Commit Graph

130 Commits

Author SHA1 Message Date
Adrian Stobbe
212aa64f10
ci: add conformance test to weekly (#3230) 2024-07-25 17:38:17 +02:00
Daniel Weiße
b781a75af7
ci: run performance e2e tests using nightly image (#3272)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-07-25 16:25:56 +02:00
Thomas Tendyck
399376d3e3
Make SEV-SNP the default attestation variant on GCP (#3267)
* Make SNP the default on GCP

* fixup! Make SNP

* fixup! Make SNP
2024-07-22 13:29:27 +02:00
Moritz Sanft
74e0f44230
chore: v2.17.0 post-release (#3229)
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2024-07-04 11:17:55 +02:00
Markus Rudy
c911eb4e3a
versions: default to k8s v1.29, support k8s v1.30, EOL v1.27 (#3173)
* versions: remove k8s 1.27 and patch-upgrade the others

* versions: add support for k8s 1.30.2

* versions: upgrade cloud provider images
2024-06-19 17:34:34 +02:00
renovate[bot]
9cd1184244
deps: update GitHub action dependencies (#3176)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-06-19 15:19:41 +02:00
Moritz Sanft
3efd50a518
ci: bump origin versions of upgrade tests (#3158) 2024-06-10 14:04:00 +02:00
Daniel Weiße
66aa8a8d52
ci: adjust performance benchmark to run on different attestation variants (#3129)
* Create perf bench artifacts based on attestation variant, not CSP
* Enable perf bench on gcp-sev-snp, azure-tdx and AWS

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-06-04 13:23:07 +02:00
miampf
fbdc8f6e85
ci: clean up failed miniconstellation e2e tests (#3109) 2024-05-31 13:51:55 +02:00
Daniel Weiße
3834373fd2
ci: disable perf-bench test for gcp-sev-snp (#3127)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-28 16:25:37 +02:00
renovate[bot]
80917921e3
deps: update GitHub action dependencies (#3123)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-24 11:04:23 +02:00
renovate[bot]
73d86c25df
deps: update azure/login action to v2 (#3097)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-15 09:05:50 +02:00
renovate[bot]
d76c9ac82d
deps: update GitHub action dependencies (#3086)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-13 10:42:07 +02:00
Malte Poll
03475b60b3
ci: disable BuildBuddy (#3077) 2024-05-10 11:14:45 +02:00
renovate[bot]
adf03ad76c
deps: update GitHub action dependencies (#3070)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2024-05-08 14:33:35 +02:00
Daniel Weiße
259e85d9c1
ci: reduce noise from warnings (#3055)
* Fix whitespace errors
* Remove usage of external action to URI encode component
* Upgrade Azure login action to v2.1
* Remove GitHub actions warning when running e2e test with NOP payload
* Only try to upload updated tf state if it exists
* Upgrade out of date aws credential actions

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-05-03 08:17:40 +02:00
miampf
0c0d87aa4c
ci: Delete e2e terraform state (#2874) 2024-04-26 10:06:01 +00:00
Daniel Weiße
056f991f58
ci: add missing permission for e2e-windows test in weekly run (#3037)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-22 15:21:56 +02:00
Moritz Sanft
35e19a45bb
ci: disable SEV-SNP tests that need stable images (#3031) 2024-04-17 09:12:52 +02:00
Moritz Sanft
913b09aeb8
Support SEV-SNP on GCP (#3011)
* terraform: enable creation of SEV-SNP VMs on GCP

* variant: add SEV-SNP attestation variant

* config: add SEV-SNP config options for GCP

* measurements: add GCP SEV-SNP measurements

* gcp: separate package for SEV-ES

* attestation: add GCP SEV-SNP attestation logic

* gcp: factor out common logic

* choose: add GCP SEV-SNP

* cli: add TF variable passthrough for GCP SEV-SNP variables

* cli: support GCP SEV-SNP for `constellation verify`

* Adjust usage of GCP SEV-SNP throughout codebase

* ci: add GCP SEV-SNP

* terraform-provider: support GCP SEV-SNP

* docs: add GCP SEV-SNP reference

* linter fixes

* gcp: only run test with TPM simulator

* gcp: remove nonsense test

* Update cli/internal/cmd/verify.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update docs/docs/overview/clouds.md

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update terraform-provider-constellation/internal/provider/attestation_data_source_test.go

Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>

* linter fixes

* terraform_provider: correctly pass down CC technology

* config: mark attestationconfigapi as unimplemented

* gcp: fix comments and typos

* snp: use nonce and PK hash in SNP report

* snp: ensure we never use ARK supplied by Issuer (#3025)

* Make sure SNP ARK is always loaded from config, or fetched from AMD KDS
* GCP: Set validator `reportData` correctly

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* attestationconfigapi: add GCP to uploading

* snp: use correct cert

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: enable fetching of attestation config values for GCP SEV-SNP

* linter fixes

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2024-04-16 18:13:47 +02:00
Daniel Weiße
cddbba1898
ci: bump fromVersion for e2e tests to v2.16.2 (#3016)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-04-08 11:13:44 +02:00
Malte Poll
c513c3f40c ci: v2.16 post-release cleanup 2024-02-29 18:36:07 +01:00
Malte Poll
2300a31276 deps: update all 3rdparty github actions 2024-02-21 17:53:53 +01:00
Moritz Sanft
68cfa0addf
ci: update fromVersion to v2.15.1 (#2914) 2024-02-16 13:35:57 +01:00
Moritz Sanft
d5e4435e3d
ci: reduce amount of regular tests (#2885)
* .github: add e2e test to pr checklist

* ci: use sonobuoy quick where possible

* ci: run malicious join test on release

* ci: remove self managed infra test

* ci: remove non-example terraform test from weekly

* ci: run Sonobuoy full on the latest k8s version weekly

* ci: run weekly sonobuoy quick on all k8s versions

* ci: don't run double sonobuoy tests on latest k8s version
2024-02-01 15:05:07 +01:00
Adrian Stobbe
9b547bced0
ci: v2.15 post-release cleanup (#2881)
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2024-01-31 16:45:20 +01:00
Adrian Stobbe
3799525103
ci: set board fields for tf example test (#2867) 2024-01-29 16:45:26 +01:00
Daniel Weiße
d372130bfd
ci: safely set attestation variant in OpenSearch URL (#2864)
* Add attestation variant to notify hooks
* Quote all inputs in OpenSearch URL
* Add clusterCreation field to OpenSearch URL
* Omit empty fields in OpenSearch URL

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-29 11:52:41 +01:00
Daniel Weiße
65d28f913f Allow starting e2e tests based on attestation variant instead of csp
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-26 17:06:28 +01:00
Adrian Stobbe
77276cb4ca
add provider example test to weekly (#2840) 2024-01-25 11:09:27 +01:00
Malte Poll
a8bca88eeb
k8s: add 1.29, remove 1.26, default 1.28 (#2803)
undefined
2024-01-08 16:53:12 +01:00
Daniel Weiße
8c1972c335
ci: fix artifact upload in image build pipeline (#2765)
* Fix parameter expansion when uploading multiple files
* On download, ensure target directory exists
* Rename encryption-secret -> encryptionSecret
* Remove incorrect secret access from e2e test action
* Add missing checkout action to workflows using our download action
* Fix spacing
* Fix upload action uploading whole directory structure instead of target files
* Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-21 19:28:18 +01:00
renovate[bot]
dcf1b88a29
deps: update actions/checkout action to v4 (#2752)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 16:10:35 +01:00
miampf
a429ca50e7
ci: encrypt artifacts (#2567) 2023-12-20 14:17:49 +00:00
Markus Rudy
54c2fa1b3d ci: start v2.15-pre window 2023-12-20 08:52:18 +01:00
Daniel Weiße
724ee44466
ci: Terraform provider e2e tests (#2712)
* Refactor selfManagedInfra input to clusterCreation in e2e tests
* Run e2e test using terraform provider
* Allow insecure measurement fetching in Terraform provider
* Run Terraform provider test instead of module test in weekly runs

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-15 10:37:29 +01:00
Adrian Stobbe
37580009fe
terraform-provider: cleanup and improve docs (#2685)
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-12-14 15:47:55 +01:00
Daniel Weiße
43f47cc5c5
ci: fix service accounts introduced by merge (#2652)
* Fix service accounts introduced my merge
* Remove GCP_E2E_PROJECT placeholders

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-28 10:54:58 +01:00
Daniel Weiße
45f6eec0d0
ci: add missing shell in notify action (#2646)
* Add missing shell
* Remove old teams notify action

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-11-28 09:41:01 +01:00
Daniel Weiße
97aea98e77
ci: update GCP service accounts for CI (#2629)
* Update CI to use different GCP project for e2e tests
* Update GCP image project service accounts
* Update default GCP bucket name for image builds

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-27 13:04:41 +01:00
Otto Bittner
46f563c7ca ci: call TCB upload step for AWS 2023-11-24 15:49:48 +01:00
Daniel Weiße
5e9e3de1a1
ci: start v2.14-pre window (#2610)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-17 10:34:35 +01:00
Daniel Weiße
6d6ef66a31
ci: refactor teams notification action (#2600)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-15 08:48:13 +01:00
Moritz Sanft
8e4feb7e2a
terraform: add Terraform module for Azure (#2566)
* add Azure Terraform module

* add maa-patching command to cli

* refactor release process

* factor out image fetching to own action

* add CI

* generate

* fix some unnecessary changes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use `constellation maa-patch` in ci

* insecure flag when using debug image

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only update maa url if existing

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* make node group zone optional on aws and gcp

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] register updated workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Revert "[remove] register updated workflow"

This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace.

* create MAA

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* make maa-patching only run on azure

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add comment

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* require node group zone for GCP and AWS

* remove unnecessary bazel action

* stamp version to correct file

* refer to `maa-patch` command in docs

* run Azure test in weekly e2e

* comment / naming improvements

* remove sa_account resource

* disable spellcheck ot use "URL"

* `create_maa` variable

* don't write maa url to config

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* default to nightly image

* use input ref and stream

* fix command check

* don't set region in weekly e2e call

* patch maa if url is not empty

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove `create_maa` variable

* remove binaries

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove undefined input

* replace invalid attestation URL error message

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* fix punctuation

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* skip hidden commands in clidocgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* enable spellcheck before code block

* move spellcheck trigger out of info block

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix workflow dependencies

* let image default to CLI version

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-11-13 18:46:20 +01:00
Adrian Stobbe
22d82a59ed
terraform: Terraform module for GCP (#2553) 2023-11-10 13:32:18 +01:00
Adrian Stobbe
cea6204b37
terraform: Terraform module for AWS (#2503) 2023-11-08 19:10:01 +01:00
Otto Bittner
a19227cac9 s3proxy: initial e2e tests and workflows 2023-11-06 10:21:11 +01:00
Malte Poll
76d7d30245
ci: do not upload terraform logs (#2554) 2023-11-04 19:14:29 +01:00
Moritz Sanft
8d08ace0b5
ci: mark self-managed infrastructure tests (#2537)
* mark self-managed infrastructure tests

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add TODO

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-10-30 14:33:58 +01:00
Moritz Sanft
402a8834ca
ci: add e2e test for self-managed infrastructure (#2472)
* add self-managed infra e2e test

* self-managed terminatio

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix upgrade test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix indentation

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use -r when copying dir

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add terraform variable parsing

* copy constellation conf

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove unnecessary line breaks

* add missing value

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add image fetching for CSP

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix quoting

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing input to internal lb test

* normalize Azure URLs.. Of course

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix expressions

* initsecret to hex

* update hexdump cmd

* add build test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add node / pod cidr outputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* explicitly delete the state file

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing license header

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* always write all outputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix list output

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove state-file and admin-conf on destroy

* dont use test payload

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] use self managed infra in manual e2e for testing

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* init: always skip infrastructure phase

* patch maa in workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* default to Constellation-created infra in e2e test

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-10-27 09:37:26 +02:00