Commit Graph

63 Commits

Author SHA1 Message Date
Daniel Weiße
b7425db72a
constellation-lib: add Helm wrapper (#2680)
* Add Helm wrapper to constellation-lib
* Move helm package to constellation-lib

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-06 10:01:39 +01:00
Daniel Weiße
f5718b6655
docs: add Kubernetes version support list (#2661)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-12-05 15:13:25 +01:00
Adrian Stobbe
a2de1d23ec
terraform-provider: add attestation data source (#2640)
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
Co-authored-by: Daniel Weiße <dw@edgeless.systems>
2023-11-28 17:30:11 +01:00
Adrian Stobbe
98673b0983
ci: only generate lock files where provider is used (#2636) 2023-11-27 12:16:45 +01:00
Moritz Sanft
34bf3ad296
terraform-provider: add image datasource (#2642)
* terraform-provider: init

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: add basic docgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: fix build steps

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: extend build process and docgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* dev-docs: document provider usage

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: upload aspect lib mirror

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: don't try to create lockfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: fix shellcheck issues

* bazel: separate paths to check

* terraform-provider: clean up old files

* terraform-provider: update provider resource

* terraform-provider: add image data source

* dev-docs: remove unnecessary init

* bazel: adhere to Terraform naming expectations

* terraform-provider: fix expected data type

* terraform-provider: generate docs

* terraform-provider: improve errors

* terraform-provider: add acceptance tests for data source

* terraform-provider: fix dependencies

* bazel: quote var reference

* terraform-provider: make region optional

* terraform-provider: bind imagefetcher to data source

* bazel: tidy

* terraform-provider: remove unused parameter

* terraform-provider: remove unused parameter

* terraform-provider: extend acceptance tests

* terraform-provider: allow tests to be ran without Bazel

* dev-docs: document testing

* terraform-provider: set binary path accordingly

* dev-docs: document docgen process for the provider

* bazel: run acceptance test in writable environment

* bazel: try to write to `$TMPDIR`

* terraform-provider: style nits

* terraform-provider: leave TODO

* bazel: tidy

* terraform-provider: regenerate docs

* terraform-provider: fix comment

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-27 09:00:08 +01:00
Moritz Sanft
9a62657b80
terraform-provider: init provider scaffolding (#2632)
* terraform-provider: init

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: add basic docgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: fix build steps

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: extend build process and docgen

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* dev-docs: document provider usage

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: upload aspect lib mirror

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: add docstring to fix linter

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: don't try to create lockfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: fix shellcheck issues

* bazel: separate paths to check

* bazel: explain what updating lockfiles means

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* terraform-provider: fix linter checks

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-24 15:58:21 +01:00
Moritz Sanft
968cdc1a38
cli: move cli/internal libraries (#2623)
* cli: move internal packages

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* cli: fix buildfiles

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* bazel: fix exclude dir

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

* cli: move back libraries that will not be used by TF provider

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>

---------

Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>
2023-11-22 14:52:56 +01:00
Malte Poll
d22f53d7cc bazel: always use nix 2023-10-12 14:42:24 +02:00
Malte Poll
85b4101dc3
deps: update go to 1.21.1 (#2389) 2023-09-28 22:29:14 +02:00
Malte Poll
78300ee5b0 use toolchains from nixpkgs (with fallback) 2023-09-27 17:58:19 +02:00
Malte Poll
fbd75106ef
bazel: never run buildifier in remote execution (#2261) 2023-09-12 14:48:06 +02:00
Paul Meyer
11efc8d512 ci: comment Go coverage report on PR
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-28 15:44:07 +02:00
Malte Poll
d3fee12947 bazel: fix use of YQ to be hermetic during "bazel run" 2023-08-18 16:36:13 +02:00
Malte Poll
3352a9e988 bazel: set integration go build tag 2023-08-17 10:46:45 +02:00
Paul Meyer
6352d8005d bazel: use -C flag in govulncheck ci
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-15 16:29:56 +02:00
Paul Meyer
dccb1dfde9 ci: remove unused actions
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-03 16:09:06 +02:00
Paul Meyer
9d90ab6df7 ci: check for unused actions
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-08-03 16:09:06 +02:00
Paul Meyer
0ab76a2f95 bazel: update bazel container version on //:tidy
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-07-25 15:41:55 +02:00
Malte Poll
cb22a25144 bazel: add yq to PATH in go generate 2023-07-20 15:47:12 +02:00
Malte Poll
46d69abe10
bazel: rewrite pseudo-version stamping in bash (#2020)
* bazel: simplify workspace_status command to only depend on bash and git
* bazel: remove pseudo-version freshness code
2023-07-05 14:42:18 +02:00
Adrian Stobbe
c1f9d86cd3
bazel check: silent env for cleaner output (#1898)
* explicitly ignore pkgs for cleaner output

* do not ignore but redirect stderr

* silent env var to silent stderr

* add silent env var to vuln,lint,tf

* fix golangci silent

* Update bazel/ci/terraform.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

* Update bazel/ci/golicenses.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

* Update bazel/ci/govulncheck.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

* Update bazel/ci/golangci_lint.sh.in

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>

---------

Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>
2023-06-14 13:58:21 +02:00
Moritz Sanft
72e168e653
bazel: pseudo version tool freshness check (#1869)
* switch to darwin compatible shasum

* add bazel rule

* update shellscript for in-place updates

* Revert "update shellscript for in-place updates"

This reverts commit 87d39b06f7.

* add version tool freshness check

* remove pseudo-version file

* revert to `sha256sum`

* fix workflow indentation
2023-06-09 11:50:51 +02:00
Malte Poll
81c9c5205c
ci: explicitly disable cgo in golangci-lint (#1822) 2023-05-24 16:40:15 +02:00
Malte Poll
524718d82c bazel: disable CGO in govulncheck 2023-05-23 13:44:56 +02:00
Malte Poll
15d51c3a3f bazel: use hermetic go in PATH for golicenses 2023-05-23 13:44:56 +02:00
Malte Poll
4bffeefd70 bazel: use hermetic go in PATH for golangci-lint 2023-05-23 13:44:56 +02:00
Moritz Sanft
339e750c18
bazel: add Bazel shell completion scripts (#1804)
* add bazel autocomplete script

* indentation

* shfmt

* shellcheck ignore completion file

* fix shellcheck ignore path
2023-05-22 12:54:38 +02:00
Daniel Weiße
ad924181d9 Allow tdx repo in bazel license check
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2023-05-17 11:37:26 +02:00
Moritz Sanft
65e7778955
dont stop check on err (#1774) 2023-05-16 14:38:44 +02:00
Malte Poll
eb11e9ac8a
bazel: download pseudo-version tool instead of "go build" (#1629)
Required for bootstrapping bazel stamping since we cannot use "bazel build" during the workspace_status command.
Adds a small script that builds the pseudo-version tool in bazel (without stamping) and uploads it to the mirror.
On the first bazel build with stamping, the pseudo-version tool is downloaded.
2023-04-12 17:41:13 +02:00
Paul Meyer
dea41bd1ed
ci: refactor e2e test failure notifications (#1625)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-12 16:06:26 +02:00
Malte Poll
0ece41c146
bazel-deps-mirror: upgrade command (#1617)
* bazel-deps-mirror: upgrade command

This command can be used to upgrade a dependency.
Users are supposed to replace any upstream URLs and run the upgrade command.
It replaces the expected hash and uploads the new dep to the mirror.
2023-04-05 17:32:51 +02:00
Paul Meyer
00ced1bbc2
ci: run //:check and //:generate concurrently (#1606)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-04-04 10:39:57 +02:00
Paul Meyer
e021245660 bazel: add cli doc generation to //:generate
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 12:01:13 -04:00
Paul Meyer
8489516208 bazel: better ci script naming
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 12:01:13 -04:00
Paul Meyer
399b052f9e
bazel: add protoc codegen to //:generate target (#1554)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 14:47:29 +02:00
Malte Poll
827c4f548d
bazel: deps mirror (#1522)
bazel-deps-mirror is an internal tools used to upload external dependencies
that are referenced in the Bazel WORKSPACE to the Edgeless Systems' mirror.

It also normalizes deps rules.

* hack: add tool to mirror Bazel dependencies
* hack: bazel-deps-mirror tests
* bazel: add deps mirror commands
* ci: upload Bazel dependencies on renovate PRs
* update go mod
* run deps_mirror_upload


Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-30 09:41:56 +02:00
Paul Meyer
d7fafb92b7 bazel: improve script template resilience
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Paul Meyer
909bfb9274 bazel: add go generate to //:generate target
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Paul Meyer
81acdecd22 bazle: manage 3rdparty/node-maintainance-operator
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
Paul Meyer
8bbadecf2f bazel: add docgen tool
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-29 12:51:40 -04:00
3u13r
e934e1cbc8
exclude node modules from shellcheck (#1514) 2023-03-28 13:38:20 +02:00
Paul Meyer
f108ff8539
bazel: add govulncheck to //:check target (#1512)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-27 13:35:51 +02:00
Paul Meyer
00c7611245
bazel: add license checks to //:check target (#1509)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-27 10:42:30 +02:00
Paul Meyer
e7fc541a57
bazel: add buf as protobuf formatter to //:tidy (#1511)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 18:08:49 +01:00
Paul Meyer
f7713df833
bazel: add golangci-lint to //:check target (#1494)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 17:27:09 +01:00
Paul Meyer
e92c08be31
bazel: use export_files instead of genrule (#1506)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-23 17:26:48 +01:00
Otto Bittner
cac43a1dd0 ci: add e2e-upgrade test
The test is implemented as a go test.
It can be executed as a bazel target.
The general workflow is to setup a cluster,
point the test to the workspace in which to
find the kubeconfig and the constellation config
and specify a target image, k8s and
service version. The test will succeed
if it detects all target versions in the cluster
within the configured timeout.
The CI automates the above steps.
A separate workflow is introduced as there
are multiple input fields to the test.
Adding all of these to the manual e2e test
seemed confusing.

Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2023-03-23 14:57:38 +01:00
Paul Meyer
b65b09fd9f
bazel: add terraform fmt to //:tidy target (#1501)
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-22 18:14:35 +01:00
Paul Meyer
0f6e56badf bazel: get tfsec as binary download
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2023-03-20 11:17:16 -04:00