Moritz Sanft
72e168e653
bazel: pseudo version tool freshness check ( #1869 )
...
* switch to darwin compatible shasum
* add bazel rule
* update shellscript for in-place updates
* Revert "update shellscript for in-place updates"
This reverts commit 87d39b06f7
.
* add version tool freshness check
* remove pseudo-version file
* revert to `sha256sum`
* fix workflow indentation
2023-06-09 11:50:51 +02:00
Adrian Stobbe
e0fe8e6ca0
local: fix mac issues in bazel ( #1893 )
2023-06-09 10:35:52 +02:00
renovate[bot]
7c345f4503
deps: update github.com/gophercloud/utils digest to de873b9 ( #1843 )
...
* deps: update github.com/gophercloud/utils digest to de873b9
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-09 10:02:59 +02:00
Adrian Stobbe
4284f892ce
api: rename /api/versions to versionsapi and /api/attestationcfig to attestationconfigapi ( #1876 )
...
* rename to attestationconfigapi + put client and fetcher inside pkg
* rename api/version to versionsapi and put fetcher + client inside pkg
* rename AttestationConfigAPIFetcher to Fetcher
2023-06-07 16:16:32 +02:00
Adrian Stobbe
99a88c033c
api: use new signature JSON format ( #1872 )
...
* use new impl for client.UploadAzureSEVSNP
* fix: fetcher must parse new signature format
* version-file is not persistentflag
* fix fetcher tests
2023-06-05 16:10:44 +02:00
Adrian Stobbe
c446f36b0f
config: Azure SNP tool can delete specific version from attestation API ( #1863 )
...
* client supports delete version
* rename to new attestation / fetcher naming
* add delete command to upload tool
* test client delete
* bazel update
* use general client in attestation client
* Update hack/configapi/cmd/delete.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* daniel feedback
* unit test azure sev upload
* Update hack/configapi/cmd/delete.go
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
* add client integration test
* new client cmds use apiObject
---------
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-06-05 12:33:22 +02:00
Adrian Stobbe
a813760f96
config: automatically upload new Azure SNP versions to API + sign version with release key ( #1854 )
...
* sign version with release key and remove version from fetcher interface
* extend azure-reporter GH action to upload updated version values to the Attestation API
2023-06-02 12:10:22 +02:00
Malte Poll
e1d3afe8d4
ci: use aws s3 client that invalidates cloudfront cache for places that modify Constellation api ( #1839 )
2023-06-02 11:20:01 +02:00
renovate[bot]
93569ff54c
deps: update golang.org/x/exp digest to 2e198f4 ( #1844 )
...
* deps: update golang.org/x/exp digest to 2e198f4
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: malt3 <mp@edgeless.systems>
2023-06-02 11:03:33 +02:00
Otto Bittner
30f2b332b3
api: restructure api pkg ( #1851 )
...
* api: rename AttestationVersionRepo to Client
* api: move client into separate subpkg for
clearer import paths.
* api: rename configapi -> attestationconfig
* api: rename versionsapi -> versions
* api: rename sut to client
* api: split versionsapi client and make it public
* api: split versionapi fetcher and make it public
* config: move attestationversion type to config
* api: fix attestationconfig client test
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-06-02 09:19:23 +02:00
Adrian Stobbe
b51cc52945
config: sign Azure versions on upload & verify on fetch ( #1836 )
...
* add SignContent() + integrate into configAPI
* use static client for upload versions tool; fix staticupload calleeReference bug
* use version to get proper cosign pub key.
* mock fetcher in CLI tests
* only provide config.New constructor with fetcher
Co-authored-by: Otto Bittner <cobittner@posteo.net>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2023-06-01 13:55:46 +02:00
renovate[bot]
885febf109
deps: update module github.com/sigstore/rekor to v1.2.0 [SECURITY] ( #1842 )
...
* deps: update module github.com/sigstore/rekor to v1.2.0 [SECURITY]
* chore: tidy
* deps: update pseudo version tool hashes
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-31 23:30:27 +02:00
3u13r
fbcbb9a766
deps: align k8s deps ( #1841 )
2023-05-31 17:10:03 +02:00
Malte Poll
60b125cb59
cli: add windows amd64 build target ( #1835 )
2023-05-30 12:02:43 +02:00
Adrian Stobbe
0a6e5ec02e
config: dynamic attestation configuration through S3 backed API ( #1808 )
2023-05-25 17:43:44 +01:00
renovate[bot]
2afddcb0f8
deps: update K8s dependencies ( #1599 )
...
* deps: update K8s dependencies
* deps: bump controller runtime
* chore: tidy
* bump helm and migrate controller runtime
* fix helm deprecation
---------
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-24 18:57:45 +02:00
renovate[bot]
be8d993cb7
deps: update module github.com/sigstore/sigstore to v1.6.4 ( #1814 )
...
* deps: update module github.com/sigstore/sigstore to v1.6.4
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-23 16:25:26 +02:00
Malte Poll
78085cba68
qemu-metadata-api: allow building without cgo dependencies for linting
2023-05-23 13:44:56 +02:00
renovate[bot]
13f1eb23d7
deps: update module github.com/stretchr/testify to v1.8.3 ( #1815 )
...
* deps: update module github.com/stretchr/testify to v1.8.3
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-22 17:35:28 +02:00
renovate[bot]
6ba461015d
deps: update module github.com/hashicorp/hc-install to v0.5.2 ( #1812 )
...
* deps: update module github.com/hashicorp/hc-install to v0.5.2
* deps: tidy all modules
* chore: tidy + update
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-22 16:32:00 +02:00
renovate[bot]
2a721bfa33
deps: update module github.com/mattn/go-isatty to v0.0.19 ( #1813 )
...
* deps: update module github.com/mattn/go-isatty to v0.0.19
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-22 16:31:52 +02:00
renovate[bot]
971e814551
deps: update module github.com/google/go-tpm-tools to v0.3.12 ( #1811 )
...
* deps: update module github.com/google/go-tpm-tools to v0.3.12
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-22 15:40:42 +02:00
renovate[bot]
624af80f7f
deps: update module cloud.google.com/go/compute to v1.19.3 ( #1810 )
...
* deps: update module cloud.google.com/go/compute to v1.19.3
* chore: tidy
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-22 15:29:48 +02:00
renovate[bot]
4ee4423389
deps: update github.com/gophercloud/utils digest to 6eab72e ( #1791 )
...
* deps: update github.com/gophercloud/utils digest to 6eab72e
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-19 15:34:20 +02:00
3u13r
964775c4c2
Add autoscaling and cluster upgrade support for AWS ( #1758 )
...
* aws: autoscaling and upgrades
* docs: update scaling and upgrades for AWS
* deps: pin vuln check against release
2023-05-19 13:57:31 +02:00
renovate[bot]
12ccfea543
deps: update module golang.org/x/tools to v0.9.1 ( #1801 )
...
* deps: update module golang.org/x/tools to v0.9.1
* chore: tidy
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-19 13:18:54 +02:00
renovate[bot]
4c8568963b
deps: update module golang.org/x/crypto to v0.9.0 ( #1799 )
...
* deps: update module golang.org/x/crypto to v0.9.0
* chore: tidy
* deps: bump pseudo version tool
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-19 12:00:25 +02:00
Daniel Weiße
ad924181d9
Allow tdx repo in bazel license check
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Daniel Weiße
7e5e3b9d2e
Add license exception for tdx repo
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Daniel Weiße
dd2da25ebe
attestation: tdx issuer/validator ( #1265 )
...
* Add TDX validator
* Add TDX issuer
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
renovate[bot]
53758e65ad
deps: update module github.com/siderolabs/talos/pkg/machinery to v1.4.4 ( #1764 )
...
* deps: update module github.com/siderolabs/talos/pkg/machinery to v1.4.4
* deps: tidy all modules
* update pseudo version tool
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-16 22:19:16 +02:00
renovate[bot]
230ea79bcc
deps: update Google SDK ( #1748 )
...
* deps: update Google SDK
* deps: fix grpc_testing import
* deps: update pseudo version tool hashes
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-16 18:13:17 +02:00
renovate[bot]
fd3c93660e
deps: update Terraform google to v4.65.1 ( #1778 )
...
* deps: update Terraform google to v4.65.1
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 16:07:21 +02:00
renovate[bot]
0ce01cbad3
deps: update Terraform random to v3.5.1 ( #1779 )
...
* deps: update Terraform random to v3.5.1
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 16:01:47 +02:00
renovate[bot]
780fa9a238
deps: update Terraform google-beta to v4.64.0 ( #1767 )
...
* deps: update Terraform google-beta to v4.64.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 15:26:26 +02:00
renovate[bot]
87bf36d757
deps: update Terraform google to v4.64.0 ( #1766 )
...
* deps: update Terraform google to v4.64.0
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-16 15:11:59 +02:00
renovate[bot]
cd28b3a39f
deps: update module github.com/docker/docker to v23.0.3+incompatible [SECURITY] ( #1762 )
...
* deps: update module github.com/docker/docker to v23.0.3+incompatible [SECURITY]
* deps: tidy all modules
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: edgelessci <edgelessci@users.noreply.github.com>
2023-05-12 18:07:20 +02:00
renovate[bot]
fe115bdb16
deps: update module github.com/sigstore/rekor to v1.1.1 [SECURITY] ( #1729 )
...
* deps: update module github.com/sigstore/rekor to v1.1.1 [SECURITY]
* deps: bump oras
---------
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-05-11 17:23:17 +02:00
renovate[bot]
0db7f68093
deps: update Azure SDK ( #1747 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 15:12:25 +02:00
Malte Poll
ee91d8b1cc
image: implement idempotent upload of os images
2023-05-05 12:06:44 +02:00
Paul Meyer
7ab23c28b8
Revert "misc: replace sha256sum with shasum -a 256 ( #1681 )"
...
This reverts commit ec1d5e9fb5
.
While the change enabled shasum calculation on mac, it broke it
on some Linux distros.
2023-05-02 11:07:05 +02:00
Otto Bittner
caa0732955
hack: fix v-prefixing in pseudo-version tool
...
pre-release versions and release versions behaved differently.
This lead to a duplicate v prefix in the cli's version.
2023-04-28 15:48:12 +02:00
renovate[bot]
4cfa7a0306
deps: update golang.org/x/exp digest to 47ecfdc ( #1690 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 17:51:46 +02:00
renovate[bot]
686bb4eb0a
deps: update ubuntu:20.04 Docker digest to db8bf6f ( #1692 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 17:50:20 +02:00
3u13r
1bdf410b52
bazel: allow custom container_prefix ( #1693 )
...
* build: allow custom container registry
* build: fix .bazeloverwriterc import
2023-04-27 11:52:02 +02:00
Malte Poll
ec1d5e9fb5
misc: replace sha256sum with shasum -a 256 ( #1681 )
2023-04-26 13:40:18 +02:00
Malte Poll
5145f806ea
bazel: remove apko and Dockerfile where Bazel is used to build container images
2023-04-18 15:35:15 +02:00
Malte Poll
bd889bd6a7
bazel: convert all container images to Bazel
2023-04-18 15:35:15 +02:00
Malte Poll
9d25372e10
hack: add oci-pin tool
...
This tool can generate Go source files and lockfiles for container images.
2023-04-18 15:35:15 +02:00
Malte Poll
eb11e9ac8a
bazel: download pseudo-version tool instead of "go build" ( #1629 )
...
Required for bootstrapping bazel stamping since we cannot use "bazel build" during the workspace_status command.
Adds a small script that builds the pseudo-version tool in bazel (without stamping) and uploads it to the mirror.
On the first bazel build with stamping, the pseudo-version tool is downloaded.
2023-04-12 17:41:13 +02:00