Commit Graph

695 Commits

Author SHA1 Message Date
Markus Rudy
8e8e861d5f
ci: ignore Wireguard pdf in lychee (#2797)
* ci: use a config file for lychee

* ci: don't pass token to lychee action

* ci: ignore wireguard.pdf in lychee
2024-01-05 14:07:33 +01:00
Adrian Stobbe
f41ce43919
terraform-provider: require kubernetes and microservice version (#2791) 2024-01-04 16:25:24 +01:00
Adrian Stobbe
8730e72319
ci: e2e test for Terraform provider examples (#2745) 2024-01-04 10:00:21 +01:00
3u13r
07c884b945
ci: remove artifact encryption for public artifacts (#2776)
* ci: remove artifact encryption for public artifacts

* revert parts of  #2765

* ci: add unused action exception for encrypted artifact download
2023-12-29 11:02:37 +01:00
Adrian Stobbe
539e6eac48
ci: give exec permission to provider binaries (#2779) 2023-12-28 10:19:47 +01:00
Adrian Stobbe
903411edae
fix Terraform release zipping (#2778) 2023-12-27 17:43:57 +01:00
Markus Rudy
130bed0eb2 ci: selectively remove artifact encryption 2023-12-22 17:50:40 +01:00
Moritz Sanft
5871ff5508
ci: adhere to action restriction when uploading scorecard (#2771) 2023-12-22 13:13:20 +01:00
Daniel Weiße
8c1972c335
ci: fix artifact upload in image build pipeline (#2765)
* Fix parameter expansion when uploading multiple files
* On download, ensure target directory exists
* Rename encryption-secret -> encryptionSecret
* Remove incorrect secret access from e2e test action
* Add missing checkout action to workflows using our download action
* Fix spacing
* Fix upload action uploading whole directory structure instead of target files
* Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-21 19:28:18 +01:00
Daniel Weiße
6e4c0bd8aa
ci: fix artifacts download/upload for release draft workflow (#2759)
* Pin upload and download actions by hash
* Dont expect encrypted artifacts in release pipeline

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-21 15:52:58 +01:00
renovate[bot]
8644b958ea
deps: update actions/setup-go action to v5 (#2754)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-21 12:54:39 +01:00
renovate[bot]
5999f9e3a1
deps: update cachix/install-nix-action action to v24 (#2757)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-21 08:43:44 +01:00
renovate[bot]
dcf1b88a29
deps: update actions/checkout action to v4 (#2752)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 16:10:35 +01:00
renovate[bot]
d0cfd5590d
deps: update dependency cryptography to v41.0.6 [SECURITY] (#2657)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2023-12-20 16:04:15 +01:00
miampf
a429ca50e7
ci: encrypt artifacts (#2567) 2023-12-20 14:17:49 +00:00
Markus Rudy
54c2fa1b3d ci: start v2.15-pre window 2023-12-20 08:52:18 +01:00
Markus Rudy
004aa6c5ed ci: fix release branch naming 2023-12-20 08:29:50 +01:00
Markus Rudy
85a13fab19 ci: correctly pass branch names in on-release workflow 2023-12-20 08:29:50 +01:00
Markus Rudy
607aa6dbe1 ci: allow on-release workflow to delete branches 2023-12-20 08:29:50 +01:00
Markus Rudy
3c05150721 ci: don't run unit tests in integration test workflow 2023-12-19 20:00:21 +01:00
Markus Rudy
1d05f438ff ci: remove Windows Terraform provider 2023-12-18 17:57:00 +01:00
Daniel Weiße
724ee44466
ci: Terraform provider e2e tests (#2712)
* Refactor selfManagedInfra input to clusterCreation in e2e tests
* Run e2e test using terraform provider
* Allow insecure measurement fetching in Terraform provider
* Run Terraform provider test instead of module test in weekly runs

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-15 10:37:29 +01:00
Adrian Stobbe
37580009fe
terraform-provider: cleanup and improve docs (#2685)
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-12-14 15:47:55 +01:00
Malte Poll
fecb1f3e6c ci: reproducibility test for OS images 2023-12-13 18:19:59 +01:00
Malte Poll
1209d597d8 ci: test reproducible builds on different Linux systems
macOS is not working reliably at the moment.
2023-12-13 18:19:59 +01:00
Daniel Weiße
0512cfccd7
ci: add v prefix to packaged Terraform provider binary (#2705)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-12 15:01:37 +01:00
Moritz Sanft
60fc73e0e7
terraform-provider: implement constellation_cluster resource (#2691)
* terraform: move module to legacy-directory

* constellation-lib: refactor service account marshalling

* terraform-provider: normalize Azure image URIs

* constellation-lib: refactor Kubeconfig endpoint rewriting

* terraform-provider: add conversion functions for AWS and GCP

* terraform-provider: implement `constellation_cluster` resource

* terraform-provider: refactor conversion

* terraform-provider: implement image and k8s upgrades

* terraform-provider: fix linter checks

* terraform-provider: refactor to bundle init & upgrade method

* constellation-lib: rewrite Kubeconfig endpoint in init

* terraform-provider: bind logger and dialer constructors to struct

* terraform-provider: move applier to function pointer

* terraform-provider: gcp conversion fixes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: fix Azure UAMI input

* terraform-provider: rename Kubeconfig variable

* terraform-provider: tidy

* terraform-provider: regenerate docs

* constellation-lib: provide Kubeconfig in testing initserver

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-12-11 15:55:44 +01:00
Daniel Weiße
22dcde86af
terraform-provider: create release in provider repo on Constellation release (#2686)
* Create release in Terraform provider repo with provider binaries
* Set target_commitish to input ref for easier release workflow
* Rename release-cli workflow to draft-release
* Update release guide

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-11 15:00:08 +01:00
Moritz Sanft
c15e4efef6
terraform: Azure Marketplace image support (#2651)
* terraform: add Azure marketplace variable

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* config: add Azure marketplace variable

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* cli: use Terraform variables from config

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: pass down marketplace variable

* image: pad Azure images to 1GiB

* terraform: add version attribute to marketplace image

* semver: allow versions to be exported without prefix

* cli: boolean var to use marketplace images

* config: remove dive key

* dev-docs: add instructions on how to use marketplace images

* terraform: fix unit test

* terraform: only fetch image for non-marketplace images

* mpimage: refactor image selection

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] increase minor version for image build

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform: ignore changes to source_image_reference on upgrade

* operator: add support for parsing Azure marketplace images

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* upgrade: fix imagefetcher call

* docs: add info about azure marketplace

* image: ensure more than 1GiB in size

* image: test to pad to 2GiB

* version: change back to v2.14.0-pre

* image: GPT-conformant image size padding

* [remove] increase version

* mpimage: inline prefix func

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* ci: add marketplace image e2e test

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] register workflow

* ci: fix workflow name

* ci: only allow azure test

* cli: add marketplace image input to interface

* cli: fix argument passing

* version: roll back to v2.14.0

* ci: add force-flag support

* Update docs/docs/overview/license.md

* Update dev-docs/workflows/marketplace-images.md

Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-12-08 14:40:31 +01:00
Malte Poll
e113253262 bazel: migrate all integration tests (and retire CMakeLists.txt) 2023-12-08 14:27:46 +01:00
Daniel Weiße
f5aea84eaa
terraform-provider: sync provider docs to Terraform provider repository (#2683)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-08 12:56:51 +01:00
Malte Poll
93d505ef7f
deps: bump Go to 1.21.5 (#2689) 2023-12-08 12:11:31 +01:00
Adrian Stobbe
37cff42bfe
ci: build Terraform binaries action (#2684)
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-12-07 16:32:03 +01:00
Daniel Weiße
b7425db72a
constellation-lib: add Helm wrapper (#2680)
* Add Helm wrapper to constellation-lib
* Move helm package to constellation-lib

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-06 10:01:39 +01:00
Malte Poll
cd6e03049a libvirt: build containerized libvirt as nix container image 2023-12-01 09:35:33 +01:00
Daniel Weiße
3bc25cdd8f
ci: add notify hook to Terraform module test (#2653)
* Enable notification on tf module e2e test failure
* Dont try to change fields with no value

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-28 14:14:18 +01:00
Daniel Weiße
43f47cc5c5
ci: fix service accounts introduced by merge (#2652)
* Fix service accounts introduced my merge
* Remove GCP_E2E_PROJECT placeholders

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-28 10:54:58 +01:00
Daniel Weiße
45f6eec0d0
ci: add missing shell in notify action (#2646)
* Add missing shell
* Remove old teams notify action

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
2023-11-28 09:41:01 +01:00
Daniel Weiße
97aea98e77
ci: update GCP service accounts for CI (#2629)
* Update CI to use different GCP project for e2e tests
* Update GCP image project service accounts
* Update default GCP bucket name for image builds

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-27 13:04:41 +01:00
Otto Bittner
46f563c7ca ci: call TCB upload step for AWS 2023-11-24 15:49:48 +01:00
Markus Rudy
b0702cd033 ci: execute integration tests with Bazel, where possible
Co-authored-by: malt3 <malt3@users.noreply.github.com>
2023-11-23 13:48:54 +01:00
Daniel Weiße
64a05b9dea
ci: correctly clean up resource in self-managed infra tests (#2637)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-23 13:08:39 +01:00
Moritz Sanft
968cdc1a38
cli: move cli/internal libraries (#2623)
* cli: move internal packages

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* cli: fix buildfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: fix exclude dir

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* cli: move back libraries that will not be used by TF provider

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-22 14:52:56 +01:00
Daniel Weiße
5e9e3de1a1
ci: start v2.14-pre window (#2610)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-17 10:34:35 +01:00
Moritz Sanft
2ccc2212c8
add missing runner value (#2602)
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-15 08:49:10 +01:00
Daniel Weiße
6d6ef66a31
ci: refactor teams notification action (#2600)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-11-15 08:48:13 +01:00
Moritz Sanft
fd72952738
checkout before selecting image (#2598)
Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-14 10:33:59 +01:00
Moritz Sanft
8e4feb7e2a
terraform: add Terraform module for Azure (#2566)
* add Azure Terraform module

* add maa-patching command to cli

* refactor release process

* factor out image fetching to own action

* add CI

* generate

* fix some unnecessary changes

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* use `constellation maa-patch` in ci

* insecure flag when using debug image

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* only update maa url if existing

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* make node group zone optional on aws and gcp

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* [remove] register updated workflow

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* Revert "[remove] register updated workflow"

This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace.

* create MAA

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* make maa-patching only run on azure

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* add comment

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* require node group zone for GCP and AWS

* remove unnecessary bazel action

* stamp version to correct file

* refer to `maa-patch` command in docs

* run Azure test in weekly e2e

* comment / naming improvements

* remove sa_account resource

* disable spellcheck ot use "URL"

* `create_maa` variable

* don't write maa url to config

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* default to nightly image

* use input ref and stream

* fix command check

* don't set region in weekly e2e call

* patch maa if url is not empty

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove `create_maa` variable

* remove binaries

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* remove undefined input

* replace invalid attestation URL error message

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* fix punctuation

Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>

* skip hidden commands in clidocgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* enable spellcheck before code block

* move spellcheck trigger out of info block

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* fix workflow dependencies

* let image default to CLI version

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
2023-11-13 18:46:20 +01:00
Malte Poll
e11b1a0576 ci: use rbe for unit tests 2023-11-10 18:15:59 +01:00
Adrian Stobbe
22d82a59ed
terraform: Terraform module for GCP (#2553) 2023-11-10 13:32:18 +01:00