* e2e-test workflows execute two hours earlier.
* Run quick-mode e2e tests for the two older versions we support.
This triggers every night, together with the existing e2e tests.
Idea here is that we know that a cluster can be setup and initialized.
* Run full e2e tests for the two older versions each sunday.
* Do not abort manual e2e runs. This allows for parallel runs.
* Run unprivileged container
* More debug info & don't use guestfish
* Sync image runner script with deployed code
* Add missing = for --wait in sonobuoy action
Co-authored-by: <mp@edgeless.systems>
We only need new images for bootstrapper changes
for each release. Between releases we can use debug images.
For releases we have to build images manually anyway.
Therefore, let's not build these images unnecessarily.
* remove Sunday and Monday morning runs, little value
* run test lint on main, as we do for all linters
* fixup outdated instructions
* use version hash instead of tags
* use dependabot for github actions
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
* use common boostrapperhost field and wait before reading pcr values
* use wait to be more explicit about goal
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* cleaned up actions and new measure action to generate, sign and upload measurements
* improve constellation ip fetching to support multiple control nodes
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
* remove duplicate coordinator name
* Adjust if condition
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
Currently we define how tests should be executed in two places:
CMakeLists.txt and the CI related files.
With this commit the CI will invoke tests by calling ctest,
thus making it necessary to add and define testcases in cmake first.
As all tests starting with "integration-" or "unit-" are run,
new tests don't have to added to the CI, unless you want to define
a new category of test.
Also remove the etcd store test workflow as it's part of
test-integration now.
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
* build cli on every PR
* build coordinator on every PR,
while only triggering image builds on main.
* abort previous runs of workflows if new commits are pushed
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
* Add QEMU metadata API
* API server is started automatically when using terraform to deploy a QEMU cluster
* Enable QEMU metadata usage for disk-mapper, debugd and the Coordinator
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Move file watcher and validator to internal
* Add aTLS endpoint to KMS for Kubernetes external requests
* Update Go version in Dockerfiles
* Move most KMS packages to internal
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Add verification service
* Update verify command to use new Constellation verification service
* Deploy verification service on cluster init
* Update pcr-reader to use verification service
* Add verification service build workflow
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Make e2e pipeline use the latest image available.
* Use pcr-reader to read & store measurements.
* buildvcs false in ci
* only notify teams on main
* plain yq syntax, since if already checks for csp
* previous version of yq requires explicit eval
* fix pcr-reader call
* actually pass variable between jobs
* fix typo
* Make order of images consistent.
* read measurements after create
Co-authored-by: Fabian Kammel <fk@edgelss.systems>
