This workflow touches shared state by deleting all objects of a bucket and then
uploading a signed blob of data to that S3 bucket under a fixed name.
It also does so multiple times in a row, while invalidating the cloudfront
cache and checking if the uploaded object exists.
All runs of this workflow share the same bucket.
Since this pipeline runs on any modification of go.mod, it is very prone
to race condition between PRs (or PRs and main).
* Run gcp-sev-snp debug e2e test in daily
* Fix verify e2e test not creating json file for gcp-sev-snp
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Fix whitespace errors
* Remove usage of external action to URI encode component
* Upgrade Azure login action to v2.1
* Remove GitHub actions warning when running e2e test with NOP payload
* Only try to upload updated tf state if it exists
* Upgrade out of date aws credential actions
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Use github.run_id to correctly tag resources with the run id
* Ensure `--tags` flag is only set if CLI supports it
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* terraform: enable creation of SEV-SNP VMs on GCP
* variant: add SEV-SNP attestation variant
* config: add SEV-SNP config options for GCP
* measurements: add GCP SEV-SNP measurements
* gcp: separate package for SEV-ES
* attestation: add GCP SEV-SNP attestation logic
* gcp: factor out common logic
* choose: add GCP SEV-SNP
* cli: add TF variable passthrough for GCP SEV-SNP variables
* cli: support GCP SEV-SNP for `constellation verify`
* Adjust usage of GCP SEV-SNP throughout codebase
* ci: add GCP SEV-SNP
* terraform-provider: support GCP SEV-SNP
* docs: add GCP SEV-SNP reference
* linter fixes
* gcp: only run test with TPM simulator
* gcp: remove nonsense test
* Update cli/internal/cmd/verify.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update docs/docs/overview/clouds.md
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* Update terraform-provider-constellation/internal/provider/attestation_data_source_test.go
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
* linter fixes
* terraform_provider: correctly pass down CC technology
* config: mark attestationconfigapi as unimplemented
* gcp: fix comments and typos
* snp: use nonce and PK hash in SNP report
* snp: ensure we never use ARK supplied by Issuer (#3025)
* Make sure SNP ARK is always loaded from config, or fetched from AMD KDS
* GCP: Set validator `reportData` correctly
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* attestationconfigapi: add GCP to uploading
* snp: use correct cert
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
* terraform-provider: enable fetching of attestation config values for GCP SEV-SNP
* linter fixes
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
* workflows: add error handling to e2e windows liveness probe
* update retry condition in last iteration
* Update liveness probe to check for correct number of nodes
* ci: fix Windows e2e test not pushing required container images (#3021)
* More output when waiting for nodes to get ready
* Create unique resource group name for Windows e2e test
* Push container images on windows CLI build to fix e2e test
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Fix resource group naming
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
