constellation

mirror of https://github.com/edgelesssys/constellation.git synced 2024-10-01 01:36:09 -04:00

Author	SHA1	Message	Date
Otto Bittner	46f563c7ca	ci: call TCB upload step for AWS	2023-11-24 15:49:48 +01:00
Markus Rudy	b0702cd033	ci: execute integration tests with Bazel, where possible Co-authored-by: malt3 <malt3@users.noreply.github.com>	2023-11-23 13:48:54 +01:00
Daniel Weiße	64a05b9dea	ci: correctly clean up resource in self-managed infra tests (#2637 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-11-23 13:08:39 +01:00
Moritz Sanft	968cdc1a38	cli: move `cli/internal` libraries (#2623 ) * cli: move internal packages Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: fix buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bazel: fix exclude dir Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: move back libraries that will not be used by TF provider Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-11-22 14:52:56 +01:00
Daniel Weiße	5e9e3de1a1	ci: start v2.14-pre window (#2610 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-11-17 10:34:35 +01:00
Moritz Sanft	2ccc2212c8	add missing `runner` value (#2602 ) Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-11-15 08:49:10 +01:00
Daniel Weiße	6d6ef66a31	ci: refactor teams notification action (#2600 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-11-15 08:48:13 +01:00
Moritz Sanft	fd72952738	checkout before selecting image (#2598 ) Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-11-14 10:33:59 +01:00
Moritz Sanft	8e4feb7e2a	terraform: add Terraform module for Azure (#2566 ) * add Azure Terraform module * add maa-patching command to cli * refactor release process * factor out image fetching to own action * add CI * generate * fix some unnecessary changes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `constellation maa-patch` in ci * insecure flag when using debug image Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only update maa url if existing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make node group zone optional on aws and gcp Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register updated workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Revert "[remove] register updated workflow" This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace. * create MAA Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make maa-patching only run on azure Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * require node group zone for GCP and AWS * remove unnecessary bazel action * stamp version to correct file * refer to `maa-patch` command in docs * run Azure test in weekly e2e * comment / naming improvements * remove sa_account resource * disable spellcheck ot use "URL" * `create_maa` variable * don't write maa url to config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * default to nightly image * use input ref and stream * fix command check * don't set region in weekly e2e call * patch maa if url is not empty Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove `create_maa` variable * remove binaries Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove undefined input * replace invalid attestation URL error message Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * fix punctuation Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * skip hidden commands in clidocgen Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * enable spellcheck before code block * move spellcheck trigger out of info block Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix workflow dependencies * let image default to CLI version --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>	2023-11-13 18:46:20 +01:00
Malte Poll	e11b1a0576	ci: use rbe for unit tests	2023-11-10 18:15:59 +01:00
Adrian Stobbe	22d82a59ed	terraform: Terraform module for GCP (#2553 )	2023-11-10 13:32:18 +01:00
Adrian Stobbe	b765231175	deps: bump Go to 1.21.4 (#2569 ) Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>	2023-11-09 20:17:14 +01:00
Adrian Stobbe	cea6204b37	terraform: Terraform module for AWS (#2503 )	2023-11-08 19:10:01 +01:00
Daniel Weiße	0bac72261d	ci: fix failure issue creation for Windows e2e test (#2565 ) * Add missing bazel set-up in windows e2e-failure notify * Enable bazel caching for e2e-upgrade test * Remove whitespace --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-11-08 15:27:40 +01:00
Otto Bittner	b0ee39a96d	ci: publish s3proxy chart during release	2023-11-06 10:21:11 +01:00
Otto Bittner	8ebd813480	s3proxy: ship as helm chart	2023-11-06 10:21:11 +01:00
Otto Bittner	a19227cac9	s3proxy: initial e2e tests and workflows	2023-11-06 10:21:11 +01:00
Malte Poll	76d7d30245	ci: do not upload terraform logs (#2554 )	2023-11-04 19:14:29 +01:00
Moritz Sanft	813405f080	ci: share e2e workflow (#2550 ) * re-use workflow in internal LB e2e test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add self-managed infra workfloww Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-11-03 16:27:28 +01:00
renovate[bot]	17b0915a10	deps: update docker/build-push-action action to v5 (#2531 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-11-02 10:13:14 +01:00
Moritz Sanft	8d08ace0b5	ci: mark self-managed infrastructure tests (#2537 ) * mark self-managed infrastructure tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add TODO --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-10-30 14:33:58 +01:00
Moritz Sanft	402a8834ca	ci: add e2e test for self-managed infrastructure (#2472 ) * add self-managed infra e2e test * self-managed terminatio Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix upgrade test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix indentation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use -r when copying dir Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add terraform variable parsing * copy constellation conf Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary line breaks * add missing value Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add image fetching for CSP Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix quoting Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing input to internal lb test * normalize Azure URLs.. Of course * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix expressions * initsecret to hex * update hexdump cmd * add build test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add node / pod cidr outputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * explicitly delete the state file Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing license header Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * always write all outputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix list output Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove state-file and admin-conf on destroy * dont use test payload Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] use self managed infra in manual e2e for testing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * init: always skip infrastructure phase * patch maa in workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * default to Constellation-created infra in e2e test --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-10-27 09:37:26 +02:00
Daniel Weiße	149fedb90f	cli: add `constellation apply` command to replace `init` and `upgrade apply` (#2484 ) * Add apply command * Mark init and upgrade apply as deprecated * Use apply command in CI * Add skippable phases for attestation config and cert SANs --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-10-26 15:59:13 +02:00
renovate[bot]	e445dac590	deps: update docker/metadata-action action to v5 (#2512 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-10-26 08:19:55 +02:00
renovate[bot]	0563ce7336	deps: update aws-actions/configure-aws-credentials action to v4 (#2510 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-10-26 08:18:37 +02:00
Paul Meyer	1261ccb569	Revert "ci: execute unit tests and tidy check against merge of PR branch and main (#2452 )" This reverts commit `43f7d9f736`.	2023-10-24 14:43:09 +02:00
Adrian Stobbe	5d640ff4f9	ci: fix win build (#2499 )	2023-10-23 14:39:45 +02:00
Malte Poll	ee54b71a9e	ci: build rpmdb explicitly (#2476 )	2023-10-19 08:34:17 +02:00
3u13r	0c89f57ac5	Support internal load balancers (#2388 ) * arch: support internal lb on Azure * arch: support internal lb on GCP * helm: remove lb svc from verify deployment * arch: support internal lb on AWS * terraform: add jump hosts for internal lb * cli: expose internalLoadBalancer in config * ci: add e2e-manual-internal * add in-cluster endpoint to terraform output	2023-10-17 15:46:15 +02:00
Malte Poll	1a141c3972	image: add rpm database as build output (#2442 ) For reproducibility reasons, the final OS image does not ship the rpm database in sqlite format. For supply chain security and license compliance reasons, we want to keep the rpm database of os images as a detached build artifact. We now ship a reproducible, human readable manifest of installed rpms in the image under "/usr/share/constellation/packagemanifest" and upload the full rpm database as a build artifact (rpmdb.tar).	2023-10-17 14:04:41 +02:00
Malte Poll	e93de82c0b	image: use systemd-dissect from the host when calculating measurements (#2473 ) * image: use systemd-dissect from the host when calculating measurements * ci: setup bazel and nix toolchains before merging os image measurements	2023-10-17 13:26:07 +02:00
renovate[bot]	abbe3853cb	deps: update cachix/install-nix-action action to v23 (#2469 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-10-17 10:48:52 +02:00
Malte Poll	c424ec8825	ci: fix PR label for rpm updates (#2464 )	2023-10-17 09:46:37 +02:00
Malte Poll	a9f245752c	ci: update rpm lockfile once per week	2023-10-17 09:23:56 +02:00
Malte Poll	43f7d9f736	ci: execute unit tests and tidy check against merge of PR branch and main (#2452 )	2023-10-16 09:58:45 +02:00
Malte Poll	33d53a1da9	ci: remove python from codeql (#2451 )	2023-10-13 12:37:13 +02:00
3u13r	9e1a0c06bf	Deps: bump Go to 1.21.3 (#2450 ) * build: override go version to 1.21.3 * build: re-enable cachix * ci: set $USER if not set	2023-10-12 16:11:02 +02:00
Malte Poll	e80e6076b4	ci: install nix together with Bazel	2023-10-12 14:42:24 +02:00
Malte Poll	d22f53d7cc	bazel: always use nix	2023-10-12 14:42:24 +02:00
renovate[bot]	a1c84cb080	deps: update GitHub action dependencies (#2437 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-10-11 13:49:50 +02:00
Malte Poll	02c04f057f	ci: start v2.13-pre window (#2426 )	2023-10-10 18:33:04 +02:00
Daniel Weiße	8bb23c373b	ci: ensure API is only updated if image and measurements are uploaded (#2413 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-10-06 14:34:06 +02:00
Malte Poll	b4fb8439d0	ci: use larger runners for os image pipeline (#2399 )	2023-10-04 10:13:43 +02:00
Malte Poll	627a4b6cbb	ci: enable nix binary cache	2023-09-29 14:09:58 +02:00
Malte Poll	055fb32918	ci: stop using raw "go run"	2023-09-29 14:09:58 +02:00
Malte Poll	85b4101dc3	deps: update go to 1.21.1 (#2389 )	2023-09-28 22:29:14 +02:00
Malte Poll	1da5153627	ci: use nix + mkosi during os image build	2023-09-27 17:58:19 +02:00
Moritz Sanft	f4b2d02194	ci: collect cluster metrics to OpenSearch (#2347 ) * add Metricbeat deployment to debugd Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * set metricbeat debugd image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix k8s deployment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use 2 separate deployments Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only deploy via k8s in non-debug-images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing tilde * remove k8s metrics Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * unify flag Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: fix debugd logcollection (#2355) * add missing keyvault access role Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump logstash image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump filebeat / metricbeat image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * log used image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use debugging image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase wait timeout for image upload * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix template locations in container Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix image version typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add filebeat / metricbeat users Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove user additions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update workflow step name Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only mount config files Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * document potential rc Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix IAM permissions in workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix AWS permissions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing workflow input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * rename action Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * pin image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary workflow inputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add refStream input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove inputs.yml dep Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase system metric period Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linkchecker Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-09-27 16:17:31 +02:00
renovate[bot]	9c1e6295d4	deps: update dependency cryptography to v41.0.4 [SECURITY]	2023-09-27 13:28:08 +02:00
Daniel Weiße	7aba42baa5	ci: add more filters to e2e failure OpenSearch links (#2358 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-09-26 13:17:59 +02:00

1 2 3 4 5 ...

656 Commits