* build: correct toolchain order
* build: gazelle-update-repos
* build: use pregenerated proto for dependencies
* update bazeldnf
* deps: tpm simulator
* Update Google trillian module
* cli: add stamping as alternative build info source
* bazel: add go_test wrappers, mark special tests and select testing deps
* deps: add libvirt deps
* deps: go-libvirt patches
* deps: cloudflare circl patches
* bazel: add go_test wrappers, mark special tests and select testing deps
* bazel: keep gazelle overrides
* bazel: cleanup bazelrc
* bazel: switch CMakeLists.txt to use bazel
* bazel: fix injection of version information via stamping
* bazel: commit all build files
* dev-docs: document bazel usage
* deps: upgrade zig-cc for go 1.20
* bazel: update Perl for macOS arm64 & Linux arm64 support
* bazel: use static perl toolchain for OpenSSL
* bazel: use static protobuf (protoc) toolchain
* deps: add git and go to nix deps
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
* replace tf destruction with new command
* move iam destroy cmd
* fix typos
* exit post test on error
* [remove] test failure on iam destroy
* Revert "[remove] test failure on iam destroy"
This reverts commit 99449c0cc0.
* [remove] test failure on terminate
* Revert "[remove] test failure on terminate"
This reverts commit 99c45bbc54.
* gofumpt
* ci: update Syft to 0.72.0 and Grype to 0.57.1
* ci: install Cosign before Syft
* ci: directly read private key from environment for Cosign
* ci: add --add-cpes-if-none to Grype
* ci: use cosign attest directly instead of syft attest
The image-api's measurement.json includes a setting for warnOnly
that should be followed by default. Enforcing all measurments is
currently not possible as some of them are unstable.
* Generate kubeconfig with unique name
* Move create name flag to config
* Add name validation to config
* Move name flag in e2e tests to config generation
* Remove name flag from create
* Update ascii cinema flow
---------
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
* Merge measurements.image.json and measurements.json into latter.
* Use static (known) measurement values for the ones we cannot precompute.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Upgrade check is used to find updates for the current cluster.
Optionally the found upgrades can be persisted to the config
for consumption by the upgrade-execute cmd.
The old `upgrade execute` in this commit does not work with
the new `upgrade plan`.
The current versions are read from the cluster.
Supported versions are read from the cli and the versionsapi.
Adds a new config field MicroserviceVersion that will be used
by `upgrade execute` to update the service versions.
The field is optional until 2.7
A deprecation warning for the upgrade key is printed during
config validation.
Kubernetes versions now specify the patch version to make it
explicit for users if an upgrade changes the k8s version.
Version validation checks that the configured versions
are not more than one minor version below the CLI's version.
The validation can be disabled using --force.
This is necessary for now during development as the CLI
does not have a prerelease version, as our images do.
Currently tags can be empty when building a ko image.
However, --bare may not work in case --tags is empty,
as per ko docs.
Also remove redundant build step in release pipeline.
Co-authored-by: Malte Poll <mp@edgeless.systems>