Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-20 08:15:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
4,075 Commits 131 Branches 43 Tags 105 MiB
4434a85a51
Commit Graph

4075 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Malte Poll
59faa2b692 attestation: add hardcoded OpenStack enterprise measurements 2024-02-21 13:31:32 +01:00
katexochen
70ff097e12 image: update measurements and image version 2024-02-21 08:49:20 +01:00
Malte Poll
38ef546362 deps: update Go to 1.22.0 2024-02-20 18:27:16 +01:00
Markus Rudy
fe85877679
debugd: enable debug logging for systemd units (#2923) 2024-02-20 14:44:14 +01:00
Malte Poll
889677c795 image: update mkosi and use package directory feature 2024-02-20 12:50:13 +01:00
Malte Poll
5ef12895fa bazel: remove deprecated Bazel container 
It doesn't work properly with nix and a nix shell exists for all developers.
 2024-02-20 12:50:13 +01:00
Malte Poll
77ecd8d4ce nix: fix bazel under NixOS 2024-02-20 12:50:13 +01:00
Malte Poll
a4d25646f5 deps: update to bazel 7 2024-02-20 12:50:13 +01:00
Malte Poll
c6e0714a42 deps: update go-git 2024-02-20 10:00:38 +01:00
Malte Poll
980b2f0e87 ci: login to OpenStack provider 2024-02-19 18:16:45 +01:00
Malte Poll
75f16ce87b image: upload OpenStack images to OpenStack 2024-02-19 18:16:45 +01:00
Malte Poll
6f9020d527 cli: use pre-uploaded image on OpenStack 
Before, the terraform infrastructure code would upload an image on the fly.
Now, we upload images in advance and specify the image ID instead.
 2024-02-19 18:16:45 +01:00
renovate[bot]
3b2da12781
deps: update Constellation containers (#2919) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-19 16:14:05 +01:00
Moritz Sanft
ffb1ef9185
ci: fix artifact overwriting in upgrade test (#2913) 2024-02-19 15:12:04 +01:00
renovate[bot]
cdf1282996
deps: update dependency cryptography to v42.0.2 [SECURITY] (#2916) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-19 15:11:19 +01:00
edgelessci
a337e323a5
image: update locked rpms (#2917) 
Co-authored-by: malt3 <malt3@users.noreply.github.com>
 2024-02-18 11:12:28 +01:00
Moritz Sanft
68cfa0addf
ci: update fromVersion to v2.15.1 (#2914) 2024-02-16 13:35:57 +01:00
renovate[bot]
75f1c0b3e1
deps: update registry.k8s.io/autoscaling/cluster-autoscaler Docker tag to v1.27.5 (#2761) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-16 13:26:59 +01:00
edgelessci
bc4d514fb1
image: update measurements and image version (#2912) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-16 08:49:16 +01:00
renovate[bot]
7980689e82
deps: update module helm.sh/helm/v3 to v3.14.1 [SECURITY] (#2911) 
* deps: update module helm.sh/helm/v3 to v3.14.1 [SECURITY]

* deps: tidy all modules

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
 2024-02-15 18:01:36 +01:00
Markus Rudy
473001be55
vpn: ship our own container image (#2909) 
* vpn: ship our own container image

The container image used in the VPN chart should be reproducible and
stable. We're sticking close to the original nixery.dev version by
building the image with nix ourselves, and then publishing the single
layer from the result with Bazel OCI rules. The resulting image should
be handled similar to s3proxy: it's built as a part of the Constellation
release process and then consumed from a Helm chart in our registry.

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
 2024-02-15 13:08:27 +01:00
Malte Poll
896f68c26d helm: update edgelesssys cinder-csi-plugin 2024-02-15 12:35:15 +01:00
Malte Poll
92589a80e2 helm: update yawol 2024-02-15 12:35:15 +01:00
Malte Poll
6c8504323f terraform: update OpenStack provider 2024-02-15 12:35:15 +01:00
Daniel Weiße
f9442cecb1
helm: fix log formatting (#2905) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-14 08:52:46 +01:00
edgelessci
6829c27178
image: update measurements and image version (#2908) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-14 08:25:10 +01:00
Malte Poll
270497ef62
helm: move yawol into a separate release (#2904) 2024-02-12 14:26:22 +01:00
Malte Poll
b5e848a87e terraform: provide required configuration for yawol on OpenStack 2024-02-12 13:13:48 +01:00
Malte Poll
bab27fbc69 openstack: remove unused code 2024-02-12 13:13:48 +01:00
Daniel Weiße
c5b17fb828
ci: prevent duplicate artifact naming in same workflow (#2903) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-12 09:56:53 +01:00
edgelessci
d3b3f45534
image: update locked rpms (#2902) 
Co-authored-by: malt3 <malt3@users.noreply.github.com>
 2024-02-11 10:57:51 +01:00
Malte Poll
dba835bdf4
openstack: prepare for normal users (#2899) 
* image: disable serial console autologin on OpenStack
* cli: remove requirement for CONSTELLATION_OPENSTACK_DEV env var
 2024-02-09 14:48:41 +01:00
Malte Poll
5b73d48bdd
helm: insert openstack secret for ccm (#2897) 2024-02-09 11:14:44 +01:00
katexochen
a89133ae81 image: update measurements and image version 2024-02-09 08:11:46 +01:00
miampf
54cce77bab
deps: convert zap to slog (#2825) 2024-02-08 14:20:01 +00:00
renovate[bot]
3765cb0762
deps: update actions/upload-artifact and actions/download-artifact action to v4 (#2756) 
* deps: update actions/upload-artifact action to v4
* deps: update actions/download-artifacts action to v4

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-07 14:50:15 +01:00
renovate[bot]
b1dc427108
deps: update dependency cryptography to v42 [SECURITY] (#2894) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2024-02-07 13:57:49 +01:00
edgelessci
bd3eed8504
image: update measurements and image version (#2895) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-07 08:19:43 +01:00
Moritz Sanft
901edd420b
terraform: remove cloud loggers (#2892) 
* terraform: remove cloud logging apps

* internal/cloud: remove loggers

* bootstrapper: remove logging

* qemu-metadata-api: remove logging endpoint

* docs: add instructions on how to get boot logs

* bazel: tidy

* docs: fix typo

* cloud: remove unused types

* Update go.mod

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>

* bazel: tidy

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/workflows/troubleshooting.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: elaborate on how to get boot logs

* bazel: tidy

---------

Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-02-06 14:27:30 +01:00
Moritz Sanft
dde3430da8
terraform: support AWS marketplace images (#2888) 
* terraform: support AWS marketplace images

* terraform-provider: support AWS marketplace images

* docs: add instructions on AWS marketplace images

* ci: adapt marketplace image test for AWS

* Update internal/config/config.go

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>

* docs: update config

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* docs: update license information

* docs: use CSP tabs for marketplace overview

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* Update docs/docs/getting-started/marketplaces.md

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

---------

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2024-02-06 12:13:59 +01:00
Daniel Weiße
64c32c2236
ci: make instance type configurable for provider sample (#2893) 
* Make default instance type configurable for provider sample
* Set TDX instance type when running TDX provider e2e test
* Fix missing attestation variant when setting up stub config in provider e2e test

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-05 15:46:57 +01:00
Daniel Weiße
f21252c57d
ci: fix workspace related errors when setting up k8s version for test (#2891) 
* Fail workflow on error in subshell
* Remove relative paths from workflow
* Set up MMA only for SEV-SNP, not for Azure TDX

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-05 13:29:03 +01:00
Malte Poll
18acd0b12a
deps: update go-uefi and use new authenticode package (#2873) 2024-02-05 12:06:48 +01:00
edgelessci
70c0a1969d
image: update locked rpms (#2890) 
Co-authored-by: malt3 <malt3@users.noreply.github.com>
 2024-02-05 11:37:34 +01:00
Markus Rudy
c020f7ac20
cleanup: various minor debugging improvements (#2889) 
* ci: improve constellation_create error message

When we hit a timeout due to nodes not coming up, the actual error
message is hard to make out because it's buried in a group. With the
right formatting, the error message will be highlighted in the UI.

Another improvement is to output the state of nodes, which helps
debugging the cause of nodes not joining or not becoming ready.

* cleanup: use NodeVersionResourceName constant

... instead of literal strings.

* ci: correctly notify on e2e upgrade error

* atls: report cert extension OIDs on mismatch

If the certificate contains an attestation document for SEV-SNP, but the
given validator is for Nitro, verifyEmbeddedReport should not claim that
there is no attestation document, but that there is no _compatible_ one
and what the incompatible ones were.
 2024-02-02 16:46:28 +01:00
edgelessci
711b53d5c0
image: update measurements and image version (#2886) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2024-02-02 09:10:12 +01:00
Moritz Sanft
d5e4435e3d
ci: reduce amount of regular tests (#2885) 
* .github: add e2e test to pr checklist

* ci: use sonobuoy quick where possible

* ci: run malicious join test on release

* ci: remove self managed infra test

* ci: remove non-example terraform test from weekly

* ci: run Sonobuoy full on the latest k8s version weekly

* ci: run weekly sonobuoy quick on all k8s versions

* ci: don't run double sonobuoy tests on latest k8s version
 2024-02-01 15:05:07 +01:00
Daniel Weiße
befc7cdf63
ci: don't delete local cached providers when uploading Terraform state (#2884) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2024-02-01 09:54:40 +01:00
Adrian Stobbe
5ecc5ed9c9
terraform-provider: fix integration test (#2882) 2024-01-31 18:24:05 +01:00
Adrian Stobbe
9b547bced0
ci: v2.15 post-release cleanup (#2881) 
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
 2024-01-31 16:45:20 +01:00