Malte Poll
2808012c9c
terraform: gcp node groups ( #1941 )
...
* terraform: GCP node groups
* cli: marshal GCP node groups to terraform variables
This does not have any side effects for users.
We still strictly create one control-plane and one worker group.
This is a preparation for enabling customizable node groups in the future.
2023-06-19 13:02:01 +02:00
Malte Poll
5823aa2438
deps: upgrade pseudo version tool
2023-06-16 16:30:47 +02:00
Malte Poll
9b142f9a25
bazel: upgrade rules_go to a pre-release version to get stripped binaries
2023-06-16 16:30:47 +02:00
Malte Poll
18e7bffc67
bazel: upgrade bazeldnf to produce deterministic rpm2tar artifacts
2023-06-16 16:30:47 +02:00
Malte Poll
bd82071dd5
bazel: add test for containers being equal regardless of the target platform
2023-06-16 16:30:47 +02:00
Malte Poll
6c8dade285
bazel: always choose linux / amd64 distroless base image
2023-06-16 16:30:47 +02:00
Malte Poll
537cdbcfad
bazel: trim path to *.pb.go files embedded in go libraries
...
See https://github.com/bazelbuild/rules_go/issues/3581 for context.
2023-06-16 16:30:47 +02:00
renovate[bot]
4908b5f63c
deps: update golangci/golangci-lint to v1.53.2 ( #1924 )
...
* deps: update golangci/golangci-lint to v1.53.2
* deps: tidy all modules
* attestation: silence linter warning
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-16 09:40:08 +02:00
renovate[bot]
ab52e6d4c5
fix: GCP service account creation fails sometimes ( #1935 )
...
* deps: update Terraform google to v4.69.1
* deps: tidy all modules
* add delay for service account
* deps: tidy all modules
* add delay for service account
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-06-16 09:37:31 +02:00
edgelessci
a717cefc26
image: update measurements and image version ( #1939 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-06-16 08:27:45 +02:00
Malte Poll
684cae4706
nix: add python toolchain deps ( #1934 )
2023-06-15 17:37:59 +02:00
Paul Meyer
103a757557
deps: upgrade sonobuoy to v0.56.17 ( #1937 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-06-15 16:54:38 +02:00
Malte Poll
264b2df902
deps: upgrade to Fedora 38 ( #1909 )
...
* image: upgrade mkosi distro version to Fedora 38
* image: remove downgrade of GCP kernel
* ci: upgrade expected measurements for Fedora 38
* deps: upgrade bazeldnf packages to Fedora 38
* deps: upgrade container images to Fedora 38
2023-06-15 16:50:35 +02:00
Paul Meyer
4d6d2b1fa2
Update codeowners ( #1936 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-06-15 14:55:38 +02:00
Adrian Stobbe
159d28a2c7
doc: add context to PR template ( #1932 )
...
* add context to PR template
* Update pull_request_template.md
2023-06-15 09:13:47 +02:00
Otto Bittner
c33ab624c1
ci: upgrade fromVersion in e2e-upgrade ( #1931 )
...
We released 2.8 so we need to test that it can upgrade to HEAD.
2023-06-15 07:49:30 +02:00
Adrian Stobbe
07de6482b2
config: drop support for deprecated Azure's service principal authentication ( #1906 )
...
* invalidate app client id field for azure and provide info
* remove TestNewWithDefaultOptions case
* fix test
* remove appClientID field
* remove client secret + rename err
* remove from docs
* otto feedback
* update docs
* delete env test in cfg since no envs set anymore
* Update dev-docs/workflows/github-actions.md
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* WARNING to stderr
* fix check
---------
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-06-14 17:50:57 +02:00
renovate[bot]
d964c74cbb
deps: update dependency io_bazel_rules_go to v0.39.1 ( #1921 )
...
* deps: update dependency io_bazel_rules_go to v0.39.1
* deps: tidy all modules
* deps: remove duplicate urls
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-14 16:35:52 +02:00
Adrian Stobbe
c5f75513b1
fix: Azure SEV-SNP version always gets overwritten by latest API versions ( #1930 )
...
* fix that manual version gets overwritten by latest
* put azure in seperate config file
* otto feedback
2023-06-14 14:17:52 +02:00
Adrian Stobbe
c1f9d86cd3
bazel check: silent env for cleaner output ( #1898 )
...
* explicitly ignore pkgs for cleaner output
* do not ignore but redirect stderr
* silent env var to silent stderr
* add silent env var to vuln,lint,tf
* fix golangci silent
* Update bazel/ci/terraform.sh.in
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
* Update bazel/ci/golicenses.sh.in
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
* Update bazel/ci/govulncheck.sh.in
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
* Update bazel/ci/golangci_lint.sh.in
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
---------
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-06-14 13:58:21 +02:00
Otto Bittner
7a1c70d7e5
ci: replace katexochen with elchead in assignee list ( #1928 )
...
katexochen is currently working on CoCo and not
involved in active development.
2023-06-14 11:44:45 +02:00
Malte Poll
ee77e3922a
ci: explicitly add CLI signature as release artifact ( #1917 )
2023-06-14 09:56:11 +02:00
edgelessci
8910e9bac4
image: update measurements and image version ( #1927 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-06-14 08:31:30 +02:00
renovate[bot]
520571c3d1
deps: update dependency com_github_bazelbuild_buildtools to v6 ( #1925 )
...
* deps: update dependency com_github_bazelbuild_buildtools to v6
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:33:49 +02:00
renovate[bot]
16621b5d15
deps: update dependency rules_pkg to v0.9.1 ( #1923 )
...
* deps: update dependency rules_pkg to v0.9.1
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:31:19 +02:00
renovate[bot]
42735ae1b1
deps: update bufbuild/buf to v1.21.0 ( #1922 )
...
* deps: update bufbuild/buf to v1.21.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:20:44 +02:00
renovate[bot]
5442e86150
deps: update dependency bazel_gazelle to v0.31.1 ( #1919 )
...
* deps: update dependency bazel_gazelle to v0.31.1
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:18:50 +02:00
renovate[bot]
053b371e93
deps: update dependency bazel_skylib to v1.4.2 ( #1920 )
...
* deps: update dependency bazel_skylib to v1.4.2
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 18:03:40 +02:00
renovate[bot]
56d0575459
deps: update dependency bazel to v6.2.1 ( #1918 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-13 17:50:24 +02:00
3u13r
a2c98eb1d5
Correctly deploy the AWS CCM ( #1853 )
...
* aws: stop using the imds api for tags
* aws: disable tags in imds api
* aws: only tag instances with non-lecagy tag
* bootstrapper: always let coredns run before cilium
* debugd: make debugd less noisy
* fixup fix aws imds test
* fixup unsued context
* move getting instance id to readInstanceTag
2023-06-13 09:58:39 +02:00
Adrian Stobbe
4f63481b7d
config: fix fetcher parse azure sev-snp version ( #1911 )
2023-06-12 16:04:54 +02:00
Daniel Weiße
ab74730fd7
Update go-tpm-tools fork ( #1910 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-06-12 15:59:40 +02:00
Adrian Stobbe
e738f15f0f
cdbg: make endpoint deployment failure more transparent ( #1883 )
...
* add retry + timeout + intercept grpc logs
* LogStateChanges inside grplog pkg
* remove retry and tj/assert
* rename nit
* Update debugd/internal/cdbg/cmd/deploy.go
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* Update debugd/internal/cdbg/cmd/deploy.go
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* paul feedback
* return waitFn instead of WaitGroup
* Revert "return waitFn instead of WaitGroup"
This reverts commit 45700f30e341ce3af509b687febbc0125f7ddb38.
* log routine inside debugd constructor
* test doubles names
* Update debugd/internal/cdbg/cmd/deploy.go
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* fix newDebugClient closeFn
---------
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-06-12 13:45:34 +02:00
renovate[bot]
167052d443
deps: update dependency hermetic_cc_toolchain to v2.0.0 ( #1860 )
...
* deps: update dependency hermetic_cc_toolchain to v2.0.0
* deps: tidy all modules
* bazel: target glibc 2.23 to enable rbe
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-06-09 17:39:30 +02:00
3u13r
b71b5103ae
ci: migrate e2e lb test to bazel ( #1892 )
...
* ci: migrate lb e2e test to bazel
* ci: disable shared bazel cache on github runners
2023-06-09 16:59:19 +02:00
Otto Bittner
8f21972aec
attestation: add awsSEVSNP
as new variant ( #1900 )
...
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP
For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
2023-06-09 15:41:02 +02:00
Thomas Tendyck
947d0cb20a
cli: hide --insecure of config fetch-measurements
2023-06-09 15:07:31 +02:00
Adrian Stobbe
3fde118b33
config: enable azure snp version fetcher again + minimum age for latest version ( #1899 )
...
* fetch latest version when older than 2 weeks
* extend hack upload tool to pass an upload date
* Revert "config: disable user-facing version Azure SEV SNP fetch for v2.8 (#1882 )"
This reverts commit c7b22d314a
.
* fix tests
* use NewAzureSEVSNPVersionList for type guarantees
* Revert "use NewAzureSEVSNPVersionList for type guarantees"
This reverts commit 942566453f4b4a2b6dc16f8689248abf1dc47db4.
* assure list is sorted
* improve root.go style
* daniel feedback
2023-06-09 12:48:12 +02:00
Moritz Sanft
72e168e653
bazel: pseudo version tool freshness check ( #1869 )
...
* switch to darwin compatible shasum
* add bazel rule
* update shellscript for in-place updates
* Revert "update shellscript for in-place updates"
This reverts commit 87d39b06f7
.
* add version tool freshness check
* remove pseudo-version file
* revert to `sha256sum`
* fix workflow indentation
2023-06-09 11:50:51 +02:00
Moritz Sanft
892752a1f8
add necessary permissions ( #1905 )
2023-06-09 11:50:39 +02:00
Moritz Eckert
9463d6fb27
cli: fix azure config warning message ( #1902 )
2023-06-09 11:16:54 +02:00
Otto Bittner
3a54ca91a7
deps: bump go patch version ( #1903 )
2023-06-09 10:53:17 +02:00
Adrian Stobbe
d9c604ed2c
terraform: update aws to v5.1.0 ( #1891 )
2023-06-09 10:37:25 +02:00
Adrian Stobbe
e0fe8e6ca0
local: fix mac issues in bazel ( #1893 )
2023-06-09 10:35:52 +02:00
renovate[bot]
7c345f4503
deps: update github.com/gophercloud/utils digest to de873b9 ( #1843 )
...
* deps: update github.com/gophercloud/utils digest to de873b9
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-09 10:02:59 +02:00
Malte Poll
8c3617faf0
ci: do not manually clear measurements on verify e2e ( #1889 )
2023-06-09 09:25:30 +02:00
Otto Bittner
3e583946a1
rfc: specify how to handle launchmeasurements ( #1894 )
...
* Describes how to keep the values in the API up-to-date.
* Describes API object structure.
* Describe user config options.
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2023-06-09 08:45:27 +02:00
Malte Poll
17b583ddc5
misc: start v2.9.0-pre ( #1895 )
2023-06-08 15:31:47 +02:00
Adrian Stobbe
e9f9337cb9
Revert "ci: fix versionsapi cli container Dockerfile ( #1856 )" ( #1896 )
...
This reverts commit 0fac6a03cc
.
2023-06-07 17:18:59 +02:00
Adrian Stobbe
4284f892ce
api: rename /api/versions to versionsapi and /api/attestationcfig to attestationconfigapi ( #1876 )
...
* rename to attestationconfigapi + put client and fetcher inside pkg
* rename api/version to versionsapi and put fetcher + client inside pkg
* rename AttestationConfigAPIFetcher to Fetcher
2023-06-07 16:16:32 +02:00