Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2024-09-20 08:15:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,065 Commits 131 Branches 43 Tags 105 MiB
f13f80b8af
Commit Graph

239 Commits

Author SHA1 Message Date
Nils Hanke
f13f80b8af
ci: update Syft to 0.72.0 and Grype to 0.57.1 (#1120) 
* ci: update Syft to 0.72.0 and Grype to 0.57.1
* ci: install Cosign before Syft
* ci: directly read private key from environment for Cosign
* ci: add --add-cpes-if-none to Grype
* ci: use cosign attest directly instead of syft attest
 2023-02-22 14:17:02 +01:00
Otto Bittner
c4fd70684f
Revert "deps: update Terraform azurerm to v3.44.1 (#1197)" (#1255) 
This reverts commit 253f833f6c.
 2023-02-22 11:16:05 +01:00
renovate[bot]
30f53f78d0
deps: update GitHub action dependencies (#1239) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-02-21 13:49:47 +01:00
renovate[bot]
8134b8b4f0
deps: update golang:1.20.1 Docker digest to 745aa72 (#1238) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-02-21 13:48:38 +01:00
Moritz Sanft
0ba810240f
ci: integrate automatic iam creation in e2e test (#1158) 
* integrate automatic iam creation in e2e test

* fix typo

* break long line comments

* fix semvers

* correct bracing
 2023-02-21 12:47:14 +01:00
renovate[bot]
253f833f6c
deps: update Terraform azurerm to v3.44.1 (#1197) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-02-21 10:41:04 +01:00
Paul Meyer
0e7f1c9300 ci: add missing replaced mod files to docker build 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-02-21 03:13:08 -05:00
Paul Meyer
e011a20c49 deps: update to Go 1.20 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-02-20 12:08:24 -05:00
renovate[bot]
7500112d37
deps: update GitHub action dependencies (#1201) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2023-02-15 14:47:42 +01:00
Otto Bittner
03de71fdd2 ci: do not overwrite warnOnly measurements flag 
The image-api's measurement.json includes a setting for warnOnly
that should be followed by default. Enforcing all measurments is
currently not possible as some of them are unstable.
 2023-02-15 10:35:30 +01:00
Otto Bittner
f97d351ad2 ci: add force flag to remaining constellation cmds 
In the CI most configs use prerelease images. Config validation
prevents this. Therefore we need to use the force flag for now.
 2023-02-15 10:35:30 +01:00
renovate[bot]
449d0e5b7a
deps: update golang Docker tag to v1.20.1 (#1190) 
Co-authored-by: katexochen <katexochen@users.noreply.github.com>
 2023-02-15 10:14:38 +01:00
Otto Bittner
74c569cba0 ci: fix yq command for new k8s version format 
The string "1.25" does not need quotes to work in the replace.
"1.25.6" or "v1.25.6", however, do.
 2023-02-13 10:19:59 +01:00
Paul Meyer
278031b066 ci: fix workdir of apko base image build 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-02-10 11:24:17 -05:00
Daniel Weiße
c29107f5be
init: create kubeconfig file with unique user/cluster name (#1133) 
* Generate kubeconfig with unique name

* Move create name flag to config

* Add name validation to config

* Move name flag in e2e tests to config generation

* Remove name flag from create

* Update ascii cinema flow

---------

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
 2023-02-10 13:27:22 +01:00
Fabian Kammel
4c5ab7c5e9
ci: refactor image measurement generation (#1152) 
* Merge measurements.image.json and measurements.json into latter.
* Use static (known) measurement values for the ones we cannot precompute.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2023-02-09 13:33:17 +01:00
Otto Bittner
c275464634 cli: change upgrade-plan to upgrade-check 
Upgrade check is used to find updates for the current cluster.
Optionally the found upgrades can be persisted to the config
for consumption by the upgrade-execute cmd.
The old `upgrade execute` in this commit does not work with
the new `upgrade plan`.
The current versions are read from the cluster.
Supported versions are read from the cli and the versionsapi.
Adds a new config field MicroserviceVersion that will be used
by `upgrade execute` to update the service versions.
The field is optional until 2.7
A deprecation warning for the upgrade key is printed during
config validation.
Kubernetes versions now specify the patch version to make it
explicit for users if an upgrade changes the k8s version.
 2023-02-08 12:30:01 +01:00
Otto Bittner
f204c24174 cli: add version validation and force flag 
Version validation checks that the configured versions
are not more than one minor version below the CLI's version.
The validation can be disabled using --force.
This is necessary for now during development as the CLI
does not have a prerelease version, as our images do.
 2023-02-08 12:30:01 +01:00
renovate[bot]
a3f8bb30ac
deps: update golang Docker tag to v1.20.0 (#1145) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-02-03 18:08:03 +01:00
renovate[bot]
bec82c2328
deps: update GitHub action dependencies (#1112) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-31 17:38:44 +01:00
Paul Meyer
4f1a4ecb9e ci: don't use k-bench install script 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-31 15:06:29 +01:00
Otto Bittner
88e3da750e ci: adjust tags in build_ko 
Currently tags can be empty when building a ko image.
However, --bare may not work in case --tags is empty,
as per ko docs.

Also remove redundant build step in release pipeline.

Co-authored-by: Malte Poll <mp@edgeless.systems>
 2023-01-31 10:16:20 +01:00
leongross
2187aa6cb0
ci: reproducible builds integration (#1108) 
* remove `-ko` suffix from workflows
* integrate into `release.yaml`
* adjust helm charts to use hard coded `ko` binary path
 2023-01-30 16:58:49 +01:00
Fabian Kammel
48c8a66114
Minimal GitHub Action token permissions. (#1104) 
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2023-01-30 16:11:27 +01:00
Paul Meyer
d095f08cd4 apko: build base image with pinned packages 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-30 16:05:00 +01:00
Paul Meyer
32a540bff4 ci: tag apko base images 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-30 16:05:00 +01:00
leongross
bd3ec19aef
update kbench requirements.txt (#1103) 2023-01-30 11:57:48 +01:00
Paul Meyer
617c6f0a8d deps: update sonobuoy version 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-30 10:17:18 +01:00
renovate[bot]
a85ba96ac4
deps: update Terraform azurerm to v3.41.0 (#1097) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-27 16:33:32 +01:00
Moritz Sanft
cb894e5df5
ci: fix Constellation recover e2e test (#1081) 
* AB#2859 wait for cp to recover

* AB#2859 remove unnecessary inputs & echo
 2023-01-27 15:53:53 +01:00
renovate[bot]
5eecd1345d
deps: update golang Docker tag to v1.19.5 (#1086) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-26 15:19:23 +01:00
Malte Poll
ee869eaf9c ci: prepare upgrade-agent for upload in e2e tests 2023-01-25 09:58:56 +01:00
Paul Meyer
9a70a81b7c ci: rename os images on GCP to contain stream 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-23 14:15:05 +01:00
Paul Meyer
a8cbfd848f
keyservice: use dash in container name (#1016) 
Co-authored-by: Otto Bittner <cobittner@posteo.net>
 2023-01-20 18:51:06 +01:00
Paul Meyer
a31d79e9cb ci: curl flags 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-20 14:23:32 +01:00
Paul Meyer
a6d35c6fd1 ci: move apko building into separate script 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-20 09:52:17 +01:00
Paul Meyer
acc3f64dee ci: only build apko base images on change 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-19 15:18:26 +01:00
Moritz Sanft
ae2db08f3a
ci: add e2e test for constellation recover (#845) 
* AB#2256 Add recover e2e test

* AB#2256 move test & fix minor objections

* AB#2256 fix path

* AB#2256 rename hacky filename
 2023-01-19 10:41:07 +01:00
Moritz Sanft
df0fe7178c
Adapt to new measurements format (#999) 2023-01-19 10:14:10 +01:00
Nils Hanke
2c6a3c398f ci: remove unnecessary checkout 2023-01-18 18:53:29 +01:00
Nils Hanke
b52c917dc6 ci: downgrade Syft to 0.65.0 2023-01-18 18:53:29 +01:00
Nils Hanke
4e9c49c342
ci: move Syft & Grype installation into an action (#1011) 2023-01-18 17:33:10 +01:00
renovate[bot]
30b22cd17f
Update GitHub action dependencies (#1007) 
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-18 17:04:46 +01:00
Paul Meyer
411dfed18f ci: unified order and style of workflows/actions 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-18 10:57:42 +01:00
Paul Meyer
41690288a1 ci: remove unneeded brackets in if statements 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-18 10:57:42 +01:00
Fabian Kammel
85f33b2140
ci: fix scorecard/pinned-dependencies findings (#967) 
* fix scorecard/pinned-dependencies findings
* make renovate update go install
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
 2023-01-17 16:12:23 +01:00
Moritz Sanft
9023482ce0
Move verify e2e test (#996) 2023-01-17 11:28:28 +01:00
Paul Meyer
ec1df3084b ci: fix versionsapi action 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-16 18:23:13 +01:00
Malte Poll
fa7bac3868
ci: switch gcp accounts to oidc (#983) 2023-01-16 18:15:17 +01:00
Paul Meyer
c9624c75ee ci: fix versionsapi action output 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2023-01-16 15:50:53 +01:00