Commit Graph

670 Commits

Author SHA1 Message Date
Daniel Weiße
f74f589605
ci: add containerized libvirt build workflow (#1130)
* Add libvirt container build workflow

* Update release workflow

* Update image libvirt base image

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-02 14:40:05 +01:00
Fabian Kammel
64c4b1f766
allow workflow to create pr (#1132)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-02-01 16:54:12 +01:00
Malte Poll
b7d3f3972b ci: add bazel tests 2023-01-31 17:55:09 +01:00
renovate[bot]
bec82c2328
deps: update GitHub action dependencies (#1112)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 17:38:44 +01:00
Paul Meyer
e5a2e519a3 ci: fix hasher permissions
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 17:36:45 +01:00
Paul Meyer
e0354826e0 ci: trigger builds on workflow change
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 17:17:03 +01:00
Otto Bittner
176f366c53 ci: fix manual keyservice build workflow 2023-01-31 16:53:46 +01:00
Paul Meyer
c00004a321 ci: fix oras download in package hasher
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 15:06:13 +01:00
Fabian Kammel
c14e551af5
fix permissions (#1119)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-31 14:30:36 +01:00
Otto Bittner
24409fe6ee ci: ensure that unittests are run when touching helm charts
In case the helm charts are changed only yaml files are touched.
Thus the unit test workflow was not triggered.
2023-01-31 11:36:49 +01:00
Otto Bittner
88e3da750e ci: adjust tags in build_ko
Currently tags can be empty when building a ko image.
However, --bare may not work in case --tags is empty,
as per ko docs.

Also remove redundant build step in release pipeline.

Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-01-31 10:16:20 +01:00
Fabian Kammel
b21393ddb1
authorize purge branch (#1113)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-30 17:55:41 +01:00
leongross
2187aa6cb0
ci: reproducible builds integration (#1108)
* remove `-ko` suffix from workflows
* integrate into `release.yaml`
* adjust helm charts to use hard coded `ko` binary path
2023-01-30 16:58:49 +01:00
Fabian Kammel
48c8a66114
Minimal GitHub Action token permissions. (#1104)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-30 16:11:27 +01:00
Paul Meyer
32a540bff4 ci: tag apko base images
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 16:05:00 +01:00
Paul Meyer
8268b6e23f ci: don't build apko base images on release branch
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 16:05:00 +01:00
Paul Meyer
88b4bc5857 ci: pin apk packages used in container base image
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 16:05:00 +01:00
renovate[bot]
17ff8c43d7
deps: update GitHub action dependencies (#1099)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 16:12:26 +01:00
Paul Meyer
8364856d55 versions: remove Kubernetes v1.23
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 13:32:20 +01:00
Paul Meyer
ccd3a08eca ci: improve readability of GitHub lables
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-26 18:29:38 +01:00
renovate[bot]
6c068674af
deps: update GitHub action dependencies (#1085)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-26 15:22:33 +01:00
Paul Meyer
4bb1bb7595 ci: fix value substitution in pr messages
of release workflow

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-26 12:44:05 +01:00
Paul Meyer
bb419bdee5 ci: use peter-evans' action to create prs
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-25 18:39:15 +01:00
Malte Poll
ee869eaf9c ci: prepare upgrade-agent for upload in e2e tests 2023-01-25 09:58:56 +01:00
Malte Poll
ce17a0c9ac ci: set debug flag explicitly in os build pipeline 2023-01-25 09:58:56 +01:00
3u13r
f950fded9a
ci: add testdata trigger to unittest (#1063) 2023-01-24 11:39:26 +01:00
Paul Meyer
f5de2b7fc6 ci: move scheduled build into own workflow
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-23 14:15:05 +01:00
Paul Meyer
94c0184e4d ci: add workflow for proto code generation check
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-23 12:20:37 +01:00
Paul Meyer
a8cbfd848f
keyservice: use dash in container name (#1016)
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-01-20 18:51:06 +01:00
Fabian Kammel
582412d275
Fix GCP CCM build, add v26, and exclude old broken versions until fixed. (#1038)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-20 15:17:00 +01:00
Paul Meyer
a31d79e9cb ci: curl flags
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-20 14:23:32 +01:00
Paul Meyer
71708a967c ci: run tests on workflow file change
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-19 16:47:47 +01:00
Paul Meyer
acc3f64dee ci: only build apko base images on change
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-19 15:18:26 +01:00
Paul Meyer
5dc080c3b3 ci: only run CodeQL on main
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-19 12:16:40 +01:00
Moritz Sanft
ae2db08f3a
ci: add e2e test for constellation recover (#845)
* AB#2256 Add recover e2e test

* AB#2256 move test & fix minor objections

* AB#2256 fix path

* AB#2256 rename hacky filename
2023-01-19 10:41:07 +01:00
Paul Meyer
2cee7cb454 ci: run CodeQL only on Go/Python changes
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-19 10:34:36 +01:00
Nils Hanke
4e9c49c342
ci: move Syft & Grype installation into an action (#1011) 2023-01-18 17:33:10 +01:00
renovate[bot]
30b22cd17f
Update GitHub action dependencies (#1007)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-18 17:04:46 +01:00
Paul Meyer
8e18c7012c ci: install shellcheck using the action
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-18 17:02:40 +01:00
Nils Hanke
fc2a285270
ci: fix CLI SBOM generation (#1005) 2023-01-18 11:36:39 +01:00
Paul Meyer
411dfed18f ci: unified order and style of workflows/actions
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-18 10:57:42 +01:00
Paul Meyer
41690288a1 ci: remove unneeded brackets in if statements
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-18 10:57:42 +01:00
Fabian Kammel
85f33b2140
ci: fix scorecard/pinned-dependencies findings (#967)
* fix scorecard/pinned-dependencies findings
* make renovate update go install
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-17 16:12:23 +01:00
Fabian Kammel
8f88129cac
Configure CodeQL and scorecard workflow. (#986)
* Configure CodeQL and scorecard workflow.
* Fix CodeQL finding.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-17 14:01:47 +01:00
Malte Poll
fa7bac3868
ci: switch gcp accounts to oidc (#983) 2023-01-16 18:15:17 +01:00
Paul Meyer
d39cf1cd6e ci: fix cron tab mismatch
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 17:33:17 +01:00
Paul Meyer
2241e41fcf ci: delete old images of all streams on ref main
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 14:57:13 +01:00
Paul Meyer
3393e458e0 ci: schedule os image builds
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 14:55:24 +01:00
Paul Meyer
98040ff89c ci: run shellfmt and shellcheck on changes in /image
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 14:49:33 +01:00
Paul Meyer
d37bd077d8 ci: delete old images from main ref
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 13:52:11 +01:00
Paul Meyer
4a6c64a02f ci: copy versionsapi binary from container to host
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 13:52:11 +01:00
Otto Bittner
4239191b0d ci: remove residual references to "kms" 2023-01-16 12:43:03 +01:00
Malte Poll
938f114086
ci: implement "console" stream for OS images (#969)
* image: add AUTOLOGIN environment variable to conditionally enable serial console login
* ci: implement "console" stream for OS images
* debugd: remove serial console login access code
2023-01-16 12:20:01 +01:00
Otto Bittner
90b88e1cf9 kms: rename kms to keyservice
In the light of extending our eKMS support it will be helpful
to have a tighter use of the word "KMS".
KMS should refer to the actual component that manages keys.
The keyservice, also called KMS in the constellation code,
does not manage keys itself. It talks to a KMS backend,
which in turn does the actual key management.
2023-01-16 11:56:34 +01:00
leongross
c36a009188
ci: reproducible builds ko (no gcp) (#871)
* add ko build actions and worklflows
* add apko build actions and worklflows
* add .ko.yaml file
* add apko image definitions
* add signing container, add signing sboms, add uploading sboms
2023-01-13 16:38:31 +01:00
Paul Meyer
5cb10aef45 ci: find latest image with versionsapi action
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-13 10:23:43 +01:00
Paul Meyer
6d6ef99f11 ci: run versionsapi as docker action
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-13 10:23:43 +01:00
Paul Meyer
8cfa402c9a ci: refactor titles of prs made by bots
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-13 10:08:51 +01:00
Paul Meyer
5782e0c884 ci: deactivate dryrun of image deletion
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-12 13:43:42 +01:00
Paul Meyer
d0e9f427d1
deps: update Go to v1.19.5 (#949)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-12 13:36:17 +01:00
Malte Poll
7cc8f2c884 ci: manual e2e: github.event.inputs -> inputs 2023-01-12 13:24:07 +01:00
Malte Poll
5ba1b6780b ci: auto detect if released OS images should be marked as "latest" 2023-01-12 13:24:07 +01:00
Malte Poll
67be4016f5 ci: generate signed measurements for QEMU 2023-01-12 13:24:07 +01:00
Malte Poll
d851623c0d ci: implement second half of release checklist 2023-01-12 13:24:07 +01:00
Malte Poll
142af75776 ci: implement second half of release checklist 2023-01-12 13:24:07 +01:00
Malte Poll
49288f5d30 ci: use explicit input to choose cosign key for OS image measurements 2023-01-12 13:24:07 +01:00
Malte Poll
16d27b5157 ci: update hardcoded measurements during release pipeline 2023-01-12 13:24:07 +01:00
Malte Poll
3077dd4f27 ci: implement first half of release checklist 2023-01-12 13:24:07 +01:00
Paul Meyer
c1e776a1a2
ci: join macos with normal tests (#933)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-11 14:27:18 +01:00
Leonard Cohnen
e9da70fde9 ci: remove versions manifest 2023-01-11 11:10:44 +01:00
Paul Meyer
e9442ac1ce
deps: update and pin github.com/katexochen/sh (#922)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-11 10:17:31 +01:00
renovate[bot]
9fbf298565
Update actions/cache action to v3.2.3 (#909)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 18:30:41 +01:00
Paul Meyer
6a20d18082 ci: change gcp image and image family names
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 17:06:59 +01:00
Paul Meyer
00ca87a7ec ci: fix versionsapi workflow remove cmd
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 17:02:45 +01:00
Paul Meyer
8643c791f0 ci: add missing secrets to purge branch workflow
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 16:17:31 +01:00
Paul Meyer
636567d65a ci: add purge branch workflow
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 13:54:19 +01:00
Paul Meyer
dc73411301 hack: remove build-manifest
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 13:15:09 +01:00
Moritz Sanft
ecdc465a42
AB2564 Add constellation verify e2e test (#875) 2023-01-09 08:54:41 +01:00
renovate[bot]
f62f8e5d79
Update GitHub action dependencies (#902)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 17:35:54 +01:00
renovate[bot]
32b839e9f7
Update GitHub action dependencies (#877)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 16:17:51 +01:00
Leonard Cohnen
94694c6e06 operator: add v2 to package name 2023-01-05 14:52:09 +01:00
Paul Meyer
f9458950cb
versionsapi: change image path (#856)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 17:07:16 +01:00
Paul Meyer
f720726074 ci: fix rebuild loop of microservice images
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 16:01:12 +01:00
Paul Meyer
3561a16819 ci: replace add-version through versionsapi cli
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 11:39:19 +01:00
Paul Meyer
195fe27870 ci: add versionsapi workflow
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 11:39:19 +01:00
renovate[bot]
d2c04ecc40
Update GitHub action dependencies (#848)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-03 10:09:02 +01:00
3u13r
473e16feb2
image: add upgrade-agent (#827) 2022-12-29 17:50:11 +01:00
Paul Meyer
c7ecf13e7f ci: fix workflows with tokens running on forks
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-23 11:39:09 +01:00
Paul Meyer
caed4ff287 ci: print image in find-image action
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-21 18:39:03 +01:00
Paul Meyer
582615dfb3 ci: enable manual e2e runs on any git ref
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-21 18:39:03 +01:00
Fabian Kammel
83f09e1058
implement e2e test lb (#815)
* implement e2e test lb
* add lb e2e test to weekly schedule
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-12-21 10:49:21 +01:00
Thomas Tendyck
990cae58a5 ci: don't checkout head ref for PRs from forks 2022-12-19 16:09:40 +01:00
Paul Meyer
58a5c47d30 ci: update pinned hashes on renovate updates
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-16 10:43:33 +01:00
Fabian Kammel
b718e92d1d
update slsa-verifier (#803)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-12-15 09:45:46 +01:00
Fabian Kammel
6564fcbf6c
E2E Test Mini Constellation (#796)
* fix: typo to build amd64 for macos
* Implement E2E test for mini constellation
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-12-14 16:51:42 +01:00
Malte Poll
a1d59df1c3
Release action: Do not fail if "latest" is not set (#793) 2022-12-14 14:59:06 +01:00
renovate[bot]
5967b98c25
Update GitHub action dependencies (#778)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-14 14:55:14 +01:00
Paul Meyer
6862c2587f kubernetes: add v1.26, default to v1.25
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-13 16:08:19 +01:00
Malte Poll
e207081274
adopt changes from linux e2e tests on macOS (#790) 2022-12-13 10:06:36 +01:00
Malte Poll
fed31c304a Release CLI: Fix upload path 2022-12-12 17:45:35 +01:00
Malte Poll
3f6817653b Match pki set and key 2022-12-12 17:45:35 +01:00
Malte Poll
6154a5ef68 OS build pipeline: Correctly choose PKI set 2022-12-12 17:45:35 +01:00
Malte Poll
4a8ebfd921 OS images: use "ref", "stream" and "version"
Switch azure default region to west us
Update find-image script to work with new API spec
Add version for every os image build
generate measurements: Use new API paths
CLI: config fetch measurements: Use image short versions to fetch measurements
CLI: allows shortnames to specify image in config
Image build pipeline: Change paths to contain "ref" and "stream"
2022-12-09 13:37:43 +01:00
renovate[bot]
e371e4499f
Update GitHub action dependencies (#765)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 11:10:23 +01:00
Paul Meyer
24f6c3807b ci: no link checking on main
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-08 11:42:03 +01:00
Paul Meyer
3cc2a714a4
dependencies: upgrade to Go v1.19.4 (#732)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-07 14:27:43 +01:00
Paul Meyer
5ba5d9d683
ci: unpin slsa-github-generator action digest (#734)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 17:07:27 +01:00
Paul Meyer
176dae317f debugd: fix logcollector container image naming
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-05 13:16:45 +01:00
Paul Meyer
474f7ad356 ci: build logcollector images
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:54:24 +01:00
Paul Meyer
e6c4bb3406 ci: build microservices on change of pkg internal
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 11:14:58 +01:00
renovate[bot]
998c8ee889
Update GitHub action dependencies (#701)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 10:33:19 +01:00
Malte Poll
b9fd8237b9
manual e2e tests: Add option to keep embedded measurements (#698) 2022-12-01 15:43:40 +01:00
Paul Meyer
4249050116 e2e: find default image if no input image specified
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 15:23:27 +01:00
Paul Meyer
cbd5a4a118 ci: print image version in summary
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 13:25:53 +01:00
Paul Meyer
8004edcc14
image: add version and debug field to lookup table (#682)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 11:51:33 +01:00
Malte Poll
3aa51df74d Add release trigger to make image versions available via CDN 2022-11-30 12:35:12 +01:00
Leonard Cohnen
954cbad214 ci: build qemu-metadata api 2022-11-30 12:28:37 +01:00
Paul Meyer
688003cdd9 ci: fix hcl lock files on renovate branch
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 18:47:30 +01:00
Paul Meyer
48e0b3a9cd ci: check hcl lock files are up to date
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 18:47:30 +01:00
renovate[bot]
2e2bcb15e1
Update GitHub action dependencies (#665)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 14:06:18 +01:00
Fabian Kammel
c71fd89e80
Provenance for CLI (#647)
* provenance generation for cli
* document provenance generation for CLI
* include CLI SBOM in provenance
Co-authored-by: 3u13r <lc@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-25 16:13:20 +01:00
Nils Hanke
89b25f8ebb
Add new generate measurements matrix CI/CD action (now with AWS support) (#641) 2022-11-25 12:08:24 +01:00
Malte Poll
3dc9c60864 e2e tests: use new image versions 2022-11-23 15:47:46 +01:00
Paul Meyer
947920d4f5
Revert "warn about function argument count over 5 (#558)" (#620)
This reverts commit 1110ccd270.
2022-11-22 14:20:11 +01:00
renovate[bot]
fa2919e285
Update softprops/action-gh-release action to v0.1.15 (#607)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-21 15:08:53 +01:00
Malte Poll
efaa0622a8 Include image version in mkosi builds 2022-11-18 10:37:45 +01:00
Malte Poll
74aabe86fa Move PCR[8] -> PCR[12] 2022-11-18 10:37:45 +01:00
Malte Poll
239b9f6c26 Upgrade images to Fedora 37 2022-11-18 10:37:45 +01:00
renovate[bot]
f5f6be1c56
Update actions/download-artifact action to v3 (#583)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-18 08:55:56 +01:00
Fabian Kammel
1110ccd270
warn about function argument count over 5 (#558)
* warn about function argument count over 5
* only on new code
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-17 17:31:00 +01:00
Malte Poll
78481b32e8
Move image artifacts "/v1/" => "/constellation/v1" (#579) 2022-11-17 16:14:38 +01:00
Paul Meyer
9c405ceb02 ci: use shfmt fork
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 16:10:13 +01:00
renovate[bot]
827b62c2be
Update GitHub action dependencies (#568)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-17 11:37:00 +01:00
Paul Meyer
c61f6211f9 ci: use fixed renovate bot email for commits
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 11:28:49 +01:00
Paul Meyer
3fd678492f ci: fix shellfmt workflow name
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 11:28:49 +01:00
Malte Poll
cdaf1fc476
OS Image Build pipeline: prepare lookup tables and additional artifacts (#560) 2022-11-16 15:45:10 +01:00
Leonard Cohnen
2f0b1a0f32 ci: add go generate check 2022-11-15 18:24:07 +01:00
Leonard Cohnen
9b89e5cf10 ci: don't check cilium links 2022-11-15 18:24:07 +01:00
Paul Meyer
80a801629e e2e: deactivate fail-fast for e2e daily
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-15 12:44:52 +01:00
renovate[bot]
c71eeffd1e
Update module github.com/sigstore/rekor to v1.0.1 (#543)
* Update module github.com/sigstore/rekor to v1.0.1
* quotes around string with spaces
* [bot] Tidy all modules
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: datosh <datosh@users.noreply.github.com>
2022-11-15 12:18:01 +01:00
Malte Poll
9f6a8ffd4c Allow listing separate args for shfmt 2022-11-14 14:02:29 +01:00
renovate[bot]
c76d0672f8
Update golangci/golangci-lint-action action to v3.3.1 (#542)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-14 10:43:54 +01:00
Paul Meyer
4f66519fb0 ci: improve shellfmt workflow code
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 16:50:21 +01:00
Paul Meyer
09969afd57 ci: fix workflows
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 16:38:29 +01:00
Paul Meyer
38cc2c1ab0 ci: add actionlint workflow
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 16:38:29 +01:00
Paul Meyer
a7535fb449 ci: add shellfmt workflow
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 15:53:57 +01:00
renovate[bot]
fd9dfb500d
Update actions/checkout digest to 5c3ccc2 (#527)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 15:03:14 +01:00
Paul Meyer
fb6f425696 ci: checkout with head ref
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 14:00:11 +01:00
renovate[bot]
1fc663efc9 Update actions/checkout action to v3 2022-11-11 14:00:11 +01:00
Paul Meyer
eb66767a62 ci: decrease severity level of shellcheck
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:40:13 +01:00
Paul Meyer
7eb9d8a57c e2e: add AWS test to schedule
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Paul Meyer
11672acf0a e2e: add AWS test
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Paul Meyer
f6b3ef6a57 ci: login azure only if needed
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Paul Meyer
1ec9316521 ci: rename actions
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Fabian Kammel
b92b3772ca
Remove access manager (#470)
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-11 08:44:36 +01:00
renovate[bot]
8e8ce070b7
Update google-github-actions/setup-gcloud action to v1 (#524)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-10 18:29:30 +01:00
Nils Hanke
a7e81aef73
Update GitHub workflow runners to Ubuntu 22.04 (#513)
* Update all GitHub action runners to ubuntu-22.04
* Fix license checker script for grep >3.4
2022-11-10 16:55:24 +01:00
Malte Poll
e9fecec0bc Only publish release AMIs 2022-11-09 14:29:58 +01:00
renovate[bot]
c18feaaace
Update lycheeverse/lychee-action action to v1.5.4 (#492)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-09 11:10:46 +01:00
Paul Meyer
d3bad39223
e2e: fix deletion of persisten volumes (#476)
Co-authored-by: Christoph Meyer <cme@edgeless.systems>
2022-11-09 10:28:34 +01:00
renovate[bot]
05f4b8698b
Update ludeeus/action-shellcheck digest to 6d3f514 (#485)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:38:48 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch (#479)
* Bump version to v2.2.0

* Update changelog

* Fix release detection in pipeline

* Fix PKI selection in pipeline

* Set enforced measurements for AWS

* Update default images

* Fix release docs

* Update mini-con defaults

* Fix measurements action

* Fix syft env variable naming

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-08 18:32:59 +01:00
Paul Meyer
46e4ddd8c6 ci: don't run cli reference gen on release branch
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 17:07:29 +01:00
renovate[bot]
efa2fb2fd0
Update anchore/sbom-action action to v0.13.1 (#463)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 17:42:09 +01:00
Malte Poll
ed58fcccd3
CI: Add secure boot prod keys (#462)
* Add production secure boot keys
* Refactor OS build and upload settings
2022-11-04 16:48:52 +01:00
Nils Hanke
b24c799c80 Replace specific Azure/GCP credentials with secrets 2022-11-04 12:57:24 +01:00
Nils Hanke
ee20ff8950 Replace E2E Azure RM credentials with secrets 2022-11-04 12:57:24 +01:00
Nils Hanke
28b2d84684 Add AzureRM authentication environment variables for PCR action 2022-11-04 12:57:24 +01:00
renovate[bot]
88110ff5f3
Update github actions dependencies (#450)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-04 11:58:54 +01:00
Malte Poll
4a7024c469
Make AMI public on creation (#426) 2022-11-03 15:22:51 +01:00
Paul Meyer
ac3768bbc9 e2e: add k-bench to weekly run
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-02 18:47:16 +01:00
Nils Hanke
6d2ec109d0 Update to Go 1.19.3 2022-11-02 11:53:52 +01:00
renovate[bot]
f60120bbbc
Update github actions dependencies (#420)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-02 11:00:40 +01:00
Malte Poll
2842328457
Update mkosi to version 14 (#391) 2022-11-02 10:14:42 +01:00
Christoph Meyer
f4ff473677 AB#2191 Add K-Bench CI step to manual workflow
Add the option to run K-Bench performance to the manual CI workflow
Install CSI drivers in the cluster for K-Bench benchmarks
Attach the results to the workflow in the GitHub Actions view
2022-11-01 12:27:25 +01:00
Otto Bittner
30bdbd9b85
Add helm unittests (#380) 2022-10-31 19:25:02 +01:00
Paul Meyer
3933a97567 e2e: rework schedule of e2e test daily/weekly
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-31 18:22:05 +01:00
renovate[bot]
4aa2069655
Update github actions dependencies (#397)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-10-31 10:26:17 +01:00
Paul Meyer
050223e4c5 e2e: add nop payload to only test infra creation
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-28 17:46:37 +02:00
Malte Poll
9297a4e8a2
Normalize naming: "sonobuoy fast" -> "sonobuoy quick" (#389) 2022-10-28 11:01:31 +02:00
Paul Meyer
95b8531fdd Add e2e autoscaling test
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 18:39:08 +02:00
Paul Meyer
8aa84fd759 Remove installation of preinstalled dependencies
in workflows

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 18:39:08 +02:00
renovate[bot]
acc82b205a
Update github actions dependencies (#366)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-26 15:48:35 +02:00
Malte Poll
f65475b2b2 Use fine grained GitHub PAT to commit "go mod tidy" fixes 2022-10-26 14:44:09 +02:00
Paul Meyer
4cbec82edf Test operator code generation is up to date
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-25 16:50:46 +02:00
Malte Poll
2bf2cc6391
Use versioned Azure login action (#353)
* Use versioned Azure login action
* Pin github actions to git tags
2022-10-21 16:23:29 +02:00
Fabian Kammel
18ae86c38e
sbom signing (#303)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-21 15:19:51 +02:00
renovate[bot]
10a207c7ec Update github actions dependencies 2022-10-21 11:33:41 +02:00
Malte Poll
b57b25fdaa Image upload AWS 2022-10-21 11:04:25 +02:00
Malte Poll
743f5fa627 Remove all traces of CoreOS from the codebase 2022-10-21 11:04:25 +02:00
Malte Poll
35e2267cf9 Move mkosi folder to old image folder location 2022-10-21 11:04:25 +02:00
Malte Poll
26fdfa4bee Prefill PCR[11], PCR[12], PCR[13], PCR[15] 2022-10-21 11:04:25 +02:00
Malte Poll
6859c6b00e Precalculate expected PCR[8] 2022-10-21 11:04:25 +02:00
Malte Poll
1e9608c796 Precalculate expected PCR[4] 2022-10-21 11:04:25 +02:00
Malte Poll
f4e69ec6ec mkosi pipeline: Collect hashes 2022-10-21 11:04:25 +02:00
Malte Poll
34367ea3cc Create mkosi image build pipeline 2022-10-21 11:04:25 +02:00
Fabian Kammel
21436e6592
use release cosign key only when releasing (#331)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-20 15:59:17 +02:00
Paul Meyer
2685b5be1f Let tfsec fail soft in CI
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-20 10:44:43 +02:00
Paul Meyer
a6b0edfcaa Tidy modules on renovate branches
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-19 10:51:44 +02:00
Paul Meyer
7c13302936 Checkout branch instead of head commit
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-19 10:51:44 +02:00
Paul Meyer
0e79af6f14 Run tests on push to release branch
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 17:02:16 +02:00
renovate[bot]
ed98b0205b
Update github actions dependencies (#311)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 13:54:53 +02:00
Otto Bittner
62168bbf98 AB#2490: Add KMS helm chart
* Also run helm-lint in CI now
2022-10-18 13:33:37 +02:00
renovate[bot]
84fcf8d7f2
Update github actions dependencies (#294)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 13:00:41 +02:00
renovate[bot]
ccaad5e482
Update github actions dependencies (#274) 2022-10-17 11:14:41 +02:00
Malte Poll
c16f5a976d
AB#2365 Upgrade k8s base deployments (add full support for k8s 1.25) (#277)
* Add container image release for CCM GCP v25.2.0
* Upgrade versions of kubernetes base components
2022-10-17 08:58:13 +02:00
Malte Poll
0f57f03846
Allow concurrent actions on the same branch. (#281)
Actions are free for public repos and we want to see every CI failure
2022-10-14 17:47:46 +02:00
katexochen
f3d7ebb61f Change Azure auth method for manual test 2022-10-14 17:04:44 +02:00
Malte Poll
e7118223fe
Downgrade vale action (#280) 2022-10-14 15:32:38 +02:00
Paul Meyer
8cf8b5db12
Change Azure auth method for e2e test (#276) 2022-10-14 14:44:32 +02:00
Malte Poll
6c9e18a6b5 Run code tests on go.mod and go.sum changes 2022-10-14 10:50:32 +02:00
renovate[bot]
3c34757274 Update actions/cache action to v3.0.11 2022-10-14 09:17:00 +02:00
renovate[bot]
2d767b02c1
Update hashicorp/setup-terraform digest to a2a0e9d (#254)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-13 17:34:28 +02:00
renovate[bot]
f90e8fc35a
Update actions/checkout digest to 8230315 (#246)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-13 16:54:43 +02:00
renovate[bot]
078dc1eb8f
Update aquasecurity/tfsec-pr-commenter-action digest to d9fa643 (#247)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-13 16:49:33 +02:00
katexochen
41c42f547f Add tfsec workflow 2022-10-13 14:54:19 +02:00
katexochen
a00743e892 Add Terraform validation workflow 2022-10-13 14:54:19 +02:00
renovate[bot]
f032508c54
Configure Renovate (#237)
* Configure renovate
* pin remaining github actions
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-13 14:41:55 +02:00
Fabian Kammel
7ee8f65889
Delete dependabot and prepare renovate (#238)
* Delete microserivce template.
* Remove dependabot config
* Prepare renovate by adopting GitHub actions syntax
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-12 18:05:58 +02:00
katexochen
dbd71eebd9 Fix replace deprecated set-output syntax 2022-10-12 11:51:09 +02:00
katexochen
1f290af09b Add dispatch trigger to all workflows 2022-10-12 11:32:19 +02:00
katexochen
49f233246c Replace deprecated set-output syntax 2022-10-12 11:32:19 +02:00
katexochen
baeaf9f0c5 Fix macos e2e test 2022-10-10 13:43:15 +02:00
Leonard Cohnen
2a7c6ba052 bump gcp guest agent in workflow 2022-10-10 13:43:15 +02:00
Leonard Cohnen
0c651c55dd increase control plane count during e2e tests 2022-10-07 03:44:24 +02:00
Nils Hanke
803209b12b
Update Go to 1.19.2 (#219) 2022-10-06 19:31:12 +02:00
katexochen
9edfc2f6ba Move k8s version window up 2022-10-06 19:16:20 +02:00
Paul Meyer
e4963b0511
Deactivate cache for tidycheck workflow (#216) 2022-10-06 11:19:15 +02:00
dependabot[bot]
2e93b354e4 Bump actions/cache from 3.0.8 to 3.0.10
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.8 to 3.0.10.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](fd5de65bc8...56461b9eb0)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-10-05 02:02:48 -07:00
dependabot[bot]
fdd4425974
Bump actions/checkout from 3.0.2 to 3.1.0 (#210)
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](2541b1294d...93ea575cb5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-10-05 09:24:36 +02:00
Otto Bittner
0eb4a7831b AB#2413: Add workflow for snp-report-verify
* Extend azure-snp-report-verify to also report fw SVNs.
* Add workflow based on azure-cvm to get maa-jwt and
verify it on a second runner.
2022-09-21 10:58:10 +02:00
Daniel Weiße
95873d6a15
Run macos builds as separate jobs (#174)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-09-20 13:43:46 +02:00
katexochen
788cfd9bd9 Remove autoscaling from workflows 2022-09-20 13:41:23 +02:00
katexochen
7f2608c623 Update operator workflow 2022-09-20 13:41:23 +02:00
katexochen
7eb245d7ee Checkout last instead of merge commit in workflows 2022-09-19 14:02:59 +02:00
katexochen
bce85324c2 Add go-tidy-check workflow 2022-09-19 14:02:59 +02:00
Nils Hanke
de1268ffb9 Pin cache action against specific commit 2022-09-19 04:49:55 -07:00
Nils Hanke
979164ab37 CI: Remove GOPRIVATE from actions 2022-09-19 01:09:56 -07:00
Nils Hanke
c8b22e87e3 CI: Add cdbg/debugd unit tests for macOS 2022-09-19 01:09:56 -07:00
Nils Hanke
52d1afaf0b CI: Consolidate multi-OS & multi-arch builds into one job 2022-09-19 01:09:56 -07:00
Nils Hanke
1dad1631ca E2E: Add manual macOS E2E test 2022-09-19 01:09:56 -07:00
Nils Hanke
711532158f E2E: Fix TEAMS_JOB_NAME for manual test 2022-09-19 01:09:56 -07:00
Nils Hanke
707cbf83b4 CI: Add macOS CLI unit tests 2022-09-19 01:09:56 -07:00
Nils Hanke
2c344a35e2 CI: Test multi-arch CLI builds on push 2022-09-19 01:09:56 -07:00
Nils Hanke
7338563d14 CI/E2E: (Re)move redunant setup steps 2022-09-19 01:09:56 -07:00
Thomas Tendyck
7b7c4b3246 docs: fix CLI reference heading 2022-09-16 15:57:50 +02:00
katexochen
5db3a426a5 Add govulncheck action 2022-09-14 13:07:04 +02:00
Nils Hanke
79229e04df Create seperate create measurement action 2022-09-14 01:22:18 -07:00
Nils Hanke
9f246d3cc6 E2E: Don't sign & measure E2E built CLI binaries 2022-09-14 01:22:18 -07:00
Nils Hanke
472ba642b7 E2E: Build OSS CLI by default 2022-09-14 01:22:18 -07:00
katexochen
ebd9472866 Use go.work for CI workflows 2022-09-13 15:58:38 +02:00
katexochen
f55524a8d3 Run golangci-lint for all submodules 2022-09-13 15:58:38 +02:00
Leonard Cohnen
c1427123d9 fix azure release image naming 2022-09-12 19:03:01 +02:00
Felix Schuster
ebb8d7ca96
Rewrite install.md and create verify-cli.md (#124)
* Rewrite install.md and create verify-cli

* Small beautification

* Address review comment

* Shorten examples.md

* Quick brush over examples

* Fix broken links in v2.0

* Fix broken links in v2.0

* fix lint errors

Co-authored-by: Thomas Tendyck <tt@edgeless.systems>
2022-09-12 18:35:12 +02:00
dependabot[bot]
a527a88586
Bump azure/login from 1.4.5 to 1.4.6 (#125) 2022-09-12 06:17:39 +00:00
Nils Hanke
0949393dbb Update build environment to Fedora 36 & Go 1.19.1 2022-09-09 18:11:33 +02:00
Nils Hanke
56accc7766 CI: Simplify "Generate reference docs" step 2022-09-09 11:24:59 +02:00
Nils Hanke
9a560847f7 CI: Remove obsolete checkout for old docs repo 2022-09-09 11:24:59 +02:00
Nils Hanke
9c8ba7b153 CI: Trigger CLI action on cli/cmd & cli/internal/cmd changes 2022-09-09 11:24:59 +02:00
Moritz Eckert
653b01499d
Pin docs actions to sha (#105) 2022-09-09 09:51:42 +02:00
Malte Poll
bd6c6ce836 e2e-tests: include k8s 1.25 2022-09-05 16:57:28 +02:00
Thomas Tendyck
a09c53a700
tidy link checking (#63)
* tidy link checking

* Update .github/docs/release.md

Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>

Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
2022-09-05 16:08:00 +02:00
Malte Poll
3c0e2239d2 e2e-test azure: ignore unused parameter
Signed-off-by: Malte Poll <mp@edgeless.systems>
2022-09-05 12:13:24 +02:00
katexochen
1741c2d941 e2e: Fix machine type 2022-09-05 12:13:24 +02:00
katexochen
d0a3c2d3d1 e2e: Fix reintroduced Azure error 2022-09-05 12:13:24 +02:00
Malte Poll
45a1134915
Change default branch of constellation-fedora-coreos-config repo (#72) 2022-09-05 12:12:34 +02:00
Nils Hanke
3c7d76f5a6 Run link checker only when Markdown & HTML files have been changed 2022-09-05 10:36:14 +02:00
Thomas Tendyck
95ff987bfc add license 2022-09-05 09:17:25 +02:00
Thomas Tendyck
517302e4dc limit workflows to paths or filetypes 2022-09-05 08:51:36 +02:00
katexochen
43924c7318 e2e: Silence curl 2022-09-02 19:08:33 +02:00
katexochen
9076404b06 Fix manual e2e test 2022-09-02 19:08:33 +02:00
Fabian Kammel
2f871578b2
first implementation of SBOM generation (#50)
* first implementation of SBOM generation
* updated dependencies as per grype report
* hack: go mod tidy
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-09-02 16:49:59 +02:00
Nils Hanke
39eb58b403 E2E: Use default VM machine type when not overriden 2022-09-02 07:04:11 -07:00
katexochen
b256222b42 e2e: Use default shell parameters 2022-09-02 15:20:25 +02:00
katexochen
ef8130a918 e2e: Enable parallel runs on Azure 2022-09-02 15:20:25 +02:00
katexochen
3c123d9fec e2e: Fix cleanup on error/cancel 2022-09-02 15:20:25 +02:00
katexochen
90b4067523 e2e: Run tests on GitHub instead of local runner 2022-09-02 15:20:25 +02:00
Moritz Eckert
b95f3dbc91
Add docs to repo (#38) 2022-09-02 11:52:42 +02:00
Moritz Eckert
db942ee4b5
Update references to docs (#36) 2022-09-01 09:27:25 +02:00
katexochen
7c7a4699bc Azure e2e tests with manual creds 2022-08-31 14:10:08 +02:00
Daniel Weiße
f38f85b3bf
Run binary builds in parallel (#28)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 12:37:18 +02:00
Nils Hanke
fc10b3419d
Build release CLI for Linux arm64 (#29) 2022-08-31 12:27:26 +02:00
Daniel Weiße
b27e205399
Use 4 vCPU instances by default (#24)
* Use 4 vcpu instances by default

* Remove 2 vcpu instance type option

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-31 10:33:33 +02:00
Fabian Kammel
66d8c8037b
Release/v0.0.1 (#20)
* bump images to 0.0.1
* add gh cli commands
* varibale with default value should not be required
* update release docs
* build and upload version manifest as part of release
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-30 15:54:35 +02:00
Nils Hanke
87e68961dd Add GCP ServiceAccount to E2E test 2022-08-30 04:26:21 -07:00
Nils Hanke
a8cc8a5859 Disable golangci-lint cache 2022-08-29 02:25:04 -07:00
Fabian Kammel
d972f053f9 AB#2287 Public image sharing in Azure (#350)
Trusted launch VM images in original SIG, additional SIG for community images for CVM
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-26 17:34:46 +02:00
Paul Meyer
904ea06214 Update golangci-lint workflow (#396) 2022-08-24 14:55:55 +02:00
dependabot[bot]
a07e3bfaf4 Bump actions/setup-go from 3.2.1 to 3.3.0 (#399) 2022-08-24 09:59:35 +00:00
Moritz Eckert
94460654e7 Apply feedback for readme (#389)
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2022-08-23 13:46:06 +02:00
Fabian Kammel
33626986fe Feat/cli multi os arch (#390)
* Implement multi arch/os pipeline
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-23 13:43:20 +02:00
Malte Poll
cdcbed6ff9 Re-add build-cli workflow 2022-08-19 18:29:10 +02:00
Malte Poll
f16e4bd5f9 e2e test manual: upload measurements 2022-08-19 18:22:55 +02:00
Malte Poll
f7cc72215e manual e2e test: allow parallel runs 2022-08-19 18:22:55 +02:00
Malte Poll
e841d9201b Use Azure CVMs in e2e tests 2022-08-19 18:22:55 +02:00
Malte Poll
2d87db3914 Update pseudo-version script to determine future release version based on branch name 2022-08-19 18:22:55 +02:00
Malte Poll
92e4e4d95a manual operator pipeline (#383) 2022-08-19 15:19:08 +02:00
Fabian Kammel
4176f038df Generate CLI reference also for sub-commands (#374)
* include all subcommands
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-08-17 16:58:36 +02:00
Malte Poll
abb4fb4f0f Build GCP guest agent from github actions in constellation repo 2022-08-16 08:47:58 +02:00
3u13r
9478303f80 deploy cilium via helmchart (#321) 2022-08-12 10:20:19 +02:00
Otto Bittner
2f925b5955 Add clone3-workaround to bootstrapper build container
The previously encountered error about misconfigured seccomp
filters is mitigated with the workaround added in this commit.
See the repo in the comment for detailed information on
the bug itself.
2022-08-10 17:17:23 +02:00
Otto Bittner
919a2165ae Run e2e test container on edgserver with privileged
The seccomp filter applied by docker presumably
stops curl from working correctly as the glibc changed the
way it creates processes (switch from clone to clone3).
The backwards compatibility layer of glibc does not work
correctly with docker's seccomp filter, making it necessary to
give the container privileged access.
2022-08-10 09:58:43 +02:00
Otto Bittner
c42e79ecfe AB#2281: Run e2e tests on latest debug image (#354)
* e2e tests now execute on the latest debug image available by default
* e2e-manual workflow now takes an optional image reference to run on
* isDebugImage is a flag that has to be set in case
you are running a debug image
2022-08-09 15:29:39 +02:00
Malte Poll
aee3f2afa2 Run tests for different projects in parallel 2022-08-09 10:29:04 +02:00
Malte Poll
1df2a20a36 CI: build and upload node operator 2022-08-09 10:29:04 +02:00
Otto Bittner
1b9600c307 AB#2266: Test all supported version with e2e-tests
* e2e-test workflows execute two hours earlier.
* Run quick-mode e2e tests for the two older versions we support.
This triggers every night, together with the existing e2e tests.
Idea here is that we know that a cluster can be setup and initialized.
* Run full e2e tests for the two older versions each sunday.
* Do not abort manual e2e runs. This allows for parallel runs.
* Run unprivileged container
2022-08-09 10:02:15 +02:00
dependabot[bot]
2e71e6c740 Bump docker/build-push-action from 3.1.0 to 3.1.1 (#348)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.1.0 to 3.1.1.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](1cb9d22b93...c84f382811)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-08 15:39:00 +02:00
Otto Bittner
6ef0f5d06b Remove "debug" from gcp image name.
Debug already is part of the family name.
2022-08-05 15:50:26 +02:00
Malte Poll
3b0b3f0335 Use local CoreOS assembler image instead of ghcr 2022-08-05 12:37:22 +02:00
dependabot[bot]
9741c0e6b1 Bump docker/build-push-action from 2.10.0 to 3.1.0 (#338)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.10.0 to 3.1.0.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](ac9327eae2...1cb9d22b93)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-05 08:53:01 +02:00
dependabot[bot]
68cea57880 Bump docker/metadata-action from 3.8.0 to 4.0.1 (#337)
Bumps [docker/metadata-action](https://github.com/docker/metadata-action) from 3.8.0 to 4.0.1.
- [Release notes](https://github.com/docker/metadata-action/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](b2391d37b4...69f6fc9d46)

---
updated-dependencies:
- dependency-name: docker/metadata-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-08-05 08:52:51 +02:00
Daniel Weiße
5c00dafe9b Fix CoreOS pipeline (#336)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-04 09:24:21 +02:00
Daniel Weiße
5da92d9d8b AB#2249 Rework image build pipeline (#326)
* Rework image build pipeline

* Dont cancel workflow runs on main

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-08-03 16:01:36 +02:00
Malte Poll
d3435b06a2 AB#2283 Build CCM GCP from github actions in constellation repo (#334)
* Build CCM GCP from github actions in constellation repo
* Deploy correct version of GCP CCM
2022-08-03 11:46:11 +02:00
Otto Bittner
5a2809aca2 Disable automatic image builds (#310)
We only need new images for bootstrapper changes
for each release. Between releases we can use debug images.
For releases we have to build images manually anyway.
Therefore, let's not build these images unnecessarily.
2022-07-28 09:56:49 +02:00
Thomas Tendyck
244426305d fix integration test workflow 2022-07-26 15:59:04 +02:00
Thomas Tendyck
aa0a07592b check licenses (#297)
* AB#2222 check licenses of dependencies

* AB#2222 check-licenses: use setup-go
2022-07-26 11:49:13 +02:00
dependabot[bot]
f57a7e3ed0 Bump docker/setup-buildx-action from 1.7.0 to 2 (#285)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 1.7.0 to 2.
- [Release notes](https://github.com/docker/setup-buildx-action/releases)
- [Commits](f211e3e9de...dc7b9719a9)

---
updated-dependencies:
- dependency-name: docker/setup-buildx-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-25 12:14:17 +02:00
dependabot[bot]
b57e9cf92a Bump docker/login-action from 1.14.1 to 2 (#284)
Bumps [docker/login-action](https://github.com/docker/login-action) from 1.14.1 to 2.
- [Release notes](https://github.com/docker/login-action/releases)
- [Commits](dd4fa0671b...49ed152c8e)

---
updated-dependencies:
- dependency-name: docker/login-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-07-21 09:45:54 +02:00
Fabian Kammel
085f548333 GitHub action pin-by-hash & dependabot (#283)
* remove Sunday and Monday morning runs, little value
* run test lint on main, as we do for all linters
* fixup outdated instructions
* use version hash instead of tags
* use dependabot for github actions
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-20 10:48:01 +02:00
Fabian Kammel
e315a3b5d8 AB#2070 automatic cli ref update (#272)
* automatically update cli reference branch in docs repository
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-15 10:23:52 +02:00
Malte Poll
cce2611e2a Simplify node lock and various small changes
Co-authored-by: Fabian Kammel <fabian@kammel.dev>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2022-07-14 17:25:18 +02:00
Malte Poll
260d2571c1 Only upload kubeadm certs if key is rotated
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: 3u13r <lc@edgeless.systems>
2022-07-14 17:25:18 +02:00
katexochen
66b573ea5d Bootstrapper 2022-07-14 17:25:18 +02:00
katexochen
1af18e990d Rename all activation 2022-07-14 17:25:18 +02:00
katexochen
916e5d6b55 Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
Fabian Kammel
00dfff6840 AB#2158 publish measurements (#268)
* cleaned up actions and new measure action to generate, sign and upload measurements
* improve constellation ip fetching to support multiple control nodes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-07-13 14:04:46 +02:00
Fabian Kammel
be989851d7 Use supported image and start pipeline one hour earlier for less waiting in gcp e2e (#264) 2022-07-11 12:52:10 +02:00
Fabian Kammel
8a299b54a3 Temporarily ignore failing e2e tests (#260)
* ignore failing e2e tests on gcp
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-07-08 18:18:48 +02:00
Malte Poll
c4646191e2 Allow downgrade of azure cli package 2022-07-07 16:16:48 +02:00
Malte Poll
7411d04bcf Pin azure cli to version 2.37.0 2022-07-07 16:16:48 +02:00
Malte Poll
adcd00c8e2 Install azure CLI from apt repo (bug was fixed) 2022-07-07 16:16:48 +02:00
Daniel Weiße
67c45f3d5b CoreOS build pipeline fix (#256)
* Remove invalid build step

* Only upload Coordinator on main branch

Signed-off-by: daniel-weisse <dw@edgeless.systems>
2022-07-07 11:28:12 +02:00
Malte Poll
4f536c083d remove duplicate coordinator name (#255)
* remove duplicate coordinator name
* Adjust if condition
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2022-07-06 16:41:48 +02:00
Fabian Kammel
8383077a9b Sign CLI & create release on v* tag (#241)
* Sign CLI & create release on v* tag
* Extended description to mention new feature in this action

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-07-04 12:16:11 +02:00
Otto Bittner
6949678ead Invoke tests through ctest (#230)
Currently we define how tests should be executed in two places:
CMakeLists.txt and the CI related files.
With this commit the CI will invoke tests by calling ctest,
thus making it necessary to add and define testcases in cmake first.
As all tests starting with "integration-" or "unit-" are run,
new tests don't have to added to the CI, unless you want to define
a new category of test.
Also remove the etcd store test workflow as it's part of
test-integration now.

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 13:26:21 +02:00
Otto Bittner
5d293e355d Build-as-a-Test & Abortable Workflows (#231)
* build cli on every PR
* build coordinator on every PR,
  while only triggering image builds on main.
* abort previous runs of workflows if new commits are pushed
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
2022-06-30 11:27:23 +02:00
Daniel Weiße
040e498b42 AB#2114 Add QEMU metadata API (#237)
* Add QEMU metadata API

* API server is started automatically when using terraform to deploy a QEMU cluster

* Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-30 11:14:26 +02:00
Daniel Weiße
b0aafd0c2a Fix Docker builds (#239)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-29 16:40:43 +02:00
Daniel Weiße
f9a581f329 Add aTLS endpoint to KMS (#236)
* Move file watcher and validator to internal

* Add aTLS endpoint to KMS for Kubernetes external requests

* Update Go version in Dockerfiles

* Move most KMS packages to internal

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-29 16:13:01 +02:00
Daniel Weiße
042f668d20 AB#2190 Verification service (#232)
* Add verification service

* Update verify command to use new Constellation verification service

* Deploy verification service on cluster init

* Update pcr-reader to use verification service

* Add verification service build workflow

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-28 17:03:28 +02:00
Fabian Kammel
e97eb1fa52 fix: buildvcs unable to fetch vcs information (#228) 2022-06-23 17:52:25 +02:00
Daniel Weiße
84ca9e3070 Fix container image workflows
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 14:00:21 +02:00
Daniel Weiße
1c34792005 Fix variable name
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 11:03:47 +02:00
Daniel Weiße
3d041cab2b Activation Service and KMS server image build pipeline (#210)
* AB#2171 Add kms server container image build pipeline

* AB#2172 Add activation service container image  build pipeline

* Add manual workflow for building micro-service images

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-06-15 10:50:46 +02:00
Fabian Kammel
f7ba87135d Fix/e2e fail on failure (#208) 2022-06-14 12:38:32 +02:00
Nils Hanke
82757ef2c0 Don't include labels in Docker image 2022-06-13 16:35:05 +02:00
Nils Hanke
f0b8412ef8 constellation-access-manager: Persistent SSH as ConfigMap (#184) 2022-06-13 16:23:19 +02:00
3u13r
430ab6ab1f fix build coordinator workflow (#190)
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-06-01 17:17:37 +02:00
katexochen
2c8ccf881a Update unit test workflow 2022-06-01 12:15:02 +02:00