Adrian Stobbe
159d28a2c7
doc: add context to PR template ( #1932 )
...
* add context to PR template
* Update pull_request_template.md
2023-06-15 09:13:47 +02:00
Otto Bittner
c33ab624c1
ci: upgrade fromVersion in e2e-upgrade ( #1931 )
...
We released 2.8 so we need to test that it can upgrade to HEAD.
2023-06-15 07:49:30 +02:00
Adrian Stobbe
07de6482b2
config: drop support for deprecated Azure's service principal authentication ( #1906 )
...
* invalidate app client id field for azure and provide info
* remove TestNewWithDefaultOptions case
* fix test
* remove appClientID field
* remove client secret + rename err
* remove from docs
* otto feedback
* update docs
* delete env test in cfg since no envs set anymore
* Update dev-docs/workflows/github-actions.md
Co-authored-by: Otto Bittner <cobittner@posteo.net>
* WARNING to stderr
* fix check
---------
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-06-14 17:50:57 +02:00
Otto Bittner
7a1c70d7e5
ci: replace katexochen with elchead in assignee list ( #1928 )
...
katexochen is currently working on CoCo and not
involved in active development.
2023-06-14 11:44:45 +02:00
Malte Poll
ee77e3922a
ci: explicitly add CLI signature as release artifact ( #1917 )
2023-06-14 09:56:11 +02:00
3u13r
b71b5103ae
ci: migrate e2e lb test to bazel ( #1892 )
...
* ci: migrate lb e2e test to bazel
* ci: disable shared bazel cache on github runners
2023-06-09 16:59:19 +02:00
Otto Bittner
8f21972aec
attestation: add awsSEVSNP
as new variant ( #1900 )
...
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP
For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
2023-06-09 15:41:02 +02:00
Moritz Sanft
72e168e653
bazel: pseudo version tool freshness check ( #1869 )
...
* switch to darwin compatible shasum
* add bazel rule
* update shellscript for in-place updates
* Revert "update shellscript for in-place updates"
This reverts commit 87d39b06f7
.
* add version tool freshness check
* remove pseudo-version file
* revert to `sha256sum`
* fix workflow indentation
2023-06-09 11:50:51 +02:00
Moritz Sanft
892752a1f8
add necessary permissions ( #1905 )
2023-06-09 11:50:39 +02:00
Otto Bittner
3a54ca91a7
deps: bump go patch version ( #1903 )
2023-06-09 10:53:17 +02:00
Malte Poll
8c3617faf0
ci: do not manually clear measurements on verify e2e ( #1889 )
2023-06-09 09:25:30 +02:00
Adrian Stobbe
e9f9337cb9
Revert "ci: fix versionsapi cli container Dockerfile ( #1856 )" ( #1896 )
...
This reverts commit 0fac6a03cc
.
2023-06-07 17:18:59 +02:00
renovate[bot]
25037026e1
deps: update Python dependencies ( #1887 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-07 10:36:52 +02:00
renovate[bot]
6f7c8999f3
deps: update dependency cryptography to v41 [SECURITY] ( #1875 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2023-06-06 18:15:26 +02:00
Malte Poll
b3c052e299
operators: cleanup placeholder nodeversion ( #1881 )
...
* operators: cleanup placeholder nodeversion
* e2e: improve upgrade test portability
2023-06-06 15:22:06 +02:00
Malte Poll
025d34a259
ci: fix docker-login on macOS runner ( #1877 )
2023-06-06 12:20:09 +02:00
3u13r
7c07e3be18
Add --insecure to config fetch-measurement ( #1879 )
...
* cli: add --insecure to fetch-measurements
* cli: rename fake to stub
* ci: upload measurements for debug images
* fix cli docs
2023-06-06 10:32:22 +02:00
Malte Poll
900d51d49f
ci: select correct target version for upgrade e2e test in release pipeline ( #1874 )
2023-06-05 13:56:16 +02:00
Adrian Stobbe
a813760f96
config: automatically upload new Azure SNP versions to API + sign version with release key ( #1854 )
...
* sign version with release key and remove version from fetcher interface
* extend azure-reporter GH action to upload updated version values to the Attestation API
2023-06-02 12:10:22 +02:00
Otto Bittner
0fac6a03cc
ci: fix versionsapi cli container Dockerfile ( #1856 )
...
paths were not updated during refactoring
2023-06-02 11:29:46 +02:00
Malte Poll
289665eb22
ci: remove setup-go action / disable cache where applicable ( #1850 )
...
Runners sometimes fail because they run out of disk space.
One reason this happens is a change in the setup-go action@v4:
> The V4 edition of the action offers: Enabled caching by default
To combat this, we now disable the cache if it was not enabled explicitly before.
Additionally, we remove setup-go where it is no longer needed.
2023-06-01 15:16:00 +02:00
3u13r
e0285c122e
todo responsibilities and cleanup ( #1837 )
...
* chore: add TODO responsibilities
* chore: remove not needed TODOs
* chore: remove outdated migrations
* chore: remove resolved goleak exception
* chore: remove not needed cosign env
* config: add link to our Azure snp docs
2023-06-01 12:33:06 +02:00
Otto Bittner
0c13f3ed8d
image: add aws_aws-sev-snp variant
...
This needs no changes to the existing AWS image.
The images have worked without modification so far.
2023-06-01 11:25:31 +02:00
Malte Poll
8a51ae1ec3
ci: do not sign & upload debug image measurements ( #1849 )
2023-06-01 10:58:34 +02:00
renovate[bot]
bff8e684e1
deps: update golang:1.20.4 Docker digest to 690e413 ( #1845 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: malt3 <29139614+renovate[bot]@users.noreply.github.com>
2023-06-01 09:26:31 +02:00
Malte Poll
a1ec899171
ci: use enterprise cli for e2e tests
2023-05-31 14:00:00 +02:00
Adrian Stobbe
0a6e5ec02e
config: dynamic attestation configuration through S3 backed API ( #1808 )
2023-05-25 17:43:44 +01:00
3u13r
25211dc154
ci: codeql disable autobuild for go ( #1828 )
2023-05-25 18:20:44 +02:00
Malte Poll
76bf5e8e28
ci: upload image info v2 and measurements v2 in image build pipeline
2023-05-25 15:01:15 +02:00
Otto Bittner
c010a4d742
ci: fix aws-snp-launchmeasurement pipeline
...
Misspelled variable name.
2023-05-25 14:00:45 +02:00
Malte Poll
7cff47f30f
ci: run release workflow on temporary branch ( #1628 )
2023-05-25 10:14:42 +02:00
Otto Bittner
06a32a85a7
ci: add pipeline to precalc launchmeasurements
...
This is for SNP on AWS.
2023-05-24 12:58:39 +02:00
Malte Poll
050fccc591
ci: do not run unit tests on macOS
2023-05-23 15:11:10 +02:00
Malte Poll
c4ad246910
wip: cached unit tests
2023-05-23 15:11:10 +02:00
Leonard Cohnen
c98644df2b
ci: use bazel for unittests
2023-05-23 15:11:10 +02:00
Malte Poll
b467327128
ci: optimize bazel output for web-based console
2023-05-23 15:11:10 +02:00
Malte Poll
660781d35e
misc: bazelisk -> bazel
2023-05-23 15:11:10 +02:00
Malte Poll
a0ac230298
ci: remove bazel repo cache hosted in github actions cache
2023-05-23 15:11:10 +02:00
Malte Poll
41cc759b44
ci: use self hosted (cached) runners
2023-05-23 15:11:10 +02:00
renovate[bot]
a5215d3268
deps: update dependency requests to v2.31.0 [SECURITY] ( #1816 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-23 13:45:15 +02:00
3u13r
6062b10035
cli: split image into oss and enterprise ( #1788 )
2023-05-23 10:49:47 +02:00
Malte Poll
dc9b3c1937
ci: run e2e tests as last step of release pipeline ( #1793 )
2023-05-22 09:22:00 +02:00
3u13r
964775c4c2
Add autoscaling and cluster upgrade support for AWS ( #1758 )
...
* aws: autoscaling and upgrades
* docs: update scaling and upgrades for AWS
* deps: pin vuln check against release
2023-05-19 13:57:31 +02:00
Otto Bittner
2dc105224d
ci: set toImage argument in e2e-test-release ( #1722 )
2023-05-16 08:54:12 +02:00
renovate[bot]
080e0bcaec
deps: update golang:1.20.4 Docker digest to 685a22e ( #1761 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-05-12 18:18:13 +02:00
3u13r
4024b9cf71
ci: fix minicon e2e test ( #1763 )
...
* ci: push containers during minicon e2e
* cli: set testing nvram for pre images in minicon
2023-05-12 17:14:32 +02:00
Daniel Weiße
0e7d50b465
Select attestation variant for verify test ( #1755 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-12 11:06:49 +02:00
3u13r
dd2ea50a39
deps: bump go version ( #1760 )
2023-05-11 14:14:15 +02:00
Daniel Weiße
d9bec20c78
Guard measurement removal behind config version check ( #1739 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-05 16:43:50 +02:00
renovate[bot]
a8101c8c64
deps: update GitHub action dependencies ( #1745 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 14:42:20 +02:00
renovate[bot]
a60e22d6d3
deps: update golang Docker tag to v1.20.4 ( #1746 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-05-05 14:37:15 +02:00
Paul Meyer
30cd024076
deps: add Kubernetes v1.27, remove Kubernetes v1.24 ( #1669 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 13:22:53 +02:00
Paul Meyer
b48866a756
ci: fix measurement generation on scheduled build ( #1741 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-05 13:13:51 +02:00
Malte Poll
2efa3083dc
ci: use native go code for os image upload
2023-05-05 12:06:44 +02:00
Otto Bittner
1f49c815b2
ci: update measurement overwrite for config v3 ( #1731 )
2023-05-04 11:32:52 +02:00
Paul Meyer
b76583e4a0
ci: fix e2e miniconstellation abort condition ( #1728 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-04 08:16:31 +02:00
Paul Meyer
ab74958b4a
ci: fix e2e release abort condition ( #1726 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-05-03 18:18:16 +02:00
Malte Poll
d2cbf3dc83
ci: skip e2e tests if caller was not successful ( #1714 )
2023-05-03 11:40:09 +02:00
Otto Bittner
1180b376fa
ci: only add tf-log flag if the binary supports it
...
We sometimes run older CLI versions in the CI. Those versions
may not support the flag.
2023-05-02 11:08:40 +02:00
Paul Meyer
7ab23c28b8
Revert "misc: replace sha256sum with shasum -a 256 ( #1681 )"
...
This reverts commit ec1d5e9fb5
.
While the change enabled shasum calculation on mac, it broke it
on some Linux distros.
2023-05-02 11:07:05 +02:00
Otto Bittner
5deccc3d01
ci: push images in e2e-upgrade
2023-04-28 15:48:12 +02:00
Otto Bittner
481eeeaf3e
ci: add simulatedTargetVersion to e2e-upgrade
...
This allows us to build a CLI that reports the given version during
an upgrade test. With this we can test patch upgrades.
2023-04-28 15:48:12 +02:00
Paul Meyer
1d24036f21
ci: fix os image build schedule ( #1703 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-28 12:57:11 +02:00
Malte Poll
635b98a34f
ci: rename all usages of bazel push target from //:push to //bazel/release:push ( #1701 )
2023-04-28 09:26:15 +02:00
renovate[bot]
fa4c6201b0
deps: update golang:1.20.3 Docker digest to 403f486 ( #1691 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 17:50:46 +02:00
Moritz Sanft
261fe611a9
ci: add Terraform logging ( #1665 )
...
* enable Terraform logging
* change to debug level
* rename artifact
* add name suffix
* remove blank line
2023-04-27 14:03:49 +02:00
Paul Meyer
12216ea997
ci: prevent google auth warnings when reauthenticating ( #1697 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 10:55:57 +02:00
Malte Poll
0c206e62d0
deps: rename bazel-zig-cc to hermetic_cc_toolchain ( #1695 )
2023-04-27 10:27:43 +02:00
Paul Meyer
bf051174f6
ci: update measurements and image version
...
on scheduled build
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 10:20:27 +02:00
Paul Meyer
82d0475e2a
ci: don't pick from release to main
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-27 10:20:27 +02:00
Malte Poll
ec1d5e9fb5
misc: replace sha256sum with shasum -a 256 ( #1681 )
2023-04-26 13:40:18 +02:00
Malte Poll
84dd25600f
image: upgrade mkosi to support repart ( #1684 )
2023-04-25 18:22:40 +02:00
Otto Bittner
c962e1745f
ci: add missing permissions for e2e-upgrade job ( #1679 )
...
Missed a spot..
2023-04-24 13:49:02 +02:00
Otto Bittner
e6d5c2f116
ci: remove obsolete env variables
...
these variables influence the azure cli auth behavior.
we now use OIDC as login mechanism.
2023-04-24 12:38:08 +02:00
Otto Bittner
840eb401c6
ci: add missing permissions to workflows
...
+ packages: write
+ checks: write
2023-04-24 12:38:08 +02:00
Malte Poll
dc5e6f30a9
ci: login to container registry before pushing containers ( #1676 )
2023-04-21 11:05:08 +02:00
Malte Poll
5145f806ea
bazel: remove apko and Dockerfile where Bazel is used to build container images
2023-04-18 15:35:15 +02:00
Malte Poll
19ff132ee8
ci: upload container images when running e2e tests
2023-04-18 15:35:15 +02:00
Paul Meyer
4b9bce9bb7
ci: fix notification trigger ( #1673 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-18 14:50:36 +02:00
Paul Meyer
e335421dd2
ci: trigger notify only in scheduled workflows ( #1671 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-17 17:30:56 +02:00
3u13r
3cb6ab04f1
ci: don't set IAM env for Azure ( #1670 )
2023-04-17 16:47:12 +02:00
Paul Meyer
c1d3b38a5f
ci: replace release[bot] with edgelessci
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-17 12:08:42 +02:00
Paul Meyer
7a1af4937c
ci: remove outdated iam code
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-17 12:08:42 +02:00
Paul Meyer
b80d1576f3
ci: use include list to define e2e matrix
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-17 12:08:42 +02:00
Paul Meyer
4020e7840a
ci: always use tee -a instead of redirecting
...
into GITHUB_OUTPUT
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-17 12:08:42 +02:00
Paul Meyer
0b3190ea8b
ci: fix naming issues ( #1662 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-15 19:24:48 +02:00
Paul Meyer
860d72a083
ci: reduce number of steps with continue-on-error ( #1593 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-14 18:50:58 +02:00
Paul Meyer
632b24e7cd
ci: fix version publishing on release ( #1658 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-14 18:04:03 +02:00
Paul Meyer
1cc0ab2614
ci: improve e2e failure reporting and checklist ( #1656 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-14 13:14:25 +02:00
Paul Meyer
76979136de
ci: refactor artifact and resource naming
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-14 13:12:39 +02:00
Paul Meyer
1f82b4d266
ci: reduce continue-on-error usage in e2e upgrade
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-14 13:12:39 +02:00
Paul Meyer
d24ebd660e
ci: fix order in e2e upgrade
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-14 13:12:39 +02:00
Paul Meyer
677ed052a4
ci: use iam created Azure resource group in e2e upgrade
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-14 13:12:39 +02:00
Otto Bittner
d2967fff6b
cli: fix misleading error while applying kubernetes-only upgrade ( #1630 )
...
* The check would previously fail if e.g. `apply` did not upgrade the
image, but a new image was specified in the config. This could
happen if the specified image was too new, but a valid Kuberentes
upgrade was specified.
* ci: fix variable expansion in e2e-upgrade call
* e2e: do not verify measurement signature
2023-04-13 15:58:37 +02:00
Paul Meyer
dea41bd1ed
ci: refactor e2e test failure notifications ( #1625 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-12 16:06:26 +02:00
renovate[bot]
60bacaa587
deps: update golang:1.20.3 Docker digest to 89924bd ( #1636 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-12 14:35:57 +02:00
Moritz Sanft
6ba294e175
ci: separate e2e permissions ( #1555 )
...
* split e2e test iam create / create perms
* remove global Azure credentials
* remove unnecessary azure actions
* use UUID
* fix e2e upgrade test
* rename create inputs
* remove continue-on-error for resource deletion
* de-exclude verify test
* fix exclude
* fix release e2e test
---------
Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
2023-04-12 13:24:13 +02:00
Malte Poll
52a1bb0a19
ci: prevent accidental GOOS and GOARCH confusion in host go toolchain ( #1632 )
2023-04-12 11:05:05 +02:00
Moritz Eckert
0b66119a41
docs: group perf graphics by csp
2023-04-11 14:28:21 +02:00
Moritz Eckert
db32251daa
docs: update benchmarks with v2.6.0
...
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-04-11 14:28:21 +02:00
Moritz Eckert
a1f5e0e53d
ci: Add tooling to create benchmark figures
2023-04-11 14:28:21 +02:00
Malte Poll
2b962598bf
deps: update go to 1.20.3 ( #1622 )
2023-04-06 16:36:07 +02:00
Malte Poll
0ece41c146
bazel-deps-mirror: upgrade command ( #1617 )
...
* bazel-deps-mirror: upgrade command
This command can be used to upgrade a dependency.
Users are supposed to replace any upstream URLs and run the upgrade command.
It replaces the expected hash and uploads the new dep to the mirror.
2023-04-05 17:32:51 +02:00
Paul Meyer
b6778ab3e8
ci: always release cli on release-cli workflow ( #1611 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-04 18:07:48 +02:00
renovate[bot]
8f17e4b9df
deps: update actions/setup-go action to v4 ( #1605 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-04-04 11:06:30 +02:00
Paul Meyer
00efc30e24
ci: fix empty image input of verify e2e on release ( #1604 )
...
* ci: fix empty image input of verify e2e on release
* ci: increase parallelism of e2e release workflow
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-04 10:47:26 +02:00
Otto Bittner
b5ce95a7a1
ci: do not run tests on macOS ( #1595 )
...
only run two tests on macOS as a simple smoketest
2023-04-03 17:47:21 +02:00
renovate[bot]
5dad9bfad7
deps: update GitHub action dependencies ( #1591 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 16:36:43 +02:00
Paul Meyer
cbdaec65da
ci: purge images on main ( #1583 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-03 13:44:46 +02:00
Otto Bittner
1dd5eae594
ci: do not skip e2e-weekly if trigger is successful ( #1584 )
2023-04-03 13:40:42 +02:00
Otto Bittner
180ef931fd
ci: do not create branch during release workflow
...
This seems to bother the create-pull-request action.
See: https://github.com/peter-evans/create-pull-request/issues/1203
2023-04-03 11:35:39 +02:00
Otto Bittner
cc2bde9a3e
ci: only commit version.txt if a change happened
2023-04-03 11:35:39 +02:00
Malte Poll
5e07efbb07
ci: fix cli path for cli signatures
2023-04-03 11:35:39 +02:00
Otto Bittner
4df33b93fe
ci: add e2e-test-release workflow
...
This workflow is used to run e2e tests in
preparation to a release.
It is triggered by the successful completion of
the release workflow.
Also trigger e2e-mini through the release
workflow completion.
This makes restarting the tests easier if
they fail during release preparation.
Co-authored-by: stdoutput <moritz.sanft@outlook.de>
2023-04-03 11:35:39 +02:00
3u13r
efe4681214
add version.txt step to release pipeline ( #1493 )
...
* add version.txt step to release pipeline
* refresh git status
* make minicon e2e test less flaky
2023-03-31 12:41:32 +02:00
Paul Meyer
e021245660
bazel: add cli doc generation to //:generate
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 12:01:13 -04:00
Paul Meyer
399b052f9e
bazel: add protoc codegen to //:generate target ( #1554 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 14:47:29 +02:00
Otto Bittner
ef5d64b170
ci: set correct fromVersion in upgrade test ( #1535 )
2023-03-30 09:46:41 +02:00
Malte Poll
827c4f548d
bazel: deps mirror ( #1522 )
...
bazel-deps-mirror is an internal tools used to upload external dependencies
that are referenced in the Bazel WORKSPACE to the Edgeless Systems' mirror.
It also normalizes deps rules.
* hack: add tool to mirror Bazel dependencies
* hack: bazel-deps-mirror tests
* bazel: add deps mirror commands
* ci: upload Bazel dependencies on renovate PRs
* update go mod
* run deps_mirror_upload
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 09:41:56 +02:00
Paul Meyer
d3e2f30f7b
ci: fix diff check in tidy workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Paul Meyer
909bfb9274
bazel: add go generate to //:generate target
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
renovate[bot]
96cdf108e4
deps: update golang:1.20.2 Docker digest to 2101aa9 ( #1551 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 14:56:55 +02:00
Malte Poll
2a8169dd3b
ci: use bazel repository cache for tidy checks ( #1525 )
2023-03-29 14:13:51 +02:00
Paul Meyer
f108ff8539
bazel: add govulncheck to //:check target ( #1512 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-27 13:35:51 +02:00
Paul Meyer
00c7611245
bazel: add license checks to //:check target ( #1509 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-27 10:42:30 +02:00
Otto Bittner
da4e2521a9
ci: don't statically set PCR 5 ( #1521 )
...
This value can't be statically precomputed and leads to
warnings during runtime.
2023-03-24 17:08:39 +01:00
Paul Meyer
f7713df833
bazel: add golangci-lint to //:check target ( #1494 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 17:27:09 +01:00
Moritz Eckert
feb23ea3da
ci: add unittests for the benchmark actions ( #1466 )
...
Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
2023-03-23 17:04:55 +01:00
Paul Meyer
01d6724bae
ci: run e2e test daily on last release
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 10:54:59 -04:00
Paul Meyer
4628222780
ci: always use tee -a when writing output
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 10:54:59 -04:00
Paul Meyer
332c78da60
ci: run e2e test weekly on last release
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 10:54:59 -04:00
Paul Meyer
24f974de66
ci: run e2e test manual on last release
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 10:54:59 -04:00
Paul Meyer
b33098346f
ci: add missing version expansion to verify test
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 10:54:59 -04:00
Otto Bittner
cac43a1dd0
ci: add e2e-upgrade test
...
The test is implemented as a go test.
It can be executed as a bazel target.
The general workflow is to setup a cluster,
point the test to the workspace in which to
find the kubeconfig and the constellation config
and specify a target image, k8s and
service version. The test will succeed
if it detects all target versions in the cluster
within the configured timeout.
The CI automates the above steps.
A separate workflow is introduced as there
are multiple input fields to the test.
Adding all of these to the manual e2e test
seemed confusing.
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2023-03-23 14:57:38 +01:00
Leonard Cohnen
18661ced48
miniconstellation e2e test as bazel target
2023-03-23 14:55:29 +01:00
Leonard Cohnen
740d28f41d
update snp repoter
2023-03-23 14:55:29 +01:00
renovate[bot]
0a190c2bf6
deps: update GitHub action dependencies ( #1499 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 17:57:47 +01:00
Nils Hanke
1ab40b7ca6
e2e: install Terraform for macOS runner for boot log collection
2023-03-22 10:36:28 +01:00
Nils Hanke
093f0f0e28
ci: rename scheduled OS image build action
2023-03-21 14:32:56 +01:00
renovate[bot]
9a9688583d
deps: update aws-actions/configure-aws-credentials action to v2 ( #1445 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-21 10:56:30 +01:00
Malte Poll
6f16e0b6fd
ci: use github actions cache to speedup bazel builds ( #1444 )
...
* ci: use github actions cache to speedup bazel builds
* ci: warm bazel repo cache daily
2023-03-21 10:06:32 +01:00
Paul Meyer
a3b328360d
ci: always run bazel tidy/check/generate workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 11:17:16 -04:00
Paul Meyer
8d3fe6f477
bazel: add terrafrom to //:check and //:generate
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 11:17:16 -04:00
Nils Hanke
cdcc549d68
e2e: extract sonobuoy results to access junit results
2023-03-20 16:16:08 +01:00
Nils Hanke
af91ce2a3c
e2e: only use junit for full tests
2023-03-20 16:16:08 +01:00
Nils Hanke
33cb3e8653
e2e: add "checks: write" permission for junit reports
2023-03-20 16:16:08 +01:00
Malte Poll
c3c0940adb
bazel: use remote caching ( #1456 )
...
* bazel: add configuration for remote caching
* ci: enable bazel remote caching for building binaries
* ci: use bazel directly when building go binaries
* ci: enable cache for most build steps
* dev-docs: document remote caching
2023-03-20 16:05:08 +01:00
Nils Hanke
914eacb4a3
e2e: use macOS for building Linux artifacts and remove caching steps ( #1446 )
2023-03-20 11:04:44 +01:00
Malte Poll
3fd9a34025
ci: disable upload of Azure TrustedLaunch image ( #1440 )
2023-03-17 10:51:44 +01:00
Paul Meyer
3a04786412
bazel: add actionlint to //:check
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 13:02:11 -04:00
Paul Meyer
0fc15b2393
bazel: add shellcheck to //:check
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 11:13:14 -04:00
renovate[bot]
f8f3f00595
deps: update Terraform azurerm to v3.47.0 ( #1422 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 13:45:08 +01:00
Paul Meyer
e3f37e9a38
bazel: add shfmt to tidy target
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-16 04:39:45 -04:00
Nils Hanke
70ca69f6bc
e2e: print K8s Pods and Events when kubectl wait fails
2023-03-15 18:36:32 +01:00
Nils Hanke
de86bb025f
e2e: Temporarily bump kubectl wait timeout from 10 mins to 20 mins
2023-03-15 18:36:32 +01:00
Nils Hanke
6bb6f1c288
ci: remove Go setup where Bazel is used for building
2023-03-14 15:28:36 +01:00
3u13r
fe767ba78e
introduce version.txt ( #1412 )
2023-03-14 14:53:33 +01:00
Paul Meyer
8679988b6c
fixup! bazel: add tidy and check
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-14 03:43:51 -04:00
Paul Meyer
02c97fac03
bazel: add tidy and check
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-14 03:43:51 -04:00
Paul Meyer
e1f0ea50a7
ci: only build GCP guest agent if necessary
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-10 12:19:46 -05:00
Paul Meyer
72530d45ae
ci: tag GCP guest agent with semver
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-10 12:19:46 -05:00
Paul Meyer
cc60de312e
ci: adopt tidy workflow for bazel
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-10 10:02:28 -05:00
Moritz Sanft
01705feb51
ci: upload cli version list ( #1377 )
...
* upload cli version list
* fix flag
* name
* allow cli kind for listing
* [remove] update vapi cli
* allow cli kind
* use latest versionsapi image version
* fix kind parsing
* use workflow calls in on_release action
* [remove] update container tag
* change back to latest tag
2023-03-10 10:21:58 +01:00
Malte Poll
bdba9d8ba6
bazel: add build files for go ( #1186 )
...
* build: correct toolchain order
* build: gazelle-update-repos
* build: use pregenerated proto for dependencies
* update bazeldnf
* deps: tpm simulator
* Update Google trillian module
* cli: add stamping as alternative build info source
* bazel: add go_test wrappers, mark special tests and select testing deps
* deps: add libvirt deps
* deps: go-libvirt patches
* deps: cloudflare circl patches
* bazel: add go_test wrappers, mark special tests and select testing deps
* bazel: keep gazelle overrides
* bazel: cleanup bazelrc
* bazel: switch CMakeLists.txt to use bazel
* bazel: fix injection of version information via stamping
* bazel: commit all build files
* dev-docs: document bazel usage
* deps: upgrade zig-cc for go 1.20
* bazel: update Perl for macOS arm64 & Linux arm64 support
* bazel: use static perl toolchain for OpenSSL
* bazel: use static protobuf (protoc) toolchain
* deps: add git and go to nix deps
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-09 15:23:42 +01:00
Daniel Weiße
e07be3d6f8
fix: add measurement-reader to build pipeline ( #1386 )
...
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-03-09 15:01:09 +01:00
renovate[bot]
262e5674a2
deps: update golang Docker tag to v1.20.2 ( #1370 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-08 10:41:52 +01:00
renovate[bot]
fede4ec6d2
deps: update GitHub action dependencies ( #1365 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-08 10:06:42 +01:00
Paul Meyer
74fc6239b2
deps: update to Go 1.20.2 ( #1366 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-08 10:05:36 +01:00
renovate[bot]
38d80f9608
deps: update golang:1.20.1 Docker digest to b03e750 ( #1362 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-07 18:18:15 +01:00
Paul Meyer
cc6006c6ea
ci: fix labeling when building on other branches
...
than github.head_ref, e.g., during release
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-07 11:32:41 -05:00
Paul Meyer
e4b5655646
ci: group output
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-07 11:32:41 -05:00
Paul Meyer
f4a4a044fe
ci: tee GitHub output
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-07 11:32:41 -05:00
Paul Meyer
53bc875e59
ci: use latest ver of versionsapi cli container
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-07 04:39:17 -05:00
Malte Poll
3d0ad0b8e1
ci: move aws iam create test to less utilized zone ( #1350 )
2023-03-07 09:32:26 +01:00
Malte Poll
1624af0cc7
image: pin aws uefivars version and install new deps ( #1345 )
2023-03-06 13:29:15 +01:00
Thomas Tendyck
c94d1db76d
attestation: remove PCR 0 and 10 on GCP
2023-03-06 13:09:57 +01:00
Moritz Eckert
5397ce4509
ci: fix typo in benchmark actions ( #1344 )
2023-03-06 08:49:15 +01:00
Moritz Eckert
62c437246b
ci: store additional data in bench results ( #1341 )
2023-03-06 08:12:08 +01:00
Moritz Eckert
ac127db79e
ci: set timestamp format correctly for opensearch ( #1335 )
2023-03-03 13:47:25 +01:00
Paul Meyer
2e73e0aa18
deps: update sonobuoy ( #1330 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-03 12:02:49 +01:00
Moritz Eckert
29664fc481
ci: upload benchmark results to opensearch
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-03 09:43:49 +01:00
Moritz Eckert
bfca2638d0
ci: remove k-bench action
2023-03-03 09:43:49 +01:00
Moritz Eckert
12ba11ceee
ci: replace k-bench in e2e-test-weekly
2023-03-03 09:43:49 +01:00
Moritz Eckert
6fbca2818f
ci: replace k-bench in e2e-test-manual
2023-03-03 09:43:49 +01:00
Moritz Eckert
0481c039f7
ci: add kubestr and knb based e2e_benchmark action
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-03 09:43:49 +01:00
Paul Meyer
6cb93d66df
ci: change push/pr token
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-03 02:55:17 -05:00
Otto Bittner
a5d4970753
ci: run constellation commands with --debug
( #1321 )
2023-03-02 09:40:21 +01:00
Paul Meyer
f9bb7c5f34
ci: frequently build up to date gcp guest-agent ( #1315 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-01 13:52:52 +01:00
Paul Meyer
8c171a1b66
ci: pin ko version ( #1309 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-28 18:53:28 +01:00
Moritz Sanft
732d15d013
ci: use iam destroy command for resource destruction ( #1272 )
...
* replace tf destruction with new command
* move iam destroy cmd
* fix typos
* exit post test on error
* [remove] test failure on iam destroy
* Revert "[remove] test failure on iam destroy"
This reverts commit 99449c0cc0
.
* [remove] test failure on terminate
* Revert "[remove] test failure on terminate"
This reverts commit 99c45bbc54
.
* gofumpt
2023-02-28 09:52:32 +01:00
Malte Poll
b79f7d0c8c
cli: add basic support for constellation create
on OpenStack ( #1283 )
...
* image: support OpenStack image build / upload
* cli: add OpenStack terraform template
* config: add OpenStack as CSP
* versionsapi: add OpenStack as CSP
* cli: add OpenStack as provider for `config generate` and `create`
* disk-mapper: add basic support for boot on OpenStack
* debugd: add placeholder for OpenStack
* image: fix config file sourcing for image upload
2023-02-27 18:19:52 +01:00
Otto Bittner
6c07a2892e
ci: adapt pipeline to use --kubernetes flag
2023-02-27 16:33:47 +01:00
Otto Bittner
08ee56911b
cli: overwrite chart versions during install/upgrade
...
* As charts receive information like the container image from
the cli it makes sense to also version the charts based on the cli
version.
* The pseudoversion is recalculated when running cmake.
* When merging changes from release branch to main,
a new commit is introduced to set the PROJECT_VERSION back
to 0.0.0, so that builds include a pseudoversion.
2023-02-27 16:06:35 +01:00
Otto Bittner
948a12461c
build: introduce pseudoversion for cli versions
...
All binaries that receive a version number during build
now receive a pseudoversion from hack/pseudo-version.
This makes any version-dependant behavior more similar
between dev and release versions. And in turn makes testing
easier.
2023-02-27 16:06:35 +01:00
Paul Meyer
4f480db77a
ci: ensure ci prs trigger workflows ( #1279 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-27 15:16:07 +01:00
Otto Bittner
05823680f3
ci: fix release pipeline ( #1253 )
...
* add pull-request permission to docs job
* readd permission for micro-services step
* run checkout action before building
* allow crane to read packages
2023-02-27 10:49:52 +01:00
Paul Meyer
1d2cdca979
ci: fix quoting of versionsapi flags
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-24 10:52:14 -05:00
Paul Meyer
d2cdc85cf7
ci: fix build-ko action bash
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-24 06:01:08 -05:00
Moritz Sanft
a274ac8a7c
ci: add cli k8s compatibility table artifact upload to ci ( #1218 )
...
* add cli k8s compatibility api to ci
* extend versionsapi package
* rework cli info upload via ci
* join errors natively
* fix semver
* upload from hack file
* fix ci checks
* add distributionid
* setup go before running hack file
* setup go after repo checkout
* use logger instead of panic, invalidate cache
* use provided ctx
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
---------
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-24 12:00:04 +01:00
Paul Meyer
f1b331bbbd
ci: fix comparision of ref name
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-24 04:42:37 -05:00
Nils Hanke
9b1c9f971f
ci: specify URL predicate because shortnames are unreliable
2023-02-22 15:45:39 +01:00
Nils Hanke
f13f80b8af
ci: update Syft to 0.72.0 and Grype to 0.57.1 ( #1120 )
...
* ci: update Syft to 0.72.0 and Grype to 0.57.1
* ci: install Cosign before Syft
* ci: directly read private key from environment for Cosign
* ci: add --add-cpes-if-none to Grype
* ci: use cosign attest directly instead of syft attest
2023-02-22 14:17:02 +01:00
Otto Bittner
c4fd70684f
Revert "deps: update Terraform azurerm to v3.44.1 ( #1197 )" ( #1255 )
...
This reverts commit 253f833f6c
.
2023-02-22 11:16:05 +01:00
Paul Meyer
f580f8216a
ci: add missing Go setup
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-21 08:50:11 -05:00
renovate[bot]
30f53f78d0
deps: update GitHub action dependencies ( #1239 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-21 13:49:47 +01:00
renovate[bot]
8134b8b4f0
deps: update golang:1.20.1 Docker digest to 745aa72 ( #1238 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-21 13:48:38 +01:00
Moritz Sanft
0ba810240f
ci: integrate automatic iam creation in e2e test ( #1158 )
...
* integrate automatic iam creation in e2e test
* fix typo
* break long line comments
* fix semvers
* correct bracing
2023-02-21 12:47:14 +01:00
Paul Meyer
df30197607
ci: fix self trigger paths of workflows
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-21 05:21:59 -05:00
renovate[bot]
253f833f6c
deps: update Terraform azurerm to v3.44.1 ( #1197 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-21 10:41:04 +01:00
Paul Meyer
0e7f1c9300
ci: add missing replaced mod files to docker build
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-21 03:13:08 -05:00
Paul Meyer
937ced0223
ci: update Go tidy check workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-20 12:08:24 -05:00
Paul Meyer
955316c661
ci: use new -C flag of Go subcommands
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-20 12:08:24 -05:00
Paul Meyer
e011a20c49
deps: update to Go 1.20
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-20 12:08:24 -05:00
Paul Meyer
62fbbff91f
ci: commit as edgelessci
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-20 10:40:08 -05:00
Paul Meyer
c5977840f6
ci: add missing token in terraform workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-20 10:40:08 -05:00
Otto Bittner
68b4b95741
ci: use correct container name to tag joinservice
2023-02-17 11:17:26 +01:00
Fabian Kammel
656e109e17
fix: upload signature of measurements. ( #1213 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-02-17 10:53:57 +01:00
renovate[bot]
7500112d37
deps: update GitHub action dependencies ( #1201 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-15 14:47:42 +01:00
Otto Bittner
03de71fdd2
ci: do not overwrite warnOnly measurements flag
...
The image-api's measurement.json includes a setting for warnOnly
that should be followed by default. Enforcing all measurments is
currently not possible as some of them are unstable.
2023-02-15 10:35:30 +01:00
Otto Bittner
f97d351ad2
ci: add force flag to remaining constellation cmds
...
In the CI most configs use prerelease images. Config validation
prevents this. Therefore we need to use the force flag for now.
2023-02-15 10:35:30 +01:00
renovate[bot]
449d0e5b7a
deps: update golang Docker tag to v1.20.1 ( #1190 )
...
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
2023-02-15 10:14:38 +01:00
Malte Poll
77216f7492
deps: vendor node-maintenance-operator api ( #1172 )
...
* deps: go generate script to vendor node-maintenance-operator api folder
* deps: vendor node-maintenance-operator api folder
* operators: use vendored node-maintenance-operator api
* ci: ignore 3rdparty dir for license check
2023-02-14 18:46:48 +01:00
Paul Meyer
b46e2b1681
ci: better naming for spelling check workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-13 11:42:12 -05:00
Thomas Tendyck
5a142748bc
ci: update vale action
2023-02-13 16:43:56 +01:00
Otto Bittner
74c569cba0
ci: fix yq command for new k8s version format
...
The string "1.25" does not need quotes to work in the replace.
"1.25.6" or "v1.25.6", however, do.
2023-02-13 10:19:59 +01:00
Fabian Kammel
50522cb73c
expand variables ( #1161 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-02-10 17:57:26 +01:00
Paul Meyer
278031b066
ci: fix workdir of apko base image build
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-10 11:24:17 -05:00
stdoutput
e46f4280e7
update default k8s version in manual e2e test
2023-02-10 15:13:34 +01:00
Otto Bittner
a7ea85c738
ci: update k8s versions in e2e tests
...
The accepted format has been changed for upgrade support.
2023-02-10 15:13:34 +01:00
Daniel Weiße
c29107f5be
init: create kubeconfig file with unique user/cluster name ( #1133 )
...
* Generate kubeconfig with unique name
* Move create name flag to config
* Add name validation to config
* Move name flag in e2e tests to config generation
* Remove name flag from create
* Update ascii cinema flow
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-10 13:27:22 +01:00
Fabian Kammel
4c5ab7c5e9
ci: refactor image measurement generation ( #1152 )
...
* Merge measurements.image.json and measurements.json into latter.
* Use static (known) measurement values for the ones we cannot precompute.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-02-09 13:33:17 +01:00
Otto Bittner
c275464634
cli: change upgrade-plan to upgrade-check
...
Upgrade check is used to find updates for the current cluster.
Optionally the found upgrades can be persisted to the config
for consumption by the upgrade-execute cmd.
The old `upgrade execute` in this commit does not work with
the new `upgrade plan`.
The current versions are read from the cluster.
Supported versions are read from the cli and the versionsapi.
Adds a new config field MicroserviceVersion that will be used
by `upgrade execute` to update the service versions.
The field is optional until 2.7
A deprecation warning for the upgrade key is printed during
config validation.
Kubernetes versions now specify the patch version to make it
explicit for users if an upgrade changes the k8s version.
2023-02-08 12:30:01 +01:00
Otto Bittner
f204c24174
cli: add version validation and force flag
...
Version validation checks that the configured versions
are not more than one minor version below the CLI's version.
The validation can be disabled using --force.
This is necessary for now during development as the CLI
does not have a prerelease version, as our images do.
2023-02-08 12:30:01 +01:00
renovate[bot]
a3f8bb30ac
deps: update golang Docker tag to v1.20.0 ( #1145 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-03 18:08:03 +01:00
Paul Meyer
60254f21f4
ci: fix location of cli docgen output ( #1138 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-02-03 18:00:16 +01:00
Daniel Weiße
f74f589605
ci: add containerized libvirt build workflow ( #1130 )
...
* Add libvirt container build workflow
* Update release workflow
* Update image libvirt base image
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-02-02 14:40:05 +01:00
Fabian Kammel
64c4b1f766
allow workflow to create pr ( #1132 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-02-01 16:54:12 +01:00
Malte Poll
b7d3f3972b
ci: add bazel tests
2023-01-31 17:55:09 +01:00
renovate[bot]
bec82c2328
deps: update GitHub action dependencies ( #1112 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 17:38:44 +01:00
Paul Meyer
e5a2e519a3
ci: fix hasher permissions
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 17:36:45 +01:00
Paul Meyer
e0354826e0
ci: trigger builds on workflow change
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 17:17:03 +01:00
Otto Bittner
176f366c53
ci: fix manual keyservice build workflow
2023-01-31 16:53:46 +01:00
Paul Meyer
4f1a4ecb9e
ci: don't use k-bench install script
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 15:06:29 +01:00
Paul Meyer
c00004a321
ci: fix oras download in package hasher
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-31 15:06:13 +01:00
Fabian Kammel
c14e551af5
fix permissions ( #1119 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-31 14:30:36 +01:00
Otto Bittner
24409fe6ee
ci: ensure that unittests are run when touching helm charts
...
In case the helm charts are changed only yaml files are touched.
Thus the unit test workflow was not triggered.
2023-01-31 11:36:49 +01:00
Otto Bittner
88e3da750e
ci: adjust tags in build_ko
...
Currently tags can be empty when building a ko image.
However, --bare may not work in case --tags is empty,
as per ko docs.
Also remove redundant build step in release pipeline.
Co-authored-by: Malte Poll <mp@edgeless.systems>
2023-01-31 10:16:20 +01:00
Fabian Kammel
b21393ddb1
authorize purge branch ( #1113 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-30 17:55:41 +01:00
leongross
2187aa6cb0
ci: reproducible builds integration ( #1108 )
...
* remove `-ko` suffix from workflows
* integrate into `release.yaml`
* adjust helm charts to use hard coded `ko` binary path
2023-01-30 16:58:49 +01:00
Fabian Kammel
48c8a66114
Minimal GitHub Action token permissions. ( #1104 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-30 16:11:27 +01:00
Paul Meyer
d095f08cd4
apko: build base image with pinned packages
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 16:05:00 +01:00
Paul Meyer
32a540bff4
ci: tag apko base images
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 16:05:00 +01:00
Paul Meyer
8268b6e23f
ci: don't build apko base images on release branch
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 16:05:00 +01:00
Paul Meyer
88b4bc5857
ci: pin apk packages used in container base image
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 16:05:00 +01:00
leongross
bd3ec19aef
update kbench requirements.txt ( #1103 )
2023-01-30 11:57:48 +01:00
Paul Meyer
617c6f0a8d
deps: update sonobuoy version
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-30 10:17:18 +01:00
renovate[bot]
a85ba96ac4
deps: update Terraform azurerm to v3.41.0 ( #1097 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 16:33:32 +01:00
renovate[bot]
17ff8c43d7
deps: update GitHub action dependencies ( #1099 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 16:12:26 +01:00
Moritz Sanft
cb894e5df5
ci: fix Constellation recover e2e test ( #1081 )
...
* AB#2859 wait for cp to recover
* AB#2859 remove unnecessary inputs & echo
2023-01-27 15:53:53 +01:00
Paul Meyer
8364856d55
versions: remove Kubernetes v1.23
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-27 13:32:20 +01:00
Paul Meyer
ccd3a08eca
ci: improve readability of GitHub lables
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-26 18:29:38 +01:00
renovate[bot]
6c068674af
deps: update GitHub action dependencies ( #1085 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-26 15:22:33 +01:00
renovate[bot]
5eecd1345d
deps: update golang Docker tag to v1.19.5 ( #1086 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-26 15:19:23 +01:00
Paul Meyer
4bb1bb7595
ci: fix value substitution in pr messages
...
of release workflow
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-26 12:44:05 +01:00
renovate[bot]
c81863d181
deps: update dependency azure-mgmt-resource to v22
2023-01-26 09:09:34 +01:00
Paul Meyer
bb419bdee5
ci: use peter-evans' action to create prs
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-25 18:39:15 +01:00
Malte Poll
ee869eaf9c
ci: prepare upgrade-agent for upload in e2e tests
2023-01-25 09:58:56 +01:00
Malte Poll
ce17a0c9ac
ci: set debug flag explicitly in os build pipeline
2023-01-25 09:58:56 +01:00
3u13r
f950fded9a
ci: add testdata trigger to unittest ( #1063 )
2023-01-24 11:39:26 +01:00
Paul Meyer
9a70a81b7c
ci: rename os images on GCP to contain stream
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-23 14:15:05 +01:00
Paul Meyer
f5de2b7fc6
ci: move scheduled build into own workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-23 14:15:05 +01:00
Paul Meyer
94c0184e4d
ci: add workflow for proto code generation check
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-23 12:20:37 +01:00
Paul Meyer
a8cbfd848f
keyservice: use dash in container name ( #1016 )
...
Co-authored-by: Otto Bittner <cobittner@posteo.net>
2023-01-20 18:51:06 +01:00
Fabian Kammel
582412d275
Fix GCP CCM build, add v26, and exclude old broken versions until fixed. ( #1038 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-20 15:17:00 +01:00
Paul Meyer
a31d79e9cb
ci: curl flags
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-20 14:23:32 +01:00
Paul Meyer
a6d35c6fd1
ci: move apko building into separate script
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-20 09:52:17 +01:00
Paul Meyer
71708a967c
ci: run tests on workflow file change
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-19 16:47:47 +01:00
Paul Meyer
acc3f64dee
ci: only build apko base images on change
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-19 15:18:26 +01:00
Paul Meyer
5dc080c3b3
ci: only run CodeQL on main
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-19 12:16:40 +01:00
Moritz Sanft
ae2db08f3a
ci: add e2e test for constellation recover ( #845 )
...
* AB#2256 Add recover e2e test
* AB#2256 move test & fix minor objections
* AB#2256 fix path
* AB#2256 rename hacky filename
2023-01-19 10:41:07 +01:00
Paul Meyer
2cee7cb454
ci: run CodeQL only on Go/Python changes
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-19 10:34:36 +01:00
Moritz Sanft
df0fe7178c
Adapt to new measurements format ( #999 )
2023-01-19 10:14:10 +01:00
Nils Hanke
2c6a3c398f
ci: remove unnecessary checkout
2023-01-18 18:53:29 +01:00
Nils Hanke
b52c917dc6
ci: downgrade Syft to 0.65.0
2023-01-18 18:53:29 +01:00
Nils Hanke
4e9c49c342
ci: move Syft & Grype installation into an action ( #1011 )
2023-01-18 17:33:10 +01:00
renovate[bot]
30b22cd17f
Update GitHub action dependencies ( #1007 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-18 17:04:46 +01:00
Paul Meyer
8e18c7012c
ci: install shellcheck using the action
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-18 17:02:40 +01:00
Nils Hanke
fc2a285270
ci: fix CLI SBOM generation ( #1005 )
2023-01-18 11:36:39 +01:00
Paul Meyer
411dfed18f
ci: unified order and style of workflows/actions
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-18 10:57:42 +01:00
Paul Meyer
41690288a1
ci: remove unneeded brackets in if statements
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-18 10:57:42 +01:00
Fabian Kammel
85f33b2140
ci: fix scorecard/pinned-dependencies findings ( #967 )
...
* fix scorecard/pinned-dependencies findings
* make renovate update go install
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-17 16:12:23 +01:00
Fabian Kammel
8f88129cac
Configure CodeQL and scorecard workflow. ( #986 )
...
* Configure CodeQL and scorecard workflow.
* Fix CodeQL finding.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-17 14:01:47 +01:00
Moritz Sanft
9023482ce0
Move verify e2e test ( #996 )
2023-01-17 11:28:28 +01:00
Paul Meyer
ec1df3084b
ci: fix versionsapi action
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 18:23:13 +01:00
Malte Poll
fa7bac3868
ci: switch gcp accounts to oidc ( #983 )
2023-01-16 18:15:17 +01:00
Paul Meyer
d39cf1cd6e
ci: fix cron tab mismatch
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 17:33:17 +01:00
Paul Meyer
c9624c75ee
ci: fix versionsapi action output
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 15:50:53 +01:00
Paul Meyer
2241e41fcf
ci: delete old images of all streams on ref main
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 14:57:13 +01:00
Paul Meyer
3393e458e0
ci: schedule os image builds
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 14:55:24 +01:00
Paul Meyer
98040ff89c
ci: run shellfmt and shellcheck on changes in /image
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 14:49:33 +01:00
Paul Meyer
d37bd077d8
ci: delete old images from main ref
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 13:52:11 +01:00
Paul Meyer
4a6c64a02f
ci: copy versionsapi binary from container to host
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-16 13:52:11 +01:00
Otto Bittner
4239191b0d
ci: remove residual references to "kms"
2023-01-16 12:43:03 +01:00
Malte Poll
938f114086
ci: implement "console" stream for OS images ( #969 )
...
* image: add AUTOLOGIN environment variable to conditionally enable serial console login
* ci: implement "console" stream for OS images
* debugd: remove serial console login access code
2023-01-16 12:20:01 +01:00
Otto Bittner
90b88e1cf9
kms: rename kms to keyservice
...
In the light of extending our eKMS support it will be helpful
to have a tighter use of the word "KMS".
KMS should refer to the actual component that manages keys.
The keyservice, also called KMS in the constellation code,
does not manage keys itself. It talks to a KMS backend,
which in turn does the actual key management.
2023-01-16 11:56:34 +01:00
leongross
c36a009188
ci: reproducible builds ko (no gcp) ( #871 )
...
* add ko build actions and worklflows
* add apko build actions and worklflows
* add .ko.yaml file
* add apko image definitions
* add signing container, add signing sboms, add uploading sboms
2023-01-13 16:38:31 +01:00
Paul Meyer
5dcaf84e23
ci: increase Go test timeout in e2e lb
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-13 12:03:27 +01:00
Paul Meyer
5cb10aef45
ci: find latest image with versionsapi action
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-13 10:23:43 +01:00
Paul Meyer
6d6ef99f11
ci: run versionsapi as docker action
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-13 10:23:43 +01:00
Paul Meyer
8cfa402c9a
ci: refactor titles of prs made by bots
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-13 10:08:51 +01:00
Nils Hanke
b3c3c2fa8c
qemu: remove registry_auth for Docker Terraform module ( #957 )
2023-01-12 15:47:50 +01:00
Paul Meyer
5782e0c884
ci: deactivate dryrun of image deletion
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-12 13:43:42 +01:00
Paul Meyer
d0e9f427d1
deps: update Go to v1.19.5 ( #949 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-12 13:36:17 +01:00
Malte Poll
7cc8f2c884
ci: manual e2e: github.event.inputs -> inputs
2023-01-12 13:24:07 +01:00
Malte Poll
5ba1b6780b
ci: auto detect if released OS images should be marked as "latest"
2023-01-12 13:24:07 +01:00
Malte Poll
77d921824e
ci: switch default AWS zone to eu-central-1c
2023-01-12 13:24:07 +01:00
Malte Poll
67be4016f5
ci: generate signed measurements for QEMU
2023-01-12 13:24:07 +01:00
Malte Poll
d851623c0d
ci: implement second half of release checklist
2023-01-12 13:24:07 +01:00
Malte Poll
142af75776
ci: implement second half of release checklist
2023-01-12 13:24:07 +01:00
Malte Poll
49288f5d30
ci: use explicit input to choose cosign key for OS image measurements
2023-01-12 13:24:07 +01:00
Malte Poll
16d27b5157
ci: update hardcoded measurements during release pipeline
2023-01-12 13:24:07 +01:00
Malte Poll
3077dd4f27
ci: implement first half of release checklist
2023-01-12 13:24:07 +01:00
Malte Poll
8e87a40708
ci: remove unused PPA
2023-01-12 13:24:07 +01:00
Paul Meyer
c1e776a1a2
ci: join macos with normal tests ( #933 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-11 14:27:18 +01:00
Leonard Cohnen
e9da70fde9
ci: remove versions manifest
2023-01-11 11:10:44 +01:00
Paul Meyer
e9442ac1ce
deps: update and pin github.com/katexochen/sh ( #922 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-11 10:17:31 +01:00
Moritz Eckert
b2f8f72f1e
dev-docs: move into top-level dir ( #924 )
2023-01-10 14:18:41 +01:00
renovate[bot]
9fbf298565
Update actions/cache action to v3.2.3 ( #909 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 18:30:41 +01:00
Paul Meyer
6a20d18082
ci: change gcp image and image family names
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 17:06:59 +01:00
Paul Meyer
00ca87a7ec
ci: fix versionsapi workflow remove cmd
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 17:02:45 +01:00
Paul Meyer
8643c791f0
ci: add missing secrets to purge branch workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 16:17:31 +01:00
Paul Meyer
636567d65a
ci: add purge branch workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 13:54:19 +01:00
Paul Meyer
dc73411301
hack: remove build-manifest
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 13:15:09 +01:00
Paul Meyer
433e9cdd8b
Update .github/docs/conventions.md
...
Co-authored-by: leongross <64152526+leongross@users.noreply.github.com>
2023-01-09 11:51:01 +01:00
Paul Meyer
336c2fa2f8
devdocs: pr title conventions
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 11:51:01 +01:00
Paul Meyer
fa85150f3e
hack: move terraform readmes into cli
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-09 11:49:00 +01:00
Moritz Sanft
ecdc465a42
AB2564 Add constellation verify e2e test ( #875 )
2023-01-09 08:54:41 +01:00
renovate[bot]
f62f8e5d79
Update GitHub action dependencies ( #902 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 17:35:54 +01:00
renovate[bot]
3d6b11e7cb
Update Terraform azurerm to v3.38.0 ( #895 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-06 16:28:04 +01:00
renovate[bot]
32b839e9f7
Update GitHub action dependencies ( #877 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-05 16:17:51 +01:00
Leonard Cohnen
94694c6e06
operator: add v2 to package name
2023-01-05 14:52:09 +01:00
Paul Meyer
aaa9e01e55
ci: increase verbosity of load balancer e2e test ( #868 )
...
* ci: increase verbosity of load balancer e2e test
* Enable verbose logging in container for e2e-lb test.
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2023-01-05 14:12:53 +01:00
Paul Meyer
f9458950cb
versionsapi: change image path ( #856 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 17:07:16 +01:00
Paul Meyer
f720726074
ci: fix rebuild loop of microservice images
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 16:01:12 +01:00
Paul Meyer
e1a0a01ac3
ci: replace find-image script with versionsapi cli
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 11:39:19 +01:00
Paul Meyer
3561a16819
ci: replace add-version through versionsapi cli
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 11:39:19 +01:00
Paul Meyer
195fe27870
ci: add versionsapi workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-04 11:39:19 +01:00
renovate[bot]
7c017e2b67
Update Terraform azurerm to v3.37.0 ( #849 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-03 14:47:44 +01:00
Fabian Kammel
ca94a3c44c
Fix failing e2e test for lb ( #850 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-01-03 12:41:46 +01:00
renovate[bot]
d2c04ecc40
Update GitHub action dependencies ( #848 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-03 10:09:02 +01:00
renovate[bot]
806f6b70dd
Update module github.com/talos-systems/talos/pkg/machinery to v1.3.1 ( #844 )
...
* Update module github.com/talos-systems/talos/pkg/machinery to v1.3.1
* Rename talos-systems/talos to siderolabs/talos
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-01-02 13:33:56 +01:00
3u13r
473e16feb2
image: add upgrade-agent ( #827 )
2022-12-29 17:50:11 +01:00
Paul Meyer
16b002ec1d
deps: update sonobuoy to v0.56.14
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-29 13:11:04 +01:00
Paul Meyer
c7ecf13e7f
ci: fix workflows with tokens running on forks
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-23 11:39:09 +01:00
Paul Meyer
caed4ff287
ci: print image in find-image action
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-21 18:39:03 +01:00
Paul Meyer
582615dfb3
ci: enable manual e2e runs on any git ref
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-21 18:39:03 +01:00
Fabian Kammel
83f09e1058
implement e2e test lb ( #815 )
...
* implement e2e test lb
* add lb e2e test to weekly schedule
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-12-21 10:49:21 +01:00
Thomas Tendyck
990cae58a5
ci: don't checkout head ref for PRs from forks
2022-12-19 16:09:40 +01:00
Paul Meyer
e5f5e26838
ci: automated changelog generation
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-16 11:42:36 +01:00
Paul Meyer
58a5c47d30
ci: update pinned hashes on renovate updates
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-16 10:43:33 +01:00
Fabian Kammel
b718e92d1d
update slsa-verifier ( #803 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-12-15 09:45:46 +01:00
Fabian Kammel
6564fcbf6c
E2E Test Mini Constellation ( #796 )
...
* fix: typo to build amd64 for macos
* Implement E2E test for mini constellation
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-12-14 16:51:42 +01:00
Malte Poll
a1d59df1c3
Release action: Do not fail if "latest" is not set ( #793 )
2022-12-14 14:59:06 +01:00
renovate[bot]
5967b98c25
Update GitHub action dependencies ( #778 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-14 14:55:14 +01:00
Paul Meyer
f2b324cb88
hack: rename find-image dir
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-13 16:16:37 +01:00
Paul Meyer
c741ccfb4b
kubernetes: use new registry
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-13 16:08:19 +01:00
Paul Meyer
6862c2587f
kubernetes: add v1.26, default to v1.25
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-13 16:08:19 +01:00
Malte Poll
15197dfbd0
Enhance release checklist with lessons from release v2.3 ( #791 )
2022-12-13 12:04:58 +01:00
Malte Poll
ba8c0a9e30
Fix e2e test networking issue ( #792 )
2022-12-13 10:07:09 +01:00
Malte Poll
e207081274
adopt changes from linux e2e tests on macOS ( #790 )
2022-12-13 10:06:36 +01:00
Malte Poll
fed31c304a
Release CLI: Fix upload path
2022-12-12 17:45:35 +01:00
Malte Poll
cf0b04291a
Embed measurements for v2.3.0
2022-12-12 17:45:35 +01:00
Malte Poll
3f6817653b
Match pki set and key
2022-12-12 17:45:35 +01:00
Malte Poll
6154a5ef68
OS build pipeline: Correctly choose PKI set
2022-12-12 17:45:35 +01:00
Malte Poll
c9df5cfa09
Fix OS image build pipeline for releases
2022-12-12 17:45:35 +01:00
Malte Poll
3c5fa3175a
Fix image build pipeline: Use braces to group complex expressions ( #770 )
2022-12-09 14:48:52 +01:00
Malte Poll
4a8ebfd921
OS images: use "ref", "stream" and "version"
...
Switch azure default region to west us
Update find-image script to work with new API spec
Add version for every os image build
generate measurements: Use new API paths
CLI: config fetch measurements: Use image short versions to fetch measurements
CLI: allows shortnames to specify image in config
Image build pipeline: Change paths to contain "ref" and "stream"
2022-12-09 13:37:43 +01:00
Paul Meyer
d3873988c9
ci: fix download scripts for serial logs
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 13:22:45 +01:00
Paul Meyer
9e9468ff44
ci: add csp name to serial log artifact name
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 13:22:45 +01:00
renovate[bot]
e371e4499f
Update GitHub action dependencies ( #765 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-09 11:10:23 +01:00
Paul Meyer
24f6c3807b
ci: no link checking on main
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-08 11:42:03 +01:00
Malte Poll
95a33e7d35
No longer print constellation-id.json ( #749 )
2022-12-07 16:10:51 +01:00
Paul Meyer
3cc2a714a4
dependencies: upgrade to Go v1.19.4 ( #732 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-07 14:27:43 +01:00
Paul Meyer
a9ed8c0191
e2e: enable systemd logcollection
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 18:05:32 +01:00
Paul Meyer
5ba5d9d683
ci: unpin slsa-github-generator action digest ( #734 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-06 17:07:27 +01:00
Otto Bittner
e9ec9f2f29
Upload full logs instead of only the results junit
...
This includes all pod logs and systemd logs.
It increases the filesize significantly:
3.3MB for a quickrun with 5 nodes.
2022-12-05 16:28:32 +01:00
Paul Meyer
176dae317f
debugd: fix logcollector container image naming
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-05 13:16:45 +01:00
Paul Meyer
474f7ad356
ci: build logcollector images
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 18:54:24 +01:00
Paul Meyer
e6c4bb3406
ci: build microservices on change of pkg internal
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 11:14:58 +01:00
renovate[bot]
998c8ee889
Update GitHub action dependencies ( #701 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-02 10:33:19 +01:00
Malte Poll
b9fd8237b9
manual e2e tests: Add option to keep embedded measurements ( #698 )
2022-12-01 15:43:40 +01:00
Paul Meyer
4249050116
e2e: find default image if no input image specified
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 15:23:27 +01:00
Paul Meyer
cbd5a4a118
ci: print image version in summary
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 13:25:53 +01:00
Paul Meyer
8004edcc14
image: add version and debug field to lookup table ( #682 )
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-12-01 11:51:33 +01:00
Malte Poll
e67f65709f
Prepare release checklist for v2.3 ( #690 )
2022-12-01 10:46:04 +01:00
Malte Poll
3aa51df74d
Add release trigger to make image versions available via CDN
2022-11-30 12:35:12 +01:00
Leonard Cohnen
954cbad214
ci: build qemu-metadata api
2022-11-30 12:28:37 +01:00
Daniel Weiße
6bd62f0f7a
Update docs to new measurement format ( #660 )
...
* Remove fetch-measurements from create workflow
* Explain new measurements format in docs
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-30 08:29:17 +01:00
Paul Meyer
688003cdd9
ci: fix hcl lock files on renovate branch
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 18:47:30 +01:00
Paul Meyer
48e0b3a9cd
ci: check hcl lock files are up to date
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 18:47:30 +01:00
renovate[bot]
2e2bcb15e1
Update GitHub action dependencies ( #665 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-29 14:06:18 +01:00
Fabian Kammel
c71fd89e80
Provenance for CLI ( #647 )
...
* provenance generation for cli
* document provenance generation for CLI
* include CLI SBOM in provenance
Co-authored-by: 3u13r <lc@edgeless.systems>
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-25 16:13:20 +01:00
Nils Hanke
89b25f8ebb
Add new generate measurements matrix CI/CD action (now with AWS support) ( #641 )
2022-11-25 12:08:24 +01:00
Daniel Weiße
f8001efbc0
Refactor enforced/expected PCRs ( #553 )
...
* Merge enforced and expected measurements
* Update measurement generation to new format
* Write expected measurements hex encoded by default
* Allow hex or base64 encoded expected measurements
* Allow hex or base64 encoded clusterID
* Allow security upgrades to warnOnly flag
* Upload signed measurements in JSON format
* Fetch measurements either from JSON or YAML
* Use yaml.v3 instead of yaml.v2
* Error on invalid enforced selection
* Add placeholder measurements to config
* Update e2e test to new measurement format
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-24 10:57:58 +01:00
Malte Poll
3dc9c60864
e2e tests: use new image versions
2022-11-23 15:47:46 +01:00
Paul Meyer
947920d4f5
Revert "warn about function argument count over 5 ( #558 )" ( #620 )
...
This reverts commit 1110ccd270
.
2022-11-22 14:20:11 +01:00
Daniel Weiße
e7ee4d6e59
Remove manual installation of csi drivers ( #600 )
...
* Remove manual installation of csi drivers
* Remove explicit storage class
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-22 14:02:31 +01:00
Paul Meyer
063162c205
deps: upgrade sonobuoy version
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-22 12:32:50 +01:00
renovate[bot]
b6d7289dfe
Update dependency numpy to v1.23.5 ( #604 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-22 10:07:44 +01:00
renovate[bot]
fa2919e285
Update softprops/action-gh-release action to v0.1.15 ( #607 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-21 15:08:53 +01:00
Malte Poll
efaa0622a8
Include image version in mkosi builds
2022-11-18 10:37:45 +01:00
Malte Poll
74aabe86fa
Move PCR[8] -> PCR[12]
2022-11-18 10:37:45 +01:00
Malte Poll
239b9f6c26
Upgrade images to Fedora 37
2022-11-18 10:37:45 +01:00
Fabian Kammel
56dccb77b4
Merge back changes from v2.2.2 release ( #580 )
...
* prepare v2.2.2 release and update release.md
* Updated QEMU measurements
* Terraform GCP: Always use the local account for resource creation (#571 )
* CoreOS is no longer used, change docs to OS.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-18 10:24:45 +01:00
renovate[bot]
f5f6be1c56
Update actions/download-artifact action to v3 ( #583 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-18 08:55:56 +01:00
Fabian Kammel
1110ccd270
warn about function argument count over 5 ( #558 )
...
* warn about function argument count over 5
* only on new code
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-17 17:31:00 +01:00
Malte Poll
78481b32e8
Move image artifacts "/v1/" => "/constellation/v1" ( #579 )
2022-11-17 16:14:38 +01:00
Paul Meyer
9c405ceb02
ci: use shfmt fork
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 16:10:13 +01:00
renovate[bot]
827b62c2be
Update GitHub action dependencies ( #568 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-17 11:37:00 +01:00
Paul Meyer
c61f6211f9
ci: use fixed renovate bot email for commits
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 11:28:49 +01:00
Paul Meyer
3fd678492f
ci: fix shellfmt workflow name
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-17 11:28:49 +01:00
Malte Poll
cdaf1fc476
OS Image Build pipeline: prepare lookup tables and additional artifacts ( #560 )
2022-11-16 15:45:10 +01:00
Leonard Cohnen
2f0b1a0f32
ci: add go generate check
2022-11-15 18:24:07 +01:00
Leonard Cohnen
9b89e5cf10
ci: don't check cilium links
2022-11-15 18:24:07 +01:00
Paul Meyer
80a801629e
e2e: deactivate fail-fast for e2e daily
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-15 12:44:52 +01:00
renovate[bot]
c71eeffd1e
Update module github.com/sigstore/rekor to v1.0.1 ( #543 )
...
* Update module github.com/sigstore/rekor to v1.0.1
* quotes around string with spaces
* [bot] Tidy all modules
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: datosh <datosh@users.noreply.github.com>
2022-11-15 12:18:01 +01:00
renovate[bot]
7d16c02e0d
Update dependency azure-identity to v1.12.0 ( #496 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-15 10:26:55 +01:00
Malte Poll
5f44668897
Extend AWS e2e test token expiration to 6 hours ( #547 )
2022-11-14 14:14:42 +01:00
Malte Poll
9f6a8ffd4c
Allow listing separate args for shfmt
2022-11-14 14:02:29 +01:00
renovate[bot]
c76d0672f8
Update golangci/golangci-lint-action action to v3.3.1 ( #542 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-14 10:43:54 +01:00
Paul Meyer
056f98a2ab
ci: bump sonobuoy version
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-14 10:33:29 +01:00
Christoph Meyer
d612ed2cae
AB#2530 CI benchmarks compare to previous and generate graphs
...
- Get the previous benchmark results from artifact store S3 bucket
- Compare the current benchmark to the previous results
- Attach markdown table comparing results to the workflow output
- Update benchmarks in bucket if running on main
- Generate graphs from comparison
- Document continous benchmarking
2022-11-11 18:37:35 +01:00
Paul Meyer
4f66519fb0
ci: improve shellfmt workflow code
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 16:50:21 +01:00
Paul Meyer
09969afd57
ci: fix workflows
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 16:38:29 +01:00
Paul Meyer
38cc2c1ab0
ci: add actionlint workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 16:38:29 +01:00
Paul Meyer
a7535fb449
ci: add shellfmt workflow
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 15:53:57 +01:00
Paul Meyer
106b738fab
ci: format shellscripts
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 15:53:57 +01:00
renovate[bot]
fd9dfb500d
Update actions/checkout digest to 5c3ccc2 ( #527 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 15:03:14 +01:00
Paul Meyer
fb6f425696
ci: checkout with head ref
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 14:00:11 +01:00
renovate[bot]
1fc663efc9
Update actions/checkout action to v3
2022-11-11 14:00:11 +01:00
Paul Meyer
516477a46b
devdoc: update dev conventions
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:40:13 +01:00
Paul Meyer
7aa7492474
Fix shellcheck warnings
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:40:13 +01:00
Paul Meyer
eb66767a62
ci: decrease severity level of shellcheck
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:40:13 +01:00
Paul Meyer
6fd605b3c4
e2e: print id file after create
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Paul Meyer
7eb9d8a57c
e2e: add AWS test to schedule
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Paul Meyer
11672acf0a
e2e: add AWS test
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Paul Meyer
f6b3ef6a57
ci: login azure only if needed
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Paul Meyer
1ec9316521
ci: rename actions
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-11 13:30:34 +01:00
Fabian Kammel
b92b3772ca
Remove access manager ( #470 )
...
* remove access manager from code base
* document new node ssh workflow
* keep config backwards compatible
* slow down link checking to prevent http 429
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-11 08:44:36 +01:00
Thomas Tendyck
b0f4a09ebe
Update release.md
2022-11-11 08:18:16 +01:00