Commit Graph

242 Commits

Author SHA1 Message Date
Markus Rudy
32d3b4e87c
ci: introduce keep-sorted (#2836)
Long lists of items in source code or config can be hard to work with as
a human, most problematic being out-of-order entries in an otherwise
ordered list. This is where keep-sorted comes to the rescue: we can
leave two little comments on every listing we care about, and
keep-sorted ensures that the listing stays in order.

This commit also applied keep-sorted to the CODEOWNERS file, hopefully
demonstrating its usefulness to some extent. I'd expect more uses for
keep-sorted to be discovered organically over time.

keep-sorted is super fast, so it should not be a problem to add it to
the //:tidy target, even if we scan all files in the code base. On my
MacBook:

$ time (find . -not -path "./.git/*" -type f | sort | xargs "${keep_sorted}" --mode fix)

real	0m0.249s
user	0m0.124s
sys	0m0.129s
2024-01-30 14:39:49 +01:00
Malte Poll
d3cffa9fee
image: update Linux to 6.1.74 (#2851) 2024-01-24 17:10:56 +01:00
Daniel Weiße
e350ca0f57
attestation: add Azure TDX attestation (#2827)
* Implement Azure TDX attestation primitives
* Add default measurements and claims for Azure TDX
* Enable Constellation on Azure TDX

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-24 15:10:15 +01:00
Malte Poll
64a4a2230d deps: update gazelle and rules_go 2024-01-22 13:11:58 +01:00
Malte Poll
e40d1e56d8 deps: update hermetic_cc_toolchain 2024-01-22 13:11:58 +01:00
Malte Poll
403acf75aa image: add mainline kernel and azure tdx image target 2024-01-16 17:34:44 +01:00
renovate[bot]
bacb8ff886
deps: update AWS SDK (#2809)
* deps: update AWS SDK

* deps: fix AWS SDK upgrade breakage

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Markus Rudy <mr@edgeless.systems>
2024-01-09 16:18:33 +01:00
Daniel Weiße
90f3336c8e
deps: remove go.mod files from submodules (#2769)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2024-01-08 13:19:38 +01:00
Markus Rudy
837b24bf54
versions: generate k8s image patches (incl etcd) (#2764)
* versions: generate k8s image patches (incl etcd)
2023-12-21 20:56:55 +01:00
renovate[bot]
37ec431fab
deps: update K8s dependencies (#2763)
* deps: update K8s dependencies

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-12-21 12:42:04 +01:00
renovate[bot]
1409d4aa3f
deps: update dependency aspect_bazel_lib to v2.0.3 (#2751)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 18:10:49 +01:00
renovate[bot]
110bf9103d
deps: update Constellation containers (#2760)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 18:03:44 +01:00
renovate[bot]
4f374fbeb2
deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 to v5 (#2748)
* deps: update module github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4 to v5
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-12-20 15:58:55 +01:00
renovate[bot]
db65f5116d
deps: update dependency rules_python to v0.27.1 (#2591)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 15:42:36 +01:00
Malte Poll
ae6b22a143
deps: update rules_oci to a pre-release version to fix memory leak (#2729)
rules_oci spawns local container registry processes and in the past,
those would not be cleaned up explicitly, leading to an accumulation
of processes when using remote execution with buildbarn.
This pre-release contains a fix: https://github.com/bazel-contrib/rules_oci/pull/421
Additionally, windows support for rules_oci was removed in this fork,
since it is currently broken.
2023-12-19 15:40:04 +01:00
renovate[bot]
6c5170da79
deps: update module golang.org/x/crypto to v0.17.0 [SECURITY] (#2736)
* deps: update module golang.org/x/crypto to v0.17.0 [SECURITY]
* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-12-19 08:53:15 +01:00
Malte Poll
f487c2a6d0 image: update Linux to 6.1.68
Changelogs:

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.65
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.66
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.67
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.68
2023-12-14 18:18:07 +01:00
Markus Rudy
ae00b0a198 installer: add support for data URLs
RFC 015 proposes the introduction of data URLs to materialize static
content to files on disk. This commit adds support for data URLs to the
installer. The corresponding content will be added to versions.go in a
subsequent commit.
2023-12-13 09:35:19 +01:00
renovate[bot]
6db0318b2f
deps: update module github.com/docker/docker to v24.0.7+incompatible [SECURITY] (#2541)
* deps: update module github.com/docker/docker to v24.0.7+incompatible [SECURITY]

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-12-12 13:34:28 +01:00
edgelessci
90d92e5b51 deps: tidy all modules 2023-12-08 13:59:51 +01:00
Malte Poll
c0d8508931
ci: fix repository name of shellcheck for linux arm64 (#2670) 2023-12-06 13:34:22 +01:00
Malte Poll
5e2cad34c9
image: update Linux to 6.1.64 (#2677)
Changelogs:

https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.63
https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.64
2023-12-05 09:35:48 +01:00
Malte Poll
4ca88cd779 bazel: remove bazeldnf and pinned rpms 2023-12-01 09:35:33 +01:00
Malte Poll
cd6e03049a libvirt: build containerized libvirt as nix container image 2023-12-01 09:35:33 +01:00
Moritz Sanft
34bf3ad296
terraform-provider: add image datasource (#2642)
* terraform-provider: init

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: add basic docgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: fix build steps

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: extend build process and docgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* dev-docs: document provider usage

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: upload aspect lib mirror

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: don't try to create lockfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: fix shellcheck issues

* bazel: separate paths to check

* terraform-provider: clean up old files

* terraform-provider: update provider resource

* terraform-provider: add image data source

* dev-docs: remove unnecessary init

* bazel: adhere to Terraform naming expectations

* terraform-provider: fix expected data type

* terraform-provider: generate docs

* terraform-provider: improve errors

* terraform-provider: add acceptance tests for data source

* terraform-provider: fix dependencies

* bazel: quote var reference

* terraform-provider: make region optional

* terraform-provider: bind imagefetcher to data source

* bazel: tidy

* terraform-provider: remove unused parameter

* terraform-provider: remove unused parameter

* terraform-provider: extend acceptance tests

* terraform-provider: allow tests to be ran without Bazel

* dev-docs: document testing

* terraform-provider: set binary path accordingly

* dev-docs: document docgen process for the provider

* bazel: run acceptance test in writable environment

* bazel: try to write to `$TMPDIR`

* terraform-provider: style nits

* terraform-provider: leave TODO

* bazel: tidy

* terraform-provider: regenerate docs

* terraform-provider: fix comment

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-27 09:00:08 +01:00
Moritz Sanft
9a62657b80
terraform-provider: init provider scaffolding (#2632)
* terraform-provider: init

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: add basic docgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: fix build steps

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: extend build process and docgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* dev-docs: document provider usage

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: upload aspect lib mirror

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: add docstring to fix linter

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: don't try to create lockfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: fix shellcheck issues

* bazel: separate paths to check

* bazel: explain what updating lockfiles means

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: fix linter checks

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-24 15:58:21 +01:00
Malte Poll
d3ce6ffcc1
deps: update module github.com/hashicorp/* (#2626) 2023-11-22 09:35:00 +01:00
Malte Poll
73eba88c70
Revert "deps: update rules_oci to 1.4.2 (#2616)" (#2618)
This reverts commit 52f7afe6e5.
2023-11-20 16:18:15 +01:00
Malte Poll
52f7afe6e5
deps: update rules_oci to 1.4.2 (#2616) 2023-11-20 14:19:05 +01:00
edgelessci
02b4ba8413 deps: update dependency bazel_skylib to v1.5.0 2023-11-14 14:04:16 +01:00
edgelessci
b7ed4347d5 deps: update dependency hermetic_cc_toolchain to v2.1.3 2023-11-14 14:04:16 +01:00
renovate[bot]
f1edce0413 deps: update bazel (core) 2023-11-14 14:04:16 +01:00
renovate[bot]
1ad995e637
deps: update bufbuild/buf to v1.28.0 (#2589)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-11-14 09:08:12 +01:00
renovate[bot]
afed1b2330
deps: update golangci/golangci-lint to v1.55.2 (#2593)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-11-14 09:07:05 +01:00
Malte Poll
f79d5e8b08
deps: update linux kernel to 6.1.62 (#2582) 2023-11-13 14:54:53 +01:00
renovate[bot]
5af6ee058c
deps: update module k8s.io/kubernetes to v1.27.5 [SECURITY] (#2548)
* deps: update module k8s.io/kubernetes to v1.27.5 [SECURITY]

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-11-13 10:43:12 +01:00
Malte Poll
955c16a57d deps: upgrade rules_nixpkgs 2023-11-10 18:15:59 +01:00
renovate[bot]
7eb28e4f6e
deps: update module github.com/google/go-tpm-tools to v0.4.2 (#2374)
* deps: update module github.com/google/go-tpm-tools to v0.4.2

* deps: tidy all modules

* remove go-tpm-tools replace

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-08 09:09:00 +01:00
renovate[bot]
8e00fb9fe1
deps: update golangci/golangci-lint to v1.55.1 (#2517)
* deps: update golangci/golangci-lint to v1.55.1
* deps: tidy all modules
* golangci-lint: exclude ginko/gomega imports
   from dot-imports rule

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-11-02 11:16:17 +01:00
renovate[bot]
026ed5b642
deps: update module github.com/google/uuid to v1.4.0 (#2530)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-27 16:20:37 +02:00
renovate[bot]
c50840dcd8
deps: update module github.com/onsi/ginkgo/v2 to v2.13.0 (#2516)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-27 13:32:47 +02:00
renovate[bot]
bac7e8b4f9
deps: update module helm.sh/helm/v3 to v3.13.1 (#2521)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-27 13:31:54 +02:00
renovate[bot]
cd93eb6886
deps: update module google.golang.org/api to v0.148.0 (#2519)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-27 09:59:26 +02:00
renovate[bot]
fff35bdb2a
deps: update module google.golang.org/grpc to v1.59.0 (#2520)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 16:59:11 +02:00
renovate[bot]
0030280d1b
deps: update module github.com/fsnotify/fsnotify to v1.7.0 (#2518)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 15:33:23 +02:00
renovate[bot]
f9989728f7
deps: update module google.golang.org/grpc to v1.56.3 [SECURITY] (#2514)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-26 08:20:40 +02:00
renovate[bot]
936f55f4b0
deps: update module go.uber.org/goleak to v1.3.0 (#2509)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-25 17:39:41 +02:00
renovate[bot]
15d249092c
deps: update github.com/gophercloud/utils digest to 80377ec (#2495)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-24 15:35:59 +02:00
renovate[bot]
ecbf6dcd14
deps: update bufbuild/buf to v1.27.1 (#2497)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-24 15:34:34 +02:00
Adrian Stobbe
5819a11d25
api: for Azure attestationconfigapi use TCB values from SNP report instead of MAA token (#2429) 2023-10-17 17:36:50 +02:00