Commit Graph

209 Commits

Author SHA1 Message Date
Paul Meyer
f2b324cb88 hack: rename find-image dir
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-13 16:16:37 +01:00
Malte Poll
ba8c0a9e30
Fix e2e test networking issue (#792) 2022-12-13 10:07:09 +01:00
Malte Poll
cf0b04291a Embed measurements for v2.3.0 2022-12-12 17:45:35 +01:00
Malte Poll
c9df5cfa09 Fix OS image build pipeline for releases 2022-12-12 17:45:35 +01:00
Malte Poll
3c5fa3175a
Fix image build pipeline: Use braces to group complex expressions (#770) 2022-12-09 14:48:52 +01:00
Malte Poll
4a8ebfd921 OS images: use "ref", "stream" and "version"
Switch azure default region to west us
Update find-image script to work with new API spec
Add version for every os image build
generate measurements: Use new API paths
CLI: config fetch measurements: Use image short versions to fetch measurements
CLI: allows shortnames to specify image in config
Image build pipeline: Change paths to contain "ref" and "stream"
2022-12-09 13:37:43 +01:00
Paul Meyer
d3873988c9 ci: fix download scripts for serial logs
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 13:22:45 +01:00
Paul Meyer
9e9468ff44 ci: add csp name to serial log artifact name
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 13:22:45 +01:00
renovate[bot]
e371e4499f
Update GitHub action dependencies (#765)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 11:10:23 +01:00
Malte Poll
95a33e7d35
No longer print constellation-id.json (#749) 2022-12-07 16:10:51 +01:00
Paul Meyer
a9ed8c0191 e2e: enable systemd logcollection
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 18:05:32 +01:00
Otto Bittner
e9ec9f2f29 Upload full logs instead of only the results junit
This includes all pod logs and systemd logs.
It increases the filesize significantly:
3.3MB for a quickrun with 5 nodes.
2022-12-05 16:28:32 +01:00
Paul Meyer
474f7ad356 ci: build logcollector images
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:54:24 +01:00
Malte Poll
b9fd8237b9
manual e2e tests: Add option to keep embedded measurements (#698) 2022-12-01 15:43:40 +01:00
renovate[bot]
2e2bcb15e1
Update GitHub action dependencies (#665)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 14:06:18 +01:00
Nils Hanke
89b25f8ebb
Add new generate measurements matrix CI/CD action (now with AWS support) (#641) 2022-11-25 12:08:24 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs (#553)
* Merge enforced and expected measurements

* Update measurement generation to new format

* Write expected measurements hex encoded by default

* Allow hex or base64 encoded expected measurements

* Allow hex or base64 encoded clusterID

* Allow security upgrades to warnOnly flag

* Upload signed measurements in JSON format

* Fetch measurements either from JSON or YAML

* Use yaml.v3 instead of yaml.v2

* Error on invalid enforced selection

* Add placeholder measurements to config

* Update e2e test to new measurement format

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 10:57:58 +01:00
Malte Poll
3dc9c60864 e2e tests: use new image versions 2022-11-23 15:47:46 +01:00
Daniel Weiße
e7ee4d6e59
Remove manual installation of csi drivers (#600)
* Remove manual installation of csi drivers

* Remove explicit storage class

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-22 14:02:31 +01:00
Paul Meyer
063162c205 deps: upgrade sonobuoy version
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 12:32:50 +01:00
renovate[bot]
b6d7289dfe
Update dependency numpy to v1.23.5 (#604)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-22 10:07:44 +01:00
Malte Poll
239b9f6c26 Upgrade images to Fedora 37 2022-11-18 10:37:45 +01:00
Malte Poll
78481b32e8
Move image artifacts "/v1/" => "/constellation/v1" (#579) 2022-11-17 16:14:38 +01:00
renovate[bot]
827b62c2be
Update GitHub action dependencies (#568)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-17 11:37:00 +01:00
Malte Poll
cdaf1fc476
OS Image Build pipeline: prepare lookup tables and additional artifacts (#560) 2022-11-16 15:45:10 +01:00
Leonard Cohnen
2f0b1a0f32 ci: add go generate check 2022-11-15 18:24:07 +01:00
Malte Poll
5f44668897
Extend AWS e2e test token expiration to 6 hours (#547) 2022-11-14 14:14:42 +01:00
Paul Meyer
056f98a2ab ci: bump sonobuoy version
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-14 10:33:29 +01:00
Christoph Meyer
d612ed2cae AB#2530 CI benchmarks compare to previous and generate graphs
- Get the previous benchmark results from artifact store S3 bucket
- Compare the current benchmark to the previous results
- Attach markdown table comparing results to the workflow output
- Update benchmarks in bucket if running on main
- Generate graphs from comparison
- Document continous benchmarking
2022-11-11 18:37:35 +01:00
Paul Meyer
09969afd57 ci: fix workflows
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 16:38:29 +01:00
Paul Meyer
106b738fab ci: format shellscripts
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 15:53:57 +01:00
Paul Meyer
7aa7492474 Fix shellcheck warnings
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:40:13 +01:00
Paul Meyer
6fd605b3c4 e2e: print id file after create
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Paul Meyer
11672acf0a e2e: add AWS test
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Paul Meyer
1ec9316521 ci: rename actions
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
renovate[bot]
8e8ce070b7
Update google-github-actions/setup-gcloud action to v1 (#524)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-10 18:29:30 +01:00
renovate[bot]
92b647a099
Update google-github-actions/auth action to v1 (#523)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-10 18:28:47 +01:00
Malte Poll
e011c7ef78 Set azureImageOffer for debug images 2022-11-10 09:13:44 +01:00
Malte Poll
e9fecec0bc Only publish release AMIs 2022-11-09 14:29:58 +01:00
Paul Meyer
d3bad39223
e2e: fix deletion of persisten volumes (#476)
Co-authored-by: Christoph Meyer <cme@edgeless.systems>
2022-11-09 10:28:34 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch (#479)
* Bump version to v2.2.0

* Update changelog

* Fix release detection in pipeline

* Fix PKI selection in pipeline

* Set enforced measurements for AWS

* Update default images

* Fix release docs

* Update mini-con defaults

* Fix measurements action

* Fix syft env variable naming

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-08 18:32:59 +01:00
Malte Poll
899ca91aa3 Move enforced measurement for clusterID to PCR[15] in e2e tests 2022-11-08 00:07:04 +01:00
Malte Poll
3e996efb3f Pass azure image offer from build variable action 2022-11-08 00:07:04 +01:00
Malte Poll
ed58fcccd3
CI: Add secure boot prod keys (#462)
* Add production secure boot keys
* Refactor OS build and upload settings
2022-11-04 16:48:52 +01:00
Nils Hanke
b24c799c80 Replace specific Azure/GCP credentials with secrets 2022-11-04 12:57:24 +01:00
Nils Hanke
a535ca1901 CI: Use lowercase image name for S3 upload 2022-11-04 12:57:24 +01:00
Nils Hanke
af08ffbb16 CI: Add group for building pcr-reader for better output 2022-11-04 12:57:24 +01:00
Nils Hanke
3ca88d6043 Fix Constellation measure CI action 2022-11-04 12:57:24 +01:00
renovate[bot]
72caeca69b Update dependency matplotlib to v3.6.2 2022-11-03 16:01:52 +01:00
Christoph Meyer
273d6162de fix: don't run CI K-Bench with less than 2 worker nodes
K-Bench's network benchmarks require two distinct worker nodes.
Add check prior to running the benchmark that terminates early, if not
enough workers scheduled.
2022-11-02 18:45:56 +01:00
Christoph Meyer
94429c8db8 Add CI action to install CSI drivers 2022-11-02 18:30:59 +01:00
Nils Hanke
7ca4a6d0e1 Adjust CI scripts to avoid termination prompt 2022-11-02 18:18:30 +01:00
renovate[bot]
f60120bbbc
Update github actions dependencies (#420)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-02 11:00:40 +01:00
Christoph Meyer
1952eb5721 AB#2191 Evaluate K-Bench benchmarks in CI
Install Python for K-bench evaluation
Add scripts to evaluate the K-Bench results in CI
Attach graphs to the workflow results in GitHub Actions
2022-11-01 12:27:25 +01:00
Christoph Meyer
f4ff473677 AB#2191 Add K-Bench CI step to manual workflow
Add the option to run K-Bench performance to the manual CI workflow
Install CSI drivers in the cluster for K-Bench benchmarks
Attach the results to the workflow in the GitHub Actions view
2022-11-01 12:27:25 +01:00
Paul Meyer
3933a97567 e2e: rework schedule of e2e test daily/weekly
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-31 18:22:05 +01:00
Paul Meyer
4cd659b394
e2e: fix collection of boot logs on GCP (#401)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-31 10:40:08 +01:00
Paul Meyer
050223e4c5 e2e: add nop payload to only test infra creation
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-28 17:46:37 +02:00
Malte Poll
9297a4e8a2
Normalize naming: "sonobuoy fast" -> "sonobuoy quick" (#389) 2022-10-28 11:01:31 +02:00
Paul Meyer
b7415647a6 Move sonobuoy action
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 18:39:08 +02:00
Paul Meyer
95b8531fdd Add e2e autoscaling test
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 18:39:08 +02:00
Paul Meyer
7108304046 Remove upload of state file
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 18:39:08 +02:00
Paul Meyer
8aa84fd759 Remove installation of preinstalled dependencies
in workflows

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-27 18:39:08 +02:00
renovate[bot]
acc82b205a
Update github actions dependencies (#366)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-26 15:48:35 +02:00
Malte Poll
d81172e352
Pin setup-gcloud action to git tag (for renovate) (#376) 2022-10-26 13:58:05 +02:00
Fabian Kammel
18ae86c38e
sbom signing (#303)
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-21 15:19:51 +02:00
renovate[bot]
10a207c7ec Update github actions dependencies 2022-10-21 11:33:41 +02:00
Malte Poll
743f5fa627 Remove all traces of CoreOS from the codebase 2022-10-21 11:04:25 +02:00
Nils Hanke
714b368a62 Add gcloud setup back to GCP login action for magic authentication 2022-10-21 11:04:25 +02:00
Malte Poll
34367ea3cc Create mkosi image build pipeline 2022-10-21 11:04:25 +02:00
renovate[bot]
6d5cb6b581
Update sigstore/cosign-installer action to v2.8.1 (#323)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-10-19 10:29:37 +02:00
renovate[bot]
84fcf8d7f2
Update github actions dependencies (#294)
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-10-18 13:00:41 +02:00
renovate[bot]
ccaad5e482
Update github actions dependencies (#274) 2022-10-17 11:14:41 +02:00
renovate[bot]
c08147baae Update google-github-actions/auth action to v0.8.2 2022-10-14 09:20:10 +02:00
renovate[bot]
3c34757274 Update actions/cache action to v3.0.11 2022-10-14 09:17:00 +02:00
Fabian Kammel
7ee8f65889
Delete dependabot and prepare renovate (#238)
* Delete microserivce template.
* Remove dependabot config
* Prepare renovate by adopting GitHub actions syntax
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-10-12 18:05:58 +02:00
katexochen
dbd71eebd9 Fix replace deprecated set-output syntax 2022-10-12 11:51:09 +02:00
katexochen
49f233246c Replace deprecated set-output syntax 2022-10-12 11:32:19 +02:00
Paul Meyer
1c29638421
Use env to find bash in shebang (#225) 2022-10-10 14:21:17 +02:00
Otto Bittner
0eb4a7831b AB#2413: Add workflow for snp-report-verify
* Extend azure-snp-report-verify to also report fw SVNs.
* Add workflow based on azure-cvm to get maa-jwt and
verify it on a second runner.
2022-09-21 10:58:10 +02:00
katexochen
788cfd9bd9 Remove autoscaling from workflows 2022-09-20 13:41:23 +02:00
Nils Hanke
de1268ffb9 Pin cache action against specific commit 2022-09-19 04:49:55 -07:00
Nils Hanke
979164ab37 CI: Remove GOPRIVATE from actions 2022-09-19 01:09:56 -07:00
Nils Hanke
52d1afaf0b CI: Consolidate multi-OS & multi-arch builds into one job 2022-09-19 01:09:56 -07:00
Nils Hanke
1dad1631ca E2E: Add manual macOS E2E test 2022-09-19 01:09:56 -07:00
Nils Hanke
6df92c127c E2E: Download external binaries depending on host OS & arch 2022-09-19 01:09:56 -07:00
Nils Hanke
a1fd971c3c CI/E2E: Update rekor-cli to 0.12.0 2022-09-19 01:09:56 -07:00
Nils Hanke
0f08c4f318 E2E: Update sonobuoy to 0.56.10 2022-09-19 01:09:56 -07:00
Nils Hanke
7338563d14 CI/E2E: (Re)move redunant setup steps 2022-09-19 01:09:56 -07:00
Nils Hanke
4898f06421 Delete downloaded rekor-cli binary 2022-09-14 03:01:09 -07:00
Nils Hanke
9da3078445 Set working-directory to build for rekor-cli download 2022-09-14 03:01:09 -07:00
Nils Hanke
79229e04df Create seperate create measurement action 2022-09-14 01:22:18 -07:00
Nils Hanke
472ba642b7 E2E: Build OSS CLI by default 2022-09-14 01:22:18 -07:00
Leonard Cohnen
a318a82968 fix e2e latest debug image selection 2022-09-13 10:08:51 +02:00
Nils Hanke
0949393dbb Update build environment to Fedora 36 & Go 1.19.1 2022-09-09 18:11:33 +02:00
Nils Hanke
9bedaf20ea Use CMake project version across all places & remove obsolete build tags 2022-09-09 15:33:16 +02:00
Malte Poll
aa75a065d7
e2e test: wait for specified amount of nodes to join the cluster and become ready (#87)
Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
2022-09-09 13:28:53 +02:00
Nils Hanke
46c461c23e E2E: Don't use cloudProvider in constellation create 2022-09-08 13:38:24 +02:00
Nils Hanke
dd4ccdd390 E2E / debugd: Replace remains of ingressFirewall with debugCluster flag 2022-09-07 13:27:15 +02:00
Fabian Kammel
020cf51fc6
AB#2392 Store serial logs in actions (#39)
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2022-09-05 18:12:46 +02:00