* config: add link to our Azure snp docs
 2023-06-01 12:33:06 +02:00
Otto Bittner
0c13f3ed8d image: add aws_aws-sev-snp variant 
This needs no changes to the existing AWS image.
The images have worked without modification so far.
 2023-06-01 11:25:31 +02:00
Malte Poll
8a51ae1ec3
ci: do not sign & upload debug image measurements (#1849) 2023-06-01 10:58:34 +02:00
Malte Poll
76bf5e8e28 ci: upload image info v2 and measurements v2 in image build pipeline 2023-05-25 15:01:15 +02:00
3u13r
dd2ea50a39
deps: bump go version (#1760) 2023-05-11 14:14:15 +02:00
renovate[bot]
a8101c8c64
deps: update GitHub action dependencies (#1745) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-05-05 14:42:20 +02:00
Malte Poll
2efa3083dc ci: use native go code for os image upload 2023-05-05 12:06:44 +02:00
Paul Meyer
7ab23c28b8 Revert "misc: replace sha256sum with shasum -a 256 (#1681)" 
This reverts commit ec1d5e9fb5.

While the change enabled shasum calculation on mac, it broke it
on some Linux distros.
 2023-05-02 11:07:05 +02:00
Paul Meyer
bf051174f6 ci: update measurements and image version 
on scheduled build

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-27 10:20:27 +02:00
Malte Poll
ec1d5e9fb5
misc: replace sha256sum with shasum -a 256 (#1681) 2023-04-26 13:40:18 +02:00
Malte Poll
84dd25600f
image: upgrade mkosi to support repart (#1684) 2023-04-25 18:22:40 +02:00
Paul Meyer
4020e7840a ci: always use tee -a instead of redirecting 
into GITHUB_OUTPUT

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-17 12:08:42 +02:00
Paul Meyer
860d72a083
ci: reduce number of steps with continue-on-error (#1593) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-14 18:50:58 +02:00
Malte Poll
2b962598bf
deps: update go to 1.20.3 (#1622) 2023-04-06 16:36:07 +02:00
renovate[bot]
8f17e4b9df
deps: update actions/setup-go action to v4 (#1605) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2023-04-04 11:06:30 +02:00
renovate[bot]
5dad9bfad7
deps: update GitHub action dependencies (#1591) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-03 16:36:43 +02:00
Otto Bittner
da4e2521a9
ci: don't statically set PCR 5 (#1521) 
This value can't be statically precomputed and leads to
warnings during runtime.
 2023-03-24 17:08:39 +01:00
Paul Meyer
4628222780 ci: always use tee -a when writing output 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-23 10:54:59 -04:00
renovate[bot]
0a190c2bf6
deps: update GitHub action dependencies (#1499) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-22 17:57:47 +01:00
renovate[bot]
9a9688583d
deps: update aws-actions/configure-aws-credentials action to v2 (#1445) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-21 10:56:30 +01:00
Malte Poll
c3c0940adb
bazel: use remote caching (#1456) 
* bazel: add configuration for remote caching
* ci: enable bazel remote caching for building binaries
* ci: use bazel directly when building go binaries
* ci: enable cache for most build steps
* dev-docs: document remote caching
 2023-03-20 16:05:08 +01:00
Malte Poll
3fd9a34025
ci: disable upload of Azure TrustedLaunch image (#1440) 2023-03-17 10:51:44 +01:00
3u13r
fe767ba78e
introduce version.txt (#1412) 2023-03-14 14:53:33 +01:00
Moritz Sanft
01705feb51
ci: upload cli version list (#1377) 
* upload cli version list

* fix flag

* name

* allow cli kind for listing

* [remove] update vapi cli

* allow cli kind

* use latest versionsapi image version

* fix kind parsing

* use workflow calls in on_release action

* [remove] update container tag

* change back to latest tag
 2023-03-10 10:21:58 +01:00
Daniel Weiße
e07be3d6f8
fix: add measurement-reader to build pipeline (#1386) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-09 15:01:09 +01:00
Paul Meyer
74fc6239b2
deps: update to Go 1.20.2 (#1366) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-08 10:05:36 +01:00
Paul Meyer
f4a4a044fe ci: tee GitHub output 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-07 11:32:41 -05:00
Malte Poll
1624af0cc7
image: pin aws uefivars version and install new deps (#1345) 2023-03-06 13:29:15 +01:00
Thomas Tendyck
c94d1db76d attestation: remove PCR 0 and 10 on GCP 2023-03-06 13:09:57 +01:00