Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00
Code Issues Packages Projects Releases Wiki Activity
3,032 Commits 133 Branches 44 Tags 106 MiB
92b0cd5a21
Commit Graph

571 Commits

Author SHA1 Message Date
Malte Poll
92b0cd5a21 ci: update actions to use nodeGroups and remove deprecated flags 2023-08-04 12:36:45 +02:00
Moritz Sanft
af05e17f49
ci: keep embedded measurements if stable image is used (#2109) 
Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
 2023-08-04 09:43:32 +02:00
3u13r
a983b08262
deps: bump go version (#2156) 2023-08-03 12:07:27 +02:00
Daniel Weiße
321474c356
ci: remove old incompatible test option (#2149) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-08-02 08:18:55 +02:00
Otto Bittner
002c3a9a32
ci: upgrade fromVersion for upgrade tests (#2145) 
Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>
 2023-08-01 10:34:11 +02:00
Otto Bittner
867f7490a2
ci: clone constellation repo into separate dir (#2143) 2023-08-01 10:13:10 +02:00
Otto Bittner
583d3021fa
ci: parse ovmf binaries from metadata (#1962) 
Subsequently the metadata will be uploaded to the
attestationconfigapi so the CLI can use the data to
precalculate measurements.
 2023-07-27 13:29:43 +02:00
Adrian Stobbe
a3184af7a2
cli: add iam upgrade apply (#2132) 
* add new iam upgrade apply

* remove iam tf plan from upgrade apply check

* add iam migration warning to upgrade apply

* update release process

* document migration

* Apply suggestions from code review

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* add iam upgrade

* remove upgrade dir check in test

* ask only without --yes

* make iam upgrade provider specific

* test without seperate logins

* remove csi and only add conditionally

* Revert "test without seperate logins"

This reverts commit 05a12e59c9.

* fix msising cred

* support iam migration for all csps

* add iam upgrade label

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
 2023-07-26 17:29:03 +02:00
Paul Meyer
342a71fa36 bazel: fix container versioning 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-07-26 13:46:27 +02:00
Paul Meyer
c8bc3ea5ee ci: build bazel container 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-07-25 15:41:55 +02:00
Otto Bittner
c58d03a7b8
ci: fix ahead-check for working branch (#2120) 
Also list remote branches during on-release
 2023-07-19 17:48:29 +02:00
renovate[bot]
dc373971b2
deps: update dependency cryptography to v41.0.2 [SECURITY] (#2106) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-07-18 15:33:23 +02:00
Daniel Weiße
484b6c5c24
ci: combine node count inputs into one (#2084) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-07-17 13:45:53 +02:00
Otto Bittner
c1c48f19bf chore: bump e2e-upgrade fromVersion 2023-07-17 10:29:43 +02:00
Otto Bittner
6ed8fce6b0
ci: separate PCR0 value for aws-sev-snp variant (#2100) 
Co-authored-by: Malte Poll <mp@edgeless.systems>
 2023-07-13 11:37:47 +02:00
Paul Meyer
01f518f0a4
deps: update to Go v1.20.6 (#2093) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-07-12 09:51:40 +02:00
Otto Bittner
f97edd512d
ci: use 2.8 as fromVersion in release upgrade test (#2086) 
The current value (2.7.1) is outdated since the release of 2.8.
 2023-07-11 09:56:43 +02:00
Otto Bittner
cfa3bb6276
ci: do not build additional streams (#2085) 
Large amounts of uploaded data seem to break the GH Actions cache.
 2023-07-10 17:46:08 +02:00
Malte Poll
c6230ff8ca
ci: add constellation-windows-amd64.exe to release artifacts uploaded to GitHub (#2075) 2023-07-10 10:21:48 +02:00
Adrian Stobbe
fafafb48d7 pin dependency for aws-snp-launchmeasurement 2023-07-07 16:44:31 +02:00
Malte Poll
6c5ad09a93
ci: build all streams on release (#2058) 2023-07-07 12:09:15 +02:00
Malte Poll
46d69abe10
bazel: rewrite pseudo-version stamping in bash (#2020) 
* bazel: simplify workspace_status command to only depend on bash and git
* bazel: remove pseudo-version freshness code
 2023-07-05 14:42:18 +02:00
Paul Meyer
7968d165c6 ci: use strict semver for gcp guest agent image 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-07-04 13:23:33 +02:00
Daniel Weiße
90dbeae16b
cli: fix duplicate backup creation during upgrade apply (#1997) 
* Use CLI to fetch measurements in e2e test

* Abort helm service upgrade early if user confirmation is missing

* Add container push to CLI build action

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-07-03 15:13:36 +02:00
renovate[bot]
576b48c8b7
deps: update GitHub action dependencies (#1848) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-07-03 08:19:10 +02:00
Adrian Stobbe
00ee11084e
add e2e mini to weekly (#1982) 2023-06-30 10:05:24 +02:00
Malte Poll
6dd8a571ec
ci: fix expected value for PCR7 on AWS (#1979) 
This has changed when upgrading to Fedora 38.
It didn't surface as a bug since the PCR is marked as warnOnly.
 2023-06-28 15:33:14 +02:00
miampf
77b28cb5e7
cli: change generate-config flag to update-config flag (#1897) 2023-06-28 12:47:44 +00:00
Malte Poll
78fb0066e4
ci: add automated tests for reproducible builds (#1914) 
* ci: reproducible builds test
* deps: upgrade actionlint to support macos-13 runners
 2023-06-23 12:12:32 +02:00
Moritz Sanft
94b21e11ad
ci: Windows cli tests (#1859) 
* wip: add windows e2e test

* wip: register windows e2e tests

* remove registration

* wip: change CLI artifact name

* basic windows test

* checkout repo

* use correct iam create command

* remove trademarked name

* enable debug logs

* add pwsh liveliness check script

* delimiters

* set kubeconfig env var

* test

* use setx to set env var

* set envvar before liveness probe

* explicitly set kubeconfig
 2023-06-21 12:05:04 +02:00
renovate[bot]
d2c4cd1785
deps: update aws-actions/configure-aws-credentials action to v2 (#1950) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2023-06-20 18:59:07 +02:00
renovate[bot]
3f714f538b
deps: update peter-evans/create-pull-request action to v5 (#1949) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2023-06-20 16:37:01 +02:00
renovate[bot]
684b61ac2b
deps: update docker/build-push-action action to v4 (#1948) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2023-06-20 13:39:32 +02:00
renovate[bot]
5bf59808e1
deps: update cachix/install-nix-action action to v22 (#1947) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2023-06-20 13:08:52 +02:00
Malte Poll
264b2df902
deps: upgrade to Fedora 38 (#1909) 
* image: upgrade mkosi distro version to Fedora 38
* image: remove downgrade of GCP kernel
* ci: upgrade expected measurements for Fedora 38
* deps: upgrade bazeldnf packages to Fedora 38
* deps: upgrade container images to Fedora 38
 2023-06-15 16:50:35 +02:00
Otto Bittner
c33ab624c1
ci: upgrade fromVersion in e2e-upgrade (#1931) 
We released 2.8 so we need to test that it can upgrade to HEAD.
 2023-06-15 07:49:30 +02:00
Malte Poll
ee77e3922a
ci: explicitly add CLI signature as release artifact (#1917) 2023-06-14 09:56:11 +02:00
Moritz Sanft
72e168e653
bazel: pseudo version tool freshness check (#1869) 
* switch to darwin compatible shasum

* add bazel rule

* update shellscript for in-place updates

* Revert "update shellscript for in-place updates"

This reverts commit 87d39b06f7.

* add version tool freshness check

* remove pseudo-version file

* revert to `sha256sum`

* fix workflow indentation
 2023-06-09 11:50:51 +02:00
Moritz Sanft
892752a1f8
add necessary permissions (#1905) 2023-06-09 11:50:39 +02:00
Otto Bittner
3a54ca91a7
deps: bump go patch version (#1903) 2023-06-09 10:53:17 +02:00
renovate[bot]
25037026e1
deps: update Python dependencies (#1887) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2023-06-07 10:36:52 +02:00
Malte Poll
b3c052e299
operators: cleanup placeholder nodeversion (#1881) 
* operators: cleanup placeholder nodeversion
* e2e: improve upgrade test portability
 2023-06-06 15:22:06 +02:00
Malte Poll
025d34a259
ci: fix docker-login on macOS runner (#1877) 2023-06-06 12:20:09 +02:00
3u13r
7c07e3be18
Add --insecure to config fetch-measurement (#1879) 
* cli: add --insecure to fetch-measurements

* cli: rename fake to stub

* ci: upload measurements for debug images

* fix cli docs
 2023-06-06 10:32:22 +02:00
Malte Poll
900d51d49f
ci: select correct target version for upgrade e2e test in release pipeline (#1874) 2023-06-05 13:56:16 +02:00
Adrian Stobbe
a813760f96
config: automatically upload new Azure SNP versions to API + sign version with release key (#1854) 
* sign version with release key and remove version from fetcher interface
* extend azure-reporter GH action to upload updated version values to the Attestation API
 2023-06-02 12:10:22 +02:00
Malte Poll
289665eb22
ci: remove setup-go action / disable cache where applicable (#1850) 
Runners sometimes fail because they run out of disk space.
One reason this happens is a change in the setup-go action@v4:

> The V4 edition of the action offers: Enabled caching by default

To combat this, we now disable the cache if it was not enabled explicitly before.
Additionally, we remove setup-go where it is no longer needed.
 2023-06-01 15:16:00 +02:00
3u13r
e0285c122e
todo responsibilities and cleanup (#1837) 
* chore: add TODO responsibilities

* chore: remove not needed TODOs

* chore: remove outdated migrations

* chore: remove resolved goleak exception

* chore: remove not needed cosign env

* config: add link to our Azure snp docs
 2023-06-01 12:33:06 +02:00
Otto Bittner
0c13f3ed8d image: add aws_aws-sev-snp variant 
This needs no changes to the existing AWS image.
The images have worked without modification so far.
 2023-06-01 11:25:31 +02:00
Malte Poll
8a51ae1ec3
ci: do not sign & upload debug image measurements (#1849) 2023-06-01 10:58:34 +02:00