Paul Meyer
4249050116
e2e: find default image if no input image specified
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 15:23:27 +01:00
Paul Meyer
cbd5a4a118
ci: print image version in summary
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 13:25:53 +01:00
Paul Meyer
8004edcc14
image: add version and debug field to lookup table ( #682 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 11:51:33 +01:00
Malte Poll
e67f65709f
Prepare release checklist for v2.3 ( #690 )
2022-12-01 10:46:04 +01:00
Malte Poll
3aa51df74d
Add release trigger to make image versions available via CDN
2022-11-30 12:35:12 +01:00
Leonard Cohnen
954cbad214
ci: build qemu-metadata api
2022-11-30 12:28:37 +01:00
Daniel Weiße
6bd62f0f7a
Update docs to new measurement format ( #660 )
...
* Remove fetch-measurements from create workflow
* Explain new measurements format in docs
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-30 08:29:17 +01:00
Paul Meyer
688003cdd9
ci: fix hcl lock files on renovate branch
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 18:47:30 +01:00
Paul Meyer
48e0b3a9cd
ci: check hcl lock files are up to date
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 18:47:30 +01:00
renovate[bot]
2e2bcb15e1
Update GitHub action dependencies ( #665 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 14:06:18 +01:00
Fabian Kammel
c71fd89e80
Provenance for CLI ( #647 )
...
* provenance generation for cli
* document provenance generation for CLI
* include CLI SBOM in provenance
Co-authored-by: 3u13r <lc@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-25 16:13:20 +01:00
Nils Hanke
89b25f8ebb
Add new generate measurements matrix CI/CD action (now with AWS support) ( #641 )
2022-11-25 12:08:24 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs ( #553 )
...
* Merge enforced and expected measurements
* Update measurement generation to new format
* Write expected measurements hex encoded by default
* Allow hex or base64 encoded expected measurements
* Allow hex or base64 encoded clusterID
* Allow security upgrades to warnOnly flag
* Upload signed measurements in JSON format
* Fetch measurements either from JSON or YAML
* Use yaml.v3 instead of yaml.v2
* Error on invalid enforced selection
* Add placeholder measurements to config
* Update e2e test to new measurement format
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 10:57:58 +01:00
Malte Poll
3dc9c60864
e2e tests: use new image versions
2022-11-23 15:47:46 +01:00
Paul Meyer
947920d4f5
Revert "warn about function argument count over 5 ( #558 )" ( #620 )
...
This reverts commit 1110ccd270
.
2022-11-22 14:20:11 +01:00
Daniel Weiße
e7ee4d6e59
Remove manual installation of csi drivers ( #600 )
...
* Remove manual installation of csi drivers
* Remove explicit storage class
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-22 14:02:31 +01:00
Paul Meyer
063162c205
deps: upgrade sonobuoy version
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 12:32:50 +01:00
renovate[bot]
b6d7289dfe
Update dependency numpy to v1.23.5 ( #604 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-22 10:07:44 +01:00
renovate[bot]
fa2919e285
Update softprops/action-gh-release action to v0.1.15 ( #607 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-21 15:08:53 +01:00
Malte Poll
efaa0622a8
Include image version in mkosi builds
2022-11-18 10:37:45 +01:00
Malte Poll
74aabe86fa
Move PCR[8] -> PCR[12]
2022-11-18 10:37:45 +01:00
Malte Poll
239b9f6c26
Upgrade images to Fedora 37
2022-11-18 10:37:45 +01:00
Fabian Kammel
56dccb77b4
Merge back changes from v2.2.2 release ( #580 )
...
* prepare v2.2.2 release and update release.md
* Updated QEMU measurements
* Terraform GCP: Always use the local account for resource creation (#571 )
* CoreOS is no longer used, change docs to OS.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-18 10:24:45 +01:00
renovate[bot]
f5f6be1c56
Update actions/download-artifact action to v3 ( #583 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-18 08:55:56 +01:00
Fabian Kammel
1110ccd270
warn about function argument count over 5 ( #558 )
...
* warn about function argument count over 5
* only on new code
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-17 17:31:00 +01:00
Malte Poll
78481b32e8
Move image artifacts "/v1/" => "/constellation/v1" ( #579 )
2022-11-17 16:14:38 +01:00
Paul Meyer
9c405ceb02
ci: use shfmt fork
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 16:10:13 +01:00
renovate[bot]
827b62c2be
Update GitHub action dependencies ( #568 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-17 11:37:00 +01:00
Paul Meyer
c61f6211f9
ci: use fixed renovate bot email for commits
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 11:28:49 +01:00
Paul Meyer
3fd678492f
ci: fix shellfmt workflow name
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 11:28:49 +01:00
Malte Poll
cdaf1fc476
OS Image Build pipeline: prepare lookup tables and additional artifacts ( #560 )
2022-11-16 15:45:10 +01:00
Leonard Cohnen
2f0b1a0f32
ci: add go generate check
2022-11-15 18:24:07 +01:00
Leonard Cohnen
9b89e5cf10
ci: don't check cilium links
2022-11-15 18:24:07 +01:00
Paul Meyer
80a801629e
e2e: deactivate fail-fast for e2e daily
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-15 12:44:52 +01:00
renovate[bot]
c71eeffd1e
Update module github.com/sigstore/rekor to v1.0.1 ( #543 )
...
* Update module github.com/sigstore/rekor to v1.0.1
* quotes around string with spaces
* [bot] Tidy all modules
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: datosh <datosh@users.noreply.github.com>
2022-11-15 12:18:01 +01:00
renovate[bot]
7d16c02e0d
Update dependency azure-identity to v1.12.0 ( #496 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-15 10:26:55 +01:00
Malte Poll
5f44668897
Extend AWS e2e test token expiration to 6 hours ( #547 )
2022-11-14 14:14:42 +01:00
Malte Poll
9f6a8ffd4c
Allow listing separate args for shfmt
2022-11-14 14:02:29 +01:00
renovate[bot]
c76d0672f8
Update golangci/golangci-lint-action action to v3.3.1 ( #542 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-14 10:43:54 +01:00
Paul Meyer
056f98a2ab
ci: bump sonobuoy version
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-14 10:33:29 +01:00
Christoph Meyer
d612ed2cae
AB#2530 CI benchmarks compare to previous and generate graphs
...
- Get the previous benchmark results from artifact store S3 bucket
- Compare the current benchmark to the previous results
- Attach markdown table comparing results to the workflow output
- Update benchmarks in bucket if running on main
- Generate graphs from comparison
- Document continous benchmarking
2022-11-11 18:37:35 +01:00
Paul Meyer
4f66519fb0
ci: improve shellfmt workflow code
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 16:50:21 +01:00
Paul Meyer
09969afd57
ci: fix workflows
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 16:38:29 +01:00
Paul Meyer
38cc2c1ab0
ci: add actionlint workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 16:38:29 +01:00
Paul Meyer
a7535fb449
ci: add shellfmt workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 15:53:57 +01:00
Paul Meyer
106b738fab
ci: format shellscripts
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 15:53:57 +01:00
renovate[bot]
fd9dfb500d
Update actions/checkout digest to 5c3ccc2 ( #527 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 15:03:14 +01:00
Paul Meyer
fb6f425696
ci: checkout with head ref
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 14:00:11 +01:00
renovate[bot]
1fc663efc9
Update actions/checkout action to v3
2022-11-11 14:00:11 +01:00
Paul Meyer
516477a46b
devdoc: update dev conventions
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:40:13 +01:00
Paul Meyer
7aa7492474
Fix shellcheck warnings
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:40:13 +01:00
Paul Meyer
eb66767a62
ci: decrease severity level of shellcheck
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:40:13 +01:00
Paul Meyer
6fd605b3c4
e2e: print id file after create
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Paul Meyer
7eb9d8a57c
e2e: add AWS test to schedule
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Paul Meyer
11672acf0a
e2e: add AWS test
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Paul Meyer
f6b3ef6a57
ci: login azure only if needed
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Paul Meyer
1ec9316521
ci: rename actions
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Fabian Kammel
b92b3772ca
Remove access manager ( #470 )
...
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-11 08:44:36 +01:00
Thomas Tendyck
b0f4a09ebe
Update release.md
2022-11-11 08:18:16 +01:00
renovate[bot]
8e8ce070b7
Update google-github-actions/setup-gcloud action to v1 ( #524 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-10 18:29:30 +01:00
renovate[bot]
92b647a099
Update google-github-actions/auth action to v1 ( #523 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-10 18:28:47 +01:00
Nils Hanke
a7e81aef73
Update GitHub workflow runners to Ubuntu 22.04 ( #513 )
...
* Update all GitHub action runners to ubuntu-22.04
* Fix license checker script for grep >3.4
2022-11-10 16:55:24 +01:00
Malte Poll
e011c7ef78
Set azureImageOffer for debug images
2022-11-10 09:13:44 +01:00
Leonard Cohnen
7a8ca1e574
docs: verify Ceph encryption
2022-11-09 16:48:11 +01:00
Malte Poll
e9fecec0bc
Only publish release AMIs
2022-11-09 14:29:58 +01:00
renovate[bot]
c18feaaace
Update lycheeverse/lychee-action action to v1.5.4 ( #492 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-09 11:10:46 +01:00
Paul Meyer
d3bad39223
e2e: fix deletion of persisten volumes ( #476 )
...
Co-authored-by: Christoph Meyer <cme@edgeless.systems>
2022-11-09 10:28:34 +01:00
renovate[bot]
05f4b8698b
Update ludeeus/action-shellcheck digest to 6d3f514 ( #485 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:38:48 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch ( #479 )
...
* Bump version to v2.2.0
* Update changelog
* Fix release detection in pipeline
* Fix PKI selection in pipeline
* Set enforced measurements for AWS
* Update default images
* Fix release docs
* Update mini-con defaults
* Fix measurements action
* Fix syft env variable naming
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-08 18:32:59 +01:00
Paul Meyer
46e4ddd8c6
ci: don't run cli reference gen on release branch
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 17:07:29 +01:00
Malte Poll
899ca91aa3
Move enforced measurement for clusterID to PCR[15] in e2e tests
2022-11-08 00:07:04 +01:00
Malte Poll
3e996efb3f
Pass azure image offer from build variable action
2022-11-08 00:07:04 +01:00
renovate[bot]
efa2fb2fd0
Update anchore/sbom-action action to v0.13.1 ( #463 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 17:42:09 +01:00
Malte Poll
ed58fcccd3
CI: Add secure boot prod keys ( #462 )
...
* Add production secure boot keys
* Refactor OS build and upload settings
2022-11-04 16:48:52 +01:00
Nils Hanke
b24c799c80
Replace specific Azure/GCP credentials with secrets
2022-11-04 12:57:24 +01:00
Nils Hanke
ee20ff8950
Replace E2E Azure RM credentials with secrets
2022-11-04 12:57:24 +01:00
Nils Hanke
a535ca1901
CI: Use lowercase image name for S3 upload
2022-11-04 12:57:24 +01:00
Nils Hanke
af08ffbb16
CI: Add group for building pcr-reader for better output
2022-11-04 12:57:24 +01:00
Nils Hanke
28b2d84684
Add AzureRM authentication environment variables for PCR action
2022-11-04 12:57:24 +01:00
Nils Hanke
3ca88d6043
Fix Constellation measure CI action
2022-11-04 12:57:24 +01:00
renovate[bot]
88110ff5f3
Update github actions dependencies ( #450 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 11:58:54 +01:00
renovate[bot]
72caeca69b
Update dependency matplotlib to v3.6.2
2022-11-03 16:01:52 +01:00
Malte Poll
4a7024c469
Make AMI public on creation ( #426 )
2022-11-03 15:22:51 +01:00
Paul Meyer
ac3768bbc9
e2e: add k-bench to weekly run
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-02 18:47:16 +01:00
Christoph Meyer
273d6162de
fix: don't run CI K-Bench with less than 2 worker nodes
...
K-Bench's network benchmarks require two distinct worker nodes.
Add check prior to running the benchmark that terminates early, if not
enough workers scheduled.
2022-11-02 18:45:56 +01:00
Christoph Meyer
94429c8db8
Add CI action to install CSI drivers
2022-11-02 18:30:59 +01:00
Nils Hanke
7ca4a6d0e1
Adjust CI scripts to avoid termination prompt
2022-11-02 18:18:30 +01:00
Nils Hanke
6d2ec109d0
Update to Go 1.19.3
2022-11-02 11:53:52 +01:00
renovate[bot]
f60120bbbc
Update github actions dependencies ( #420 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-02 11:00:40 +01:00
Malte Poll
2842328457
Update mkosi to version 14 ( #391 )
2022-11-02 10:14:42 +01:00
Christoph Meyer
1952eb5721
AB#2191 Evaluate K-Bench benchmarks in CI
...
Install Python for K-bench evaluation
Add scripts to evaluate the K-Bench results in CI
Attach graphs to the workflow results in GitHub Actions
2022-11-01 12:27:25 +01:00
Christoph Meyer
f4ff473677
AB#2191 Add K-Bench CI step to manual workflow
...
Add the option to run K-Bench performance to the manual CI workflow
Install CSI drivers in the cluster for K-Bench benchmarks
Attach the results to the workflow in the GitHub Actions view
2022-11-01 12:27:25 +01:00
Otto Bittner
30bdbd9b85
Add helm unittests ( #380 )
2022-10-31 19:25:02 +01:00
Paul Meyer
3933a97567
e2e: rework schedule of e2e test daily/weekly
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-31 18:22:05 +01:00
renovate[bot]
20532fc355
Update Azure Function python dependencies ( #411 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-31 11:54:05 +01:00
Paul Meyer
4cd659b394
e2e: fix collection of boot logs on GCP ( #401 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-31 10:40:08 +01:00
renovate[bot]
4aa2069655
Update github actions dependencies ( #397 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-10-31 10:26:17 +01:00
Paul Meyer
050223e4c5
e2e: add nop payload to only test infra creation
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-28 17:46:37 +02:00
Paul Meyer
256f0e64b3
Upgrade Go version to 1.19
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-28 16:06:53 +02:00
Leonard Cohnen
1ffb078a4d
Docs: image changes for Longhorn support
2022-10-28 12:11:43 +02:00
Malte Poll
9297a4e8a2
Normalize naming: "sonobuoy fast" -> "sonobuoy quick" ( #389 )
2022-10-28 11:01:31 +02:00
Paul Meyer
b7415647a6
Move sonobuoy action
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 18:39:08 +02:00
Paul Meyer
95b8531fdd
Add e2e autoscaling test
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 18:39:08 +02:00
Paul Meyer
7108304046
Remove upload of state file
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 18:39:08 +02:00
Paul Meyer
8aa84fd759
Remove installation of preinstalled dependencies
...
in workflows
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 18:39:08 +02:00
renovate[bot]
acc82b205a
Update github actions dependencies ( #366 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-26 15:48:35 +02:00
Malte Poll
f65475b2b2
Use fine grained GitHub PAT to commit "go mod tidy" fixes
2022-10-26 14:44:09 +02:00
Malte Poll
d81172e352
Pin setup-gcloud action to git tag (for renovate) ( #376 )
2022-10-26 13:58:05 +02:00
Paul Meyer
4cbec82edf
Test operator code generation is up to date
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-25 16:50:46 +02:00
Thomas Tendyck
45dba96e31
remove conformance folder
2022-10-25 09:54:23 +02:00
Leonard Cohnen
5efd2716e3
add Rook deployment workaround
2022-10-23 05:50:49 +02:00
Malte Poll
2bf2cc6391
Use versioned Azure login action ( #353 )
...
* Use versioned Azure login action
* Pin github actions to git tags
2022-10-21 16:23:29 +02:00
Fabian Kammel
18ae86c38e
sbom signing ( #303 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-21 15:19:51 +02:00
Otto Bittner
07f02a442c
Refactor Helm deployments ( #341 )
...
* Wrap KMS deployment in one main chart that
deploys all other services. Other services will follow.
* Use .tgz via helm-package as serialization format
* Change Release type to carry chart as byte slice
* Remove KMSConfig
* Use json-schema to validate values
* Extend release.md to mention updating helm charts
2022-10-21 12:01:28 +02:00
renovate[bot]
10a207c7ec
Update github actions dependencies
2022-10-21 11:33:41 +02:00
Malte Poll
b57b25fdaa
Image upload AWS
2022-10-21 11:04:25 +02:00
Malte Poll
743f5fa627
Remove all traces of CoreOS from the codebase
2022-10-21 11:04:25 +02:00
Malte Poll
35e2267cf9
Move mkosi folder to old image folder location
2022-10-21 11:04:25 +02:00
Malte Poll
26fdfa4bee
Prefill PCR[11], PCR[12], PCR[13], PCR[15]
2022-10-21 11:04:25 +02:00
Malte Poll
6859c6b00e
Precalculate expected PCR[8]
2022-10-21 11:04:25 +02:00
Malte Poll
1e9608c796
Precalculate expected PCR[4]
2022-10-21 11:04:25 +02:00
Malte Poll
f4e69ec6ec
mkosi pipeline: Collect hashes
2022-10-21 11:04:25 +02:00
Nils Hanke
714b368a62
Add gcloud setup back to GCP login action for ✨ magic ✨ authentication
2022-10-21 11:04:25 +02:00
Malte Poll
34367ea3cc
Create mkosi image build pipeline
2022-10-21 11:04:25 +02:00
Fabian Kammel
21436e6592
use release cosign key only when releasing ( #331 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-20 15:59:17 +02:00
Paul Meyer
2685b5be1f
Let tfsec fail soft in CI
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-20 10:44:43 +02:00
Paul Meyer
a6b0edfcaa
Tidy modules on renovate branches
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-19 10:51:44 +02:00
Paul Meyer
7c13302936
Checkout branch instead of head commit
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-19 10:51:44 +02:00
renovate[bot]
6d5cb6b581
Update sigstore/cosign-installer action to v2.8.1 ( #323 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-19 10:29:37 +02:00
katexochen
3375b46b77
Update release.md
2022-10-18 17:36:48 +02:00
Paul Meyer
0e79af6f14
Run tests on push to release branch
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 17:02:16 +02:00
renovate[bot]
ed98b0205b
Update github actions dependencies ( #311 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 13:54:53 +02:00
Otto Bittner
62168bbf98
AB#2490: Add KMS helm chart
...
* Also run helm-lint in CI now
2022-10-18 13:33:37 +02:00
renovate[bot]
84fcf8d7f2
Update github actions dependencies ( #294 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 13:00:41 +02:00
renovate[bot]
ccaad5e482
Update github actions dependencies ( #274 )
2022-10-17 11:14:41 +02:00
Malte Poll
c16f5a976d
AB#2365 Upgrade k8s base deployments (add full support for k8s 1.25) ( #277 )
...
* Add container image release for CCM GCP v25.2.0
* Upgrade versions of kubernetes base components
2022-10-17 08:58:13 +02:00
Malte Poll
0f57f03846
Allow concurrent actions on the same branch. ( #281 )
...
Actions are free for public repos and we want to see every CI failure
2022-10-14 17:47:46 +02:00
katexochen
f3d7ebb61f
Change Azure auth method for manual test
2022-10-14 17:04:44 +02:00
Malte Poll
e7118223fe
Downgrade vale action ( #280 )
2022-10-14 15:32:38 +02:00
Paul Meyer
8cf8b5db12
Change Azure auth method for e2e test ( #276 )
2022-10-14 14:44:32 +02:00
Malte Poll
6c9e18a6b5
Run code tests on go.mod and go.sum changes
2022-10-14 10:50:32 +02:00
renovate[bot]
c08147baae
Update google-github-actions/auth action to v0.8.2
2022-10-14 09:20:10 +02:00
renovate[bot]
3c34757274
Update actions/cache action to v3.0.11
2022-10-14 09:17:00 +02:00
renovate[bot]
2d767b02c1
Update hashicorp/setup-terraform digest to a2a0e9d ( #254 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-13 17:34:28 +02:00
Leonard Cohnen
41a312f945
add documentation for Rook/CephFS
2022-10-13 17:29:16 +02:00
renovate[bot]
f90e8fc35a
Update actions/checkout digest to 8230315 ( #246 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-13 16:54:43 +02:00
renovate[bot]
078dc1eb8f
Update aquasecurity/tfsec-pr-commenter-action digest to d9fa643 ( #247 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-13 16:49:33 +02:00
katexochen
41c42f547f
Add tfsec workflow
2022-10-13 14:54:19 +02:00
katexochen
a00743e892
Add Terraform validation workflow
2022-10-13 14:54:19 +02:00
renovate[bot]
f032508c54
Configure Renovate ( #237 )
...
* Configure renovate
* pin remaining github actions
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-13 14:41:55 +02:00
Fabian Kammel
7ee8f65889
Delete dependabot and prepare renovate ( #238 )
...
* Delete microserivce template.
* Remove dependabot config
* Prepare renovate by adopting GitHub actions syntax
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-12 18:05:58 +02:00
katexochen
dbd71eebd9
Fix replace deprecated set-output syntax
2022-10-12 11:51:09 +02:00
katexochen
1f290af09b
Add dispatch trigger to all workflows
2022-10-12 11:32:19 +02:00
katexochen
49f233246c
Replace deprecated set-output syntax
2022-10-12 11:32:19 +02:00
Paul Meyer
1c29638421
Use env to find bash in shebang ( #225 )
2022-10-10 14:21:17 +02:00
katexochen
baeaf9f0c5
Fix macos e2e test
2022-10-10 13:43:15 +02:00
Leonard Cohnen
2a7c6ba052
bump gcp guest agent in workflow
2022-10-10 13:43:15 +02:00
Leonard Cohnen
0c651c55dd
increase control plane count during e2e tests
2022-10-07 03:44:24 +02:00
Nils Hanke
803209b12b
Update Go to 1.19.2 ( #219 )
2022-10-06 19:31:12 +02:00
katexochen
9edfc2f6ba
Move k8s version window up
2022-10-06 19:16:20 +02:00
Paul Meyer
e4963b0511
Deactivate cache for tidycheck workflow ( #216 )
2022-10-06 11:19:15 +02:00
dependabot[bot]
2e93b354e4
Bump actions/cache from 3.0.8 to 3.0.10
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.8 to 3.0.10.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](fd5de65bc8...56461b9eb0
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2022-10-05 02:02:48 -07:00
dependabot[bot]
fdd4425974
Bump actions/checkout from 3.0.2 to 3.1.0 ( #210 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](2541b1294d...93ea575cb5
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-05 09:24:36 +02:00
Daniel Weiße
2ea695896f
AB#2439 Containerized libvirt ( #191 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-10-05 09:11:30 +02:00
Daniel Weiße
804c173d52
Use terraform in CLI to create QEMU cluster ( #172 )
...
* Use terraform in CLI to create QEMU cluster
* Dont allow qemu creation on os/arch other than linux/amd64
* Allow usage of --name flag for QEMU resources
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-26 15:52:31 +02:00
Malte Poll
0d54f53ba1
update release guide to cover pre versions
2022-09-21 14:50:03 +02:00
Otto Bittner
0eb4a7831b
AB#2413: Add workflow for snp-report-verify
...
* Extend azure-snp-report-verify to also report fw SVNs.
* Add workflow based on azure-cvm to get maa-jwt and
verify it on a second runner.
2022-09-21 10:58:10 +02:00
Otto Bittner
d85b281570
Move GCP cloud function files to .github/runners.
2022-09-21 10:58:10 +02:00
Otto Bittner
13f973f61e
AB#2413: Add Azure function for CVMs
...
Add code of an azure function that is a
close copy of the existing cloud function on google.
The function spawns a CVM and initializes it
as a GitHub runner. The tag is 'azure-cvm'.
2022-09-21 10:58:10 +02:00
katexochen
de9bdaef24
Update release workflow
2022-09-21 10:32:00 +02:00
Daniel Weiße
95873d6a15
Run macos builds as separate jobs ( #174 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-20 13:43:46 +02:00
katexochen
788cfd9bd9
Remove autoscaling from workflows
2022-09-20 13:41:23 +02:00
katexochen
7f2608c623
Update operator workflow
2022-09-20 13:41:23 +02:00
katexochen
7eb245d7ee
Checkout last instead of merge commit in workflows
2022-09-19 14:02:59 +02:00
katexochen
bce85324c2
Add go-tidy-check workflow
2022-09-19 14:02:59 +02:00
Nils Hanke
de1268ffb9
Pin cache action against specific commit
2022-09-19 04:49:55 -07:00
Nils Hanke
fdfe7ddece
Add macOS E2E check to release guidelines
2022-09-19 01:09:56 -07:00
Nils Hanke
979164ab37
CI: Remove GOPRIVATE from actions
2022-09-19 01:09:56 -07:00
Nils Hanke
c8b22e87e3
CI: Add cdbg/debugd unit tests for macOS
2022-09-19 01:09:56 -07:00
Nils Hanke
52d1afaf0b
CI: Consolidate multi-OS & multi-arch builds into one job
2022-09-19 01:09:56 -07:00
Nils Hanke
1dad1631ca
E2E: Add manual macOS E2E test
2022-09-19 01:09:56 -07:00
Nils Hanke
6df92c127c
E2E: Download external binaries depending on host OS & arch
2022-09-19 01:09:56 -07:00
Nils Hanke
a1fd971c3c
CI/E2E: Update rekor-cli to 0.12.0
2022-09-19 01:09:56 -07:00
Nils Hanke
0f08c4f318
E2E: Update sonobuoy to 0.56.10
2022-09-19 01:09:56 -07:00
Nils Hanke
711532158f
E2E: Fix TEAMS_JOB_NAME for manual test
2022-09-19 01:09:56 -07:00
Nils Hanke
707cbf83b4
CI: Add macOS CLI unit tests
2022-09-19 01:09:56 -07:00
Nils Hanke
2c344a35e2
CI: Test multi-arch CLI builds on push
2022-09-19 01:09:56 -07:00
Nils Hanke
7338563d14
CI/E2E: (Re)move redunant setup steps
2022-09-19 01:09:56 -07:00
Thomas Tendyck
7b7c4b3246
docs: fix CLI reference heading
2022-09-16 15:57:50 +02:00
Nils Hanke
82f03d08e4
Add missing secret definitions for E2E runs
2022-09-15 06:45:10 -07:00
katexochen
5db3a426a5
Add govulncheck action
2022-09-14 13:07:04 +02:00
Nils Hanke
4898f06421
Delete downloaded rekor-cli binary
2022-09-14 03:01:09 -07:00
Nils Hanke
9da3078445
Set working-directory to build for rekor-cli download
2022-09-14 03:01:09 -07:00
Thomas Tendyck
45ee84965f
tidy link checking
2022-09-14 11:23:17 +02:00
Nils Hanke
82d9263d86
Add generate measurements step to release documentation
2022-09-14 01:22:18 -07:00
Nils Hanke
79229e04df
Create seperate create measurement action
2022-09-14 01:22:18 -07:00
Nils Hanke
9f246d3cc6
E2E: Don't sign & measure E2E built CLI binaries
2022-09-14 01:22:18 -07:00
Nils Hanke
472ba642b7
E2E: Build OSS CLI by default
2022-09-14 01:22:18 -07:00
katexochen
ebd9472866
Use go.work for CI workflows
2022-09-13 15:58:38 +02:00
katexochen
f55524a8d3
Run golangci-lint for all submodules
2022-09-13 15:58:38 +02:00
Felix Schuster
eb213878a2
Re-wording in docs/workflows ( #135 )
...
* Quick pass over create.md
* pass over verify.md
* Re-arrange workflows
* Quick polish of scale.md and upgrade.md
* Quick polish of terminate.md
* Cut recovery.md down
* Brush over ssh
* storage
* Brush over trusted launch VMs
* Update docs/docs/workflows/verify-cluster.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update docs/docs/workflows/verify-cluster.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Update docs/docs/workflows/verify-cluster.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* Add Azure back to title
* Update docs/docs/workflows/verify-cluster.md
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
* fix lint errors
* publish to 2.0
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2022-09-13 15:12:05 +02:00
Otto Bittner
c7f39388e4
Update verification dev docs to reference new tool
2022-09-13 14:58:21 +02:00
Leonard Cohnen
a318a82968
fix e2e latest debug image selection
2022-09-13 10:08:51 +02:00
Leonard Cohnen
c1427123d9
fix azure release image naming
2022-09-12 19:03:01 +02:00
Felix Schuster
ebb8d7ca96
Rewrite install.md and create verify-cli.md ( #124 )
...
* Rewrite install.md and create verify-cli
* Small beautification
* Address review comment
* Shorten examples.md
* Quick brush over examples
* Fix broken links in v2.0
* Fix broken links in v2.0
* fix lint errors
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2022-09-12 18:35:12 +02:00
Thomas Tendyck
0952435e25
fix some doc links
2022-09-12 13:09:55 +02:00
Thomas Tendyck
5cd69d4aee
promote issues as support channel ( #123 )
...
* promote issues as support channel
* add question issue template
2022-09-12 13:01:50 +02:00
dependabot[bot]
a527a88586
Bump azure/login from 1.4.5 to 1.4.6 ( #125 )
2022-09-12 06:17:39 +00:00
Nils Hanke
0949393dbb
Update build environment to Fedora 36 & Go 1.19.1
2022-09-09 18:11:33 +02:00
Nils Hanke
5684b9f607
Add updating CMakeLists.txt to release docs
2022-09-09 15:33:16 +02:00
Nils Hanke
9bedaf20ea
Use CMake project version across all places & remove obsolete build tags
2022-09-09 15:33:16 +02:00
Malte Poll
aa75a065d7
e2e test: wait for specified amount of nodes to join the cluster and become ready ( #87 )
...
Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
2022-09-09 13:28:53 +02:00
Nils Hanke
56accc7766
CI: Simplify "Generate reference docs" step
2022-09-09 11:24:59 +02:00
Nils Hanke
9a560847f7
CI: Remove obsolete checkout for old docs repo
2022-09-09 11:24:59 +02:00
Nils Hanke
9c8ba7b153
CI: Trigger CLI action on cli/cmd & cli/internal/cmd changes
2022-09-09 11:24:59 +02:00
Moritz Eckert
653b01499d
Pin docs actions to sha ( #105 )
2022-09-09 09:51:42 +02:00
Moritz Eckert
cdc9eb5c36
Add docs to release process ( #104 )
2022-09-09 08:04:34 +02:00
Otto Bittner
ef26917c5e
AB#2369: Use contributing.md as ToC for dev docs.
...
* Structure content into typical sections and
split into separate files.
* Also document how to locally create measurements
Signed-off-by: Otto Bittner <cobittner@posteo.net>
2022-09-08 16:08:42 +02:00
Nils Hanke
46c461c23e
E2E: Don't use cloudProvider in constellation create
2022-09-08 13:38:24 +02:00
Fabian Kammel
e3ede64ae6
Document trusted launch on Azure ( #48 )
...
* Document trusted launch usage for Azure
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
* there is no valid link because there is no valid release yet
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
* fix link
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
* fix linter issues
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
* improve
* importAzure.sh: print final image ID
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2022-09-07 15:05:24 +02:00
Nils Hanke
dd4ccdd390
E2E / debugd: Replace remains of ingressFirewall with debugCluster flag
2022-09-07 13:27:15 +02:00
Fabian Kammel
020cf51fc6
AB#2392 Store serial logs in actions ( #39 )
...
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2022-09-05 18:12:46 +02:00
Malte Poll
bd6c6ce836
e2e-tests: include k8s 1.25
2022-09-05 16:57:28 +02:00
Malte Poll
f3b9d0402b
Update Kubernetes version support docs
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 16:57:28 +02:00
Thomas Tendyck
a09c53a700
tidy link checking ( #63 )
...
* tidy link checking
* Update .github/docs/release.md
Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
2022-09-05 16:08:00 +02:00
Malte Poll
1c1b29637f
e2e-test gcp: Fix quoting in gcp config rewrite
2022-09-05 12:13:24 +02:00
Malte Poll
3c0e2239d2
e2e-test azure: ignore unused parameter
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 12:13:24 +02:00
Nils Hanke
b6385ad3bc
Move serviceAccountKey.json creation before create
...
The printed config does not contain the path
since it's printed before injection, so let's inject it before.
2022-09-05 12:13:24 +02:00
katexochen
1741c2d941
e2e: Fix machine type
2022-09-05 12:13:24 +02:00
katexochen
d0a3c2d3d1
e2e: Fix reintroduced Azure error
2022-09-05 12:13:24 +02:00
Malte Poll
45a1134915
Change default branch of constellation-fedora-coreos-config repo ( #72 )
2022-09-05 12:12:34 +02:00
Thomas Tendyck
b9db172fcf
Update pull_request_template.md
2022-09-05 11:10:40 +02:00
Nils Hanke
3c7d76f5a6
Run link checker only when Markdown & HTML files have been changed
2022-09-05 10:36:14 +02:00
Thomas Tendyck
95ff987bfc
add license
2022-09-05 09:17:25 +02:00
Malte Poll
e24808e936
e2e: Write service account key path for GCP ( #67 )
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 09:17:18 +02:00
Thomas Tendyck
517302e4dc
limit workflows to paths or filetypes
2022-09-05 08:51:36 +02:00
katexochen
43924c7318
e2e: Silence curl
2022-09-02 19:08:33 +02:00
katexochen
9076404b06
Fix manual e2e test
2022-09-02 19:08:33 +02:00
Malte Poll
bdb57387c7
Update pull_request_template.md ( #57 )
2022-09-02 17:17:44 +02:00
Fabian Kammel
2f871578b2
first implementation of SBOM generation ( #50 )
...
* first implementation of SBOM generation
* updated dependencies as per grype report
* hack: go mod tidy
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-09-02 16:49:59 +02:00
Nils Hanke
39eb58b403
E2E: Use default VM machine type when not overriden
2022-09-02 07:04:11 -07:00
Nils Hanke
710ded2a89
E2E: Insert instanceType to config instead of CLI
2022-09-02 07:04:11 -07:00
katexochen
b256222b42
e2e: Use default shell parameters
2022-09-02 15:20:25 +02:00
katexochen
0c5c11e8b7
e2e: Group log lines
2022-09-02 15:20:25 +02:00
katexochen
ef8130a918
e2e: Enable parallel runs on Azure
2022-09-02 15:20:25 +02:00
katexochen
3c123d9fec
e2e: Fix cleanup on error/cancel
2022-09-02 15:20:25 +02:00
katexochen
90b4067523
e2e: Run tests on GitHub instead of local runner
2022-09-02 15:20:25 +02:00
Thomas Tendyck
e2325534f1
Update release.md
2022-09-02 12:27:29 +02:00
Moritz Eckert
b95f3dbc91
Add docs to repo ( #38 )
2022-09-02 11:52:42 +02:00
Moritz Eckert
db942ee4b5
Update references to docs ( #36 )
2022-09-01 09:27:25 +02:00
Otto Bittner
276165064e
Ensure no uid values end up in resource delete cmd
2022-08-31 16:38:32 +02:00
katexochen
84b4519ffd
Add cleanup pre e2e test on Azure
2022-08-31 14:10:08 +02:00
katexochen
7c7a4699bc
Azure e2e tests with manual creds
2022-08-31 14:10:08 +02:00
Daniel Weiße
f38f85b3bf
Run binary builds in parallel ( #28 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 12:37:18 +02:00
Nils Hanke
fc10b3419d
Build release CLI for Linux arm64 ( #29 )
2022-08-31 12:27:26 +02:00
Nils Hanke
93db978240
Use absolute link to CHANGELOG.md in template
2022-08-31 03:25:50 -07:00
Nils Hanke
1ecc56b69f
Remove cdbg-config.yaml ( #26 )
...
This removes systemd service upload support in cdbg,
but keeps it in the protobuf protocol.
2022-08-31 12:25:27 +02:00
Daniel Weiße
b27e205399
Use 4 vCPU instances by default ( #24 )
...
* Use 4 vcpu instances by default
* Remove 2 vcpu instance type option
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 10:33:33 +02:00
Fabian Kammel
66d8c8037b
Release/v0.0.1 ( #20 )
...
* bump images to 0.0.1
* add gh cli commands
* varibale with default value should not be required
* update release docs
* build and upload version manifest as part of release
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-30 15:54:35 +02:00
Fabian Kammel
778952e07c
AB#2287 support community image IDs ( #9 )
...
* support community image IDs
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-30 15:15:51 +02:00
Nils Hanke
87e68961dd
Add GCP ServiceAccount to E2E test
2022-08-30 04:26:21 -07:00
Nils Hanke
89e3acf6a1
Fix link to CHANGELOG.md in PR template
2022-08-29 04:40:49 -07:00
Nils Hanke
a8cc8a5859
Disable golangci-lint cache
2022-08-29 02:25:04 -07:00
Fabian Kammel
d972f053f9
AB#2287 Public image sharing in Azure ( #350 )
...
Trusted launch VM images in original SIG, additional SIG for community images for CVM
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-26 17:34:46 +02:00
Fabian Kammel
45beec15f5
AB#2360 enterprise build tag ( #397 )
...
* enterprise build switch to disable license checking in default (OSS) version
* remove community license quota
* empty image references on OSS build in config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-25 14:06:29 +02:00
Paul Meyer
904ea06214
Update golangci-lint workflow ( #396 )
2022-08-24 14:55:55 +02:00
dependabot[bot]
a07e3bfaf4
Bump actions/setup-go from 3.2.1 to 3.3.0 ( #399 )
2022-08-24 09:59:35 +00:00
Fabian Kammel
779a73a03d
Add sed back to gcp image commmand ( #392 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-23 16:47:51 +02:00
Moritz Eckert
94460654e7
Apply feedback for readme ( #389 )
...
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2022-08-23 13:46:06 +02:00
Fabian Kammel
33626986fe
Feat/cli multi os arch ( #390 )
...
* Implement multi arch/os pipeline
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-23 13:43:20 +02:00
Malte Poll
cdcbed6ff9
Re-add build-cli workflow
2022-08-19 18:29:10 +02:00
Malte Poll
f16e4bd5f9
e2e test manual: upload measurements
2022-08-19 18:22:55 +02:00
Malte Poll
f7cc72215e
manual e2e test: allow parallel runs
2022-08-19 18:22:55 +02:00
Malte Poll
e841d9201b
Use Azure CVMs in e2e tests
2022-08-19 18:22:55 +02:00
Malte Poll
2d87db3914
Update pseudo-version script to determine future release version based on branch name
2022-08-19 18:22:55 +02:00
Malte Poll
92e4e4d95a
manual operator pipeline ( #383 )
2022-08-19 15:19:08 +02:00
Malte Poll
8d642be204
Azure: switch default region to west us and replicate images to multiple regions
2022-08-19 14:39:36 +02:00
Fabian Kammel
4176f038df
Generate CLI reference also for sub-commands ( #374 )
...
* include all subcommands
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-17 16:58:36 +02:00
Malte Poll
abb4fb4f0f
Build GCP guest agent from github actions in constellation repo
2022-08-16 08:47:58 +02:00
Otto Bittner
aee432ed6f
Fix syntax in yq command
...
Fixes syntax error in 4db5ea3b164e8e762693035cb06d643f711a3d39
2022-08-15 11:41:48 +02:00
Fabian Kammel
97c985a7f4
provide commands for all new image schemas ( #363 )
...
* provide commands for all new image schemas
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-15 11:09:10 +02:00
Otto Bittner
3018bfa03e
Add enforcedMeasurements default value to config
...
A previous change started enforcing PCR values.
This makes it necessary to update the respective config
values before running init.
2022-08-15 09:37:18 +02:00
3u13r
9478303f80
deploy cilium via helmchart ( #321 )
2022-08-12 10:20:19 +02:00
Otto Bittner
2f925b5955
Add clone3-workaround to bootstrapper build container
...
The previously encountered error about misconfigured seccomp
filters is mitigated with the workaround added in this commit.
See the repo in the comment for detailed information on
the bug itself.
2022-08-10 17:17:23 +02:00
Otto Bittner
919a2165ae
Run e2e test container on edgserver with privileged
...
The seccomp filter applied by docker presumably
stops curl from working correctly as the glibc changed the
way it creates processes (switch from clone to clone3).
The backwards compatibility layer of glibc does not work
correctly with docker's seccomp filter, making it necessary to
give the container privileged access.
2022-08-10 09:58:43 +02:00
Otto Bittner
c42e79ecfe
AB#2281: Run e2e tests on latest debug image ( #354 )
...
* e2e tests now execute on the latest debug image available by default
* e2e-manual workflow now takes an optional image reference to run on
* isDebugImage is a flag that has to be set in case
you are running a debug image
2022-08-09 15:29:39 +02:00
Malte Poll
aee3f2afa2
Run tests for different projects in parallel
2022-08-09 10:29:04 +02:00
Malte Poll
1df2a20a36
CI: build and upload node operator
2022-08-09 10:29:04 +02:00
Otto Bittner
1b9600c307
AB#2266: Test all supported version with e2e-tests
...
* e2e-test workflows execute two hours earlier.
* Run quick-mode e2e tests for the two older versions we support.
This triggers every night, together with the existing e2e tests.
Idea here is that we know that a cluster can be setup and initialized.
* Run full e2e tests for the two older versions each sunday.
* Do not abort manual e2e runs. This allows for parallel runs.
* Run unprivileged container
2022-08-09 10:02:15 +02:00
Daniel Weiße
c52bfc79d3
Set default values for e2e-pipeline ( #351 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Fabian Kammel <fabian@kammel.dev>
2022-08-09 08:20:23 +02:00
dependabot[bot]
2e71e6c740
Bump docker/build-push-action from 3.1.0 to 3.1.1 ( #348 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](1cb9d22b93...c84f382811
)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-08 15:39:00 +02:00
Otto Bittner
6ef0f5d06b
Remove "debug" from gcp image name.
...
Debug already is part of the family name.
2022-08-05 15:50:26 +02:00
Malte Poll
3b0b3f0335
Use local CoreOS assembler image instead of ghcr
2022-08-05 12:37:22 +02:00
dependabot[bot]
9741c0e6b1
Bump docker/build-push-action from 2.10.0 to 3.1.0 ( #338 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 2.10.0 to 3.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](ac9327eae2...1cb9d22b93
)
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-05 08:53:01 +02:00
dependabot[bot]
68cea57880
Bump docker/metadata-action from 3.8.0 to 4.0.1 ( #337 )
...
Bumps [docker/metadata-action](https://github.com/docker/metadata-action ) from 3.8.0 to 4.0.1.
- [Release notes](https://github.com/docker/metadata-action/releases )
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md )
- [Commits](b2391d37b4...69f6fc9d46
)
---
updated-dependencies:
- dependency-name: docker/metadata-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-05 08:52:51 +02:00
Daniel Weiße
5c00dafe9b
Fix CoreOS pipeline ( #336 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-04 09:24:21 +02:00
Daniel Weiße
5da92d9d8b
AB#2249 Rework image build pipeline ( #326 )
...
* Rework image build pipeline
* Dont cancel workflow runs on main
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-03 16:01:36 +02:00
Malte Poll
d3435b06a2
AB#2283 Build CCM GCP from github actions in constellation repo ( #334 )
...
* Build CCM GCP from github actions in constellation repo
* Deploy correct version of GCP CCM
2022-08-03 11:46:11 +02:00
Otto Bittner
1859dc1718
AB#2288: Fix/kernel panic ( #328 )
...
* More debug info & don't use guestfish
* Sync image runner script with deployed code
* Add missing = for --wait in sonobuoy action
Co-authored-by: <mp@edgeless.systems>
2022-08-02 15:34:17 +02:00
Fabian Kammel
a705fabf43
wait at most 5 hours ( #322 )
2022-08-01 21:44:12 +02:00
Otto Bittner
5a2809aca2
Disable automatic image builds ( #310 )
...
We only need new images for bootstrapper changes
for each release. Between releases we can use debug images.
For releases we have to build images manually anyway.
Therefore, let's not build these images unnecessarily.
2022-07-28 09:56:49 +02:00
Thomas Tendyck
244426305d
fix integration test workflow
2022-07-26 15:59:04 +02:00
Thomas Tendyck
aa0a07592b
check licenses ( #297 )
...
* AB#2222 check licenses of dependencies
* AB#2222 check-licenses: use setup-go
2022-07-26 11:49:13 +02:00
dependabot[bot]
f57a7e3ed0
Bump docker/setup-buildx-action from 1.7.0 to 2 ( #285 )
...
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action ) from 1.7.0 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases )
- [Commits](f211e3e9de...dc7b9719a9
)
---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-25 12:14:17 +02:00
Fabian Kammel
3a52bcabeb
First suggestion for issue and pr templates. ( #289 )
...
* First suggestion for issue and pr templates.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-25 12:13:02 +02:00
Fabian Kammel
ae13163fb7
kubectl wait is not supported for daemonset ( #296 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-25 11:07:21 +02:00
dependabot[bot]
b57e9cf92a
Bump docker/login-action from 1.14.1 to 2 ( #284 )
...
Bumps [docker/login-action](https://github.com/docker/login-action ) from 1.14.1 to 2.
- [Release notes](https://github.com/docker/login-action/releases )
- [Commits](dd4fa0671b...49ed152c8e
)
---
updated-dependencies:
- dependency-name: docker/login-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-21 09:45:54 +02:00
Fabian Kammel
085f548333
GitHub action pin-by-hash & dependabot ( #283 )
...
* remove Sunday and Monday morning runs, little value
* run test lint on main, as we do for all linters
* fixup outdated instructions
* use version hash instead of tags
* use dependabot for github actions
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-20 10:48:01 +02:00
Fabian Kammel
3842e50c49
use common boostrapperhost field and wait before reading pcr values ( #281 )
...
* use common boostrapperhost field and wait before reading pcr values
* use wait to be more explicit about goal
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2022-07-20 10:47:22 +02:00
Fabian Kammel
193a91d911
fix reference for statefile field and unwrap errors ( #278 )
...
* fix reference for statefile field
* unwrap errors before checking status
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-18 14:00:57 +02:00
Fabian Kammel
a931f6692f
Fix/bootstrapper regressions ( #274 )
...
* remove wireguard from e2e tests, conformance docs & config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-15 11:53:14 +02:00
Fabian Kammel
e315a3b5d8
AB#2070 automatic cli ref update ( #272 )
...
* automatically update cli reference branch in docs repository
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-15 10:23:52 +02:00
Malte Poll
cce2611e2a
Simplify node lock and various small changes
...
Co-authored-by: Fabian Kammel <fabian@kammel.dev>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2022-07-14 17:25:18 +02:00
Malte Poll
260d2571c1
Only upload kubeadm certs if key is rotated
...
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: 3u13r <lc@edgeless.systems>
2022-07-14 17:25:18 +02:00
katexochen
66b573ea5d
Bootstrapper
2022-07-14 17:25:18 +02:00
katexochen
1af18e990d
Rename all activation
2022-07-14 17:25:18 +02:00
katexochen
916e5d6b55
Rename coordinator to bootstrapper and rename roles
2022-07-14 17:25:18 +02:00
Fabian Kammel
00dfff6840
AB#2158 publish measurements ( #268 )
...
* cleaned up actions and new measure action to generate, sign and upload measurements
* improve constellation ip fetching to support multiple control nodes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-13 14:04:46 +02:00
Fabian Kammel
9d3ab0042c
Ref/prepare changelog for v1.3.1 ( #263 )
...
* prepare changelog.
* document lb fix
* set release version for cli
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: 3u13r <lc@edgeless.systems>
2022-07-11 15:19:56 +02:00
Fabian Kammel
be989851d7
Use supported image and start pipeline one hour earlier for less waiting in gcp e2e ( #264 )
2022-07-11 12:52:10 +02:00
Fabian Kammel
8a299b54a3
Temporarily ignore failing e2e tests ( #260 )
...
* ignore failing e2e tests on gcp
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-07-08 18:18:48 +02:00
Malte Poll
c4646191e2
Allow downgrade of azure cli package
2022-07-07 16:16:48 +02:00
Malte Poll
7411d04bcf
Pin azure cli to version 2.37.0
2022-07-07 16:16:48 +02:00
Malte Poll
adcd00c8e2
Install azure CLI from apt repo (bug was fixed)
2022-07-07 16:16:48 +02:00
Fabian Kammel
c279bb7a38
make signing keys optional in build step, since e2e test does not require signing ( #254 )
...
* make signing keys optional in build step, since e2e test does not require signing
2022-07-07 12:18:41 +02:00
Daniel Weiße
67c45f3d5b
CoreOS build pipeline fix ( #256 )
...
* Remove invalid build step
* Only upload Coordinator on main branch
Signed-off-by: daniel-weisse <dw@edgeless.systems>
2022-07-07 11:28:12 +02:00
Malte Poll
4f536c083d
remove duplicate coordinator name ( #255 )
...
* remove duplicate coordinator name
* Adjust if condition
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-07-06 16:41:48 +02:00
Fabian Kammel
c2359fa6c8
Fix/release process ( #253 )
...
* fix path to artifacts.
* add release step to docs
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-05 16:55:14 +02:00
Fabian Kammel
8383077a9b
Sign CLI & create release on v* tag ( #241 )
...
* Sign CLI & create release on v* tag
* Extended description to mention new feature in this action
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-07-04 12:16:11 +02:00
Otto Bittner
6949678ead
Invoke tests through ctest ( #230 )
...
Currently we define how tests should be executed in two places:
CMakeLists.txt and the CI related files.
With this commit the CI will invoke tests by calling ctest,
thus making it necessary to add and define testcases in cmake first.
As all tests starting with "integration-" or "unit-" are run,
new tests don't have to added to the CI, unless you want to define
a new category of test.
Also remove the etcd store test workflow as it's part of
test-integration now.
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 13:26:21 +02:00
Otto Bittner
5d293e355d
Build-as-a-Test & Abortable Workflows ( #231 )
...
* build cli on every PR
* build coordinator on every PR,
while only triggering image builds on main.
* abort previous runs of workflows if new commits are pushed
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 11:27:23 +02:00
Daniel Weiße
040e498b42
AB#2114 Add QEMU metadata API ( #237 )
...
* Add QEMU metadata API
* API server is started automatically when using terraform to deploy a QEMU cluster
* Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-30 11:14:26 +02:00
Daniel Weiße
b0aafd0c2a
Fix Docker builds ( #239 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-29 16:40:43 +02:00
Daniel Weiße
f9a581f329
Add aTLS endpoint to KMS ( #236 )
...
* Move file watcher and validator to internal
* Add aTLS endpoint to KMS for Kubernetes external requests
* Update Go version in Dockerfiles
* Move most KMS packages to internal
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-29 16:13:01 +02:00
Daniel Weiße
042f668d20
AB#2190 Verification service ( #232 )
...
* Add verification service
* Update verify command to use new Constellation verification service
* Deploy verification service on cluster init
* Update pcr-reader to use verification service
* Add verification service build workflow
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 17:03:28 +02:00
Fabian Kammel
e97eb1fa52
fix: buildvcs unable to fetch vcs information ( #228 )
2022-06-23 17:52:25 +02:00
Fabian Kammel
d856b0cd86
Feat/measurements in e2e ( #218 )
...
* Make e2e pipeline use the latest image available.
* Use pcr-reader to read & store measurements.
* buildvcs false in ci
* only notify teams on main
* plain yq syntax, since if already checks for csp
* previous version of yq requires explicit eval
* fix pcr-reader call
* actually pass variable between jobs
* fix typo
* Make order of images consistent.
* read measurements after create
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-20 10:30:59 +02:00
Daniel Weiße
84ca9e3070
Fix container image workflows
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 14:00:21 +02:00
Daniel Weiße
1c34792005
Fix variable name
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 11:03:47 +02:00
Daniel Weiße
3d041cab2b
Activation Service and KMS server image build pipeline ( #210 )
...
* AB#2171 Add kms server container image build pipeline
* AB#2172 Add activation service container image build pipeline
* Add manual workflow for building micro-service images
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 10:50:46 +02:00
Fabian Kammel
f7ba87135d
Fix/e2e fail on failure ( #208 )
2022-06-14 12:38:32 +02:00
Nils Hanke
82757ef2c0
Don't include labels in Docker image
2022-06-13 16:35:05 +02:00
Nils Hanke
f0b8412ef8
constellation-access-manager: Persistent SSH as ConfigMap ( #184 )
2022-06-13 16:23:19 +02:00
3u13r
430ab6ab1f
fix build coordinator workflow ( #190 )
...
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-06-01 17:17:37 +02:00
katexochen
2c8ccf881a
Update unit test workflow
2022-06-01 12:15:02 +02:00
Fabian Kammel
45bf9f15fb
always try to upload constellation state file ( #173 )
2022-05-23 14:43:32 +02:00
Daniel Weiße
10333def05
Fedora build instructions && and more reproducible builds ( #166 )
...
* Add Fedora build requirements
* Move cmake builds into docker
* Add Docker to requirements
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-05-23 10:35:14 +02:00
Moritz Eckert
e4a9be832c
Add cis benchmark to conformance test ( #165 )
...
* Add cis benchmark to conformance docs
* Update e2e workflow to include cis benchmarks
2022-05-19 14:57:21 +02:00
Fabian Kammel
7c2d1c3490
AB#2094 cloud provider specific configs ( #151 )
...
add argument to generate cloud specific configuration file
2022-05-18 11:39:14 +02:00
Paul Meyer
8e0f9491af
Create hack folder with independent modules ( #131 )
2022-05-17 11:14:23 +02:00
Fabian Kammel
5dc2e71d80
generate constellation config in e2e pipeline ( #147 )
2022-05-16 16:44:53 +02:00
Malte Poll
748eb0f96b
Create GCP images in "constellation-images" project
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-05-10 13:58:10 +02:00
Fabian Kammel
a879043f03
E2E Test CronJob ( #117 )
...
refactor e2e test into reusable action, so we can have manual & cron jobs. added cron for azure & gcp. failed jobs are reported to MS Teams.
2022-05-09 09:45:59 +02:00
katexochen
6a582a705f
Update e2e test regarding CLI changes
2022-05-04 17:14:03 +02:00
Fabian Kammel
f8f5d20f5b
E2E tests on Azure ( #109 )
2022-05-04 13:52:27 +02:00
Fabian Kammel
e8082eaaad
Move github actions README into docs folder, so root README gets rendered on repository level.
2022-05-03 12:13:07 +02:00
Fabian Kammel
b841403f15
e2e test github action implementation. ( #100 )
...
e2e test implementation with GitHub actions on GCP
2022-05-03 11:15:53 +02:00
Malte Poll
772c37d1a4
remove pinned (stale) coordinator binary from CoreOS Makefile
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-29 13:59:59 +02:00
Malte Poll
a2e19db70f
Set workflow input correctly when building coreOS image manually
...
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-04-25 10:31:10 +02:00
Benedict Schlüter
84a4ff08ff
coordinator-integrationtest: save all peer logs to tmp dir ( #63 )
...
Co-authored-by: 3u13r <lc@edgeless.systems>
2022-04-21 15:32:03 +02:00
Leonard Cohnen
4f6af8d304
remove aws image
2022-04-19 17:10:30 +02:00
Leonard Cohnen
7e990fb91a
disable AWS CI
2022-04-12 14:21:29 +02:00
Daniel Weiße
dfee5910b3
Add disk-mapper to build pipeline
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-04-11 15:41:51 +02:00
Daniel Weiße
5548cde22e
Add integration test workflows
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-04-11 15:41:51 +02:00
Leonard Cohnen
0dfeb04fb3
use manual workflow input
2022-03-24 17:23:45 +01:00
Daniel Weiße
752571bbf8
Upgrade go-cryptsetup to latest version
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-03-23 11:48:15 +01:00
Leonard Cohnen
656ad704d2
remove unused CI secrets
2022-03-23 11:40:54 +01:00
Leonard Cohnen
559133f40d
fix call-aws-enclave
2022-03-23 11:40:54 +01:00
Leonard Cohnen
ee331e91ba
fix aws build pipeline
2022-03-23 09:58:30 +01:00
Leonard Cohnen
2d8fcd9bf4
monorepo
...
Co-authored-by: Malte Poll <mp@edgeless.systems>
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
Co-authored-by: Benedict Schlueter <bs@edgeless.systems>
Co-authored-by: leongross <leon.gross@rub.de>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
2022-03-22 16:09:39 +01:00