constellation

mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-20 08:15:56 +00:00

Author	SHA1	Message	Date
Leonard Cohnen	18661ced48	miniconstellation e2e test as bazel target	2023-03-23 14:55:29 +01:00
Leonard Cohnen	740d28f41d	update snp repoter	2023-03-23 14:55:29 +01:00
renovate[bot]	0a190c2bf6	deps: update GitHub action dependencies (#1499 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-22 17:57:47 +01:00
Nils Hanke	1ab40b7ca6	e2e: install Terraform for macOS runner for boot log collection	2023-03-22 10:36:28 +01:00
Nils Hanke	093f0f0e28	ci: rename scheduled OS image build action	2023-03-21 14:32:56 +01:00
renovate[bot]	9a9688583d	deps: update aws-actions/configure-aws-credentials action to v2 (#1445 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-21 10:56:30 +01:00
Malte Poll	6f16e0b6fd	ci: use github actions cache to speedup bazel builds (#1444 ) * ci: use github actions cache to speedup bazel builds * ci: warm bazel repo cache daily	2023-03-21 10:06:32 +01:00
Paul Meyer	a3b328360d	ci: always run bazel tidy/check/generate workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-20 11:17:16 -04:00
Paul Meyer	8d3fe6f477	bazel: add terrafrom to //:check and //:generate Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-20 11:17:16 -04:00
Nils Hanke	cdcc549d68	e2e: extract sonobuoy results to access junit results	2023-03-20 16:16:08 +01:00
Nils Hanke	af91ce2a3c	e2e: only use junit for full tests	2023-03-20 16:16:08 +01:00
Nils Hanke	33cb3e8653	e2e: add "checks: write" permission for junit reports	2023-03-20 16:16:08 +01:00
Malte Poll	c3c0940adb	bazel: use remote caching (#1456 ) * bazel: add configuration for remote caching * ci: enable bazel remote caching for building binaries * ci: use bazel directly when building go binaries * ci: enable cache for most build steps * dev-docs: document remote caching	2023-03-20 16:05:08 +01:00
Nils Hanke	914eacb4a3	e2e: use macOS for building Linux artifacts and remove caching steps (#1446 )	2023-03-20 11:04:44 +01:00
Malte Poll	3fd9a34025	ci: disable upload of Azure TrustedLaunch image (#1440 )	2023-03-17 10:51:44 +01:00
Paul Meyer	3a04786412	bazel: add actionlint to //:check Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-16 13:02:11 -04:00
Paul Meyer	0fc15b2393	bazel: add shellcheck to //:check Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-16 11:13:14 -04:00
renovate[bot]	f8f3f00595	deps: update Terraform azurerm to v3.47.0 (#1422 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-16 13:45:08 +01:00
Paul Meyer	e3f37e9a38	bazel: add shfmt to tidy target Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-16 04:39:45 -04:00
Nils Hanke	70ca69f6bc	e2e: print K8s Pods and Events when kubectl wait fails	2023-03-15 18:36:32 +01:00
Nils Hanke	de86bb025f	e2e: Temporarily bump kubectl wait timeout from 10 mins to 20 mins	2023-03-15 18:36:32 +01:00
Nils Hanke	6bb6f1c288	ci: remove Go setup where Bazel is used for building	2023-03-14 15:28:36 +01:00
3u13r	fe767ba78e	introduce version.txt (#1412 )	2023-03-14 14:53:33 +01:00
Paul Meyer	8679988b6c	fixup! bazel: add tidy and check Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-14 03:43:51 -04:00
Paul Meyer	02c97fac03	bazel: add tidy and check Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-14 03:43:51 -04:00
Paul Meyer	e1f0ea50a7	ci: only build GCP guest agent if necessary Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-10 12:19:46 -05:00
Paul Meyer	72530d45ae	ci: tag GCP guest agent with semver Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-10 12:19:46 -05:00
Paul Meyer	cc60de312e	ci: adopt tidy workflow for bazel Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-10 10:02:28 -05:00
Moritz Sanft	01705feb51	ci: upload cli version list (#1377 ) * upload cli version list * fix flag * name * allow cli kind for listing * [remove] update vapi cli * allow cli kind * use latest versionsapi image version * fix kind parsing * use workflow calls in on_release action * [remove] update container tag * change back to latest tag	2023-03-10 10:21:58 +01:00
Malte Poll	bdba9d8ba6	bazel: add build files for go (#1186 ) * build: correct toolchain order * build: gazelle-update-repos * build: use pregenerated proto for dependencies * update bazeldnf * deps: tpm simulator * Update Google trillian module * cli: add stamping as alternative build info source * bazel: add go_test wrappers, mark special tests and select testing deps * deps: add libvirt deps * deps: go-libvirt patches * deps: cloudflare circl patches * bazel: add go_test wrappers, mark special tests and select testing deps * bazel: keep gazelle overrides * bazel: cleanup bazelrc * bazel: switch CMakeLists.txt to use bazel * bazel: fix injection of version information via stamping * bazel: commit all build files * dev-docs: document bazel usage * deps: upgrade zig-cc for go 1.20 * bazel: update Perl for macOS arm64 & Linux arm64 support * bazel: use static perl toolchain for OpenSSL * bazel: use static protobuf (protoc) toolchain * deps: add git and go to nix deps Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-09 15:23:42 +01:00
Daniel Weiße	e07be3d6f8	fix: add measurement-reader to build pipeline (#1386 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-03-09 15:01:09 +01:00
renovate[bot]	262e5674a2	deps: update golang Docker tag to v1.20.2 (#1370 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-08 10:41:52 +01:00
renovate[bot]	fede4ec6d2	deps: update GitHub action dependencies (#1365 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-08 10:06:42 +01:00
Paul Meyer	74fc6239b2	deps: update to Go 1.20.2 (#1366 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-08 10:05:36 +01:00
renovate[bot]	38d80f9608	deps: update golang:1.20.1 Docker digest to b03e750 (#1362 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-07 18:18:15 +01:00
Paul Meyer	cc6006c6ea	ci: fix labeling when building on other branches than github.head_ref, e.g., during release Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-07 11:32:41 -05:00
Paul Meyer	e4b5655646	ci: group output Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-07 11:32:41 -05:00
Paul Meyer	f4a4a044fe	ci: tee GitHub output Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-07 11:32:41 -05:00
Paul Meyer	53bc875e59	ci: use latest ver of versionsapi cli container Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-07 04:39:17 -05:00
Malte Poll	3d0ad0b8e1	ci: move aws iam create test to less utilized zone (#1350 )	2023-03-07 09:32:26 +01:00
Malte Poll	1624af0cc7	image: pin aws uefivars version and install new deps (#1345 )	2023-03-06 13:29:15 +01:00
Thomas Tendyck	c94d1db76d	attestation: remove PCR 0 and 10 on GCP	2023-03-06 13:09:57 +01:00
Moritz Eckert	5397ce4509	ci: fix typo in benchmark actions (#1344 )	2023-03-06 08:49:15 +01:00
Moritz Eckert	62c437246b	ci: store additional data in bench results (#1341 )	2023-03-06 08:12:08 +01:00
Moritz Eckert	ac127db79e	ci: set timestamp format correctly for opensearch (#1335 )	2023-03-03 13:47:25 +01:00
Paul Meyer	2e73e0aa18	deps: update sonobuoy (#1330 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-03 12:02:49 +01:00
Moritz Eckert	29664fc481	ci: upload benchmark results to opensearch Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-03 09:43:49 +01:00
Moritz Eckert	bfca2638d0	ci: remove k-bench action	2023-03-03 09:43:49 +01:00
Moritz Eckert	12ba11ceee	ci: replace k-bench in e2e-test-weekly	2023-03-03 09:43:49 +01:00
Moritz Eckert	6fbca2818f	ci: replace k-bench in e2e-test-manual	2023-03-03 09:43:49 +01:00
Moritz Eckert	0481c039f7	ci: add kubestr and knb based e2e_benchmark action Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-03 09:43:49 +01:00
Paul Meyer	6cb93d66df	ci: change push/pr token Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-03 02:55:17 -05:00
Otto Bittner	a5d4970753	ci: run constellation commands with `--debug` (#1321 )	2023-03-02 09:40:21 +01:00
Paul Meyer	f9bb7c5f34	ci: frequently build up to date gcp guest-agent (#1315 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-03-01 13:52:52 +01:00
Paul Meyer	8c171a1b66	ci: pin ko version (#1309 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-28 18:53:28 +01:00
Moritz Sanft	732d15d013	ci: use iam destroy command for resource destruction (#1272 ) * replace tf destruction with new command * move iam destroy cmd * fix typos * exit post test on error * [remove] test failure on iam destroy * Revert "[remove] test failure on iam destroy" This reverts commit `99449c0cc0`. * [remove] test failure on terminate * Revert "[remove] test failure on terminate" This reverts commit `99c45bbc54`. * gofumpt	2023-02-28 09:52:32 +01:00
Malte Poll	b79f7d0c8c	cli: add basic support for `constellation create` on OpenStack (#1283 ) * image: support OpenStack image build / upload * cli: add OpenStack terraform template * config: add OpenStack as CSP * versionsapi: add OpenStack as CSP * cli: add OpenStack as provider for `config generate` and `create` * disk-mapper: add basic support for boot on OpenStack * debugd: add placeholder for OpenStack * image: fix config file sourcing for image upload	2023-02-27 18:19:52 +01:00
Otto Bittner	6c07a2892e	ci: adapt pipeline to use --kubernetes flag	2023-02-27 16:33:47 +01:00
Otto Bittner	08ee56911b	cli: overwrite chart versions during install/upgrade * As charts receive information like the container image from the cli it makes sense to also version the charts based on the cli version. * The pseudoversion is recalculated when running cmake. * When merging changes from release branch to main, a new commit is introduced to set the PROJECT_VERSION back to 0.0.0, so that builds include a pseudoversion.	2023-02-27 16:06:35 +01:00
Otto Bittner	948a12461c	build: introduce pseudoversion for cli versions All binaries that receive a version number during build now receive a pseudoversion from hack/pseudo-version. This makes any version-dependant behavior more similar between dev and release versions. And in turn makes testing easier.	2023-02-27 16:06:35 +01:00
Paul Meyer	4f480db77a	ci: ensure ci prs trigger workflows (#1279 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-27 15:16:07 +01:00
Otto Bittner	05823680f3	ci: fix release pipeline (#1253 ) * add pull-request permission to docs job * readd permission for micro-services step * run checkout action before building * allow crane to read packages	2023-02-27 10:49:52 +01:00
Paul Meyer	1d2cdca979	ci: fix quoting of versionsapi flags Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-24 10:52:14 -05:00
Paul Meyer	d2cdc85cf7	ci: fix build-ko action bash Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-24 06:01:08 -05:00
Moritz Sanft	a274ac8a7c	ci: add cli k8s compatibility table artifact upload to ci (#1218 ) * add cli k8s compatibility api to ci * extend versionsapi package * rework cli info upload via ci * join errors natively * fix semver * upload from hack file * fix ci checks * add distributionid * setup go before running hack file * setup go after repo checkout * use logger instead of panic, invalidate cache * use provided ctx Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --------- Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-24 12:00:04 +01:00
Paul Meyer	f1b331bbbd	ci: fix comparision of ref name Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-24 04:42:37 -05:00
Nils Hanke	9b1c9f971f	ci: specify URL predicate because shortnames are unreliable	2023-02-22 15:45:39 +01:00
Nils Hanke	f13f80b8af	ci: update Syft to 0.72.0 and Grype to 0.57.1 (#1120 ) * ci: update Syft to 0.72.0 and Grype to 0.57.1 * ci: install Cosign before Syft * ci: directly read private key from environment for Cosign * ci: add --add-cpes-if-none to Grype * ci: use cosign attest directly instead of syft attest	2023-02-22 14:17:02 +01:00
Otto Bittner	c4fd70684f	Revert "deps: update Terraform azurerm to v3.44.1 (#1197 )" (#1255 ) This reverts commit `253f833f6c`.	2023-02-22 11:16:05 +01:00
Paul Meyer	f580f8216a	ci: add missing Go setup Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-21 08:50:11 -05:00
renovate[bot]	30f53f78d0	deps: update GitHub action dependencies (#1239 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-21 13:49:47 +01:00
renovate[bot]	8134b8b4f0	deps: update golang:1.20.1 Docker digest to 745aa72 (#1238 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-21 13:48:38 +01:00
Moritz Sanft	0ba810240f	ci: integrate automatic iam creation in e2e test (#1158 ) * integrate automatic iam creation in e2e test * fix typo * break long line comments * fix semvers * correct bracing	2023-02-21 12:47:14 +01:00
Paul Meyer	df30197607	ci: fix self trigger paths of workflows Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-21 05:21:59 -05:00
renovate[bot]	253f833f6c	deps: update Terraform azurerm to v3.44.1 (#1197 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-21 10:41:04 +01:00
Paul Meyer	0e7f1c9300	ci: add missing replaced mod files to docker build Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-21 03:13:08 -05:00
Paul Meyer	937ced0223	ci: update Go tidy check workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-20 12:08:24 -05:00
Paul Meyer	955316c661	ci: use new -C flag of Go subcommands Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-20 12:08:24 -05:00
Paul Meyer	e011a20c49	deps: update to Go 1.20 Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-20 12:08:24 -05:00
Paul Meyer	62fbbff91f	ci: commit as edgelessci Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-20 10:40:08 -05:00
Paul Meyer	c5977840f6	ci: add missing token in terraform workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-20 10:40:08 -05:00
Otto Bittner	68b4b95741	ci: use correct container name to tag joinservice	2023-02-17 11:17:26 +01:00
Fabian Kammel	656e109e17	fix: upload signature of measurements. (#1213 ) Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2023-02-17 10:53:57 +01:00
renovate[bot]	7500112d37	deps: update GitHub action dependencies (#1201 ) Co-authored-by: katexochen <katexochen@users.noreply.github.com>	2023-02-15 14:47:42 +01:00
Otto Bittner	03de71fdd2	ci: do not overwrite warnOnly measurements flag The image-api's measurement.json includes a setting for warnOnly that should be followed by default. Enforcing all measurments is currently not possible as some of them are unstable.	2023-02-15 10:35:30 +01:00
Otto Bittner	f97d351ad2	ci: add force flag to remaining constellation cmds In the CI most configs use prerelease images. Config validation prevents this. Therefore we need to use the force flag for now.	2023-02-15 10:35:30 +01:00
renovate[bot]	449d0e5b7a	deps: update golang Docker tag to v1.20.1 (#1190 ) Co-authored-by: katexochen <katexochen@users.noreply.github.com>	2023-02-15 10:14:38 +01:00
Malte Poll	77216f7492	deps: vendor node-maintenance-operator api (#1172 ) * deps: go generate script to vendor node-maintenance-operator api folder * deps: vendor node-maintenance-operator api folder * operators: use vendored node-maintenance-operator api * ci: ignore 3rdparty dir for license check	2023-02-14 18:46:48 +01:00
Paul Meyer	b46e2b1681	ci: better naming for spelling check workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-13 11:42:12 -05:00
Thomas Tendyck	5a142748bc	ci: update vale action	2023-02-13 16:43:56 +01:00
Otto Bittner	74c569cba0	ci: fix yq command for new k8s version format The string "1.25" does not need quotes to work in the replace. "1.25.6" or "v1.25.6", however, do.	2023-02-13 10:19:59 +01:00
Fabian Kammel	50522cb73c	expand variables (#1161 ) Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2023-02-10 17:57:26 +01:00
Paul Meyer	278031b066	ci: fix workdir of apko base image build Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-10 11:24:17 -05:00
stdoutput	e46f4280e7	update default k8s version in manual e2e test	2023-02-10 15:13:34 +01:00
Otto Bittner	a7ea85c738	ci: update k8s versions in e2e tests The accepted format has been changed for upgrade support.	2023-02-10 15:13:34 +01:00
Daniel Weiße	c29107f5be	init: create kubeconfig file with unique user/cluster name (#1133 ) * Generate kubeconfig with unique name * Move create name flag to config * Add name validation to config * Move name flag in e2e tests to config generation * Remove name flag from create * Update ascii cinema flow --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-02-10 13:27:22 +01:00
Fabian Kammel	4c5ab7c5e9	ci: refactor image measurement generation (#1152 ) * Merge measurements.image.json and measurements.json into latter. * Use static (known) measurement values for the ones we cannot precompute. Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2023-02-09 13:33:17 +01:00
Otto Bittner	c275464634	cli: change upgrade-plan to upgrade-check Upgrade check is used to find updates for the current cluster. Optionally the found upgrades can be persisted to the config for consumption by the upgrade-execute cmd. The old `upgrade execute` in this commit does not work with the new `upgrade plan`. The current versions are read from the cluster. Supported versions are read from the cli and the versionsapi. Adds a new config field MicroserviceVersion that will be used by `upgrade execute` to update the service versions. The field is optional until 2.7 A deprecation warning for the upgrade key is printed during config validation. Kubernetes versions now specify the patch version to make it explicit for users if an upgrade changes the k8s version.	2023-02-08 12:30:01 +01:00
Otto Bittner	f204c24174	cli: add version validation and force flag Version validation checks that the configured versions are not more than one minor version below the CLI's version. The validation can be disabled using --force. This is necessary for now during development as the CLI does not have a prerelease version, as our images do.	2023-02-08 12:30:01 +01:00
renovate[bot]	a3f8bb30ac	deps: update golang Docker tag to v1.20.0 (#1145 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-03 18:08:03 +01:00
Paul Meyer	60254f21f4	ci: fix location of cli docgen output (#1138 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-02-03 18:00:16 +01:00
Daniel Weiße	f74f589605	ci: add containerized libvirt build workflow (#1130 ) * Add libvirt container build workflow * Update release workflow * Update image libvirt base image --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-02-02 14:40:05 +01:00
Fabian Kammel	64c4b1f766	allow workflow to create pr (#1132 ) Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2023-02-01 16:54:12 +01:00
Malte Poll	b7d3f3972b	ci: add bazel tests	2023-01-31 17:55:09 +01:00
renovate[bot]	bec82c2328	deps: update GitHub action dependencies (#1112 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-31 17:38:44 +01:00
Paul Meyer	e5a2e519a3	ci: fix hasher permissions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-31 17:36:45 +01:00
Paul Meyer	e0354826e0	ci: trigger builds on workflow change Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-31 17:17:03 +01:00
Otto Bittner	176f366c53	ci: fix manual keyservice build workflow	2023-01-31 16:53:46 +01:00
Paul Meyer	4f1a4ecb9e	ci: don't use k-bench install script Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-31 15:06:29 +01:00
Paul Meyer	c00004a321	ci: fix oras download in package hasher Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-31 15:06:13 +01:00
Fabian Kammel	c14e551af5	fix permissions (#1119 ) Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2023-01-31 14:30:36 +01:00
Otto Bittner	24409fe6ee	ci: ensure that unittests are run when touching helm charts In case the helm charts are changed only yaml files are touched. Thus the unit test workflow was not triggered.	2023-01-31 11:36:49 +01:00
Otto Bittner	88e3da750e	ci: adjust tags in build_ko Currently tags can be empty when building a ko image. However, --bare may not work in case --tags is empty, as per ko docs. Also remove redundant build step in release pipeline. Co-authored-by: Malte Poll <mp@edgeless.systems>	2023-01-31 10:16:20 +01:00
Fabian Kammel	b21393ddb1	authorize purge branch (#1113 ) Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2023-01-30 17:55:41 +01:00
leongross	2187aa6cb0	ci: reproducible builds integration (#1108 ) * remove `-ko` suffix from workflows * integrate into `release.yaml` * adjust helm charts to use hard coded `ko` binary path	2023-01-30 16:58:49 +01:00
Fabian Kammel	48c8a66114	Minimal GitHub Action token permissions. (#1104 ) Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2023-01-30 16:11:27 +01:00
Paul Meyer	d095f08cd4	apko: build base image with pinned packages Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-30 16:05:00 +01:00
Paul Meyer	32a540bff4	ci: tag apko base images Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-30 16:05:00 +01:00
Paul Meyer	8268b6e23f	ci: don't build apko base images on release branch Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-30 16:05:00 +01:00
Paul Meyer	88b4bc5857	ci: pin apk packages used in container base image Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-30 16:05:00 +01:00
leongross	bd3ec19aef	update kbench requirements.txt (#1103 )	2023-01-30 11:57:48 +01:00
Paul Meyer	617c6f0a8d	deps: update sonobuoy version Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-30 10:17:18 +01:00
renovate[bot]	a85ba96ac4	deps: update Terraform azurerm to v3.41.0 (#1097 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-27 16:33:32 +01:00
renovate[bot]	17ff8c43d7	deps: update GitHub action dependencies (#1099 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-27 16:12:26 +01:00
Moritz Sanft	cb894e5df5	ci: fix Constellation recover e2e test (#1081 ) * AB#2859 wait for cp to recover * AB#2859 remove unnecessary inputs & echo	2023-01-27 15:53:53 +01:00
Paul Meyer	8364856d55	versions: remove Kubernetes v1.23 Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-27 13:32:20 +01:00
Paul Meyer	ccd3a08eca	ci: improve readability of GitHub lables Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-26 18:29:38 +01:00
renovate[bot]	6c068674af	deps: update GitHub action dependencies (#1085 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-26 15:22:33 +01:00
renovate[bot]	5eecd1345d	deps: update golang Docker tag to v1.19.5 (#1086 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-26 15:19:23 +01:00
Paul Meyer	4bb1bb7595	ci: fix value substitution in pr messages of release workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-26 12:44:05 +01:00
renovate[bot]	c81863d181	deps: update dependency azure-mgmt-resource to v22	2023-01-26 09:09:34 +01:00
Paul Meyer	bb419bdee5	ci: use peter-evans' action to create prs Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-25 18:39:15 +01:00
Malte Poll	ee869eaf9c	ci: prepare upgrade-agent for upload in e2e tests	2023-01-25 09:58:56 +01:00
Malte Poll	ce17a0c9ac	ci: set debug flag explicitly in os build pipeline	2023-01-25 09:58:56 +01:00
3u13r	f950fded9a	ci: add testdata trigger to unittest (#1063 )	2023-01-24 11:39:26 +01:00
Paul Meyer	9a70a81b7c	ci: rename os images on GCP to contain stream Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-23 14:15:05 +01:00
Paul Meyer	f5de2b7fc6	ci: move scheduled build into own workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-23 14:15:05 +01:00
Paul Meyer	94c0184e4d	ci: add workflow for proto code generation check Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-23 12:20:37 +01:00
Paul Meyer	a8cbfd848f	keyservice: use dash in container name (#1016 ) Co-authored-by: Otto Bittner <cobittner@posteo.net>	2023-01-20 18:51:06 +01:00
Fabian Kammel	582412d275	Fix GCP CCM build, add v26, and exclude old broken versions until fixed. (#1038 ) Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2023-01-20 15:17:00 +01:00
Paul Meyer	a31d79e9cb	ci: curl flags Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-20 14:23:32 +01:00
Paul Meyer	a6d35c6fd1	ci: move apko building into separate script Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-20 09:52:17 +01:00
Paul Meyer	71708a967c	ci: run tests on workflow file change Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-19 16:47:47 +01:00
Paul Meyer	acc3f64dee	ci: only build apko base images on change Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-19 15:18:26 +01:00
Paul Meyer	5dc080c3b3	ci: only run CodeQL on main Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-19 12:16:40 +01:00
Moritz Sanft	ae2db08f3a	ci: add e2e test for constellation recover (#845 ) * AB#2256 Add recover e2e test * AB#2256 move test & fix minor objections * AB#2256 fix path * AB#2256 rename hacky filename	2023-01-19 10:41:07 +01:00
Paul Meyer	2cee7cb454	ci: run CodeQL only on Go/Python changes Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-19 10:34:36 +01:00
Moritz Sanft	df0fe7178c	Adapt to new measurements format (#999 )	2023-01-19 10:14:10 +01:00
Nils Hanke	2c6a3c398f	ci: remove unnecessary checkout	2023-01-18 18:53:29 +01:00
Nils Hanke	b52c917dc6	ci: downgrade Syft to 0.65.0	2023-01-18 18:53:29 +01:00
Nils Hanke	4e9c49c342	ci: move Syft & Grype installation into an action (#1011 )	2023-01-18 17:33:10 +01:00
renovate[bot]	30b22cd17f	Update GitHub action dependencies (#1007 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-18 17:04:46 +01:00
Paul Meyer	8e18c7012c	ci: install shellcheck using the action Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-18 17:02:40 +01:00
Nils Hanke	fc2a285270	ci: fix CLI SBOM generation (#1005 )	2023-01-18 11:36:39 +01:00
Paul Meyer	411dfed18f	ci: unified order and style of workflows/actions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-18 10:57:42 +01:00
Paul Meyer	41690288a1	ci: remove unneeded brackets in if statements Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-18 10:57:42 +01:00
Fabian Kammel	85f33b2140	ci: fix scorecard/pinned-dependencies findings (#967 ) * fix scorecard/pinned-dependencies findings * make renovate update go install Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2023-01-17 16:12:23 +01:00
Fabian Kammel	8f88129cac	Configure CodeQL and scorecard workflow. (#986 ) * Configure CodeQL and scorecard workflow. * Fix CodeQL finding. Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2023-01-17 14:01:47 +01:00
Moritz Sanft	9023482ce0	Move verify e2e test (#996 )	2023-01-17 11:28:28 +01:00
Paul Meyer	ec1df3084b	ci: fix versionsapi action Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-16 18:23:13 +01:00
Malte Poll	fa7bac3868	ci: switch gcp accounts to oidc (#983 )	2023-01-16 18:15:17 +01:00
Paul Meyer	d39cf1cd6e	ci: fix cron tab mismatch Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-16 17:33:17 +01:00
Paul Meyer	c9624c75ee	ci: fix versionsapi action output Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-16 15:50:53 +01:00
Paul Meyer	2241e41fcf	ci: delete old images of all streams on ref main Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-16 14:57:13 +01:00
Paul Meyer	3393e458e0	ci: schedule os image builds Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-16 14:55:24 +01:00
Paul Meyer	98040ff89c	ci: run shellfmt and shellcheck on changes in /image Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-16 14:49:33 +01:00
Paul Meyer	d37bd077d8	ci: delete old images from main ref Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-16 13:52:11 +01:00
Paul Meyer	4a6c64a02f	ci: copy versionsapi binary from container to host Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-16 13:52:11 +01:00
Otto Bittner	4239191b0d	ci: remove residual references to "kms"	2023-01-16 12:43:03 +01:00
Malte Poll	938f114086	ci: implement "console" stream for OS images (#969 ) * image: add AUTOLOGIN environment variable to conditionally enable serial console login * ci: implement "console" stream for OS images * debugd: remove serial console login access code	2023-01-16 12:20:01 +01:00
Otto Bittner	90b88e1cf9	kms: rename kms to keyservice In the light of extending our eKMS support it will be helpful to have a tighter use of the word "KMS". KMS should refer to the actual component that manages keys. The keyservice, also called KMS in the constellation code, does not manage keys itself. It talks to a KMS backend, which in turn does the actual key management.	2023-01-16 11:56:34 +01:00
leongross	c36a009188	ci: reproducible builds ko (no gcp) (#871 ) * add ko build actions and worklflows * add apko build actions and worklflows * add .ko.yaml file * add apko image definitions * add signing container, add signing sboms, add uploading sboms	2023-01-13 16:38:31 +01:00
Paul Meyer	5dcaf84e23	ci: increase Go test timeout in e2e lb Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-13 12:03:27 +01:00
Paul Meyer	5cb10aef45	ci: find latest image with versionsapi action Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-13 10:23:43 +01:00
Paul Meyer	6d6ef99f11	ci: run versionsapi as docker action Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-13 10:23:43 +01:00
Paul Meyer	8cfa402c9a	ci: refactor titles of prs made by bots Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-13 10:08:51 +01:00
Nils Hanke	b3c3c2fa8c	qemu: remove registry_auth for Docker Terraform module (#957 )	2023-01-12 15:47:50 +01:00
Paul Meyer	5782e0c884	ci: deactivate dryrun of image deletion Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-12 13:43:42 +01:00
Paul Meyer	d0e9f427d1	deps: update Go to v1.19.5 (#949 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-12 13:36:17 +01:00
Malte Poll	7cc8f2c884	ci: manual e2e: github.event.inputs -> inputs	2023-01-12 13:24:07 +01:00
Malte Poll	5ba1b6780b	ci: auto detect if released OS images should be marked as "latest"	2023-01-12 13:24:07 +01:00
Malte Poll	77d921824e	ci: switch default AWS zone to eu-central-1c	2023-01-12 13:24:07 +01:00
Malte Poll	67be4016f5	ci: generate signed measurements for QEMU	2023-01-12 13:24:07 +01:00
Malte Poll	d851623c0d	ci: implement second half of release checklist	2023-01-12 13:24:07 +01:00
Malte Poll	142af75776	ci: implement second half of release checklist	2023-01-12 13:24:07 +01:00
Malte Poll	49288f5d30	ci: use explicit input to choose cosign key for OS image measurements	2023-01-12 13:24:07 +01:00
Malte Poll	16d27b5157	ci: update hardcoded measurements during release pipeline	2023-01-12 13:24:07 +01:00
Malte Poll	3077dd4f27	ci: implement first half of release checklist	2023-01-12 13:24:07 +01:00
Malte Poll	8e87a40708	ci: remove unused PPA	2023-01-12 13:24:07 +01:00
Paul Meyer	c1e776a1a2	ci: join macos with normal tests (#933 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-11 14:27:18 +01:00
Leonard Cohnen	e9da70fde9	ci: remove versions manifest	2023-01-11 11:10:44 +01:00
Paul Meyer	e9442ac1ce	deps: update and pin github.com/katexochen/sh (#922 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-11 10:17:31 +01:00
Moritz Eckert	b2f8f72f1e	dev-docs: move into top-level dir (#924 )	2023-01-10 14:18:41 +01:00
renovate[bot]	9fbf298565	Update actions/cache action to v3.2.3 (#909 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-09 18:30:41 +01:00
Paul Meyer	6a20d18082	ci: change gcp image and image family names Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-09 17:06:59 +01:00
Paul Meyer	00ca87a7ec	ci: fix versionsapi workflow remove cmd Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-09 17:02:45 +01:00
Paul Meyer	8643c791f0	ci: add missing secrets to purge branch workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-09 16:17:31 +01:00
Paul Meyer	636567d65a	ci: add purge branch workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-09 13:54:19 +01:00
Paul Meyer	dc73411301	hack: remove build-manifest Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-09 13:15:09 +01:00
Paul Meyer	433e9cdd8b	Update .github/docs/conventions.md Co-authored-by: leongross <64152526+leongross@users.noreply.github.com>	2023-01-09 11:51:01 +01:00
Paul Meyer	336c2fa2f8	devdocs: pr title conventions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-09 11:51:01 +01:00
Paul Meyer	fa85150f3e	hack: move terraform readmes into cli Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-09 11:49:00 +01:00
Moritz Sanft	ecdc465a42	AB2564 Add constellation verify e2e test (#875 )	2023-01-09 08:54:41 +01:00
renovate[bot]	f62f8e5d79	Update GitHub action dependencies (#902 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-06 17:35:54 +01:00
renovate[bot]	3d6b11e7cb	Update Terraform azurerm to v3.38.0 (#895 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-06 16:28:04 +01:00
renovate[bot]	32b839e9f7	Update GitHub action dependencies (#877 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-05 16:17:51 +01:00
Leonard Cohnen	94694c6e06	operator: add v2 to package name	2023-01-05 14:52:09 +01:00
Paul Meyer	aaa9e01e55	ci: increase verbosity of load balancer e2e test (#868 ) * ci: increase verbosity of load balancer e2e test * Enable verbose logging in container for e2e-lb test. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Fabian Kammel <fk@edgeless.systems>	2023-01-05 14:12:53 +01:00
Paul Meyer	f9458950cb	versionsapi: change image path (#856 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-04 17:07:16 +01:00
Paul Meyer	f720726074	ci: fix rebuild loop of microservice images Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-04 16:01:12 +01:00
Paul Meyer	e1a0a01ac3	ci: replace find-image script with versionsapi cli Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-04 11:39:19 +01:00
Paul Meyer	3561a16819	ci: replace add-version through versionsapi cli Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-04 11:39:19 +01:00
Paul Meyer	195fe27870	ci: add versionsapi workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-04 11:39:19 +01:00
renovate[bot]	7c017e2b67	Update Terraform azurerm to v3.37.0 (#849 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-03 14:47:44 +01:00
Fabian Kammel	ca94a3c44c	Fix failing e2e test for lb (#850 ) Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2023-01-03 12:41:46 +01:00
renovate[bot]	d2c04ecc40	Update GitHub action dependencies (#848 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-03 10:09:02 +01:00
renovate[bot]	806f6b70dd	Update module github.com/talos-systems/talos/pkg/machinery to v1.3.1 (#844 ) * Update module github.com/talos-systems/talos/pkg/machinery to v1.3.1 * Rename talos-systems/talos to siderolabs/talos Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-01-02 13:33:56 +01:00
3u13r	473e16feb2	image: add upgrade-agent (#827 )	2022-12-29 17:50:11 +01:00
Paul Meyer	16b002ec1d	deps: update sonobuoy to v0.56.14 Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-29 13:11:04 +01:00
Paul Meyer	c7ecf13e7f	ci: fix workflows with tokens running on forks Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-23 11:39:09 +01:00
Paul Meyer	caed4ff287	ci: print image in find-image action Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-21 18:39:03 +01:00
Paul Meyer	582615dfb3	ci: enable manual e2e runs on any git ref Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-21 18:39:03 +01:00
Fabian Kammel	83f09e1058	implement e2e test lb (#815 ) * implement e2e test lb * add lb e2e test to weekly schedule Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2022-12-21 10:49:21 +01:00
Thomas Tendyck	990cae58a5	ci: don't checkout head ref for PRs from forks	2022-12-19 16:09:40 +01:00
Paul Meyer	e5f5e26838	ci: automated changelog generation Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-16 11:42:36 +01:00
Paul Meyer	58a5c47d30	ci: update pinned hashes on renovate updates Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-16 10:43:33 +01:00
Fabian Kammel	b718e92d1d	update slsa-verifier (#803 ) Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2022-12-15 09:45:46 +01:00
Fabian Kammel	6564fcbf6c	E2E Test Mini Constellation (#796 ) * fix: typo to build amd64 for macos * Implement E2E test for mini constellation Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2022-12-14 16:51:42 +01:00
Malte Poll	a1d59df1c3	Release action: Do not fail if "latest" is not set (#793 )	2022-12-14 14:59:06 +01:00
renovate[bot]	5967b98c25	Update GitHub action dependencies (#778 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-14 14:55:14 +01:00
Paul Meyer	f2b324cb88	hack: rename find-image dir Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-13 16:16:37 +01:00
Paul Meyer	c741ccfb4b	kubernetes: use new registry Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-13 16:08:19 +01:00
Paul Meyer	6862c2587f	kubernetes: add v1.26, default to v1.25 Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-13 16:08:19 +01:00
Malte Poll	15197dfbd0	Enhance release checklist with lessons from release v2.3 (#791 )	2022-12-13 12:04:58 +01:00
Malte Poll	ba8c0a9e30	Fix e2e test networking issue (#792 )	2022-12-13 10:07:09 +01:00
Malte Poll	e207081274	adopt changes from linux e2e tests on macOS (#790 )	2022-12-13 10:06:36 +01:00
Malte Poll	fed31c304a	Release CLI: Fix upload path	2022-12-12 17:45:35 +01:00
Malte Poll	cf0b04291a	Embed measurements for v2.3.0	2022-12-12 17:45:35 +01:00
Malte Poll	3f6817653b	Match pki set and key	2022-12-12 17:45:35 +01:00
Malte Poll	6154a5ef68	OS build pipeline: Correctly choose PKI set	2022-12-12 17:45:35 +01:00
Malte Poll	c9df5cfa09	Fix OS image build pipeline for releases	2022-12-12 17:45:35 +01:00
Malte Poll	3c5fa3175a	Fix image build pipeline: Use braces to group complex expressions (#770 )	2022-12-09 14:48:52 +01:00
Malte Poll	4a8ebfd921	OS images: use "ref", "stream" and "version" Switch azure default region to west us Update find-image script to work with new API spec Add version for every os image build generate measurements: Use new API paths CLI: config fetch measurements: Use image short versions to fetch measurements CLI: allows shortnames to specify image in config Image build pipeline: Change paths to contain "ref" and "stream"	2022-12-09 13:37:43 +01:00
Paul Meyer	d3873988c9	ci: fix download scripts for serial logs Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-09 13:22:45 +01:00
Paul Meyer	9e9468ff44	ci: add csp name to serial log artifact name Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-09 13:22:45 +01:00
renovate[bot]	e371e4499f	Update GitHub action dependencies (#765 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-09 11:10:23 +01:00
Paul Meyer	24f6c3807b	ci: no link checking on main Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-08 11:42:03 +01:00
Malte Poll	95a33e7d35	No longer print constellation-id.json (#749 )	2022-12-07 16:10:51 +01:00
Paul Meyer	3cc2a714a4	dependencies: upgrade to Go v1.19.4 (#732 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-07 14:27:43 +01:00
Paul Meyer	a9ed8c0191	e2e: enable systemd logcollection Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-06 18:05:32 +01:00
Paul Meyer	5ba5d9d683	ci: unpin slsa-github-generator action digest (#734 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-06 17:07:27 +01:00
Otto Bittner	e9ec9f2f29	Upload full logs instead of only the results junit This includes all pod logs and systemd logs. It increases the filesize significantly: 3.3MB for a quickrun with 5 nodes.	2022-12-05 16:28:32 +01:00
Paul Meyer	176dae317f	debugd: fix logcollector container image naming Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-05 13:16:45 +01:00
Paul Meyer	474f7ad356	ci: build logcollector images Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-02 18:54:24 +01:00
Paul Meyer	e6c4bb3406	ci: build microservices on change of pkg internal Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-02 11:14:58 +01:00
renovate[bot]	998c8ee889	Update GitHub action dependencies (#701 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-02 10:33:19 +01:00
Malte Poll	b9fd8237b9	manual e2e tests: Add option to keep embedded measurements (#698 )	2022-12-01 15:43:40 +01:00
Paul Meyer	4249050116	e2e: find default image if no input image specified Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-01 15:23:27 +01:00
Paul Meyer	cbd5a4a118	ci: print image version in summary Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-01 13:25:53 +01:00
Paul Meyer	8004edcc14	image: add version and debug field to lookup table (#682 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-12-01 11:51:33 +01:00
Malte Poll	e67f65709f	Prepare release checklist for v2.3 (#690 )	2022-12-01 10:46:04 +01:00
Malte Poll	3aa51df74d	Add release trigger to make image versions available via CDN	2022-11-30 12:35:12 +01:00
Leonard Cohnen	954cbad214	ci: build qemu-metadata api	2022-11-30 12:28:37 +01:00
Daniel Weiße	6bd62f0f7a	Update docs to new measurement format (#660 ) * Remove fetch-measurements from create workflow * Explain new measurements format in docs Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2022-11-30 08:29:17 +01:00
Paul Meyer	688003cdd9	ci: fix hcl lock files on renovate branch Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-29 18:47:30 +01:00
Paul Meyer	48e0b3a9cd	ci: check hcl lock files are up to date Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-29 18:47:30 +01:00
renovate[bot]	2e2bcb15e1	Update GitHub action dependencies (#665 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-29 14:06:18 +01:00
Fabian Kammel	c71fd89e80	Provenance for CLI (#647 ) * provenance generation for cli * document provenance generation for CLI * include CLI SBOM in provenance Co-authored-by: 3u13r <lc@edgeless.systems> Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2022-11-25 16:13:20 +01:00
Nils Hanke	89b25f8ebb	Add new generate measurements matrix CI/CD action (now with AWS support) (#641 )	2022-11-25 12:08:24 +01:00
Daniel Weiße	f8001efbc0	Refactor enforced/expected PCRs (#553 ) * Merge enforced and expected measurements * Update measurement generation to new format * Write expected measurements hex encoded by default * Allow hex or base64 encoded expected measurements * Allow hex or base64 encoded clusterID * Allow security upgrades to warnOnly flag * Upload signed measurements in JSON format * Fetch measurements either from JSON or YAML * Use yaml.v3 instead of yaml.v2 * Error on invalid enforced selection * Add placeholder measurements to config * Update e2e test to new measurement format Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2022-11-24 10:57:58 +01:00
Malte Poll	3dc9c60864	e2e tests: use new image versions	2022-11-23 15:47:46 +01:00
Paul Meyer	947920d4f5	Revert "warn about function argument count over 5 (#558 )" (#620 ) This reverts commit `1110ccd270`.	2022-11-22 14:20:11 +01:00
Daniel Weiße	e7ee4d6e59	Remove manual installation of csi drivers (#600 ) * Remove manual installation of csi drivers * Remove explicit storage class Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2022-11-22 14:02:31 +01:00
Paul Meyer	063162c205	deps: upgrade sonobuoy version Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-22 12:32:50 +01:00
renovate[bot]	b6d7289dfe	Update dependency numpy to v1.23.5 (#604 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2022-11-22 10:07:44 +01:00
renovate[bot]	fa2919e285	Update softprops/action-gh-release action to v0.1.15 (#607 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-21 15:08:53 +01:00
Malte Poll	efaa0622a8	Include image version in mkosi builds	2022-11-18 10:37:45 +01:00
Malte Poll	74aabe86fa	Move PCR[8] -> PCR[12]	2022-11-18 10:37:45 +01:00
Malte Poll	239b9f6c26	Upgrade images to Fedora 37	2022-11-18 10:37:45 +01:00
Fabian Kammel	56dccb77b4	Merge back changes from v2.2.2 release (#580 ) * prepare v2.2.2 release and update release.md * Updated QEMU measurements * Terraform GCP: Always use the local account for resource creation (#571) * CoreOS is no longer used, change docs to OS. Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: Malte Poll <mp@edgeless.systems>	2022-11-18 10:24:45 +01:00
renovate[bot]	f5f6be1c56	Update actions/download-artifact action to v3 (#583 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2022-11-18 08:55:56 +01:00
Fabian Kammel	1110ccd270	warn about function argument count over 5 (#558 ) * warn about function argument count over 5 * only on new code Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2022-11-17 17:31:00 +01:00
Malte Poll	78481b32e8	Move image artifacts "/v1/" => "/constellation/v1" (#579 )	2022-11-17 16:14:38 +01:00
Paul Meyer	9c405ceb02	ci: use shfmt fork Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-17 16:10:13 +01:00
renovate[bot]	827b62c2be	Update GitHub action dependencies (#568 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Malte Poll <mp@edgeless.systems>	2022-11-17 11:37:00 +01:00
Paul Meyer	c61f6211f9	ci: use fixed renovate bot email for commits Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-17 11:28:49 +01:00
Paul Meyer	3fd678492f	ci: fix shellfmt workflow name Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-17 11:28:49 +01:00
Malte Poll	cdaf1fc476	OS Image Build pipeline: prepare lookup tables and additional artifacts (#560 )	2022-11-16 15:45:10 +01:00
Leonard Cohnen	2f0b1a0f32	ci: add go generate check	2022-11-15 18:24:07 +01:00
Leonard Cohnen	9b89e5cf10	ci: don't check cilium links	2022-11-15 18:24:07 +01:00
Paul Meyer	80a801629e	e2e: deactivate fail-fast for e2e daily Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-15 12:44:52 +01:00
renovate[bot]	c71eeffd1e	Update module github.com/sigstore/rekor to v1.0.1 (#543 ) * Update module github.com/sigstore/rekor to v1.0.1 * quotes around string with spaces * [bot] Tidy all modules Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: datosh <datosh@users.noreply.github.com>	2022-11-15 12:18:01 +01:00
renovate[bot]	7d16c02e0d	Update dependency azure-identity to v1.12.0 (#496 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2022-11-15 10:26:55 +01:00
Malte Poll	5f44668897	Extend AWS e2e test token expiration to 6 hours (#547 )	2022-11-14 14:14:42 +01:00
Malte Poll	9f6a8ffd4c	Allow listing separate args for shfmt	2022-11-14 14:02:29 +01:00
renovate[bot]	c76d0672f8	Update golangci/golangci-lint-action action to v3.3.1 (#542 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-14 10:43:54 +01:00
Paul Meyer	056f98a2ab	ci: bump sonobuoy version Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-14 10:33:29 +01:00
Christoph Meyer	d612ed2cae	AB#2530 CI benchmarks compare to previous and generate graphs - Get the previous benchmark results from artifact store S3 bucket - Compare the current benchmark to the previous results - Attach markdown table comparing results to the workflow output - Update benchmarks in bucket if running on main - Generate graphs from comparison - Document continous benchmarking	2022-11-11 18:37:35 +01:00
Paul Meyer	4f66519fb0	ci: improve shellfmt workflow code Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 16:50:21 +01:00
Paul Meyer	09969afd57	ci: fix workflows Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 16:38:29 +01:00
Paul Meyer	38cc2c1ab0	ci: add actionlint workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 16:38:29 +01:00
Paul Meyer	a7535fb449	ci: add shellfmt workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 15:53:57 +01:00
Paul Meyer	106b738fab	ci: format shellscripts Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 15:53:57 +01:00
renovate[bot]	fd9dfb500d	Update actions/checkout digest to 5c3ccc2 (#527 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 15:03:14 +01:00
Paul Meyer	fb6f425696	ci: checkout with head ref Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 14:00:11 +01:00
renovate[bot]	1fc663efc9	Update actions/checkout action to v3	2022-11-11 14:00:11 +01:00
Paul Meyer	516477a46b	devdoc: update dev conventions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 13:40:13 +01:00
Paul Meyer	7aa7492474	Fix shellcheck warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 13:40:13 +01:00
Paul Meyer	eb66767a62	ci: decrease severity level of shellcheck Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 13:40:13 +01:00
Paul Meyer	6fd605b3c4	e2e: print id file after create Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 13:30:34 +01:00
Paul Meyer	7eb9d8a57c	e2e: add AWS test to schedule Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 13:30:34 +01:00
Paul Meyer	11672acf0a	e2e: add AWS test Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 13:30:34 +01:00
Paul Meyer	f6b3ef6a57	ci: login azure only if needed Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 13:30:34 +01:00
Paul Meyer	1ec9316521	ci: rename actions Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-11 13:30:34 +01:00
Fabian Kammel	b92b3772ca	Remove access manager (#470 ) * remove access manager from code base * document new node ssh workflow * keep config backwards compatible * slow down link checking to prevent http 429 Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2022-11-11 08:44:36 +01:00
Thomas Tendyck	b0f4a09ebe	Update release.md	2022-11-11 08:18:16 +01:00
renovate[bot]	8e8ce070b7	Update google-github-actions/setup-gcloud action to v1 (#524 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-10 18:29:30 +01:00
renovate[bot]	92b647a099	Update google-github-actions/auth action to v1 (#523 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-10 18:28:47 +01:00
Nils Hanke	a7e81aef73	Update GitHub workflow runners to Ubuntu 22.04 (#513 ) * Update all GitHub action runners to ubuntu-22.04 * Fix license checker script for grep >3.4	2022-11-10 16:55:24 +01:00
Malte Poll	e011c7ef78	Set azureImageOffer for debug images	2022-11-10 09:13:44 +01:00
Leonard Cohnen	7a8ca1e574	docs: verify Ceph encryption	2022-11-09 16:48:11 +01:00
Malte Poll	e9fecec0bc	Only publish release AMIs	2022-11-09 14:29:58 +01:00
renovate[bot]	c18feaaace	Update lycheeverse/lychee-action action to v1.5.4 (#492 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2022-11-09 11:10:46 +01:00
Paul Meyer	d3bad39223	e2e: fix deletion of persisten volumes (#476 ) Co-authored-by: Christoph Meyer <cme@edgeless.systems>	2022-11-09 10:28:34 +01:00
renovate[bot]	05f4b8698b	Update ludeeus/action-shellcheck digest to 6d3f514 (#485 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-08 18:38:48 +01:00
Daniel Weiße	011f9c597d	Bring in changes from release branch (#479 ) * Bump version to v2.2.0 * Update changelog * Fix release detection in pipeline * Fix PKI selection in pipeline * Set enforced measurements for AWS * Update default images * Fix release docs * Update mini-con defaults * Fix measurements action * Fix syft env variable naming Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2022-11-08 18:32:59 +01:00
Paul Meyer	46e4ddd8c6	ci: don't run cli reference gen on release branch Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-08 17:07:29 +01:00
Malte Poll	899ca91aa3	Move enforced measurement for clusterID to PCR[15] in e2e tests	2022-11-08 00:07:04 +01:00
Malte Poll	3e996efb3f	Pass azure image offer from build variable action	2022-11-08 00:07:04 +01:00
renovate[bot]	efa2fb2fd0	Update anchore/sbom-action action to v0.13.1 (#463 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2022-11-04 17:42:09 +01:00
Malte Poll	ed58fcccd3	CI: Add secure boot prod keys (#462 ) * Add production secure boot keys * Refactor OS build and upload settings	2022-11-04 16:48:52 +01:00
Nils Hanke	b24c799c80	Replace specific Azure/GCP credentials with secrets	2022-11-04 12:57:24 +01:00
Nils Hanke	ee20ff8950	Replace E2E Azure RM credentials with secrets	2022-11-04 12:57:24 +01:00
Nils Hanke	a535ca1901	CI: Use lowercase image name for S3 upload	2022-11-04 12:57:24 +01:00
Nils Hanke	af08ffbb16	CI: Add group for building pcr-reader for better output	2022-11-04 12:57:24 +01:00
Nils Hanke	28b2d84684	Add AzureRM authentication environment variables for PCR action	2022-11-04 12:57:24 +01:00
Nils Hanke	3ca88d6043	Fix Constellation measure CI action	2022-11-04 12:57:24 +01:00
renovate[bot]	88110ff5f3	Update github actions dependencies (#450 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-04 11:58:54 +01:00
renovate[bot]	72caeca69b	Update dependency matplotlib to v3.6.2	2022-11-03 16:01:52 +01:00
Malte Poll	4a7024c469	Make AMI public on creation (#426 )	2022-11-03 15:22:51 +01:00
Paul Meyer	ac3768bbc9	e2e: add k-bench to weekly run Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-02 18:47:16 +01:00
Christoph Meyer	273d6162de	fix: don't run CI K-Bench with less than 2 worker nodes K-Bench's network benchmarks require two distinct worker nodes. Add check prior to running the benchmark that terminates early, if not enough workers scheduled.	2022-11-02 18:45:56 +01:00
Christoph Meyer	94429c8db8	Add CI action to install CSI drivers	2022-11-02 18:30:59 +01:00
Nils Hanke	7ca4a6d0e1	Adjust CI scripts to avoid termination prompt	2022-11-02 18:18:30 +01:00
Nils Hanke	6d2ec109d0	Update to Go 1.19.3	2022-11-02 11:53:52 +01:00
renovate[bot]	f60120bbbc	Update github actions dependencies (#420 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-11-02 11:00:40 +01:00
Malte Poll	2842328457	Update mkosi to version 14 (#391 )	2022-11-02 10:14:42 +01:00
Christoph Meyer	1952eb5721	AB#2191 Evaluate K-Bench benchmarks in CI Install Python for K-bench evaluation Add scripts to evaluate the K-Bench results in CI Attach graphs to the workflow results in GitHub Actions	2022-11-01 12:27:25 +01:00
Christoph Meyer	f4ff473677	AB#2191 Add K-Bench CI step to manual workflow Add the option to run K-Bench performance to the manual CI workflow Install CSI drivers in the cluster for K-Bench benchmarks Attach the results to the workflow in the GitHub Actions view	2022-11-01 12:27:25 +01:00
Otto Bittner	30bdbd9b85	Add helm unittests (#380 )	2022-10-31 19:25:02 +01:00
Paul Meyer	3933a97567	e2e: rework schedule of e2e test daily/weekly Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-31 18:22:05 +01:00
renovate[bot]	20532fc355	Update Azure Function python dependencies (#411 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2022-10-31 11:54:05 +01:00
Paul Meyer	4cd659b394	e2e: fix collection of boot logs on GCP (#401 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-31 10:40:08 +01:00
renovate[bot]	4aa2069655	Update github actions dependencies (#397 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: Malte Poll <mp@edgeless.systems>	2022-10-31 10:26:17 +01:00
Paul Meyer	050223e4c5	e2e: add nop payload to only test infra creation Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-28 17:46:37 +02:00
Paul Meyer	256f0e64b3	Upgrade Go version to 1.19 Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-28 16:06:53 +02:00
Leonard Cohnen	1ffb078a4d	Docs: image changes for Longhorn support	2022-10-28 12:11:43 +02:00
Malte Poll	9297a4e8a2	Normalize naming: "sonobuoy fast" -> "sonobuoy quick" (#389 )	2022-10-28 11:01:31 +02:00
Paul Meyer	b7415647a6	Move sonobuoy action Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-27 18:39:08 +02:00
Paul Meyer	95b8531fdd	Add e2e autoscaling test Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-27 18:39:08 +02:00
Paul Meyer	7108304046	Remove upload of state file Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-27 18:39:08 +02:00
Paul Meyer	8aa84fd759	Remove installation of preinstalled dependencies in workflows Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-27 18:39:08 +02:00
renovate[bot]	acc82b205a	Update github actions dependencies (#366 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2022-10-26 15:48:35 +02:00
Malte Poll	f65475b2b2	Use fine grained GitHub PAT to commit "go mod tidy" fixes	2022-10-26 14:44:09 +02:00
Malte Poll	d81172e352	Pin setup-gcloud action to git tag (for renovate) (#376 )	2022-10-26 13:58:05 +02:00
Paul Meyer	4cbec82edf	Test operator code generation is up to date Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-25 16:50:46 +02:00
Thomas Tendyck	45dba96e31	remove conformance folder	2022-10-25 09:54:23 +02:00
Leonard Cohnen	5efd2716e3	add Rook deployment workaround	2022-10-23 05:50:49 +02:00
Malte Poll	2bf2cc6391	Use versioned Azure login action (#353 ) * Use versioned Azure login action * Pin github actions to git tags	2022-10-21 16:23:29 +02:00
Fabian Kammel	18ae86c38e	sbom signing (#303 ) Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2022-10-21 15:19:51 +02:00
Otto Bittner	07f02a442c	Refactor Helm deployments (#341 ) * Wrap KMS deployment in one main chart that deploys all other services. Other services will follow. * Use .tgz via helm-package as serialization format * Change Release type to carry chart as byte slice * Remove KMSConfig * Use json-schema to validate values * Extend release.md to mention updating helm charts	2022-10-21 12:01:28 +02:00
renovate[bot]	10a207c7ec	Update github actions dependencies	2022-10-21 11:33:41 +02:00
Malte Poll	b57b25fdaa	Image upload AWS	2022-10-21 11:04:25 +02:00
Malte Poll	743f5fa627	Remove all traces of CoreOS from the codebase	2022-10-21 11:04:25 +02:00
Malte Poll	35e2267cf9	Move mkosi folder to old image folder location	2022-10-21 11:04:25 +02:00
Malte Poll	26fdfa4bee	Prefill PCR[11], PCR[12], PCR[13], PCR[15]	2022-10-21 11:04:25 +02:00
Malte Poll	6859c6b00e	Precalculate expected PCR[8]	2022-10-21 11:04:25 +02:00
Malte Poll	1e9608c796	Precalculate expected PCR[4]	2022-10-21 11:04:25 +02:00
Malte Poll	f4e69ec6ec	mkosi pipeline: Collect hashes	2022-10-21 11:04:25 +02:00
Nils Hanke	714b368a62	Add gcloud setup back to GCP login action for ✨magic✨ authentication	2022-10-21 11:04:25 +02:00
Malte Poll	34367ea3cc	Create mkosi image build pipeline	2022-10-21 11:04:25 +02:00
Fabian Kammel	21436e6592	use release cosign key only when releasing (#331 ) Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2022-10-20 15:59:17 +02:00
Paul Meyer	2685b5be1f	Let tfsec fail soft in CI Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-20 10:44:43 +02:00
Paul Meyer	a6b0edfcaa	Tidy modules on renovate branches Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-19 10:51:44 +02:00
Paul Meyer	7c13302936	Checkout branch instead of head commit Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-19 10:51:44 +02:00
renovate[bot]	6d5cb6b581	Update sigstore/cosign-installer action to v2.8.1 (#323 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2022-10-19 10:29:37 +02:00
katexochen	3375b46b77	Update release.md	2022-10-18 17:36:48 +02:00
Paul Meyer	0e79af6f14	Run tests on push to release branch Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-18 17:02:16 +02:00
renovate[bot]	ed98b0205b	Update github actions dependencies (#311 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-18 13:54:53 +02:00
Otto Bittner	62168bbf98	AB#2490: Add KMS helm chart * Also run helm-lint in CI now	2022-10-18 13:33:37 +02:00
renovate[bot]	84fcf8d7f2	Update github actions dependencies (#294 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-18 13:00:41 +02:00
renovate[bot]	ccaad5e482	Update github actions dependencies (#274 )	2022-10-17 11:14:41 +02:00
Malte Poll	c16f5a976d	AB#2365 Upgrade k8s base deployments (add full support for k8s 1.25) (#277 ) * Add container image release for CCM GCP v25.2.0 * Upgrade versions of kubernetes base components	2022-10-17 08:58:13 +02:00
Malte Poll	0f57f03846	Allow concurrent actions on the same branch. (#281 ) Actions are free for public repos and we want to see every CI failure	2022-10-14 17:47:46 +02:00
katexochen	f3d7ebb61f	Change Azure auth method for manual test	2022-10-14 17:04:44 +02:00
Malte Poll	e7118223fe	Downgrade vale action (#280 )	2022-10-14 15:32:38 +02:00
Paul Meyer	8cf8b5db12	Change Azure auth method for e2e test (#276 )	2022-10-14 14:44:32 +02:00
Malte Poll	6c9e18a6b5	Run code tests on go.mod and go.sum changes	2022-10-14 10:50:32 +02:00
renovate[bot]	c08147baae	Update google-github-actions/auth action to v0.8.2	2022-10-14 09:20:10 +02:00
renovate[bot]	3c34757274	Update actions/cache action to v3.0.11	2022-10-14 09:17:00 +02:00
renovate[bot]	2d767b02c1	Update hashicorp/setup-terraform digest to a2a0e9d (#254 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-13 17:34:28 +02:00
Leonard Cohnen	41a312f945	add documentation for Rook/CephFS	2022-10-13 17:29:16 +02:00
renovate[bot]	f90e8fc35a	Update actions/checkout digest to 8230315 (#246 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-13 16:54:43 +02:00
renovate[bot]	078dc1eb8f	Update aquasecurity/tfsec-pr-commenter-action digest to d9fa643 (#247 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2022-10-13 16:49:33 +02:00
katexochen	41c42f547f	Add tfsec workflow	2022-10-13 14:54:19 +02:00
katexochen	a00743e892	Add Terraform validation workflow	2022-10-13 14:54:19 +02:00
renovate[bot]	f032508c54	Configure Renovate (#237 ) * Configure renovate * pin remaining github actions Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2022-10-13 14:41:55 +02:00
Fabian Kammel	7ee8f65889	Delete dependabot and prepare renovate (#238 ) * Delete microserivce template. * Remove dependabot config * Prepare renovate by adopting GitHub actions syntax Signed-off-by: Fabian Kammel <fk@edgeless.systems>	2022-10-12 18:05:58 +02:00
katexochen	dbd71eebd9	Fix replace deprecated set-output syntax	2022-10-12 11:51:09 +02:00
katexochen	1f290af09b	Add dispatch trigger to all workflows	2022-10-12 11:32:19 +02:00
katexochen	49f233246c	Replace deprecated set-output syntax	2022-10-12 11:32:19 +02:00
Paul Meyer	1c29638421	Use env to find bash in shebang (#225 )	2022-10-10 14:21:17 +02:00
katexochen	baeaf9f0c5	Fix macos e2e test	2022-10-10 13:43:15 +02:00
Leonard Cohnen	2a7c6ba052	bump gcp guest agent in workflow	2022-10-10 13:43:15 +02:00
Leonard Cohnen	0c651c55dd	increase control plane count during e2e tests	2022-10-07 03:44:24 +02:00
Nils Hanke	803209b12b	Update Go to 1.19.2 (#219 )	2022-10-06 19:31:12 +02:00
katexochen	9edfc2f6ba	Move k8s version window up	2022-10-06 19:16:20 +02:00
Paul Meyer	e4963b0511	Deactivate cache for tidycheck workflow (#216 )	2022-10-06 11:19:15 +02:00
dependabot[bot]	2e93b354e4	Bump actions/cache from 3.0.8 to 3.0.10 Bumps [actions/cache](https://github.com/actions/cache) from 3.0.8 to 3.0.10. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](`fd5de65bc8...56461b9eb0`) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2022-10-05 02:02:48 -07:00
dependabot[bot]	fdd4425974	Bump actions/checkout from 3.0.2 to 3.1.0 (#210 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3.0.2 to 3.1.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](`2541b1294d...93ea575cb5`) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2022-10-05 09:24:36 +02:00
Daniel Weiße	2ea695896f	AB#2439 Containerized libvirt (#191 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2022-10-05 09:11:30 +02:00
Daniel Weiße	804c173d52	Use terraform in CLI to create QEMU cluster (#172 ) * Use terraform in CLI to create QEMU cluster * Dont allow qemu creation on os/arch other than linux/amd64 * Allow usage of --name flag for QEMU resources Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2022-09-26 15:52:31 +02:00
Malte Poll	0d54f53ba1	update release guide to cover pre versions	2022-09-21 14:50:03 +02:00
Otto Bittner	0eb4a7831b	AB#2413: Add workflow for snp-report-verify * Extend azure-snp-report-verify to also report fw SVNs. * Add workflow based on azure-cvm to get maa-jwt and verify it on a second runner.	2022-09-21 10:58:10 +02:00
Otto Bittner	d85b281570	Move GCP cloud function files to .github/runners.	2022-09-21 10:58:10 +02:00
Otto Bittner	13f973f61e	AB#2413: Add Azure function for CVMs Add code of an azure function that is a close copy of the existing cloud function on google. The function spawns a CVM and initializes it as a GitHub runner. The tag is 'azure-cvm'.	2022-09-21 10:58:10 +02:00
katexochen	de9bdaef24	Update release workflow	2022-09-21 10:32:00 +02:00
Daniel Weiße	95873d6a15	Run macos builds as separate jobs (#174 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2022-09-20 13:43:46 +02:00
katexochen	788cfd9bd9	Remove autoscaling from workflows	2022-09-20 13:41:23 +02:00
katexochen	7f2608c623	Update operator workflow	2022-09-20 13:41:23 +02:00
katexochen	7eb245d7ee	Checkout last instead of merge commit in workflows	2022-09-19 14:02:59 +02:00
katexochen	bce85324c2	Add go-tidy-check workflow	2022-09-19 14:02:59 +02:00
Nils Hanke	de1268ffb9	Pin cache action against specific commit	2022-09-19 04:49:55 -07:00
Nils Hanke	fdfe7ddece	Add macOS E2E check to release guidelines	2022-09-19 01:09:56 -07:00
Nils Hanke	979164ab37	CI: Remove GOPRIVATE from actions	2022-09-19 01:09:56 -07:00
Nils Hanke	c8b22e87e3	CI: Add cdbg/debugd unit tests for macOS	2022-09-19 01:09:56 -07:00
Nils Hanke	52d1afaf0b	CI: Consolidate multi-OS & multi-arch builds into one job	2022-09-19 01:09:56 -07:00
Nils Hanke	1dad1631ca	E2E: Add manual macOS E2E test	2022-09-19 01:09:56 -07:00
Nils Hanke	6df92c127c	E2E: Download external binaries depending on host OS & arch	2022-09-19 01:09:56 -07:00
Nils Hanke	a1fd971c3c	CI/E2E: Update rekor-cli to 0.12.0	2022-09-19 01:09:56 -07:00
Nils Hanke	0f08c4f318	E2E: Update sonobuoy to 0.56.10	2022-09-19 01:09:56 -07:00
Nils Hanke	711532158f	E2E: Fix TEAMS_JOB_NAME for manual test	2022-09-19 01:09:56 -07:00
Nils Hanke	707cbf83b4	CI: Add macOS CLI unit tests	2022-09-19 01:09:56 -07:00
Nils Hanke	2c344a35e2	CI: Test multi-arch CLI builds on push	2022-09-19 01:09:56 -07:00
Nils Hanke	7338563d14	CI/E2E: (Re)move redunant setup steps	2022-09-19 01:09:56 -07:00
Thomas Tendyck	7b7c4b3246	docs: fix CLI reference heading	2022-09-16 15:57:50 +02:00
Nils Hanke	82f03d08e4	Add missing secret definitions for E2E runs	2022-09-15 06:45:10 -07:00
katexochen	5db3a426a5	Add govulncheck action	2022-09-14 13:07:04 +02:00
Nils Hanke	4898f06421	Delete downloaded rekor-cli binary	2022-09-14 03:01:09 -07:00
Nils Hanke	9da3078445	Set working-directory to build for rekor-cli download	2022-09-14 03:01:09 -07:00

... 7 8 9 10 11 ...

1027 Commits