constellation

mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-20 00:06:21 +00:00

Author	SHA1	Message	Date
Malte Poll	a8bca88eeb	k8s: add 1.29, remove 1.26, default 1.28 (#2803 ) undefined	2024-01-08 16:53:12 +01:00
Moritz Sanft	e691e26bd3	cli: support for GCP marketplace images (#2792 ) * cli: support GCP marketplace images * ci: support GCP marketplace images * docs: support GCP marketplace images * bazel: generate * ci: allow GCP for mpi e2e test * Update docs/docs/overview/license.md Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * terraform-provider: allow GCP MPIs * terraform-provider: fix error message --------- Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>	2024-01-08 15:51:39 +01:00
Malte Poll	c936ec510d	ci: reproducible builds test on artifacts v2 (#2801 ) * ci: test download-artifacts@v4 for reproducible builds test * ci: reproducible builds test: use unique artifact names and patterns	2024-01-05 16:57:21 +01:00
Markus Rudy	8e8e861d5f	ci: ignore Wireguard pdf in lychee (#2797 ) * ci: use a config file for lychee * ci: don't pass token to lychee action * ci: ignore wireguard.pdf in lychee	2024-01-05 14:07:33 +01:00
Adrian Stobbe	f41ce43919	terraform-provider: require kubernetes and microservice version (#2791 )	2024-01-04 16:25:24 +01:00
Adrian Stobbe	8730e72319	ci: e2e test for Terraform provider examples (#2745 )	2024-01-04 10:00:21 +01:00
3u13r	07c884b945	ci: remove artifact encryption for public artifacts (#2776 ) * ci: remove artifact encryption for public artifacts * revert parts of #2765 * ci: add unused action exception for encrypted artifact download	2023-12-29 11:02:37 +01:00
Adrian Stobbe	539e6eac48	ci: give exec permission to provider binaries (#2779 )	2023-12-28 10:19:47 +01:00
Adrian Stobbe	903411edae	fix Terraform release zipping (#2778 )	2023-12-27 17:43:57 +01:00
Markus Rudy	130bed0eb2	ci: selectively remove artifact encryption	2023-12-22 17:50:40 +01:00
Moritz Sanft	5871ff5508	ci: adhere to action restriction when uploading scorecard (#2771 )	2023-12-22 13:13:20 +01:00
Daniel Weiße	8c1972c335	ci: fix artifact upload in image build pipeline (#2765 ) * Fix parameter expansion when uploading multiple files * On download, ensure target directory exists * Rename encryption-secret -> encryptionSecret * Remove incorrect secret access from e2e test action * Add missing checkout action to workflows using our download action * Fix spacing * Fix upload action uploading whole directory structure instead of target files * Explicitly give write permissions to Azure disk image, since permissions are no longer dropped on upload --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-12-21 19:28:18 +01:00
Daniel Weiße	6e4c0bd8aa	ci: fix artifacts download/upload for release draft workflow (#2759 ) * Pin upload and download actions by hash * Dont expect encrypted artifacts in release pipeline --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-12-21 15:52:58 +01:00
renovate[bot]	8644b958ea	deps: update actions/setup-go action to v5 (#2754 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-12-21 12:54:39 +01:00
renovate[bot]	5999f9e3a1	deps: update cachix/install-nix-action action to v24 (#2757 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-12-21 08:43:44 +01:00
renovate[bot]	dcf1b88a29	deps: update actions/checkout action to v4 (#2752 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-12-20 16:10:35 +01:00
renovate[bot]	d0cfd5590d	deps: update dependency cryptography to v41.0.6 [SECURITY] (#2657 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-12-20 16:04:15 +01:00
miampf	a429ca50e7	ci: encrypt artifacts (#2567 )	2023-12-20 14:17:49 +00:00
Markus Rudy	54c2fa1b3d	ci: start v2.15-pre window	2023-12-20 08:52:18 +01:00
Markus Rudy	004aa6c5ed	ci: fix release branch naming	2023-12-20 08:29:50 +01:00
Markus Rudy	85a13fab19	ci: correctly pass branch names in on-release workflow	2023-12-20 08:29:50 +01:00
Markus Rudy	607aa6dbe1	ci: allow on-release workflow to delete branches	2023-12-20 08:29:50 +01:00
Markus Rudy	3c05150721	ci: don't run unit tests in integration test workflow	2023-12-19 20:00:21 +01:00
Markus Rudy	1d05f438ff	ci: remove Windows Terraform provider	2023-12-18 17:57:00 +01:00
Daniel Weiße	724ee44466	ci: Terraform provider e2e tests (#2712 ) * Refactor selfManagedInfra input to clusterCreation in e2e tests * Run e2e test using terraform provider * Allow insecure measurement fetching in Terraform provider * Run Terraform provider test instead of module test in weekly runs --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-12-15 10:37:29 +01:00
Adrian Stobbe	37580009fe	terraform-provider: cleanup and improve docs (#2685 ) Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-12-14 15:47:55 +01:00
Malte Poll	fecb1f3e6c	ci: reproducibility test for OS images	2023-12-13 18:19:59 +01:00
Malte Poll	1209d597d8	ci: test reproducible builds on different Linux systems macOS is not working reliably at the moment.	2023-12-13 18:19:59 +01:00
Daniel Weiße	0512cfccd7	ci: add v prefix to packaged Terraform provider binary (#2705 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-12-12 15:01:37 +01:00
Moritz Sanft	60fc73e0e7	terraform-provider: implement `constellation_cluster` resource (#2691 ) * terraform: move module to legacy-directory * constellation-lib: refactor service account marshalling * terraform-provider: normalize Azure image URIs * constellation-lib: refactor Kubeconfig endpoint rewriting * terraform-provider: add conversion functions for AWS and GCP * terraform-provider: implement `constellation_cluster` resource * terraform-provider: refactor conversion * terraform-provider: implement image and k8s upgrades * terraform-provider: fix linter checks * terraform-provider: refactor to bundle init & upgrade method * constellation-lib: rewrite Kubeconfig endpoint in init * terraform-provider: bind logger and dialer constructors to struct * terraform-provider: move applier to function pointer * terraform-provider: gcp conversion fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform-provider: fix Azure UAMI input * terraform-provider: rename Kubeconfig variable * terraform-provider: tidy * terraform-provider: regenerate docs * constellation-lib: provide Kubeconfig in testing initserver --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-12-11 15:55:44 +01:00
Daniel Weiße	22dcde86af	terraform-provider: create release in provider repo on Constellation release (#2686 ) * Create release in Terraform provider repo with provider binaries * Set target_commitish to input ref for easier release workflow * Rename release-cli workflow to draft-release * Update release guide --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-12-11 15:00:08 +01:00
Moritz Sanft	c15e4efef6	terraform: Azure Marketplace image support (#2651 ) * terraform: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * config: add Azure marketplace variable Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: use Terraform variables from config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: pass down marketplace variable * image: pad Azure images to 1GiB * terraform: add version attribute to marketplace image * semver: allow versions to be exported without prefix * cli: boolean var to use marketplace images * config: remove dive key * dev-docs: add instructions on how to use marketplace images * terraform: fix unit test * terraform: only fetch image for non-marketplace images * mpimage: refactor image selection Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] increase minor version for image build Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * terraform: ignore changes to source_image_reference on upgrade * operator: add support for parsing Azure marketplace images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * upgrade: fix imagefetcher call * docs: add info about azure marketplace * image: ensure more than 1GiB in size * image: test to pad to 2GiB * version: change back to v2.14.0-pre * image: GPT-conformant image size padding * [remove] increase version * mpimage: inline prefix func Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: add marketplace image e2e test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register workflow * ci: fix workflow name * ci: only allow azure test * cli: add marketplace image input to interface * cli: fix argument passing * version: roll back to v2.14.0 * ci: add force-flag support * Update docs/docs/overview/license.md * Update dev-docs/workflows/marketplace-images.md Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>	2023-12-08 14:40:31 +01:00
Malte Poll	e113253262	bazel: migrate all integration tests (and retire CMakeLists.txt)	2023-12-08 14:27:46 +01:00
Daniel Weiße	f5aea84eaa	terraform-provider: sync provider docs to Terraform provider repository (#2683 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-12-08 12:56:51 +01:00
Malte Poll	93d505ef7f	deps: bump Go to 1.21.5 (#2689 )	2023-12-08 12:11:31 +01:00
Adrian Stobbe	37cff42bfe	ci: build Terraform binaries action (#2684 ) Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-12-07 16:32:03 +01:00
Daniel Weiße	b7425db72a	constellation-lib: add Helm wrapper (#2680 ) * Add Helm wrapper to constellation-lib * Move helm package to constellation-lib --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-12-06 10:01:39 +01:00
Malte Poll	cd6e03049a	libvirt: build containerized libvirt as nix container image	2023-12-01 09:35:33 +01:00
Daniel Weiße	3bc25cdd8f	ci: add notify hook to Terraform module test (#2653 ) * Enable notification on tf module e2e test failure * Dont try to change fields with no value --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-11-28 14:14:18 +01:00
Daniel Weiße	43f47cc5c5	ci: fix service accounts introduced by merge (#2652 ) * Fix service accounts introduced my merge * Remove GCP_E2E_PROJECT placeholders --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-11-28 10:54:58 +01:00
Daniel Weiße	45f6eec0d0	ci: add missing shell in notify action (#2646 ) * Add missing shell * Remove old teams notify action --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems> Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>	2023-11-28 09:41:01 +01:00
Daniel Weiße	97aea98e77	ci: update GCP service accounts for CI (#2629 ) * Update CI to use different GCP project for e2e tests * Update GCP image project service accounts * Update default GCP bucket name for image builds --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-11-27 13:04:41 +01:00
Otto Bittner	46f563c7ca	ci: call TCB upload step for AWS	2023-11-24 15:49:48 +01:00
Markus Rudy	b0702cd033	ci: execute integration tests with Bazel, where possible Co-authored-by: malt3 <malt3@users.noreply.github.com>	2023-11-23 13:48:54 +01:00
Daniel Weiße	64a05b9dea	ci: correctly clean up resource in self-managed infra tests (#2637 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-11-23 13:08:39 +01:00
Moritz Sanft	968cdc1a38	cli: move `cli/internal` libraries (#2623 ) * cli: move internal packages Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: fix buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bazel: fix exclude dir Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * cli: move back libraries that will not be used by TF provider Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-11-22 14:52:56 +01:00
Daniel Weiße	5e9e3de1a1	ci: start v2.14-pre window (#2610 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-11-17 10:34:35 +01:00
Moritz Sanft	2ccc2212c8	add missing `runner` value (#2602 ) Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-11-15 08:49:10 +01:00
Daniel Weiße	6d6ef66a31	ci: refactor teams notification action (#2600 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-11-15 08:48:13 +01:00
Moritz Sanft	fd72952738	checkout before selecting image (#2598 ) Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-11-14 10:33:59 +01:00
Moritz Sanft	8e4feb7e2a	terraform: add Terraform module for Azure (#2566 ) * add Azure Terraform module * add maa-patching command to cli * refactor release process * factor out image fetching to own action * add CI * generate * fix some unnecessary changes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `constellation maa-patch` in ci * insecure flag when using debug image Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only update maa url if existing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make node group zone optional on aws and gcp Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] register updated workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Revert "[remove] register updated workflow" This reverts commit e70b9515b7eabbcbe0d41fa1296c48750cd02ace. * create MAA Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * make maa-patching only run on azure Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add comment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * require node group zone for GCP and AWS * remove unnecessary bazel action * stamp version to correct file * refer to `maa-patch` command in docs * run Azure test in weekly e2e * comment / naming improvements * remove sa_account resource * disable spellcheck ot use "URL" * `create_maa` variable * don't write maa url to config Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * default to nightly image * use input ref and stream * fix command check * don't set region in weekly e2e call * patch maa if url is not empty Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove `create_maa` variable * remove binaries Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove undefined input * replace invalid attestation URL error message Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * fix punctuation Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com> * skip hidden commands in clidocgen Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * enable spellcheck before code block * move spellcheck trigger out of info block Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix workflow dependencies * let image default to CLI version --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>	2023-11-13 18:46:20 +01:00
Malte Poll	e11b1a0576	ci: use rbe for unit tests	2023-11-10 18:15:59 +01:00
Adrian Stobbe	22d82a59ed	terraform: Terraform module for GCP (#2553 )	2023-11-10 13:32:18 +01:00
Adrian Stobbe	b765231175	deps: bump Go to 1.21.4 (#2569 ) Co-authored-by: Malte Poll <1780588+malt3@users.noreply.github.com>	2023-11-09 20:17:14 +01:00
Adrian Stobbe	cea6204b37	terraform: Terraform module for AWS (#2503 )	2023-11-08 19:10:01 +01:00
Daniel Weiße	0bac72261d	ci: fix failure issue creation for Windows e2e test (#2565 ) * Add missing bazel set-up in windows e2e-failure notify * Enable bazel caching for e2e-upgrade test * Remove whitespace --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-11-08 15:27:40 +01:00
Otto Bittner	b0ee39a96d	ci: publish s3proxy chart during release	2023-11-06 10:21:11 +01:00
Otto Bittner	8ebd813480	s3proxy: ship as helm chart	2023-11-06 10:21:11 +01:00
Otto Bittner	a19227cac9	s3proxy: initial e2e tests and workflows	2023-11-06 10:21:11 +01:00
Malte Poll	76d7d30245	ci: do not upload terraform logs (#2554 )	2023-11-04 19:14:29 +01:00
Moritz Sanft	813405f080	ci: share e2e workflow (#2550 ) * re-use workflow in internal LB e2e test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add self-managed infra workfloww Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-11-03 16:27:28 +01:00
renovate[bot]	17b0915a10	deps: update docker/build-push-action action to v5 (#2531 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-11-02 10:13:14 +01:00
Moritz Sanft	8d08ace0b5	ci: mark self-managed infrastructure tests (#2537 ) * mark self-managed infrastructure tests Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add TODO --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-10-30 14:33:58 +01:00
Moritz Sanft	402a8834ca	ci: add e2e test for self-managed infrastructure (#2472 ) * add self-managed infra e2e test * self-managed terminatio Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix upgrade test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix indentation Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use -r when copying dir Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add terraform variable parsing * copy constellation conf Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary line breaks * add missing value Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add image fetching for CSP Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix quoting Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing input to internal lb test * normalize Azure URLs.. Of course * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix expressions * initsecret to hex * update hexdump cmd * add build test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add node / pod cidr outputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * explicitly delete the state file Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing license header Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * always write all outputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix list output Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove state-file and admin-conf on destroy * dont use test payload Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * [remove] use self managed infra in manual e2e for testing Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * init: always skip infrastructure phase * patch maa in workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * default to Constellation-created infra in e2e test --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-10-27 09:37:26 +02:00
Daniel Weiße	149fedb90f	cli: add `constellation apply` command to replace `init` and `upgrade apply` (#2484 ) * Add apply command * Mark init and upgrade apply as deprecated * Use apply command in CI * Add skippable phases for attestation config and cert SANs --------- Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-10-26 15:59:13 +02:00
renovate[bot]	e445dac590	deps: update docker/metadata-action action to v5 (#2512 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-10-26 08:19:55 +02:00
renovate[bot]	0563ce7336	deps: update aws-actions/configure-aws-credentials action to v4 (#2510 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-10-26 08:18:37 +02:00
Paul Meyer	1261ccb569	Revert "ci: execute unit tests and tidy check against merge of PR branch and main (#2452 )" This reverts commit `43f7d9f736`.	2023-10-24 14:43:09 +02:00
Adrian Stobbe	5d640ff4f9	ci: fix win build (#2499 )	2023-10-23 14:39:45 +02:00
Malte Poll	ee54b71a9e	ci: build rpmdb explicitly (#2476 )	2023-10-19 08:34:17 +02:00
3u13r	0c89f57ac5	Support internal load balancers (#2388 ) * arch: support internal lb on Azure * arch: support internal lb on GCP * helm: remove lb svc from verify deployment * arch: support internal lb on AWS * terraform: add jump hosts for internal lb * cli: expose internalLoadBalancer in config * ci: add e2e-manual-internal * add in-cluster endpoint to terraform output	2023-10-17 15:46:15 +02:00
Malte Poll	1a141c3972	image: add rpm database as build output (#2442 ) For reproducibility reasons, the final OS image does not ship the rpm database in sqlite format. For supply chain security and license compliance reasons, we want to keep the rpm database of os images as a detached build artifact. We now ship a reproducible, human readable manifest of installed rpms in the image under "/usr/share/constellation/packagemanifest" and upload the full rpm database as a build artifact (rpmdb.tar).	2023-10-17 14:04:41 +02:00
Malte Poll	e93de82c0b	image: use systemd-dissect from the host when calculating measurements (#2473 ) * image: use systemd-dissect from the host when calculating measurements * ci: setup bazel and nix toolchains before merging os image measurements	2023-10-17 13:26:07 +02:00
renovate[bot]	abbe3853cb	deps: update cachix/install-nix-action action to v23 (#2469 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-10-17 10:48:52 +02:00
Malte Poll	c424ec8825	ci: fix PR label for rpm updates (#2464 )	2023-10-17 09:46:37 +02:00
Malte Poll	a9f245752c	ci: update rpm lockfile once per week	2023-10-17 09:23:56 +02:00
Malte Poll	43f7d9f736	ci: execute unit tests and tidy check against merge of PR branch and main (#2452 )	2023-10-16 09:58:45 +02:00
Malte Poll	33d53a1da9	ci: remove python from codeql (#2451 )	2023-10-13 12:37:13 +02:00
3u13r	9e1a0c06bf	Deps: bump Go to 1.21.3 (#2450 ) * build: override go version to 1.21.3 * build: re-enable cachix * ci: set $USER if not set	2023-10-12 16:11:02 +02:00
Malte Poll	e80e6076b4	ci: install nix together with Bazel	2023-10-12 14:42:24 +02:00
Malte Poll	d22f53d7cc	bazel: always use nix	2023-10-12 14:42:24 +02:00
renovate[bot]	a1c84cb080	deps: update GitHub action dependencies (#2437 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-10-11 13:49:50 +02:00
Malte Poll	02c04f057f	ci: start v2.13-pre window (#2426 )	2023-10-10 18:33:04 +02:00
Daniel Weiße	8bb23c373b	ci: ensure API is only updated if image and measurements are uploaded (#2413 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-10-06 14:34:06 +02:00
Malte Poll	b4fb8439d0	ci: use larger runners for os image pipeline (#2399 )	2023-10-04 10:13:43 +02:00
Malte Poll	627a4b6cbb	ci: enable nix binary cache	2023-09-29 14:09:58 +02:00
Malte Poll	055fb32918	ci: stop using raw "go run"	2023-09-29 14:09:58 +02:00
Malte Poll	85b4101dc3	deps: update go to 1.21.1 (#2389 )	2023-09-28 22:29:14 +02:00
Malte Poll	1da5153627	ci: use nix + mkosi during os image build	2023-09-27 17:58:19 +02:00
Moritz Sanft	f4b2d02194	ci: collect cluster metrics to OpenSearch (#2347 ) * add Metricbeat deployment to debugd Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * set metricbeat debugd image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix k8s deployment Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use 2 separate deployments Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only deploy via k8s in non-debug-images Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing tilde * remove k8s metrics Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * unify flag Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * ci: fix debugd logcollection (#2355) * add missing keyvault access role Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump logstash image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * bump filebeat / metricbeat image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * log used image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use debugging image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase wait timeout for image upload * add cloud metadata processor to filebeat Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix template locations in container Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix image version typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add filebeat / metricbeat users Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove user additions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update workflow step name Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only mount config files Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * document potential rc Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix IAM permissions in workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix AWS permissions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * tidy Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing workflow input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * rename action Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * pin image versions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove unnecessary workflow inputs Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add refStream input Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove inputs.yml dep Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * increase system metric period Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linkchecker Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com>	2023-09-27 16:17:31 +02:00
renovate[bot]	9c1e6295d4	deps: update dependency cryptography to v41.0.4 [SECURITY]	2023-09-27 13:28:08 +02:00
Daniel Weiße	7aba42baa5	ci: add more filters to e2e failure OpenSearch links (#2358 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-09-26 13:17:59 +02:00
3u13r	b9f1a0c17d	ci: don't pull from detached head (#2335 )	2023-09-26 11:15:28 +02:00
Paul Meyer	f5ddcf984e	ci: recreate coverage report on push This keeps the report in focus for PRs with longer discussion and repeated pushes. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-09-26 10:36:32 +02:00
3u13r	8f5a2867b4	ci: remove verify test for macos during release (#2338 )	2023-09-25 13:51:08 +02:00
Daniel Weiße	33c9f16e82	ci: add missing notification hook for MiniConstellation test (#2352 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-09-22 13:25:20 +02:00
Moritz Sanft	0a28cdecb2	ci: add malicious join test (#2304 ) * malicious node join test Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add e2e build tag Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add namespaces to job apply Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix image and workflow Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * build instructions in Dockerfile Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * only print important flags Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use `malicious-join` namespace Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * build with bazel Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * order imports Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * test cases Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * various fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add missing quotes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * Update e2e/malicious-join/malicious-join.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * Update e2e/malicious-join/malicious-join.go Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> * use switch case Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update image version Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter checks Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * wip Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * various fixes Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * update buildfiles Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * use workdir Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix linter Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * add required permissions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove permissions Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * remove packages: write permission at step Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * login to registry Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix typo Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix log Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * source base lib Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix sourcing order Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * export after definition Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * fix script header Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> * dont exit after -e flag has been set Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> --------- Signed-off-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-09-15 17:21:42 +02:00
3u13r	0982587a4d	chore: bump version.txt (#2334 ) * chore: bump version.txt * ci: bump upgrade version	2023-09-14 14:42:16 +02:00
Malte Poll	7376c6a998	ci: remove aspect workflows (#2324 )	2023-09-08 14:19:14 +02:00
3u13r	6cb506bca7	deps: bump go version (#2318 )	2023-09-08 10:19:07 +02:00
Daniel Weiße	442f904ceb	ci: don't automatically create git tag in release pipeline (#2316 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-09-07 08:47:01 +02:00
Otto Bittner	d3c940a6a0	ci: use virtee project for sev-snp-measure-go (#2307 ) Our port is part of the virtee org. Lets use it to keep it up-to-date.	2023-09-06 14:02:53 +02:00
Otto Bittner	97dc15b1d1	staticupload: correctly set invalidation timeout Previously the timeout was not set in the client's constructor, thus the zero value was used. The client did not wait for invalidation. To prevent this in the future a warning is logged if wait is disabled. Co-authored-by: Daniel Weiße <dw@edgeless.systems>	2023-09-04 11:20:13 +02:00
Otto Bittner	7ffa1344e3	Configapi: pipeline to run e2e test for CLI Co-authored-by: Paul Meyer <pm@edgeless.systems>	2023-09-04 11:20:13 +02:00
Daniel Weiße	f3218f4197	ci: fix incorrect signing key for sbom signature and wrong public key in release artifacts (#2296 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-09-01 16:40:09 +02:00
Daniel Weiße	a4d6016ae5	ci: make sure permissions to terminate cluster are always set for e2e upgrade (#2298 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-09-01 16:15:13 +02:00
Paul Meyer	11efc8d512	ci: comment Go coverage report on PR Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-28 15:44:07 +02:00
Adrian Stobbe	7c9a78fe51	make release idempotent (#2278 )	2023-08-28 09:21:25 +02:00
Adrian Stobbe	f15c5444da	upgrade test from v2.10.1 (#2279 )	2023-08-24 09:15:43 +02:00
Paul Meyer	abd5cdf362	ci: fix ccm build when no new version are found Previous output of findvers.sh would be [""] in case no version were found, now the output is []. Also, GitHub cannot handle empty arrays in the matrix field, so we add an if and check if the array is empty. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-23 15:05:22 +02:00
Moritz Sanft	54c52f17f6	ci: fix Windows e2e test (#2255 ) * fix Windows e2e test * check if caller workflow was scheduled * inherit secrets	2023-08-21 14:36:28 +02:00
Moritz Sanft	60bf770e62	ci: logcollection to OpenSearch in non-debug clusters (#2080 ) * refactor `debugd` file structure * create `hack`-tool to deploy logcollection to non-debug clusters * integrate changes into CI * update fields * update workflow input names * use `working-directory` * add opensearch creds to upgrade workflow * make template func generic * make templating func generic * linebreaks * remove magic defaults * move `os.Exit` to main package * make logging index configurable * make templating generic * remove excess brace * update fields * copy fields * fix flag name * fix linter warnings Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * remove unused workflow inputs * remove makefiles * fix command * bazel: fix output paths of container This fixes the output paths of builds within the container by mounting directories to paths that exist on the host. We also explicitly set the output path in a .bazelrc to the user specific path. The rc file is mounted into the container and overrides the host rc. Also adding automatic stop in case start is called and a containers is already running. Sym links like bazel-out and paths bazel outputs should generally work with this change. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> * tabs -> spaces --------- Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com> Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-21 08:01:33 +02:00
Malte Poll	339492f314	ci: add aspect workflows (#2258 )	2023-08-18 11:31:24 +02:00
3u13r	8325f99b09	deps: support Kubernetes 1.28 (#2242 )	2023-08-18 11:13:24 +02:00
Paul Meyer	c6819b8d31	ci: automatically build GCP CCM container Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-16 16:31:04 +02:00
Paul Meyer	f43888bb6f	ci: remove azure-snp-reporter workflow Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-16 11:41:02 +02:00
Paul Meyer	f604a8dfd2	e2e: upload TCB versions in verify test The TCP versions are extracted from the MAA token, that itself is taken from the verify command output. The configapi is adapted to directly work on the MAA claims JSON. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-16 11:41:02 +02:00
Adrian Stobbe	5574092bcf	ref: update code for 2.11 (#2239 ) Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>	2023-08-16 11:34:58 +02:00
renovate[bot]	841463d11e	deps: update GitHub action dependencies (#2234 ) Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-15 14:38:48 +02:00
Daniel Weiße	ef4d789dc8	ci: fix notify trigger in e2e upgrade workflow (#2221 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-08-14 11:45:04 +02:00
Adrian Stobbe	c7bbf90989	ci: add e2e-mini to daily test (#2217 )	2023-08-14 08:13:29 +02:00
Paul Meyer	de9e841853	e2e: use Kubernetes 1.26 in daily test Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-11 14:06:35 +02:00
Daniel Weiße	066fff951f	ci: correctly default to false for upgrade e2e notifications (#2208 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-08-11 09:05:44 +02:00
Daniel Weiße	0dd62fc59d	ci: allow setting region/zone for e2e tests (#2205 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-08-10 12:53:40 +02:00
Paul Meyer	e466ce2f26	e2e: detect changing idKeyDigests on azure by setting the Azure SNP enforcement policy to equal in the weekly e2e. The run should fail when there are unexpected ID Key digests used. Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-08-09 16:45:42 +02:00
Adrian Stobbe	d1febd7276	fix e2e upgrade config migration (#2179 )	2023-08-09 10:28:13 +02:00
renovate[bot]	cc10613252	deps: update dependency cryptography to v41.0.3 [SECURITY] (#2150 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-08-07 09:23:18 +02:00
Malte Poll	92b0cd5a21	ci: update actions to use nodeGroups and remove deprecated flags	2023-08-04 12:36:45 +02:00
Moritz Sanft	af05e17f49	ci: keep embedded measurements if stable image is used (#2109 ) Co-authored-by: Moritz Sanft <58110325+msanft@users.noreply.github.com> Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com> Co-authored-by: Malte Poll <mp@edgeless.systems>	2023-08-04 09:43:32 +02:00
3u13r	a983b08262	deps: bump go version (#2156 )	2023-08-03 12:07:27 +02:00
Daniel Weiße	321474c356	ci: remove old incompatible test option (#2149 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-08-02 08:18:55 +02:00
Otto Bittner	002c3a9a32	ci: upgrade fromVersion for upgrade tests (#2145 ) Co-authored-by: Adrian Stobbe <stobbe.adrian@gmail.com>	2023-08-01 10:34:11 +02:00
Otto Bittner	867f7490a2	ci: clone constellation repo into separate dir (#2143 )	2023-08-01 10:13:10 +02:00
Otto Bittner	583d3021fa	ci: parse ovmf binaries from metadata (#1962 ) Subsequently the metadata will be uploaded to the attestationconfigapi so the CLI can use the data to precalculate measurements.	2023-07-27 13:29:43 +02:00
Adrian Stobbe	a3184af7a2	cli: add `iam upgrade apply` (#2132 ) * add new iam upgrade apply * remove iam tf plan from upgrade apply check * add iam migration warning to upgrade apply * update release process * document migration * Apply suggestions from code review Co-authored-by: Otto Bittner <cobittner@posteo.net> * add iam upgrade * remove upgrade dir check in test * ask only without --yes * make iam upgrade provider specific * test without seperate logins * remove csi and only add conditionally * Revert "test without seperate logins" This reverts commit `05a12e59c9`. * fix msising cred * support iam migration for all csps * add iam upgrade label --------- Co-authored-by: Otto Bittner <cobittner@posteo.net>	2023-07-26 17:29:03 +02:00
Paul Meyer	342a71fa36	bazel: fix container versioning Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-26 13:46:27 +02:00
Paul Meyer	c8bc3ea5ee	ci: build bazel container Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-25 15:41:55 +02:00
Otto Bittner	c58d03a7b8	ci: fix ahead-check for working branch (#2120 ) Also list remote branches during on-release	2023-07-19 17:48:29 +02:00
renovate[bot]	dc373971b2	deps: update dependency cryptography to v41.0.2 [SECURITY] (#2106 ) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>	2023-07-18 15:33:23 +02:00
Daniel Weiße	484b6c5c24	ci: combine node count inputs into one (#2084 ) Signed-off-by: Daniel Weiße <dw@edgeless.systems>	2023-07-17 13:45:53 +02:00
Otto Bittner	c1c48f19bf	chore: bump e2e-upgrade fromVersion	2023-07-17 10:29:43 +02:00
Otto Bittner	6ed8fce6b0	ci: separate PCR0 value for aws-sev-snp variant (#2100 ) Co-authored-by: Malte Poll <mp@edgeless.systems>	2023-07-13 11:37:47 +02:00
Paul Meyer	01f518f0a4	deps: update to Go v1.20.6 (#2093 ) Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-12 09:51:40 +02:00
Otto Bittner	f97edd512d	ci: use 2.8 as fromVersion in release upgrade test (#2086 ) The current value (2.7.1) is outdated since the release of 2.8.	2023-07-11 09:56:43 +02:00
Otto Bittner	cfa3bb6276	ci: do not build additional streams (#2085 ) Large amounts of uploaded data seem to break the GH Actions cache.	2023-07-10 17:46:08 +02:00
Malte Poll	c6230ff8ca	ci: add constellation-windows-amd64.exe to release artifacts uploaded to GitHub (#2075 )	2023-07-10 10:21:48 +02:00
Adrian Stobbe	fafafb48d7	pin dependency for aws-snp-launchmeasurement	2023-07-07 16:44:31 +02:00
Malte Poll	6c5ad09a93	ci: build all streams on release (#2058 )	2023-07-07 12:09:15 +02:00
Malte Poll	46d69abe10	bazel: rewrite pseudo-version stamping in bash (#2020 ) * bazel: simplify workspace_status command to only depend on bash and git * bazel: remove pseudo-version freshness code	2023-07-05 14:42:18 +02:00
Paul Meyer	7968d165c6	ci: use strict semver for gcp guest agent image Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>	2023-07-04 13:23:33 +02:00

1 2 3 4 5 ...

798 Commits