Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-01-03 20:01:01 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,020 Commits 141 Branches 49 Tags 92 MiB
656e109e17
Commit Graph

381 Commits

Author SHA1 Message Date
Nils Hanke
fc2a285270
ci: fix CLI SBOM generation (#1005) 2023-01-18 11:36:39 +01:00
Paul Meyer
411dfed18f ci: unified order and style of workflows/actions 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-18 10:57:42 +01:00
Paul Meyer
41690288a1 ci: remove unneeded brackets in if statements 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-18 10:57:42 +01:00
Fabian Kammel
85f33b2140
ci: fix scorecard/pinned-dependencies findings (#967) 
* fix scorecard/pinned-dependencies findings
* make renovate update go install
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2023-01-17 16:12:23 +01:00
Fabian Kammel
8f88129cac
Configure CodeQL and scorecard workflow. (#986) 
* Configure CodeQL and scorecard workflow.
* Fix CodeQL finding.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2023-01-17 14:01:47 +01:00
Malte Poll
fa7bac3868
ci: switch gcp accounts to oidc (#983) 2023-01-16 18:15:17 +01:00
Paul Meyer
d39cf1cd6e ci: fix cron tab mismatch 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-16 17:33:17 +01:00
Paul Meyer
2241e41fcf ci: delete old images of all streams on ref main 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-16 14:57:13 +01:00
Paul Meyer
3393e458e0 ci: schedule os image builds 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-16 14:55:24 +01:00
Paul Meyer
98040ff89c ci: run shellfmt and shellcheck on changes in /image 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-16 14:49:33 +01:00
Paul Meyer
d37bd077d8 ci: delete old images from main ref 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-16 13:52:11 +01:00
Paul Meyer
4a6c64a02f ci: copy versionsapi binary from container to host 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-16 13:52:11 +01:00
Otto Bittner
4239191b0d ci: remove residual references to "kms" 2023-01-16 12:43:03 +01:00
Malte Poll
938f114086
ci: implement "console" stream for OS images (#969) 
* image: add AUTOLOGIN environment variable to conditionally enable serial console login
* ci: implement "console" stream for OS images
* debugd: remove serial console login access code
 2023-01-16 12:20:01 +01:00
Otto Bittner
90b88e1cf9 kms: rename kms to keyservice 
In the light of extending our eKMS support it will be helpful
to have a tighter use of the word "KMS".
KMS should refer to the actual component that manages keys.
The keyservice, also called KMS in the constellation code,
does not manage keys itself. It talks to a KMS backend,
which in turn does the actual key management.
 2023-01-16 11:56:34 +01:00
leongross
c36a009188
ci: reproducible builds ko (no gcp) (#871) 
* add ko build actions and worklflows
* add apko build actions and worklflows
* add .ko.yaml file
* add apko image definitions
* add signing container, add signing sboms, add uploading sboms
 2023-01-13 16:38:31 +01:00
Paul Meyer
5cb10aef45 ci: find latest image with versionsapi action 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-13 10:23:43 +01:00
Paul Meyer
6d6ef99f11 ci: run versionsapi as docker action 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-13 10:23:43 +01:00
Paul Meyer
8cfa402c9a ci: refactor titles of prs made by bots 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-13 10:08:51 +01:00
Paul Meyer
5782e0c884 ci: deactivate dryrun of image deletion 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-12 13:43:42 +01:00
Paul Meyer
d0e9f427d1
deps: update Go to v1.19.5 (#949) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-12 13:36:17 +01:00
Malte Poll
7cc8f2c884 ci: manual e2e: github.event.inputs -> inputs 2023-01-12 13:24:07 +01:00
Malte Poll
5ba1b6780b ci: auto detect if released OS images should be marked as "latest" 2023-01-12 13:24:07 +01:00
Malte Poll
67be4016f5 ci: generate signed measurements for QEMU 2023-01-12 13:24:07 +01:00
Malte Poll
d851623c0d ci: implement second half of release checklist 2023-01-12 13:24:07 +01:00
Malte Poll
142af75776 ci: implement second half of release checklist 2023-01-12 13:24:07 +01:00
Malte Poll
49288f5d30 ci: use explicit input to choose cosign key for OS image measurements 2023-01-12 13:24:07 +01:00
Malte Poll
16d27b5157 ci: update hardcoded measurements during release pipeline 2023-01-12 13:24:07 +01:00
Malte Poll
3077dd4f27 ci: implement first half of release checklist 2023-01-12 13:24:07 +01:00
Paul Meyer
c1e776a1a2
ci: join macos with normal tests (#933) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-11 14:27:18 +01:00
Leonard Cohnen
e9da70fde9 ci: remove versions manifest 2023-01-11 11:10:44 +01:00
Paul Meyer
e9442ac1ce
deps: update and pin github.com/katexochen/sh (#922) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-11 10:17:31 +01:00
renovate[bot]
9fbf298565
Update actions/cache action to v3.2.3 (#909) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-09 18:30:41 +01:00
Paul Meyer
6a20d18082 ci: change gcp image and image family names 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-09 17:06:59 +01:00
Paul Meyer
00ca87a7ec ci: fix versionsapi workflow remove cmd 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-09 17:02:45 +01:00
Paul Meyer
8643c791f0 ci: add missing secrets to purge branch workflow 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-09 16:17:31 +01:00
Paul Meyer
636567d65a ci: add purge branch workflow 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-09 13:54:19 +01:00
Paul Meyer
dc73411301 hack: remove build-manifest 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-09 13:15:09 +01:00
Moritz Sanft
ecdc465a42
AB2564 Add constellation verify e2e test (#875) 2023-01-09 08:54:41 +01:00
renovate[bot]
f62f8e5d79
Update GitHub action dependencies (#902) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-06 17:35:54 +01:00
renovate[bot]
32b839e9f7
Update GitHub action dependencies (#877) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-05 16:17:51 +01:00
Leonard Cohnen
94694c6e06 operator: add v2 to package name 2023-01-05 14:52:09 +01:00
Paul Meyer
f9458950cb
versionsapi: change image path (#856) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-04 17:07:16 +01:00
Paul Meyer
f720726074 ci: fix rebuild loop of microservice images 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-04 16:01:12 +01:00
Paul Meyer
3561a16819 ci: replace add-version through versionsapi cli 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-04 11:39:19 +01:00
Paul Meyer
195fe27870 ci: add versionsapi workflow 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-04 11:39:19 +01:00
renovate[bot]
d2c04ecc40
Update GitHub action dependencies (#848) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-03 10:09:02 +01:00
3u13r
473e16feb2
image: add upgrade-agent (#827) 2022-12-29 17:50:11 +01:00
Paul Meyer
c7ecf13e7f ci: fix workflows with tokens running on forks 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-23 11:39:09 +01:00
Paul Meyer
caed4ff287 ci: print image in find-image action 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-21 18:39:03 +01:00
Paul Meyer
582615dfb3 ci: enable manual e2e runs on any git ref 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-21 18:39:03 +01:00
Fabian Kammel
83f09e1058
implement e2e test lb (#815) 
* implement e2e test lb
* add lb e2e test to weekly schedule
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-12-21 10:49:21 +01:00
Thomas Tendyck
990cae58a5 ci: don't checkout head ref for PRs from forks 2022-12-19 16:09:40 +01:00
Paul Meyer
58a5c47d30 ci: update pinned hashes on renovate updates 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-16 10:43:33 +01:00
Fabian Kammel
b718e92d1d
update slsa-verifier (#803) 
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-12-15 09:45:46 +01:00
Fabian Kammel
6564fcbf6c
E2E Test Mini Constellation (#796) 
* fix: typo to build amd64 for macos
* Implement E2E test for mini constellation
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-12-14 16:51:42 +01:00
Malte Poll
a1d59df1c3
Release action: Do not fail if "latest" is not set (#793) 2022-12-14 14:59:06 +01:00
renovate[bot]
5967b98c25
Update GitHub action dependencies (#778) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-14 14:55:14 +01:00
Paul Meyer
6862c2587f kubernetes: add v1.26, default to v1.25 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-13 16:08:19 +01:00
Malte Poll
e207081274
adopt changes from linux e2e tests on macOS (#790) 2022-12-13 10:06:36 +01:00
Malte Poll
fed31c304a Release CLI: Fix upload path 2022-12-12 17:45:35 +01:00
Malte Poll
3f6817653b Match pki set and key 2022-12-12 17:45:35 +01:00
Malte Poll
6154a5ef68 OS build pipeline: Correctly choose PKI set 2022-12-12 17:45:35 +01:00
Malte Poll
4a8ebfd921 OS images: use "ref", "stream" and "version" 
Switch azure default region to west us
Update find-image script to work with new API spec
Add version for every os image build
generate measurements: Use new API paths
CLI: config fetch measurements: Use image short versions to fetch measurements
CLI: allows shortnames to specify image in config
Image build pipeline: Change paths to contain "ref" and "stream"
 2022-12-09 13:37:43 +01:00
renovate[bot]
e371e4499f
Update GitHub action dependencies (#765) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-09 11:10:23 +01:00
Paul Meyer
24f6c3807b ci: no link checking on main 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-08 11:42:03 +01:00
Paul Meyer
3cc2a714a4
dependencies: upgrade to Go v1.19.4 (#732) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-07 14:27:43 +01:00
Paul Meyer
5ba5d9d683
ci: unpin slsa-github-generator action digest (#734) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-06 17:07:27 +01:00
Paul Meyer
176dae317f debugd: fix logcollector container image naming 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-05 13:16:45 +01:00
Paul Meyer
474f7ad356 ci: build logcollector images 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-02 18:54:24 +01:00
Paul Meyer
e6c4bb3406 ci: build microservices on change of pkg internal 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-02 11:14:58 +01:00
renovate[bot]
998c8ee889
Update GitHub action dependencies (#701) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-02 10:33:19 +01:00
Malte Poll
b9fd8237b9
manual e2e tests: Add option to keep embedded measurements (#698) 2022-12-01 15:43:40 +01:00
Paul Meyer
4249050116 e2e: find default image if no input image specified 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-01 15:23:27 +01:00
Paul Meyer
cbd5a4a118 ci: print image version in summary 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-01 13:25:53 +01:00
Paul Meyer
8004edcc14
image: add version and debug field to lookup table (#682) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-12-01 11:51:33 +01:00
Malte Poll
3aa51df74d Add release trigger to make image versions available via CDN 2022-11-30 12:35:12 +01:00
Leonard Cohnen
954cbad214 ci: build qemu-metadata api 2022-11-30 12:28:37 +01:00
Paul Meyer
688003cdd9 ci: fix hcl lock files on renovate branch 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-29 18:47:30 +01:00
Paul Meyer
48e0b3a9cd ci: check hcl lock files are up to date 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-29 18:47:30 +01:00
renovate[bot]
2e2bcb15e1
Update GitHub action dependencies (#665) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-29 14:06:18 +01:00
Fabian Kammel
c71fd89e80
Provenance for CLI (#647) 
* provenance generation for cli
* document provenance generation for CLI
* include CLI SBOM in provenance
Co-authored-by: 3u13r <lc@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-11-25 16:13:20 +01:00
Nils Hanke
89b25f8ebb
Add new generate measurements matrix CI/CD action (now with AWS support) (#641) 2022-11-25 12:08:24 +01:00
Malte Poll
3dc9c60864 e2e tests: use new image versions 2022-11-23 15:47:46 +01:00
Paul Meyer
947920d4f5
Revert "warn about function argument count over 5 (#558)" (#620) 
This reverts commit 1110ccd270.
 2022-11-22 14:20:11 +01:00
renovate[bot]
fa2919e285
Update softprops/action-gh-release action to v0.1.15 (#607) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-21 15:08:53 +01:00
Malte Poll
efaa0622a8 Include image version in mkosi builds 2022-11-18 10:37:45 +01:00
Malte Poll
74aabe86fa Move PCR[8] -> PCR[12] 2022-11-18 10:37:45 +01:00
Malte Poll
239b9f6c26 Upgrade images to Fedora 37 2022-11-18 10:37:45 +01:00
renovate[bot]
f5f6be1c56
Update actions/download-artifact action to v3 (#583) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2022-11-18 08:55:56 +01:00
Fabian Kammel
1110ccd270
warn about function argument count over 5 (#558) 
* warn about function argument count over 5
* only on new code
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2022-11-17 17:31:00 +01:00
Malte Poll
78481b32e8
Move image artifacts "/v1/" => "/constellation/v1" (#579) 2022-11-17 16:14:38 +01:00
Paul Meyer
9c405ceb02 ci: use shfmt fork 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-17 16:10:13 +01:00
renovate[bot]
827b62c2be
Update GitHub action dependencies (#568) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
 2022-11-17 11:37:00 +01:00
Paul Meyer
c61f6211f9 ci: use fixed renovate bot email for commits 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-17 11:28:49 +01:00
Paul Meyer
3fd678492f ci: fix shellfmt workflow name 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-17 11:28:49 +01:00
Malte Poll
cdaf1fc476
OS Image Build pipeline: prepare lookup tables and additional artifacts (#560) 2022-11-16 15:45:10 +01:00
Leonard Cohnen
2f0b1a0f32 ci: add go generate check 2022-11-15 18:24:07 +01:00
Leonard Cohnen
9b89e5cf10 ci: don't check cilium links 2022-11-15 18:24:07 +01:00
Paul Meyer
80a801629e e2e: deactivate fail-fast for e2e daily 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2022-11-15 12:44:52 +01:00