Commit Graph

721 Commits

Author SHA1 Message Date
Malte Poll
33d53a1da9
ci: remove python from codeql (#2451) 2023-10-13 12:37:13 +02:00
3u13r
9e1a0c06bf
Deps: bump Go to 1.21.3 (#2450)
* build: override go version to 1.21.3

* build: re-enable cachix

* ci: set $USER if not set
2023-10-12 16:11:02 +02:00
Malte Poll
e80e6076b4 ci: install nix together with Bazel 2023-10-12 14:42:24 +02:00
Malte Poll
d22f53d7cc bazel: always use nix 2023-10-12 14:42:24 +02:00
renovate[bot]
a1c84cb080
deps: update GitHub action dependencies (#2437)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-10-11 13:49:50 +02:00
Malte Poll
02c04f057f
ci: start v2.13-pre window (#2426) 2023-10-10 18:33:04 +02:00
Daniel Weiße
8bb23c373b
ci: ensure API is only updated if image and measurements are uploaded (#2413)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-10-06 14:34:06 +02:00
Malte Poll
b4fb8439d0
ci: use larger runners for os image pipeline (#2399) 2023-10-04 10:13:43 +02:00
Malte Poll
627a4b6cbb ci: enable nix binary cache 2023-09-29 14:09:58 +02:00
Malte Poll
055fb32918 ci: stop using raw "go run" 2023-09-29 14:09:58 +02:00
Malte Poll
85b4101dc3
deps: update go to 1.21.1 (#2389) 2023-09-28 22:29:14 +02:00
Malte Poll
1da5153627 ci: use nix + mkosi during os image build 2023-09-27 17:58:19 +02:00
Moritz Sanft
f4b2d02194
ci: collect cluster metrics to OpenSearch (#2347)
* add Metricbeat deployment to debugd

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* set metricbeat debugd image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix k8s deployment

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use 2 separate deployments

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only deploy via k8s in non-debug-images

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing tilde

* remove k8s metrics

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* unify flag

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add cloud metadata processor to filebeat

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* ci: fix debugd logcollection (#2355)

* add missing keyvault access role

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bump logstash image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bump filebeat / metricbeat image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* log used image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use debugging image versions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* increase wait timeout for image upload

* add cloud metadata processor to filebeat

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix template locations in container

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix image version typo

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add filebeat / metricbeat users

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove user additions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update workflow step name

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only mount config files

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* document potential rc

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix IAM permissions in workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix AWS permissions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* tidy

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing workflow input

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* rename action

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* pin image versions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove unnecessary workflow inputs

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add refStream input

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove inputs.yml dep

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* increase system metric period

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linkchecker

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-09-27 16:17:31 +02:00
renovate[bot]
9c1e6295d4 deps: update dependency cryptography to v41.0.4 [SECURITY] 2023-09-27 13:28:08 +02:00
Daniel Weiße
7aba42baa5
ci: add more filters to e2e failure OpenSearch links (#2358)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-09-26 13:17:59 +02:00
3u13r
b9f1a0c17d
ci: don't pull from detached head (#2335) 2023-09-26 11:15:28 +02:00
Paul Meyer
f5ddcf984e ci: recreate coverage report on push
This keeps the report in focus for PRs with longer discussion and
repeated pushes.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-09-26 10:36:32 +02:00
3u13r
8f5a2867b4
ci: remove verify test for macos during release (#2338) 2023-09-25 13:51:08 +02:00
Daniel Weiße
33c9f16e82
ci: add missing notification hook for MiniConstellation test (#2352)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-09-22 13:25:20 +02:00
Moritz Sanft
0a28cdecb2
ci: add malicious join test (#2304)
* malicious node join test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add e2e build tag

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add namespaces to job apply

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix image and workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter checks

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* build instructions in Dockerfile

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only print important flags

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use `malicious-join` namespace

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* build with bazel

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* order imports

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* test cases

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* various fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add missing quotes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix typo

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Update e2e/malicious-join/malicious-join.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* Update e2e/malicious-join/malicious-join.go

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* use switch case

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update image version

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter checks

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* wip

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* various fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* update buildfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use workdir

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix linter

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add required permissions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove permissions

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove packages: write permission at step

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* login to registry

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix typo

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix log

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* source base lib

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix sourcing order

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* export after definition

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix script header

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* dont exit after -e flag has been set

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-09-15 17:21:42 +02:00
3u13r
0982587a4d
chore: bump version.txt (#2334)
* chore: bump version.txt

* ci: bump upgrade version
2023-09-14 14:42:16 +02:00
Malte Poll
7376c6a998
ci: remove aspect workflows (#2324) 2023-09-08 14:19:14 +02:00
3u13r
6cb506bca7
deps: bump go version (#2318) 2023-09-08 10:19:07 +02:00
Daniel Weiße
442f904ceb
ci: don't automatically create git tag in release pipeline (#2316)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-09-07 08:47:01 +02:00
Otto Bittner
d3c940a6a0
ci: use virtee project for sev-snp-measure-go (#2307)
Our port is part of the virtee org. Lets use it to keep it up-to-date.
2023-09-06 14:02:53 +02:00
Otto Bittner
97dc15b1d1 staticupload: correctly set invalidation timeout
Previously the timeout was not set in the client's constructor, thus the
zero value was used. The client did not wait for invalidation.
To prevent this in the future a warning is logged if wait is disabled.

Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2023-09-04 11:20:13 +02:00
Otto Bittner
7ffa1344e3 Configapi: pipeline to run e2e test for CLI
Co-authored-by: Paul Meyer <pm@edgeless.systems>
2023-09-04 11:20:13 +02:00
Daniel Weiße
f3218f4197
ci: fix incorrect signing key for sbom signature and wrong public key in release artifacts (#2296)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-09-01 16:40:09 +02:00
Daniel Weiße
a4d6016ae5
ci: make sure permissions to terminate cluster are always set for e2e upgrade (#2298)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-09-01 16:15:13 +02:00
Paul Meyer
11efc8d512 ci: comment Go coverage report on PR
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-28 15:44:07 +02:00
Adrian Stobbe
7c9a78fe51
make release idempotent (#2278) 2023-08-28 09:21:25 +02:00
Adrian Stobbe
f15c5444da
upgrade test from v2.10.1 (#2279) 2023-08-24 09:15:43 +02:00
Paul Meyer
abd5cdf362 ci: fix ccm build when no new version are found
Previous output of findvers.sh would be [""] in case no version were
found, now the output is []. Also, GitHub cannot handle empty arrays
in the matrix field, so we add an if and check if the array is empty.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-23 15:05:22 +02:00
Moritz Sanft
54c52f17f6
ci: fix Windows e2e test (#2255)
* fix Windows e2e test

* check if caller workflow was scheduled

* inherit secrets
2023-08-21 14:36:28 +02:00
Moritz Sanft
60bf770e62
ci: logcollection to OpenSearch in non-debug clusters (#2080)
* refactor `debugd` file structure

* create `hack`-tool to deploy logcollection to non-debug clusters

* integrate changes into CI

* update fields

* update workflow input names

* use `working-directory`

* add opensearch creds to upgrade workflow

* make template func generic

* make templating func generic

* linebreaks

* remove magic defaults

* move `os.Exit` to main package

* make logging index configurable

* make templating generic

* remove excess brace

* update fields

* copy fields

* fix flag name

* fix linter warnings

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* remove unused workflow inputs

* remove makefiles

* fix command

* bazel: fix output paths of container

This fixes the output paths of builds within the container by mounting
directories to paths that exist on the host. We also explicitly set the
output path in a .bazelrc to the user specific path. The rc file is
mounted into the container and overrides the host rc.
Also adding automatic stop in case start is called and a containers
is already running.
Sym links like bazel-out and paths bazel outputs should generally work
with this change.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>

* tabs -> spaces

---------

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-21 08:01:33 +02:00
Malte Poll
339492f314
ci: add aspect workflows (#2258) 2023-08-18 11:31:24 +02:00
3u13r
8325f99b09
deps: support Kubernetes 1.28 (#2242) 2023-08-18 11:13:24 +02:00
Paul Meyer
c6819b8d31 ci: automatically build GCP CCM container
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-16 16:31:04 +02:00
Paul Meyer
f43888bb6f ci: remove azure-snp-reporter workflow
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-16 11:41:02 +02:00
Paul Meyer
f604a8dfd2 e2e: upload TCB versions in verify test
The TCP versions are extracted from the MAA token, that itself is taken
from the verify command output. The configapi is adapted to directly
work on the MAA claims JSON.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-16 11:41:02 +02:00
Adrian Stobbe
5574092bcf
ref: update code for 2.11 (#2239)
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-08-16 11:34:58 +02:00
renovate[bot]
841463d11e
deps: update GitHub action dependencies (#2234)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-15 14:38:48 +02:00
Daniel Weiße
ef4d789dc8
ci: fix notify trigger in e2e upgrade workflow (#2221)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-14 11:45:04 +02:00
Adrian Stobbe
c7bbf90989
ci: add e2e-mini to daily test (#2217) 2023-08-14 08:13:29 +02:00
Paul Meyer
de9e841853 e2e: use Kubernetes 1.26 in daily test
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-11 14:06:35 +02:00
Daniel Weiße
066fff951f
ci: correctly default to false for upgrade e2e notifications (#2208)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-11 09:05:44 +02:00
Daniel Weiße
0dd62fc59d
ci: allow setting region/zone for e2e tests (#2205)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-10 12:53:40 +02:00
Paul Meyer
e466ce2f26 e2e: detect changing idKeyDigests on azure
by setting the Azure SNP enforcement policy to equal in the weekly e2e.
The run should fail when there are unexpected ID Key digests used.

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-09 16:45:42 +02:00
Adrian Stobbe
d1febd7276
fix e2e upgrade config migration (#2179) 2023-08-09 10:28:13 +02:00
renovate[bot]
cc10613252
deps: update dependency cryptography to v41.0.3 [SECURITY] (#2150)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-08-07 09:23:18 +02:00
Malte Poll
92b0cd5a21 ci: update actions to use nodeGroups and remove deprecated flags 2023-08-04 12:36:45 +02:00
Moritz Sanft
af05e17f49
ci: keep embedded measurements if stable image is used (#2109)
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-08-04 09:43:32 +02:00
3u13r
a983b08262
deps: bump go version (#2156) 2023-08-03 12:07:27 +02:00
Daniel Weiße
321474c356
ci: remove old incompatible test option (#2149)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-08-02 08:18:55 +02:00
Otto Bittner
002c3a9a32
ci: upgrade fromVersion for upgrade tests (#2145)
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-08-01 10:34:11 +02:00
Otto Bittner
867f7490a2
ci: clone constellation repo into separate dir (#2143) 2023-08-01 10:13:10 +02:00
Otto Bittner
583d3021fa
ci: parse ovmf binaries from metadata (#1962)
Subsequently the metadata will be uploaded to the
attestationconfigapi so the CLI can use the data to
precalculate measurements.
2023-07-27 13:29:43 +02:00
Adrian Stobbe
a3184af7a2
cli: add iam upgrade apply (#2132)
* add new iam upgrade apply

* remove iam tf plan from upgrade apply check

* add iam migration warning to upgrade apply

* update release process

* document migration

* Apply suggestions from code review

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* add iam upgrade

* remove upgrade dir check in test

* ask only without --yes

* make iam upgrade provider specific

* test without seperate logins

* remove csi and only add conditionally

* Revert "test without seperate logins"

This reverts commit 05a12e59c9.

* fix msising cred

* support iam migration for all csps

* add iam upgrade label

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-07-26 17:29:03 +02:00
Paul Meyer
342a71fa36 bazel: fix container versioning
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-07-26 13:46:27 +02:00
Paul Meyer
c8bc3ea5ee ci: build bazel container
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-07-25 15:41:55 +02:00
Otto Bittner
c58d03a7b8
ci: fix ahead-check for working branch (#2120)
Also list remote branches during on-release
2023-07-19 17:48:29 +02:00
renovate[bot]
dc373971b2
deps: update dependency cryptography to v41.0.2 [SECURITY] (#2106)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-07-18 15:33:23 +02:00
Daniel Weiße
484b6c5c24
ci: combine node count inputs into one (#2084)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-07-17 13:45:53 +02:00
Otto Bittner
c1c48f19bf chore: bump e2e-upgrade fromVersion 2023-07-17 10:29:43 +02:00
Otto Bittner
6ed8fce6b0
ci: separate PCR0 value for aws-sev-snp variant (#2100)
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-07-13 11:37:47 +02:00
Paul Meyer
01f518f0a4
deps: update to Go v1.20.6 (#2093)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-07-12 09:51:40 +02:00
Otto Bittner
f97edd512d
ci: use 2.8 as fromVersion in release upgrade test (#2086)
The current value (2.7.1) is outdated since the release of 2.8.
2023-07-11 09:56:43 +02:00
Otto Bittner
cfa3bb6276
ci: do not build additional streams (#2085)
Large amounts of uploaded data seem to break the GH Actions cache.
2023-07-10 17:46:08 +02:00
Malte Poll
c6230ff8ca
ci: add constellation-windows-amd64.exe to release artifacts uploaded to GitHub (#2075) 2023-07-10 10:21:48 +02:00
Adrian Stobbe
fafafb48d7 pin dependency for aws-snp-launchmeasurement 2023-07-07 16:44:31 +02:00
Malte Poll
6c5ad09a93
ci: build all streams on release (#2058) 2023-07-07 12:09:15 +02:00
Malte Poll
46d69abe10
bazel: rewrite pseudo-version stamping in bash (#2020)
* bazel: simplify workspace_status command to only depend on bash and git
* bazel: remove pseudo-version freshness code
2023-07-05 14:42:18 +02:00
Paul Meyer
7968d165c6 ci: use strict semver for gcp guest agent image
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-07-04 13:23:33 +02:00
Daniel Weiße
90dbeae16b
cli: fix duplicate backup creation during upgrade apply (#1997)
* Use CLI to fetch measurements in e2e test

* Abort helm service upgrade early if user confirmation is missing

* Add container push to CLI build action

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-07-03 15:13:36 +02:00
renovate[bot]
576b48c8b7
deps: update GitHub action dependencies (#1848)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-07-03 08:19:10 +02:00
Adrian Stobbe
00ee11084e
add e2e mini to weekly (#1982) 2023-06-30 10:05:24 +02:00
Malte Poll
6dd8a571ec
ci: fix expected value for PCR7 on AWS (#1979)
This has changed when upgrading to Fedora 38.
It didn't surface as a bug since the PCR is marked as warnOnly.
2023-06-28 15:33:14 +02:00
miampf
77b28cb5e7
cli: change generate-config flag to update-config flag (#1897) 2023-06-28 12:47:44 +00:00
Malte Poll
78fb0066e4
ci: add automated tests for reproducible builds (#1914)
* ci: reproducible builds test
* deps: upgrade actionlint to support macos-13 runners
2023-06-23 12:12:32 +02:00
Moritz Sanft
94b21e11ad
ci: Windows cli tests (#1859)
* wip: add windows e2e test

* wip: register windows e2e tests

* remove registration

* wip: change CLI artifact name

* basic windows test

* checkout repo

* use correct iam create command

* remove trademarked name

* enable debug logs

* add pwsh liveliness check script

* delimiters

* set kubeconfig env var

* test

* use setx to set env var

* set envvar before liveness probe

* explicitly set kubeconfig
2023-06-21 12:05:04 +02:00
renovate[bot]
d2c4cd1785
deps: update aws-actions/configure-aws-credentials action to v2 (#1950)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-20 18:59:07 +02:00
renovate[bot]
3f714f538b
deps: update peter-evans/create-pull-request action to v5 (#1949)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-20 16:37:01 +02:00
renovate[bot]
684b61ac2b
deps: update docker/build-push-action action to v4 (#1948)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-20 13:39:32 +02:00
renovate[bot]
5bf59808e1
deps: update cachix/install-nix-action action to v22 (#1947)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-20 13:08:52 +02:00
Malte Poll
264b2df902
deps: upgrade to Fedora 38 (#1909)
* image: upgrade mkosi distro version to Fedora 38
* image: remove downgrade of GCP kernel
* ci: upgrade expected measurements for Fedora 38
* deps: upgrade bazeldnf packages to Fedora 38
* deps: upgrade container images to Fedora 38
2023-06-15 16:50:35 +02:00
Otto Bittner
c33ab624c1
ci: upgrade fromVersion in e2e-upgrade (#1931)
We released 2.8 so we need to test that it can upgrade to HEAD.
2023-06-15 07:49:30 +02:00
Malte Poll
ee77e3922a
ci: explicitly add CLI signature as release artifact (#1917) 2023-06-14 09:56:11 +02:00
Moritz Sanft
72e168e653
bazel: pseudo version tool freshness check (#1869)
* switch to darwin compatible shasum

* add bazel rule

* update shellscript for in-place updates

* Revert "update shellscript for in-place updates"

This reverts commit 87d39b06f7.

* add version tool freshness check

* remove pseudo-version file

* revert to `sha256sum`

* fix workflow indentation
2023-06-09 11:50:51 +02:00
Moritz Sanft
892752a1f8
add necessary permissions (#1905) 2023-06-09 11:50:39 +02:00
Otto Bittner
3a54ca91a7
deps: bump go patch version (#1903) 2023-06-09 10:53:17 +02:00
renovate[bot]
25037026e1
deps: update Python dependencies (#1887)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-07 10:36:52 +02:00
Malte Poll
b3c052e299
operators: cleanup placeholder nodeversion (#1881)
* operators: cleanup placeholder nodeversion
* e2e: improve upgrade test portability
2023-06-06 15:22:06 +02:00
Malte Poll
025d34a259
ci: fix docker-login on macOS runner (#1877) 2023-06-06 12:20:09 +02:00
3u13r
7c07e3be18
Add --insecure to config fetch-measurement (#1879)
* cli: add --insecure to fetch-measurements

* cli: rename fake to stub

* ci: upload measurements for debug images

* fix cli docs
2023-06-06 10:32:22 +02:00
Malte Poll
900d51d49f
ci: select correct target version for upgrade e2e test in release pipeline (#1874) 2023-06-05 13:56:16 +02:00
Adrian Stobbe
a813760f96
config: automatically upload new Azure SNP versions to API + sign version with release key (#1854)
* sign version with release key and remove version from fetcher interface
* extend azure-reporter GH action to upload updated version values to the Attestation API
2023-06-02 12:10:22 +02:00
Malte Poll
289665eb22
ci: remove setup-go action / disable cache where applicable (#1850)
Runners sometimes fail because they run out of disk space.
One reason this happens is a change in the setup-go action@v4:

> The V4 edition of the action offers: Enabled caching by default

To combat this, we now disable the cache if it was not enabled explicitly before.
Additionally, we remove setup-go where it is no longer needed.
2023-06-01 15:16:00 +02:00
3u13r
e0285c122e
todo responsibilities and cleanup (#1837)
* chore: add TODO responsibilities

* chore: remove not needed TODOs

* chore: remove outdated migrations

* chore: remove resolved goleak exception

* chore: remove not needed cosign env

* config: add link to our Azure snp docs
2023-06-01 12:33:06 +02:00
Otto Bittner
0c13f3ed8d image: add aws_aws-sev-snp variant
This needs no changes to the existing AWS image.
The images have worked without modification so far.
2023-06-01 11:25:31 +02:00
Malte Poll
8a51ae1ec3
ci: do not sign & upload debug image measurements (#1849) 2023-06-01 10:58:34 +02:00
Malte Poll
a1ec899171 ci: use enterprise cli for e2e tests 2023-05-31 14:00:00 +02:00
Adrian Stobbe
0a6e5ec02e
config: dynamic attestation configuration through S3 backed API (#1808) 2023-05-25 17:43:44 +01:00
3u13r
25211dc154
ci: codeql disable autobuild for go (#1828) 2023-05-25 18:20:44 +02:00
Malte Poll
76bf5e8e28 ci: upload image info v2 and measurements v2 in image build pipeline 2023-05-25 15:01:15 +02:00
Otto Bittner
c010a4d742 ci: fix aws-snp-launchmeasurement pipeline
Misspelled variable name.
2023-05-25 14:00:45 +02:00
Malte Poll
7cff47f30f
ci: run release workflow on temporary branch (#1628) 2023-05-25 10:14:42 +02:00
Otto Bittner
06a32a85a7 ci: add pipeline to precalc launchmeasurements
This is for SNP on AWS.
2023-05-24 12:58:39 +02:00
Malte Poll
050fccc591 ci: do not run unit tests on macOS 2023-05-23 15:11:10 +02:00
Malte Poll
c4ad246910 wip: cached unit tests 2023-05-23 15:11:10 +02:00
Leonard Cohnen
c98644df2b ci: use bazel for unittests 2023-05-23 15:11:10 +02:00
Malte Poll
660781d35e misc: bazelisk -> bazel 2023-05-23 15:11:10 +02:00
Malte Poll
a0ac230298 ci: remove bazel repo cache hosted in github actions cache 2023-05-23 15:11:10 +02:00
Malte Poll
41cc759b44 ci: use self hosted (cached) runners 2023-05-23 15:11:10 +02:00
3u13r
6062b10035
cli: split image into oss and enterprise (#1788) 2023-05-23 10:49:47 +02:00
Malte Poll
dc9b3c1937
ci: run e2e tests as last step of release pipeline (#1793) 2023-05-22 09:22:00 +02:00
3u13r
964775c4c2
Add autoscaling and cluster upgrade support for AWS (#1758)
* aws: autoscaling and upgrades

* docs: update scaling and upgrades for AWS

* deps: pin vuln check against release
2023-05-19 13:57:31 +02:00
Otto Bittner
2dc105224d
ci: set toImage argument in e2e-test-release (#1722) 2023-05-16 08:54:12 +02:00
3u13r
4024b9cf71
ci: fix minicon e2e test (#1763)
* ci: push containers during minicon e2e

* cli: set testing nvram for pre images in minicon
2023-05-12 17:14:32 +02:00
3u13r
dd2ea50a39
deps: bump go version (#1760) 2023-05-11 14:14:15 +02:00
renovate[bot]
a8101c8c64
deps: update GitHub action dependencies (#1745)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 14:42:20 +02:00
Paul Meyer
30cd024076
deps: add Kubernetes v1.27, remove Kubernetes v1.24 (#1669)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 13:22:53 +02:00
Paul Meyer
b48866a756
ci: fix measurement generation on scheduled build (#1741)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 13:13:51 +02:00
Malte Poll
2efa3083dc ci: use native go code for os image upload 2023-05-05 12:06:44 +02:00
Paul Meyer
b76583e4a0
ci: fix e2e miniconstellation abort condition (#1728)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-04 08:16:31 +02:00
Paul Meyer
ab74958b4a
ci: fix e2e release abort condition (#1726)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-03 18:18:16 +02:00
Malte Poll
d2cbf3dc83
ci: skip e2e tests if caller was not successful (#1714) 2023-05-03 11:40:09 +02:00
Paul Meyer
7ab23c28b8 Revert "misc: replace sha256sum with shasum -a 256 (#1681)"
This reverts commit ec1d5e9fb5.

While the change enabled shasum calculation on mac, it broke it
on some Linux distros.
2023-05-02 11:07:05 +02:00
Otto Bittner
5deccc3d01 ci: push images in e2e-upgrade 2023-04-28 15:48:12 +02:00
Otto Bittner
481eeeaf3e ci: add simulatedTargetVersion to e2e-upgrade
This allows us to build a CLI that reports the given version during
an upgrade test. With this we can test patch upgrades.
2023-04-28 15:48:12 +02:00
Paul Meyer
1d24036f21
ci: fix os image build schedule (#1703)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-28 12:57:11 +02:00
Malte Poll
635b98a34f
ci: rename all usages of bazel push target from //:push to //bazel/release:push (#1701) 2023-04-28 09:26:15 +02:00
Moritz Sanft
261fe611a9
ci: add Terraform logging (#1665)
* enable Terraform logging

* change to debug level

* rename artifact

* add name suffix

* remove blank line
2023-04-27 14:03:49 +02:00
Malte Poll
0c206e62d0
deps: rename bazel-zig-cc to hermetic_cc_toolchain (#1695) 2023-04-27 10:27:43 +02:00
Paul Meyer
bf051174f6 ci: update measurements and image version
on scheduled build

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 10:20:27 +02:00
Paul Meyer
82d0475e2a ci: don't pick from release to main
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 10:20:27 +02:00
Malte Poll
ec1d5e9fb5
misc: replace sha256sum with shasum -a 256 (#1681) 2023-04-26 13:40:18 +02:00
Malte Poll
84dd25600f
image: upgrade mkosi to support repart (#1684) 2023-04-25 18:22:40 +02:00
Otto Bittner
c962e1745f
ci: add missing permissions for e2e-upgrade job (#1679)
Missed a spot..
2023-04-24 13:49:02 +02:00
Otto Bittner
e6d5c2f116 ci: remove obsolete env variables
these variables influence the azure cli auth behavior.
we now use OIDC as login mechanism.
2023-04-24 12:38:08 +02:00
Otto Bittner
840eb401c6 ci: add missing permissions to workflows
+ packages: write
+ checks: write
2023-04-24 12:38:08 +02:00
Malte Poll
5145f806ea bazel: remove apko and Dockerfile where Bazel is used to build container images 2023-04-18 15:35:15 +02:00
Malte Poll
19ff132ee8 ci: upload container images when running e2e tests 2023-04-18 15:35:15 +02:00
Paul Meyer
4b9bce9bb7
ci: fix notification trigger (#1673)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-18 14:50:36 +02:00
Paul Meyer
e335421dd2
ci: trigger notify only in scheduled workflows (#1671)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-17 17:30:56 +02:00
3u13r
3cb6ab04f1
ci: don't set IAM env for Azure (#1670) 2023-04-17 16:47:12 +02:00
Paul Meyer
c1d3b38a5f ci: replace release[bot] with edgelessci
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-17 12:08:42 +02:00
Paul Meyer
7a1af4937c ci: remove outdated iam code
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-17 12:08:42 +02:00
Paul Meyer
b80d1576f3 ci: use include list to define e2e matrix
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-17 12:08:42 +02:00
Paul Meyer
4020e7840a ci: always use tee -a instead of redirecting
into GITHUB_OUTPUT

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-17 12:08:42 +02:00
Paul Meyer
860d72a083
ci: reduce number of steps with continue-on-error (#1593)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-14 18:50:58 +02:00