Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-20 00:06:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,891 Commits 132 Branches 43 Tags 105 MiB
1e987f6a85
Commit Graph

730 Commits

Author SHA1 Message Date
Malte Poll
2300a31276 deps: update all 3rdparty github actions 2024-02-21 17:53:53 +01:00
renovate[bot]
abf6b4924a deps: update Python dependencies 2024-02-21 13:32:15 +01:00
Malte Poll
38ef546362 deps: update Go to 1.22.0 2024-02-20 18:27:16 +01:00
Malte Poll
5ef12895fa bazel: remove deprecated Bazel container 
It doesn't work properly with nix and a nix shell exists for all developers.
 2024-02-20 12:50:13 +01:00
Malte Poll
980b2f0e87 ci: login to OpenStack provider 2024-02-19 18:16:45 +01:00
Moritz Sanft
ffb1ef9185
ci: fix artifact overwriting in upgrade test (#2913) 2024-02-19 15:12:04 +01:00
renovate[bot]
cdf1282996
deps: update dependency cryptography to v42.0.2 [SECURITY] (#2916) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-19 15:11:19 +01:00
Moritz Sanft
68cfa0addf
ci: update fromVersion to v2.15.1 (#2914) 2024-02-16 13:35:57 +01:00
Daniel Weiße
c5b17fb828
ci: prevent duplicate artifact naming in same workflow (#2903) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-12 09:56:53 +01:00
renovate[bot]
3765cb0762
deps: update actions/upload-artifact and actions/download-artifact action to v4 (#2756) 
* deps: update actions/upload-artifact action to v4
* deps: update actions/download-artifacts action to v4

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-07 14:50:15 +01:00
renovate[bot]
b1dc427108
deps: update dependency cryptography to v42 [SECURITY] (#2894) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-07 13:57:49 +01:00
Moritz Sanft
dde3430da8
terraform: support AWS marketplace images (#2888) 
* terraform: support AWS marketplace images

* terraform-provider: support AWS marketplace images

* docs: add instructions on AWS marketplace images

* ci: adapt marketplace image test for AWS

* Update internal/config/config.go

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>

* docs: update config

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: update license information

* docs: use CSP tabs for marketplace overview

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

---------

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-02-06 12:13:59 +01:00
Daniel Weiße
64c32c2236
ci: make instance type configurable for provider sample (#2893) 
* Make default instance type configurable for provider sample
* Set TDX instance type when running TDX provider e2e test
* Fix missing attestation variant when setting up stub config in provider e2e test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-05 15:46:57 +01:00
Daniel Weiße
f21252c57d
ci: fix workspace related errors when setting up k8s version for test (#2891) 
* Fail workflow on error in subshell
* Remove relative paths from workflow
* Set up MMA only for SEV-SNP, not for Azure TDX

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-05 13:29:03 +01:00
Markus Rudy
c020f7ac20
cleanup: various minor debugging improvements (#2889) 
* ci: improve constellation_create error message

When we hit a timeout due to nodes not coming up, the actual error
message is hard to make out because it's buried in a group. With the
right formatting, the error message will be highlighted in the UI.

Another improvement is to output the state of nodes, which helps
debugging the cause of nodes not joining or not becoming ready.

* cleanup: use NodeVersionResourceName constant

... instead of literal strings.

* ci: correctly notify on e2e upgrade error

* atls: report cert extension OIDs on mismatch

If the certificate contains an attestation document for SEV-SNP, but the
given validator is for Nitro, verifyEmbeddedReport should not claim that
there is no attestation document, but that there is no _compatible_ one
and what the incompatible ones were.
 2024-02-02 16:46:28 +01:00
Moritz Sanft
d5e4435e3d
ci: reduce amount of regular tests (#2885) 
* .github: add e2e test to pr checklist

* ci: use sonobuoy quick where possible

* ci: run malicious join test on release

* ci: remove self managed infra test

* ci: remove non-example terraform test from weekly

* ci: run Sonobuoy full on the latest k8s version weekly

* ci: run weekly sonobuoy quick on all k8s versions

* ci: don't run double sonobuoy tests on latest k8s version
 2024-02-01 15:05:07 +01:00
Adrian Stobbe
9b547bced0
ci: v2.15 post-release cleanup (#2881) 
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2024-01-31 16:45:20 +01:00
Adrian Stobbe
efc7290454
ci: fix upload CLI path line splitting (#2877) 2024-01-30 09:26:40 +01:00
Adrian Stobbe
3799525103
ci: set board fields for tf example test (#2867) 2024-01-29 16:45:26 +01:00
Daniel Weiße
d372130bfd
ci: safely set attestation variant in OpenSearch URL (#2864) 
* Add attestation variant to notify hooks
* Quote all inputs in OpenSearch URL
* Add clusterCreation field to OpenSearch URL
* Omit empty fields in OpenSearch URL

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-29 11:52:41 +01:00
Daniel Weiße
64e5efb49d Fix evaluation statement 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-26 17:06:28 +01:00
Daniel Weiße
65d28f913f Allow starting e2e tests based on attestation variant instead of csp 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-01-26 17:06:28 +01:00
Adrian Stobbe
77276cb4ca
add provider example test to weekly (#2840) 2024-01-25 11:09:27 +01:00
Thomas Tendyck
ad5ff6e1bb ci: update vale 2024-01-24 09:07:19 +01:00
Malte Poll
66faa5493f deps: Go 1.21.6 2024-01-22 13:11:58 +01:00
Moritz Sanft
0030a26eaf
ci: parallelize upgrade e2e test (#2724) 
* ci: parallelize upgrade e2e test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* ci: revert name change

* ci: upgrade checkout action

* ci: add target version before building target cli

* ci: rename input

* ci: upload service account key

* ci: download sa key on GCP

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
 2024-01-19 16:34:47 +01:00
Moritz Sanft
bf02680477
ci: mirror GCP images to MPI project on release (#2820) 2024-01-15 13:58:30 +01:00
Malte Poll
8a74893461 ci: build and upload OS image in single job 2024-01-15 13:53:15 +01:00
Adrian Stobbe
60a0a6020e
ci: add upgrade to provider example test (#2775) 2024-01-13 13:13:10 +01:00
Markus Rudy
49ecb2415f
ci: remove reference to absent go.mod file (#2811) 2024-01-09 23:07:16 +01:00
Markus Rudy
ef6f63dc48
Fix various small things throughout the codebase (#2800) 
* bootstrapper: remove obsolete log statement

* ci: simplify variable usage

Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>

* cli: add missing formatting directive

* helm: fix rm invocation

* ci: document reproducible-builds workflow

* constants: use variables for measurement files

* constants: use variables for CDN distribution ID

* ci: make Helm version explicit

* api: prettify versionsapi-list output

* ci: remove obsolete docstring

---------

Co-authored-by: Daniel Weiße <daniel-weisse@users.noreply.github.com>
 2024-01-09 19:37:56 +01:00
renovate[bot]
bacb8ff886
deps: update AWS SDK (#2809) 
* deps: update AWS SDK

* deps: fix AWS SDK upgrade breakage

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Markus Rudy <mr@edgeless.systems>
 2024-01-09 16:18:33 +01:00
Malte Poll
a8bca88eeb
k8s: add 1.29, remove 1.26, default 1.28 (#2803) 
undefined
 2024-01-08 16:53:12 +01:00
Moritz Sanft
e691e26bd3
cli: support for GCP marketplace images (#2792) 
* cli: support GCP marketplace images

* ci: support GCP marketplace images

* docs: support GCP marketplace images

* bazel: generate

* ci: allow GCP for mpi e2e test

* Update docs/docs/overview/license.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* terraform-provider: allow GCP MPIs

* terraform-provider: fix error message

---------

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-01-08 15:51:39 +01:00
Malte Poll
c936ec510d
ci: reproducible builds test on artifacts v2 (#2801) 
* ci: test download-artifacts@v4 for reproducible builds test

* ci: reproducible builds test: use unique artifact names and patterns
 2024-01-05 16:57:21 +01:00
Markus Rudy
8e8e861d5f
ci: ignore Wireguard pdf in lychee (#2797) 
* ci: use a config file for lychee

* ci: don't pass token to lychee action

* ci: ignore wireguard.pdf in lychee
 2024-01-05 14:07:33 +01:00
Adrian Stobbe
f41ce43919
terraform-provider: require kubernetes and microservice version (#2791) 2024-01-04 16:25:24 +01:00
Adrian Stobbe
8730e72319
ci: e2e test for Terraform provider examples (#2745) 2024-01-04 10:00:21 +01:00
3u13r
07c884b945
ci: remove artifact encryption for public artifacts (#2776) 
* ci: remove artifact encryption for public artifacts

* revert parts of  #2765

* ci: add unused action exception for encrypted artifact download
 2023-12-29 11:02:37 +01:00
Adrian Stobbe
539e6eac48
ci: give exec permission to provider binaries (#2779) 2023-12-28 10:19:47 +01:00
Adrian Stobbe
903411edae
fix Terraform release zipping (#2778) 2023-12-27 17:43:57 +01:00
Markus Rudy
130bed0eb2 ci: selectively remove artifact encryption 2023-12-22 17:50:40 +01:00
Moritz Sanft
5871ff5508
ci: adhere to action restriction when uploading scorecard (#2771) 2023-12-22 13:13:20 +01:00
Daniel Weiße
8c1972c335
ci: fix artifact upload in image build pipeline (#2765) 
* Fix parameter expansion when uploading multiple files
* On download, ensure target directory exists
* Rename encryption-secret -> encryptionSecret
* Remove incorrect secret access from e2e test action
* Add missing checkout action to workflows using our download action
* Fix spacing
* Fix upload action uploading whole directory structure instead of target files
* Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-12-21 19:28:18 +01:00
Daniel Weiße
6e4c0bd8aa
ci: fix artifacts download/upload for release draft workflow (#2759) 
* Pin upload and download actions by hash
* Dont expect encrypted artifacts in release pipeline

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-12-21 15:52:58 +01:00
renovate[bot]
8644b958ea
deps: update actions/setup-go action to v5 (#2754) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-21 12:54:39 +01:00
renovate[bot]
5999f9e3a1
deps: update cachix/install-nix-action action to v24 (#2757) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-21 08:43:44 +01:00
renovate[bot]
dcf1b88a29
deps: update actions/checkout action to v4 (#2752) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-20 16:10:35 +01:00
renovate[bot]
d0cfd5590d
deps: update dependency cryptography to v41.0.6 [SECURITY] (#2657) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-12-20 16:04:15 +01:00
miampf
a429ca50e7
ci: encrypt artifacts (#2567) 2023-12-20 14:17:49 +00:00