Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
2,262 Commits 133 Branches 44 Tags 106 MiB
3a04786412
Commit Graph

271 Commits

Author SHA1 Message Date
Malte Poll
e9fecec0bc Only publish release AMIs 2022-11-09 14:29:58 +01:00
Paul Meyer
d3bad39223
e2e: fix deletion of persisten volumes (#476) 
Co-authored-by: Christoph Meyer <cme@edgeless.systems>
 2022-11-09 10:28:34 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch (#479) 
* Bump version to v2.2.0

* Update changelog

* Fix release detection in pipeline

* Fix PKI selection in pipeline

* Set enforced measurements for AWS

* Update default images

* Fix release docs

* Update mini-con defaults

* Fix measurements action

* Fix syft env variable naming

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-11-08 18:32:59 +01:00
Malte Poll
899ca91aa3 Move enforced measurement for clusterID to PCR[15] in e2e tests 2022-11-08 00:07:04 +01:00
Malte Poll
3e996efb3f Pass azure image offer from build variable action 2022-11-08 00:07:04 +01:00
Malte Poll
ed58fcccd3
CI: Add secure boot prod keys (#462) 
* Add production secure boot keys
* Refactor OS build and upload settings
 2022-11-04 16:48:52 +01:00
Nils Hanke
b24c799c80 Replace specific Azure/GCP credentials with secrets 2022-11-04 12:57:24 +01:00
Nils Hanke
a535ca1901 CI: Use lowercase image name for S3 upload 2022-11-04 12:57:24 +01:00
Nils Hanke
af08ffbb16 CI: Add group for building pcr-reader for better output 2022-11-04 12:57:24 +01:00
Nils Hanke
3ca88d6043 Fix Constellation measure CI action 2022-11-04 12:57:24 +01:00
renovate[bot]
72caeca69b Update dependency matplotlib to v3.6.2 2022-11-03 16:01:52 +01:00
Christoph Meyer
273d6162de fix: don't run CI K-Bench with less than 2 worker nodes 
K-Bench's network benchmarks require two distinct worker nodes.
Add check prior to running the benchmark that terminates early, if not
enough workers scheduled.
 2022-11-02 18:45:56 +01:00
Christoph Meyer
94429c8db8 Add CI action to install CSI drivers 2022-11-02 18:30:59 +01:00
Nils Hanke
7ca4a6d0e1 Adjust CI scripts to avoid termination prompt 2022-11-02 18:18:30 +01:00
renovate[bot]
f60120bbbc
Update github actions dependencies (#420) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-02 11:00:40 +01:00
Christoph Meyer
1952eb5721 AB#2191 Evaluate K-Bench benchmarks in CI 
Install Python for K-bench evaluation
Add scripts to evaluate the K-Bench results in CI
Attach graphs to the workflow results in GitHub Actions
 2022-11-01 12:27:25 +01:00
Christoph Meyer
f4ff473677 AB#2191 Add K-Bench CI step to manual workflow 
Add the option to run K-Bench performance to the manual CI workflow
Install CSI drivers in the cluster for K-Bench benchmarks
Attach the results to the workflow in the GitHub Actions view
 2022-11-01 12:27:25 +01:00
Paul Meyer
3933a97567 e2e: rework schedule of e2e test daily/weekly 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-10-31 18:22:05 +01:00
Paul Meyer
4cd659b394
e2e: fix collection of boot logs on GCP (#401) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-10-31 10:40:08 +01:00
Paul Meyer
050223e4c5 e2e: add nop payload to only test infra creation 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-10-28 17:46:37 +02:00
Malte Poll
9297a4e8a2
Normalize naming: "sonobuoy fast" -> "sonobuoy quick" (#389) 2022-10-28 11:01:31 +02:00
Paul Meyer
b7415647a6 Move sonobuoy action 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-10-27 18:39:08 +02:00
Paul Meyer
95b8531fdd Add e2e autoscaling test 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-10-27 18:39:08 +02:00
Paul Meyer
7108304046 Remove upload of state file 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-10-27 18:39:08 +02:00
Paul Meyer
8aa84fd759 Remove installation of preinstalled dependencies 
in workflows

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-10-27 18:39:08 +02:00
renovate[bot]
acc82b205a
Update github actions dependencies (#366) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-10-26 15:48:35 +02:00
Malte Poll
d81172e352
Pin setup-gcloud action to git tag (for renovate) (#376) 2022-10-26 13:58:05 +02:00
Fabian Kammel
18ae86c38e
sbom signing (#303) 
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-10-21 15:19:51 +02:00
renovate[bot]
10a207c7ec Update github actions dependencies 2022-10-21 11:33:41 +02:00
Malte Poll
743f5fa627 Remove all traces of CoreOS from the codebase 2022-10-21 11:04:25 +02:00
Nils Hanke
714b368a62 Add gcloud setup back to GCP login action for magic authentication 2022-10-21 11:04:25 +02:00
Malte Poll
34367ea3cc Create mkosi image build pipeline 2022-10-21 11:04:25 +02:00
renovate[bot]
6d5cb6b581
Update sigstore/cosign-installer action to v2.8.1 (#323) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-10-19 10:29:37 +02:00
renovate[bot]
84fcf8d7f2
Update github actions dependencies (#294) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-10-18 13:00:41 +02:00
renovate[bot]
ccaad5e482
Update github actions dependencies (#274) 2022-10-17 11:14:41 +02:00
renovate[bot]
c08147baae Update google-github-actions/auth action to v0.8.2 2022-10-14 09:20:10 +02:00
renovate[bot]
3c34757274 Update actions/cache action to v3.0.11 2022-10-14 09:17:00 +02:00
Fabian Kammel
7ee8f65889
Delete dependabot and prepare renovate (#238) 
* Delete microserivce template.
* Remove dependabot config
* Prepare renovate by adopting GitHub actions syntax
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-10-12 18:05:58 +02:00
katexochen
dbd71eebd9 Fix replace deprecated set-output syntax 2022-10-12 11:51:09 +02:00
katexochen
49f233246c Replace deprecated set-output syntax 2022-10-12 11:32:19 +02:00
Paul Meyer
1c29638421
Use env to find bash in shebang (#225) 2022-10-10 14:21:17 +02:00
Otto Bittner
0eb4a7831b AB#2413: Add workflow for snp-report-verify 
* Extend azure-snp-report-verify to also report fw SVNs.
* Add workflow based on azure-cvm to get maa-jwt and
verify it on a second runner.
 2022-09-21 10:58:10 +02:00
katexochen
788cfd9bd9 Remove autoscaling from workflows 2022-09-20 13:41:23 +02:00
Nils Hanke
de1268ffb9 Pin cache action against specific commit 2022-09-19 04:49:55 -07:00
Nils Hanke
979164ab37 CI: Remove GOPRIVATE from actions 2022-09-19 01:09:56 -07:00
Nils Hanke
52d1afaf0b CI: Consolidate multi-OS & multi-arch builds into one job 2022-09-19 01:09:56 -07:00
Nils Hanke
1dad1631ca E2E: Add manual macOS E2E test 2022-09-19 01:09:56 -07:00
Nils Hanke
6df92c127c E2E: Download external binaries depending on host OS & arch 2022-09-19 01:09:56 -07:00
Nils Hanke
a1fd971c3c CI/E2E: Update rekor-cli to 0.12.0 2022-09-19 01:09:56 -07:00
Nils Hanke
0f08c4f318 E2E: Update sonobuoy to 0.56.10 2022-09-19 01:09:56 -07:00
Nils Hanke
7338563d14 CI/E2E: (Re)move redunant setup steps 2022-09-19 01:09:56 -07:00
Nils Hanke
4898f06421 Delete downloaded rekor-cli binary 2022-09-14 03:01:09 -07:00
Nils Hanke
9da3078445 Set working-directory to build for rekor-cli download 2022-09-14 03:01:09 -07:00
Nils Hanke
79229e04df Create seperate create measurement action 2022-09-14 01:22:18 -07:00
Nils Hanke
472ba642b7 E2E: Build OSS CLI by default 2022-09-14 01:22:18 -07:00
Leonard Cohnen
a318a82968 fix e2e latest debug image selection 2022-09-13 10:08:51 +02:00
Nils Hanke
0949393dbb Update build environment to Fedora 36 & Go 1.19.1 2022-09-09 18:11:33 +02:00
Nils Hanke
9bedaf20ea Use CMake project version across all places & remove obsolete build tags 2022-09-09 15:33:16 +02:00
Malte Poll
aa75a065d7
e2e test: wait for specified amount of nodes to join the cluster and become ready (#87) 
Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
 2022-09-09 13:28:53 +02:00
Nils Hanke
46c461c23e E2E: Don't use cloudProvider in constellation create 2022-09-08 13:38:24 +02:00
Nils Hanke
dd4ccdd390 E2E / debugd: Replace remains of ingressFirewall with debugCluster flag 2022-09-07 13:27:15 +02:00
Fabian Kammel
020cf51fc6
AB#2392 Store serial logs in actions (#39) 
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
 2022-09-05 18:12:46 +02:00
Malte Poll
1c1b29637f e2e-test gcp: Fix quoting in gcp config rewrite 2022-09-05 12:13:24 +02:00
Nils Hanke
b6385ad3bc Move serviceAccountKey.json creation before create 
The printed config does not contain the path
since it's printed before injection, so let's inject it before.
 2022-09-05 12:13:24 +02:00
katexochen
1741c2d941 e2e: Fix machine type 2022-09-05 12:13:24 +02:00
Malte Poll
e24808e936
e2e: Write service account key path for GCP (#67) 
Signed-off-by: Malte Poll <mp@edgeless.systems>
 2022-09-05 09:17:18 +02:00
katexochen
43924c7318 e2e: Silence curl 2022-09-02 19:08:33 +02:00
katexochen
9076404b06 Fix manual e2e test 2022-09-02 19:08:33 +02:00
Nils Hanke
39eb58b403 E2E: Use default VM machine type when not overriden 2022-09-02 07:04:11 -07:00
Nils Hanke
710ded2a89 E2E: Insert instanceType to config instead of CLI 2022-09-02 07:04:11 -07:00
katexochen
b256222b42 e2e: Use default shell parameters 2022-09-02 15:20:25 +02:00
katexochen
0c5c11e8b7 e2e: Group log lines 2022-09-02 15:20:25 +02:00
katexochen
ef8130a918 e2e: Enable parallel runs on Azure 2022-09-02 15:20:25 +02:00
katexochen
3c123d9fec e2e: Fix cleanup on error/cancel 2022-09-02 15:20:25 +02:00
Otto Bittner
276165064e Ensure no uid values end up in resource delete cmd 2022-08-31 16:38:32 +02:00
katexochen
84b4519ffd Add cleanup pre e2e test on Azure 2022-08-31 14:10:08 +02:00
katexochen
7c7a4699bc Azure e2e tests with manual creds 2022-08-31 14:10:08 +02:00
Nils Hanke
1ecc56b69f
Remove cdbg-config.yaml (#26) 
This removes systemd service upload support in cdbg,
but keeps it in the protobuf protocol.
 2022-08-31 12:25:27 +02:00
Nils Hanke
87e68961dd Add GCP ServiceAccount to E2E test 2022-08-30 04:26:21 -07:00
Fabian Kammel
d972f053f9 AB#2287 Public image sharing in Azure (#350) 
Trusted launch VM images in original SIG, additional SIG for community images for CVM
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-08-26 17:34:46 +02:00
Fabian Kammel
45beec15f5 AB#2360 enterprise build tag (#397) 
* enterprise build switch to disable license checking in default (OSS) version
* remove community license quota
* empty image references on OSS build in config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-08-25 14:06:29 +02:00
Fabian Kammel
33626986fe Feat/cli multi os arch (#390) 
* Implement multi arch/os pipeline
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-08-23 13:43:20 +02:00
Malte Poll
2d87db3914 Update pseudo-version script to determine future release version based on branch name 2022-08-19 18:22:55 +02:00
Malte Poll
8d642be204 Azure: switch default region to west us and replicate images to multiple regions 2022-08-19 14:39:36 +02:00
Otto Bittner
aee432ed6f Fix syntax in yq command 
Fixes syntax error in 4db5ea3b164e8e762693035cb06d643f711a3d39
 2022-08-15 11:41:48 +02:00
Otto Bittner
3018bfa03e Add enforcedMeasurements default value to config 
A previous change started enforcing PCR values.
This makes it necessary to update the respective config
values before running init.
 2022-08-15 09:37:18 +02:00
Otto Bittner
2f925b5955 Add clone3-workaround to bootstrapper build container 
The previously encountered error about misconfigured seccomp
filters is mitigated with the workaround added in this commit.
See the repo in the comment for detailed information on
the bug itself.
 2022-08-10 17:17:23 +02:00
Otto Bittner
c42e79ecfe AB#2281: Run e2e tests on latest debug image (#354) 
* e2e tests now execute on the latest debug image available by default
* e2e-manual workflow now takes an optional image reference to run on
* isDebugImage is a flag that has to be set in case
you are running a debug image
 2022-08-09 15:29:39 +02:00
Malte Poll
1df2a20a36 CI: build and upload node operator 2022-08-09 10:29:04 +02:00
Otto Bittner
1b9600c307 AB#2266: Test all supported version with e2e-tests 
* e2e-test workflows execute two hours earlier.
* Run quick-mode e2e tests for the two older versions we support.
This triggers every night, together with the existing e2e tests.
Idea here is that we know that a cluster can be setup and initialized.
* Run full e2e tests for the two older versions each sunday.
* Do not abort manual e2e runs. This allows for parallel runs.
* Run unprivileged container
 2022-08-09 10:02:15 +02:00
Daniel Weiße
c52bfc79d3 Set default values for e2e-pipeline (#351) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>

Co-authored-by: Fabian Kammel <fabian@kammel.dev>
 2022-08-09 08:20:23 +02:00
Daniel Weiße
5da92d9d8b AB#2249 Rework image build pipeline (#326) 
* Rework image build pipeline

* Dont cancel workflow runs on main

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-08-03 16:01:36 +02:00
Otto Bittner
1859dc1718 AB#2288: Fix/kernel panic (#328) 
* More debug info & don't use guestfish
* Sync image runner script with deployed code
* Add missing = for --wait in sonobuoy action

Co-authored-by: <mp@edgeless.systems>
 2022-08-02 15:34:17 +02:00
Fabian Kammel
a705fabf43 wait at most 5 hours (#322) 2022-08-01 21:44:12 +02:00
Fabian Kammel
ae13163fb7 kubectl wait is not supported for daemonset (#296) 
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-07-25 11:07:21 +02:00
Fabian Kammel
085f548333 GitHub action pin-by-hash & dependabot (#283) 
* remove Sunday and Monday morning runs, little value
* run test lint on main, as we do for all linters
* fixup outdated instructions
* use version hash instead of tags
* use dependabot for github actions
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-07-20 10:48:01 +02:00
Fabian Kammel
3842e50c49 use common boostrapperhost field and wait before reading pcr values (#281) 
* use common boostrapperhost field and wait before reading pcr values
* use wait to be more explicit about goal
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2022-07-20 10:47:22 +02:00
Fabian Kammel
193a91d911 fix reference for statefile field and unwrap errors (#278) 
* fix reference for statefile field
* unwrap errors before checking status
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-07-18 14:00:57 +02:00
Fabian Kammel
a931f6692f Fix/bootstrapper regressions (#274) 
* remove wireguard from e2e tests, conformance docs & config
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-07-15 11:53:14 +02:00
Malte Poll
cce2611e2a Simplify node lock and various small changes 
Co-authored-by: Fabian Kammel <fabian@kammel.dev>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2022-07-14 17:25:18 +02:00
katexochen
66b573ea5d Bootstrapper 2022-07-14 17:25:18 +02:00
katexochen
916e5d6b55 Rename coordinator to bootstrapper and rename roles 2022-07-14 17:25:18 +02:00
Fabian Kammel
00dfff6840 AB#2158 publish measurements (#268) 
* cleaned up actions and new measure action to generate, sign and upload measurements
* improve constellation ip fetching to support multiple control nodes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-07-13 14:04:46 +02:00
Fabian Kammel
9d3ab0042c Ref/prepare changelog for v1.3.1 (#263) 
* prepare changelog.
* document lb fix
* set release version for cli
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: 3u13r <lc@edgeless.systems>
 2022-07-11 15:19:56 +02:00
Fabian Kammel
c279bb7a38 make signing keys optional in build step, since e2e test does not require signing (#254) 
* make signing keys optional in build step, since e2e test does not require signing
 2022-07-07 12:18:41 +02:00
Fabian Kammel
c2359fa6c8 Fix/release process (#253) 
* fix path to artifacts.
* add release step to docs
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-07-05 16:55:14 +02:00
Fabian Kammel
8383077a9b Sign CLI & create release on v* tag (#241) 
* Sign CLI & create release on v* tag
* Extended description to mention new feature in this action

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
 2022-07-04 12:16:11 +02:00
Otto Bittner
5d293e355d Build-as-a-Test & Abortable Workflows (#231) 
* build cli on every PR
* build coordinator on every PR,
  while only triggering image builds on main.
* abort previous runs of workflows if new commits are pushed
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
 2022-06-30 11:27:23 +02:00
Daniel Weiße
042f668d20 AB#2190 Verification service (#232) 
* Add verification service

* Update verify command to use new Constellation verification service

* Deploy verification service on cluster init

* Update pcr-reader to use verification service

* Add verification service build workflow

Signed-off-by: Daniel Weiße <dw@edgeless.systems>

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-06-28 17:03:28 +02:00
Fabian Kammel
e97eb1fa52 fix: buildvcs unable to fetch vcs information (#228) 2022-06-23 17:52:25 +02:00
Fabian Kammel
d856b0cd86 Feat/measurements in e2e (#218) 
* Make e2e pipeline use the latest image available.

* Use pcr-reader to read & store measurements.

* buildvcs false in ci

* only notify teams on main

* plain yq syntax, since if already checks for csp

* previous version of yq requires explicit eval

* fix pcr-reader call

* actually pass variable between jobs

* fix typo

* Make order of images consistent.

* read measurements after create

Co-authored-by: Fabian Kammel <fk@edgelss.systems>
 2022-06-20 10:30:59 +02:00
Daniel Weiße
84ca9e3070 Fix container image workflows 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-06-15 14:00:21 +02:00
Daniel Weiße
3d041cab2b Activation Service and KMS server image build pipeline (#210) 
* AB#2171 Add kms server container image build pipeline

* AB#2172 Add activation service container image  build pipeline

* Add manual workflow for building micro-service images

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2022-06-15 10:50:46 +02:00
Fabian Kammel
f7ba87135d Fix/e2e fail on failure (#208) 2022-06-14 12:38:32 +02:00
Fabian Kammel
45bf9f15fb always try to upload constellation state file (#173) 2022-05-23 14:43:32 +02:00
Fabian Kammel
7c2d1c3490 AB#2094 cloud provider specific configs (#151) 
add argument to generate cloud specific configuration file
 2022-05-18 11:39:14 +02:00
Fabian Kammel
5dc2e71d80 generate constellation config in e2e pipeline (#147) 2022-05-16 16:44:53 +02:00
Fabian Kammel
a879043f03 E2E Test CronJob (#117) 
refactor e2e test into reusable action, so we can have manual & cron jobs. added cron for azure & gcp. failed jobs are reported to MS Teams.
 2022-05-09 09:45:59 +02:00
katexochen
6a582a705f Update e2e test regarding CLI changes 2022-05-04 17:14:03 +02:00
Fabian Kammel
f8f5d20f5b E2E tests on Azure (#109) 2022-05-04 13:52:27 +02:00
Fabian Kammel
b841403f15 e2e test github action implementation. (#100) 
e2e test implementation with GitHub actions on GCP
 2022-05-03 11:15:53 +02:00