Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-12-11 00:44:20 -05:00
Code Issues Packages Projects Releases Wiki Activity
3,166 Commits 134 Branches 49 Tags 108 MiB
a671367794
Commit Graph

393 Commits

Author SHA1 Message Date
Paul Meyer
103a757557
deps: upgrade sonobuoy to v0.56.17 (#1937) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-06-15 16:54:38 +02:00
Adrian Stobbe
07de6482b2
config: drop support for deprecated Azure's service principal authentication (#1906) 
* invalidate app client id field for azure and provide info

* remove TestNewWithDefaultOptions case

* fix test

* remove appClientID field

* remove client secret + rename err

* remove from docs

* otto feedback

* update docs

* delete env test in cfg since no envs set anymore

* Update dev-docs/workflows/github-actions.md

Co-authored-by: Otto Bittner <cobittner@posteo.net>

* WARNING to stderr

* fix check

---------

Co-authored-by: Otto Bittner <cobittner@posteo.net>
 2023-06-14 17:50:57 +02:00
Otto Bittner
7a1c70d7e5
ci: replace katexochen with elchead in assignee list (#1928) 
katexochen is currently working on CoCo and not
involved in active development.
 2023-06-14 11:44:45 +02:00
3u13r
b71b5103ae
ci: migrate e2e lb test to bazel (#1892) 
* ci: migrate lb e2e test to bazel
* ci: disable shared bazel cache on github runners
 2023-06-09 16:59:19 +02:00
Otto Bittner
8f21972aec
attestation: add awsSEVSNP as new variant (#1900) 
* variant: move into internal/attestation
* attesation: move aws attesation into subfolder nitrotpm
* config: add aws-sev-snp variant
* cli: add tf option to enable AWS SNP

For now the implementations in aws/nitrotpm and aws/snp
are identical. They both contain the aws/nitrotpm impl.
A separate commit will add the actual attestation logic.
 2023-06-09 15:41:02 +02:00
Otto Bittner
3a54ca91a7
deps: bump go patch version (#1903) 2023-06-09 10:53:17 +02:00
Malte Poll
8c3617faf0
ci: do not manually clear measurements on verify e2e (#1889) 2023-06-09 09:25:30 +02:00
Adrian Stobbe
e9f9337cb9
Revert "ci: fix versionsapi cli container Dockerfile (#1856)" (#1896) 
This reverts commit 0fac6a03cc.
 2023-06-07 17:18:59 +02:00
renovate[bot]
25037026e1
deps: update Python dependencies (#1887) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
 2023-06-07 10:36:52 +02:00
Malte Poll
025d34a259
ci: fix docker-login on macOS runner (#1877) 2023-06-06 12:20:09 +02:00
3u13r
7c07e3be18
Add --insecure to config fetch-measurement (#1879) 
* cli: add --insecure to fetch-measurements

* cli: rename fake to stub

* ci: upload measurements for debug images

* fix cli docs
 2023-06-06 10:32:22 +02:00
Otto Bittner
0fac6a03cc
ci: fix versionsapi cli container Dockerfile (#1856) 
paths were not updated during refactoring
 2023-06-02 11:29:46 +02:00
3u13r
e0285c122e
todo responsibilities and cleanup (#1837) 
* chore: add TODO responsibilities

* chore: remove not needed TODOs

* chore: remove outdated migrations

* chore: remove resolved goleak exception

* chore: remove not needed cosign env

* config: add link to our Azure snp docs
 2023-06-01 12:33:06 +02:00
renovate[bot]
bff8e684e1
deps: update golang:1.20.4 Docker digest to 690e413 (#1845) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: malt3 <29139614+renovate[bot]@users.noreply.github.com>
 2023-06-01 09:26:31 +02:00
Malte Poll
a1ec899171 ci: use enterprise cli for e2e tests 2023-05-31 14:00:00 +02:00
Adrian Stobbe
0a6e5ec02e
config: dynamic attestation configuration through S3 backed API (#1808) 2023-05-25 17:43:44 +01:00
Malte Poll
b467327128 ci: optimize bazel output for web-based console 2023-05-23 15:11:10 +02:00
Malte Poll
660781d35e misc: bazelisk -> bazel 2023-05-23 15:11:10 +02:00
3u13r
6062b10035
cli: split image into oss and enterprise (#1788) 2023-05-23 10:49:47 +02:00
Malte Poll
dc9b3c1937
ci: run e2e tests as last step of release pipeline (#1793) 2023-05-22 09:22:00 +02:00
renovate[bot]
080e0bcaec
deps: update golang:1.20.4 Docker digest to 685a22e (#1761) 
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
 2023-05-12 18:18:13 +02:00
3u13r
4024b9cf71
ci: fix minicon e2e test (#1763) 
* ci: push containers during minicon e2e

* cli: set testing nvram for pre images in minicon
 2023-05-12 17:14:32 +02:00
Daniel Weiße
0e7d50b465
Select attestation variant for verify test (#1755) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-05-12 11:06:49 +02:00
Daniel Weiße
d9bec20c78
Guard measurement removal behind config version check (#1739) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-05-05 16:43:50 +02:00
renovate[bot]
a8101c8c64
deps: update GitHub action dependencies (#1745) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-05-05 14:42:20 +02:00
renovate[bot]
a60e22d6d3
deps: update golang Docker tag to v1.20.4 (#1746) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2023-05-05 14:37:15 +02:00
Malte Poll
2efa3083dc ci: use native go code for os image upload 2023-05-05 12:06:44 +02:00
Otto Bittner
1f49c815b2
ci: update measurement overwrite for config v3 (#1731) 2023-05-04 11:32:52 +02:00
Otto Bittner
1180b376fa ci: only add tf-log flag if the binary supports it 
We sometimes run older CLI versions in the CI. Those versions
may not support the flag.
 2023-05-02 11:08:40 +02:00
Paul Meyer
7ab23c28b8 Revert "misc: replace sha256sum with shasum -a 256 (#1681)" 
This reverts commit ec1d5e9fb5.

While the change enabled shasum calculation on mac, it broke it
on some Linux distros.
 2023-05-02 11:07:05 +02:00
Malte Poll
635b98a34f
ci: rename all usages of bazel push target from //:push to //bazel/release:push (#1701) 2023-04-28 09:26:15 +02:00
renovate[bot]
fa4c6201b0
deps: update golang:1.20.3 Docker digest to 403f486 (#1691) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-27 17:50:46 +02:00
Moritz Sanft
261fe611a9
ci: add Terraform logging (#1665) 
* enable Terraform logging

* change to debug level

* rename artifact

* add name suffix

* remove blank line
 2023-04-27 14:03:49 +02:00
Paul Meyer
12216ea997
ci: prevent google auth warnings when reauthenticating (#1697) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-27 10:55:57 +02:00
Malte Poll
0c206e62d0
deps: rename bazel-zig-cc to hermetic_cc_toolchain (#1695) 2023-04-27 10:27:43 +02:00
Malte Poll
ec1d5e9fb5
misc: replace sha256sum with shasum -a 256 (#1681) 2023-04-26 13:40:18 +02:00
Malte Poll
84dd25600f
image: upgrade mkosi to support repart (#1684) 2023-04-25 18:22:40 +02:00
Malte Poll
dc5e6f30a9
ci: login to container registry before pushing containers (#1676) 2023-04-21 11:05:08 +02:00
Malte Poll
5145f806ea bazel: remove apko and Dockerfile where Bazel is used to build container images 2023-04-18 15:35:15 +02:00
Malte Poll
19ff132ee8 ci: upload container images when running e2e tests 2023-04-18 15:35:15 +02:00
Paul Meyer
4020e7840a ci: always use tee -a instead of redirecting 
into GITHUB_OUTPUT

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-17 12:08:42 +02:00
Paul Meyer
0b3190ea8b
ci: fix naming issues (#1662) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-15 19:24:48 +02:00
Paul Meyer
860d72a083
ci: reduce number of steps with continue-on-error (#1593) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-14 18:50:58 +02:00
Paul Meyer
1cc0ab2614
ci: improve e2e failure reporting and checklist (#1656) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-14 13:14:25 +02:00
Paul Meyer
76979136de ci: refactor artifact and resource naming 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-14 13:12:39 +02:00
Paul Meyer
dea41bd1ed
ci: refactor e2e test failure notifications (#1625) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-12 16:06:26 +02:00
renovate[bot]
60bacaa587
deps: update golang:1.20.3 Docker digest to 89924bd (#1636) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2023-04-12 14:35:57 +02:00
Moritz Sanft
6ba294e175
ci: separate e2e permissions (#1555) 
* split e2e test iam create / create perms

* remove global Azure credentials

* remove unnecessary azure actions

* use UUID

* fix e2e upgrade test

* rename create inputs

* remove continue-on-error for resource deletion

* de-exclude verify test

* fix exclude

* fix release e2e test

---------

Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
 2023-04-12 13:24:13 +02:00
Malte Poll
52a1bb0a19
ci: prevent accidental GOOS and GOARCH confusion in host go toolchain (#1632) 2023-04-12 11:05:05 +02:00
Moritz Eckert
0b66119a41 docs: group perf graphics by csp 2023-04-11 14:28:21 +02:00
Moritz Eckert
db32251daa docs: update benchmarks with v2.6.0 
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
 2023-04-11 14:28:21 +02:00
Moritz Eckert
a1f5e0e53d ci: Add tooling to create benchmark figures 2023-04-11 14:28:21 +02:00
Malte Poll
2b962598bf
deps: update go to 1.20.3 (#1622) 2023-04-06 16:36:07 +02:00
renovate[bot]
8f17e4b9df
deps: update actions/setup-go action to v4 (#1605) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2023-04-04 11:06:30 +02:00
Paul Meyer
00efc30e24
ci: fix empty image input of verify e2e on release (#1604) 
* ci: fix empty image input of verify e2e on release
* ci: increase parallelism of e2e release workflow

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-04 10:47:26 +02:00
renovate[bot]
5dad9bfad7
deps: update GitHub action dependencies (#1591) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-04-03 16:36:43 +02:00
Malte Poll
5e07efbb07 ci: fix cli path for cli signatures 2023-04-03 11:35:39 +02:00
Otto Bittner
4df33b93fe ci: add e2e-test-release workflow 
This workflow is used to run e2e tests in
preparation to a release.
It is triggered by the successful completion of
the release workflow.
Also trigger e2e-mini through the release
workflow completion.
This makes restarting the tests easier if
they fail during release preparation.

Co-authored-by: stdoutput <moritz.sanft@outlook.de>
 2023-04-03 11:35:39 +02:00
renovate[bot]
96cdf108e4
deps: update golang:1.20.2 Docker digest to 2101aa9 (#1551) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-29 14:56:55 +02:00
Moritz Eckert
feb23ea3da
ci: add unittests for the benchmark actions (#1466) 
Co-authored-by: Nils Hanke <nils.hanke@outlook.com>
 2023-03-23 17:04:55 +01:00
Paul Meyer
4628222780 ci: always use tee -a when writing output 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-23 10:54:59 -04:00
Paul Meyer
24f974de66 ci: run e2e test manual on last release 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-23 10:54:59 -04:00
Paul Meyer
b33098346f ci: add missing version expansion to verify test 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-23 10:54:59 -04:00
Otto Bittner
cac43a1dd0 ci: add e2e-upgrade test 
The test is implemented as a go test.
It can be executed as a bazel target.
The general workflow is to setup a cluster,
point the test to the workspace in which to
find the kubeconfig and the constellation config
and specify a target image, k8s and
service version. The test will succeed
if it detects all target versions in the cluster
within the configured timeout.
The CI automates the above steps.
A separate workflow is introduced as there
are multiple input fields to the test.
Adding all of these to the manual e2e test
seemed confusing.

Co-authored-by: Fabian Kammel <fk@edgeless.systems>
 2023-03-23 14:57:38 +01:00
Leonard Cohnen
18661ced48 miniconstellation e2e test as bazel target 2023-03-23 14:55:29 +01:00
renovate[bot]
0a190c2bf6
deps: update GitHub action dependencies (#1499) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-22 17:57:47 +01:00
renovate[bot]
9a9688583d
deps: update aws-actions/configure-aws-credentials action to v2 (#1445) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-21 10:56:30 +01:00
Malte Poll
6f16e0b6fd
ci: use github actions cache to speedup bazel builds (#1444) 
* ci: use github actions cache to speedup bazel builds
* ci: warm bazel repo cache daily
 2023-03-21 10:06:32 +01:00
Nils Hanke
cdcc549d68 e2e: extract sonobuoy results to access junit results 2023-03-20 16:16:08 +01:00
Nils Hanke
af91ce2a3c e2e: only use junit for full tests 2023-03-20 16:16:08 +01:00
Malte Poll
c3c0940adb
bazel: use remote caching (#1456) 
* bazel: add configuration for remote caching
* ci: enable bazel remote caching for building binaries
* ci: use bazel directly when building go binaries
* ci: enable cache for most build steps
* dev-docs: document remote caching
 2023-03-20 16:05:08 +01:00
Nils Hanke
914eacb4a3
e2e: use macOS for building Linux artifacts and remove caching steps (#1446) 2023-03-20 11:04:44 +01:00
renovate[bot]
f8f3f00595
deps: update Terraform azurerm to v3.47.0 (#1422) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-16 13:45:08 +01:00
Nils Hanke
70ca69f6bc e2e: print K8s Pods and Events when kubectl wait fails 2023-03-15 18:36:32 +01:00
Nils Hanke
de86bb025f e2e: Temporarily bump kubectl wait timeout from 10 mins to 20 mins 2023-03-15 18:36:32 +01:00
3u13r
fe767ba78e
introduce version.txt (#1412) 2023-03-14 14:53:33 +01:00
Moritz Sanft
01705feb51
ci: upload cli version list (#1377) 
* upload cli version list

* fix flag

* name

* allow cli kind for listing

* [remove] update vapi cli

* allow cli kind

* use latest versionsapi image version

* fix kind parsing

* use workflow calls in on_release action

* [remove] update container tag

* change back to latest tag
 2023-03-10 10:21:58 +01:00
Malte Poll
bdba9d8ba6
bazel: add build files for go (#1186) 
* build: correct toolchain order
* build: gazelle-update-repos
* build: use pregenerated proto for dependencies
* update bazeldnf
* deps: tpm simulator
* Update Google trillian module
* cli: add stamping as alternative build info source
* bazel: add go_test wrappers, mark special tests and select testing deps
* deps: add libvirt deps
* deps: go-libvirt patches
* deps: cloudflare circl patches
* bazel: add go_test wrappers, mark special tests and select testing deps
* bazel: keep gazelle overrides
* bazel: cleanup bazelrc
* bazel: switch CMakeLists.txt to use bazel
* bazel: fix injection of version information via stamping
* bazel: commit all build files
* dev-docs: document bazel usage
* deps: upgrade zig-cc for go 1.20
* bazel: update Perl for macOS arm64 & Linux arm64 support
* bazel: use static perl toolchain for OpenSSL
* bazel: use static protobuf (protoc) toolchain
* deps: add git and go to nix deps

Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-09 15:23:42 +01:00
Daniel Weiße
e07be3d6f8
fix: add measurement-reader to build pipeline (#1386) 
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-03-09 15:01:09 +01:00
renovate[bot]
262e5674a2
deps: update golang Docker tag to v1.20.2 (#1370) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-08 10:41:52 +01:00
renovate[bot]
fede4ec6d2
deps: update GitHub action dependencies (#1365) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-08 10:06:42 +01:00
Paul Meyer
74fc6239b2
deps: update to Go 1.20.2 (#1366) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-08 10:05:36 +01:00
renovate[bot]
38d80f9608
deps: update golang:1.20.1 Docker digest to b03e750 (#1362) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-07 18:18:15 +01:00
Paul Meyer
cc6006c6ea ci: fix labeling when building on other branches 
than github.head_ref, e.g., during release

Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-07 11:32:41 -05:00
Paul Meyer
e4b5655646 ci: group output 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-07 11:32:41 -05:00
Paul Meyer
53bc875e59 ci: use latest ver of versionsapi cli container 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-07 04:39:17 -05:00
Malte Poll
3d0ad0b8e1
ci: move aws iam create test to less utilized zone (#1350) 2023-03-07 09:32:26 +01:00
Moritz Eckert
5397ce4509
ci: fix typo in benchmark actions (#1344) 2023-03-06 08:49:15 +01:00
Moritz Eckert
62c437246b
ci: store additional data in bench results (#1341) 2023-03-06 08:12:08 +01:00
Moritz Eckert
ac127db79e
ci: set timestamp format correctly for opensearch (#1335) 2023-03-03 13:47:25 +01:00
Paul Meyer
2e73e0aa18
deps: update sonobuoy (#1330) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-03 12:02:49 +01:00
Moritz Eckert
29664fc481 ci: upload benchmark results to opensearch 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-03 09:43:49 +01:00
Moritz Eckert
bfca2638d0 ci: remove k-bench action 2023-03-03 09:43:49 +01:00
Moritz Eckert
6fbca2818f ci: replace k-bench in e2e-test-manual 2023-03-03 09:43:49 +01:00
Moritz Eckert
0481c039f7 ci: add kubestr and knb based e2e_benchmark action 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-03-03 09:43:49 +01:00
Otto Bittner
a5d4970753
ci: run constellation commands with --debug (#1321) 2023-03-02 09:40:21 +01:00
Paul Meyer
8c171a1b66
ci: pin ko version (#1309) 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-02-28 18:53:28 +01:00
Moritz Sanft
732d15d013
ci: use iam destroy command for resource destruction (#1272) 
* replace tf destruction with new command

* move iam destroy cmd

* fix typos

* exit post test on error

* [remove] test failure on iam destroy

* Revert "[remove] test failure on iam destroy"

This reverts commit 99449c0cc0.

* [remove] test failure on terminate

* Revert "[remove] test failure on terminate"

This reverts commit 99c45bbc54.

* gofumpt
 2023-02-28 09:52:32 +01:00
Malte Poll
b79f7d0c8c
cli: add basic support for constellation create on OpenStack (#1283) 
* image: support OpenStack image build / upload

* cli: add OpenStack terraform template

* config: add OpenStack as CSP

* versionsapi: add OpenStack as CSP

* cli: add OpenStack as provider for `config generate` and `create`

* disk-mapper: add basic support for boot on OpenStack

* debugd: add placeholder for OpenStack

* image: fix config file sourcing for image upload
 2023-02-27 18:19:52 +01:00
Otto Bittner
6c07a2892e ci: adapt pipeline to use --kubernetes flag 2023-02-27 16:33:47 +01:00