Compare commits
6 Commits
45f076ef29
...
e4ae82b766
Author | SHA1 | Date |
---|---|---|
3u13r | e4ae82b766 | |
Malte Poll | 1c0c7d6227 | |
renovate[bot] | adf03ad76c | |
Daniel Weiße | 86c45d1d5f | |
Daniel Weiße | a15cf54477 | |
Leonard Cohnen | e6d3905489 |
|
@ -16,11 +16,11 @@ inputs:
|
|||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Install unzip
|
||||
- name: Install 7zip
|
||||
uses: ./.github/actions/setup_bazel_nix
|
||||
with:
|
||||
nixTools: |
|
||||
unzip
|
||||
_7zz
|
||||
|
||||
- name: Create temporary directory
|
||||
id: tempdir
|
||||
|
@ -28,7 +28,7 @@ runs:
|
|||
run: echo "directory=$(mktemp -d)" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Download the artifact
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: ${{ inputs.name }}
|
||||
path: ${{ steps.tempdir.outputs.directory }}
|
||||
|
@ -37,4 +37,4 @@ runs:
|
|||
shell: bash
|
||||
run: |
|
||||
mkdir -p ${{ inputs.path }}
|
||||
unzip -P '${{ inputs.encryptionSecret }}' -qq -d ${{ inputs.path }} ${{ steps.tempdir.outputs.directory }}/archive.zip
|
||||
7zz x -p'${{ inputs.encryptionSecret }}' -t7z -o"${{ inputs.path }}" ${{ steps.tempdir.outputs.directory }}/archive.7z
|
||||
|
|
|
@ -22,13 +22,51 @@ inputs:
|
|||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Install zip
|
||||
- name: Install 7zip
|
||||
uses: ./.github/actions/setup_bazel_nix
|
||||
with:
|
||||
nixTools: |
|
||||
zip
|
||||
_7zz
|
||||
|
||||
- name: Create temporary directory
|
||||
id: tempdir
|
||||
shell: bash
|
||||
run: echo "directory=$(mktemp -d)" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Create archive
|
||||
shell: bash
|
||||
run: |
|
||||
shopt -s extglob
|
||||
paths="${{ inputs.path }}"
|
||||
paths=${paths%$'\n'} # Remove trailing newline
|
||||
# Check if any file matches the given pattern(s).
|
||||
something_exists=false
|
||||
for pattern in ${paths}
|
||||
do
|
||||
if compgen -G "${pattern}" > /dev/null; then
|
||||
something_exists=true
|
||||
fi
|
||||
done
|
||||
# Create an archive if files exist.
|
||||
# Don't create an archive file if no files are found
|
||||
# and warn.
|
||||
if ! ${something_exists}
|
||||
then
|
||||
echo "::warning:: No files/directories found with the provided path(s): ${paths}. No artifact will be uploaded."
|
||||
exit 0
|
||||
fi
|
||||
for target in ${paths}
|
||||
do
|
||||
pushd "$(dirname "${target}")" || exit 1
|
||||
7zz a -p'${{ inputs.encryptionSecret }}' -t7z -ms=on -mhe=on "${{ steps.tempdir.outputs.directory }}/archive.7z" "$(basename "${target}")"
|
||||
popd || exit 1
|
||||
done
|
||||
|
||||
- name: Upload archive as artifact
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: ${{ inputs.name }}
|
||||
path: ${{ steps.tempdir.outputs.directory }}/archive.7z
|
||||
retention-days: ${{ inputs.retention-days }}
|
||||
if-no-files-found: ignore
|
||||
overwrite: ${{ inputs.overwrite }}
|
||||
|
|
|
@ -79,7 +79,7 @@ runs:
|
|||
# once it has the functionality
|
||||
- name: Install Cosign
|
||||
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
|
||||
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
|
||||
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
|
||||
|
||||
- name: Install Rekor
|
||||
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
|
||||
|
|
|
@ -62,7 +62,7 @@ runs:
|
|||
|
||||
- name: Build and push container image
|
||||
id: build-micro-service
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
|
||||
with:
|
||||
context: .
|
||||
file: ${{ inputs.dockerfile }}
|
||||
|
|
|
@ -17,7 +17,7 @@ runs:
|
|||
steps:
|
||||
- name: Use docker for logging in
|
||||
if: runner.os != 'macOS'
|
||||
uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
|
||||
uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
|
||||
with:
|
||||
registry: ${{ inputs.registry }}
|
||||
username: ${{ inputs.username }}
|
||||
|
|
|
@ -19,7 +19,7 @@ runs:
|
|||
steps:
|
||||
- name: Install Cosign
|
||||
if: inputs.cosignPublicKey != '' && inputs.cosignPrivateKey != '' && inputs.cosignPassword != ''
|
||||
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
|
||||
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
|
||||
|
||||
- name: Download Syft & Grype
|
||||
uses: ./.github/actions/install_syft_grype
|
||||
|
|
|
@ -67,7 +67,7 @@ runs:
|
|||
# Make sure that helm is installed
|
||||
# This is not always the case, e.g. on MacOS runners
|
||||
- name: Install Helm
|
||||
uses: azure/setup-helm@29960d0f5f19214b88e1d9ba750a9914ab0f1a2f # v4.0.0
|
||||
uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
|
||||
with:
|
||||
version: v3.9.0
|
||||
|
||||
|
|
|
@ -5,51 +5,51 @@ runs:
|
|||
using: "composite"
|
||||
steps:
|
||||
- name: Download CLI binaries darwin-amd64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-darwin-amd64
|
||||
|
||||
- name: Download CLI binaries darwin-arm64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-darwin-arm64
|
||||
|
||||
- name: Download CLI binaries linux-amd64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-linux-amd64
|
||||
|
||||
- name: Download CLI binaries linux-arm64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-linux-arm64
|
||||
|
||||
- name: Download CLI binaries windows-amd64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-windows-amd64
|
||||
|
||||
- name: Download Terraform module
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: terraform-module
|
||||
|
||||
- name: Download Terraform provider binary darwin-amd64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: terraform-provider-constellation-darwin-amd64
|
||||
|
||||
- name: Download Terraform provider binary darwin-arm64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: terraform-provider-constellation-darwin-arm64
|
||||
|
||||
- name: Download Terraform provider binary linux-amd64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: terraform-provider-constellation-linux-amd64
|
||||
|
||||
- name: Download Terraform provider binary linux-arm64
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: terraform-provider-constellation-linux-arm64
|
||||
|
|
|
@ -33,7 +33,7 @@ runs:
|
|||
|
||||
steps:
|
||||
- name: Setup python
|
||||
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
|
||||
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
|
||||
with:
|
||||
python-version: "3.10"
|
||||
|
||||
|
@ -49,7 +49,7 @@ runs:
|
|||
install kubestr /usr/local/bin
|
||||
|
||||
- name: Checkout k8s-bench-suite
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
repository: "edgelesssys/k8s-bench-suite"
|
||||
|
|
|
@ -31,11 +31,11 @@ runs:
|
|||
with:
|
||||
service_account: "destroy-e2e@constellation-e2e.iam.gserviceaccount.com"
|
||||
|
||||
- name: Install unzip
|
||||
- name: Install 7zip
|
||||
uses: ./.github/actions/setup_bazel_nix
|
||||
with:
|
||||
nixTools: |
|
||||
unzip
|
||||
_7zz
|
||||
- name: Run cleanup
|
||||
run: ./.github/actions/e2e_cleanup_timeframe/e2e-cleanup.sh
|
||||
shell: bash
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
# get_e2e_test_ids_on_date gets all workflow IDs of workflows that contain "e2e" on a specific date.
|
||||
function get_e2e_test_ids_on_date {
|
||||
ids="$(gh run list --created "$1" --status failure --json createdAt,workflowName,databaseId --jq '.[] | select(.workflowName | contains("e2e") and (contains("MiniConstellation") | not)) | .databaseId' -L1000 -R edgelesssys/constellation || exit 1)"
|
||||
echo "$ids"
|
||||
echo "${ids}"
|
||||
}
|
||||
|
||||
# download_tfstate_artifact downloads all artifacts matching the pattern terraform-state-* from a given workflow ID.
|
||||
|
@ -13,7 +13,7 @@ function download_tfstate_artifact {
|
|||
|
||||
# delete_resources runs terraform destroy on the constellation-terraform subfolder of a given folder.
|
||||
function delete_resources {
|
||||
if [ -d "$1/constellation-terraform" ]; then
|
||||
if [[ -d "$1/constellation-terraform" ]]; then
|
||||
cd "$1/constellation-terraform" || exit 1
|
||||
terraform init > /dev/null || exit 1 # first, install plugins
|
||||
terraform destroy -auto-approve || exit 1
|
||||
|
@ -23,7 +23,7 @@ function delete_resources {
|
|||
|
||||
# delete_iam_config runs terraform destroy on the constellation-iam-terraform subfolder of a given folder.
|
||||
function delete_iam_config {
|
||||
if [ -d "$1/constellation-iam-terraform" ]; then
|
||||
if [[ -d "$1/constellation-iam-terraform" ]]; then
|
||||
cd "$1/constellation-iam-terraform" || exit 1
|
||||
terraform init > /dev/null || exit 1 # first, install plugins
|
||||
terraform destroy -auto-approve || exit 1
|
||||
|
@ -32,12 +32,12 @@ function delete_iam_config {
|
|||
}
|
||||
|
||||
# check if the password for artifact decryption was given
|
||||
if [[ -z $ENCRYPTION_SECRET ]]; then
|
||||
if [[ -z ${ENCRYPTION_SECRET} ]]; then
|
||||
echo "ENCRYPTION_SECRET is not set. Please set an environment variable with that secret."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
artifact_pwd=$ENCRYPTION_SECRET
|
||||
artifact_pwd=${ENCRYPTION_SECRET}
|
||||
|
||||
shopt -s nullglob
|
||||
|
||||
|
@ -46,9 +46,9 @@ end_date=$(date --date "-7 day" "+%Y-%m-%d")
|
|||
dates_to_clean=()
|
||||
|
||||
# get all dates of the last week
|
||||
while [[ $end_date != "$start_date" ]]; do
|
||||
dates_to_clean+=("$end_date")
|
||||
end_date=$(date --date "$end_date +1 day" "+%Y-%m-%d")
|
||||
while [[ ${end_date} != "${start_date}" ]]; do
|
||||
dates_to_clean+=("${end_date}")
|
||||
end_date=$(date --date "${end_date} +1 day" "+%Y-%m-%d")
|
||||
done
|
||||
|
||||
echo "[*] retrieving run IDs for cleanup"
|
||||
|
@ -65,33 +65,33 @@ mapfile -td " " database_ids < <(echo "${database_ids[@]}")
|
|||
|
||||
echo "[*] downloading terraform state artifacts"
|
||||
for id in "${database_ids[@]}"; do
|
||||
if [[ $id == *[^[:space:]]* ]]; then
|
||||
echo " downloading from workflow $id"
|
||||
download_tfstate_artifact "$id"
|
||||
if [[ ${id} == *[^[:space:]]* ]]; then
|
||||
echo " downloading from workflow ${id}"
|
||||
download_tfstate_artifact "${id}"
|
||||
fi
|
||||
done
|
||||
|
||||
echo "[*] extracting artifacts"
|
||||
for directory in ./terraform-state-*; do
|
||||
echo " extracting $directory"
|
||||
echo " extracting ${directory}"
|
||||
|
||||
# extract and decrypt the artifact
|
||||
unzip -d "${directory}" -P "$artifact_pwd" "$directory/archive.zip" > /dev/null || exit 1
|
||||
7zz x -t7z -p"${artifact_pwd}" -o"${directory}" "${directory}/archive.7z" > /dev/null || exit 1
|
||||
done
|
||||
|
||||
# create terraform caching directory
|
||||
mkdir "$HOME/tf_plugin_cache"
|
||||
export TF_PLUGIN_CACHE_DIR="$HOME/tf_plugin_cache"
|
||||
echo "[*] created terraform cache directory $TF_PLUGIN_CACHE_DIR"
|
||||
mkdir "${HOME}/tf_plugin_cache"
|
||||
export TF_PLUGIN_CACHE_DIR="${HOME}/tf_plugin_cache"
|
||||
echo "[*] created terraform cache directory ${TF_PLUGIN_CACHE_DIR}"
|
||||
|
||||
echo "[*] deleting resources"
|
||||
for directory in ./terraform-state-*; do
|
||||
echo " deleting resources in $directory"
|
||||
delete_resources "$directory"
|
||||
echo " deleting IAM configuration in $directory"
|
||||
delete_iam_config "$directory"
|
||||
echo " deleting directory $directory"
|
||||
rm -rf "$directory"
|
||||
echo " deleting resources in ${directory}"
|
||||
delete_resources "${directory}"
|
||||
echo " deleting IAM configuration in ${directory}"
|
||||
delete_iam_config "${directory}"
|
||||
echo " deleting directory ${directory}"
|
||||
rm -rf "${directory}"
|
||||
done
|
||||
|
||||
exit 0
|
||||
|
|
|
@ -25,7 +25,7 @@ runs:
|
|||
using: "composite"
|
||||
steps:
|
||||
- name: Install terraform
|
||||
uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # v3.0.0
|
||||
uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1
|
||||
with:
|
||||
terraform_wrapper: false
|
||||
|
||||
|
|
|
@ -64,7 +64,7 @@ runs:
|
|||
|
||||
- name: Publish test results
|
||||
if: (!env.ACT) && contains(inputs.sonobuoyTestSuiteCmd, '--plugin e2e')
|
||||
uses: mikepenz/action-junit-report@5f47764eec0e1c1f19f40c8e60a5ba47e47015c5 # v4.1.0
|
||||
uses: mikepenz/action-junit-report@9379f0ccddcab154835d4e2487555ee79614fe95 # v4.2.1
|
||||
with:
|
||||
report_paths: "**/junit_01.xml"
|
||||
fail_on_failure: true
|
||||
|
|
|
@ -26,13 +26,13 @@ runs:
|
|||
steps:
|
||||
- name: Checkout head
|
||||
if: inputs.imageVersion == '' && inputs.git-ref == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.imageVersion == '' && inputs.git-ref != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.git-ref }}
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ runs:
|
|||
echo "GOOGLE_CLOUD_PROJECT=" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Authorize GCP access
|
||||
uses: google-github-actions/auth@a6e2e39c0a0331da29f7fd2c2a20a427e8d3ad1f # v2.1.1
|
||||
uses: google-github-actions/auth@55bd3a7c6e2ae7cf1877fd1ccb9d54c0503c457c # v2.1.2
|
||||
with:
|
||||
workload_identity_provider: projects/796962942582/locations/global/workloadIdentityPools/constellation-ci-pool/providers/constellation-ci-provider
|
||||
service_account: ${{ inputs.service_account }}
|
||||
|
|
|
@ -13,7 +13,7 @@ runs:
|
|||
using: "composite"
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
repository: edgelesssys/helm
|
||||
ref: main
|
||||
|
@ -29,7 +29,7 @@ runs:
|
|||
echo version=$(yq eval ".version" ${{ inputs.chartPath }}/Chart.yaml) | tee -a $GITHUB_OUTPUT
|
||||
|
||||
- name: Create pull request
|
||||
uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
|
||||
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
|
||||
with:
|
||||
path: helm
|
||||
branch: "release/s3proxy/${{ steps.update-chart-version.outputs.version }}"
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
name: Update TFState
|
||||
description: "Update the terraform state artifact."
|
||||
description: "Update the terraform state artifact. We use this to either delete an artifact if the e2e test was cleaned up successfully or to update the artifact with the latest terraform state."
|
||||
|
||||
inputs:
|
||||
name:
|
||||
|
@ -11,33 +11,29 @@ inputs:
|
|||
encryptionSecret:
|
||||
description: "The encryption secret for the artifacts."
|
||||
required: true
|
||||
skipDeletion:
|
||||
description: "Don't try to delete the artifact before updating. You should only use this if you know that no artifact exists."
|
||||
default: "false"
|
||||
required: false
|
||||
|
||||
runs:
|
||||
using: "composite"
|
||||
steps:
|
||||
- name: Check if tfstate should be deleted
|
||||
if: always() && inputs.skipDeletion == 'false'
|
||||
- name: Check if uploaded tfstate can be deleted
|
||||
if: always()
|
||||
shell: bash
|
||||
run: |
|
||||
if [[ -d constellation-terraform ]] || [[ -d constellation-iam-terraform ]]; then
|
||||
if [[ ! -d constellation-terraform ]] && [[ ! -d constellation-iam-terraform ]]; then
|
||||
echo "DELETE_TF_STATE=true" >> "$GITHUB_ENV"
|
||||
else
|
||||
echo "DELETE_TF_STATE=false" >> "$GITHUB_ENV"
|
||||
fi
|
||||
|
||||
- name: Delete tfstate artifact if necessary
|
||||
if: always() && env.DELETE_TF_STATE == 'true' && inputs.skipDeletion == 'false'
|
||||
if: always() && env.DELETE_TF_STATE == 'true'
|
||||
uses: ./.github/actions/artifact_delete
|
||||
with:
|
||||
name: ${{ inputs.name }}
|
||||
workflowID: ${{ inputs.runID }}
|
||||
|
||||
- name: Prepare terraform state folders
|
||||
if: always()
|
||||
- name: Prepare left over terraform state folders
|
||||
if: always() && env.DELETE_TF_STATE == 'false'
|
||||
shell: bash
|
||||
run: |
|
||||
rm -rf to-zip/*
|
||||
|
|
|
@ -15,7 +15,7 @@ runs:
|
|||
zip -r terraform-module.zip terraform-module
|
||||
|
||||
- name: Upload artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: terraform-module
|
||||
path: terraform-module.zip
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
FROM golang:1.22.2@sha256:c4fb952e712efd8f787bcd8e53fd66d1d83b7dc26adabc218e9eac1dbf776bdf as builder
|
||||
FROM golang:1.22.3@sha256:b1e05e2c918f52c59d39ce7d5844f73b2f4511f7734add8bb98c9ecdd4443365 as builder
|
||||
|
||||
# Download project root dependencies
|
||||
WORKDIR /workspace
|
||||
|
|
|
@ -12,7 +12,7 @@ jobs:
|
|||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event.label.name == 'dependencies'}}
|
||||
steps:
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
- name: Pick assignee
|
||||
id: pick-assignee
|
||||
uses: ./.github/actions/pick_assignee
|
||||
|
|
|
@ -11,7 +11,7 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ github.head_ref }}
|
||||
path: constellation
|
||||
|
@ -27,7 +27,7 @@ jobs:
|
|||
|
||||
- name: Download Firmware release
|
||||
id: download-firmware
|
||||
uses: robinraju/release-downloader@368754b9c6f47c345fcfbf42bcb577c2f0f5f395 # v1.9
|
||||
uses: robinraju/release-downloader@c39a3b234af58f0cf85888573d361fb6fa281534 # v1.10
|
||||
with:
|
||||
repository: aws/uefi
|
||||
latest: true
|
||||
|
@ -50,7 +50,7 @@ jobs:
|
|||
echo "ovmfPath=${ovmfPath}" | tee -a "$GITHUB_OUTPUT"
|
||||
popd || exit 1
|
||||
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
repository: virtee/sev-snp-measure-go.git
|
||||
ref: e42b6f8991ed5a671d5d1e02a6b61f6373f9f8d8
|
||||
|
|
|
@ -22,7 +22,7 @@ jobs:
|
|||
runs-on: [arc-runner-set]
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -19,19 +19,19 @@ jobs:
|
|||
latest: ${{ steps.find-latest.outputs.latest }}
|
||||
steps:
|
||||
- name: Checkout Constellation
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Checkout kubernetes/cloud-provider-gcp
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
repository: "kubernetes/cloud-provider-gcp"
|
||||
path: "cloud-provider-gcp"
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Setup Go environment
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
||||
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
|
||||
with:
|
||||
go-version: "1.22.2"
|
||||
go-version: "1.22.3"
|
||||
cache: false
|
||||
|
||||
- name: Install Crane
|
||||
|
@ -65,10 +65,10 @@ jobs:
|
|||
version: ${{ fromJson(needs.find-ccm-versions.outputs.versions) }}
|
||||
steps:
|
||||
- name: Checkout Constellation
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Checkout kubernetes/cloud-provider-gcp
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
repository: "kubernetes/cloud-provider-gcp"
|
||||
path: "cloud-provider-gcp"
|
||||
|
@ -113,7 +113,7 @@ jobs:
|
|||
|
||||
- name: Build and push container image
|
||||
id: build
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
|
||||
with:
|
||||
context: ./cloud-provider-gcp
|
||||
push: ${{ github.ref_name == 'main' }}
|
||||
|
|
|
@ -69,7 +69,7 @@ jobs:
|
|||
|
||||
- name: Checkout GoogleCloudPlatform/guest-agent
|
||||
if: steps.needs-build.outputs.out == 'true'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
repository: "GoogleCloudPlatform/guest-agent"
|
||||
ref: refs/tags/${{ steps.latest-release.outputs.latest }}
|
||||
|
@ -77,7 +77,7 @@ jobs:
|
|||
|
||||
- name: Checkout Constellation
|
||||
if: steps.needs-build.outputs.out == 'true'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
path: "constellation"
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
@ -114,7 +114,7 @@ jobs:
|
|||
- name: Build and push container image
|
||||
if: steps.needs-build.outputs.out == 'true'
|
||||
id: build
|
||||
uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
|
||||
uses: docker/build-push-action@2cdde995de11925a030ce8070c3d77a52ffcf1c0 # v5.3.0
|
||||
with:
|
||||
context: ./guest-agent
|
||||
file: ./constellation/3rdparty/gcp-guest-agent/Dockerfile
|
||||
|
|
|
@ -19,7 +19,7 @@ jobs:
|
|||
packages: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Setup bazel
|
||||
uses: ./.github/actions/setup_bazel_nix
|
||||
|
|
|
@ -20,7 +20,7 @@ jobs:
|
|||
steps:
|
||||
- name: Check out repository
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -62,14 +62,14 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ github.head_ref }}
|
||||
|
||||
- name: Setup Go environment
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
||||
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
|
||||
with:
|
||||
go-version: "1.22.2"
|
||||
go-version: "1.22.3"
|
||||
cache: false
|
||||
|
||||
- name: Determine version
|
||||
|
@ -99,7 +99,7 @@ jobs:
|
|||
run: rm -f internal/attestation/measurements/measurement-generator/generate
|
||||
|
||||
- name: Create pull request
|
||||
uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
|
||||
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
|
||||
with:
|
||||
branch: "image/automated/update-measurements-${{ github.run_number }}"
|
||||
base: main
|
||||
|
@ -121,7 +121,7 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ github.head_ref }}
|
||||
|
||||
|
|
|
@ -59,7 +59,7 @@ jobs:
|
|||
cliApiBasePath: ${{ steps.image-version.outputs.cliApiBasePath }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -138,7 +138,7 @@ jobs:
|
|||
contents: read
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@ jobs:
|
|||
steps:
|
||||
- name: Check out repository
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -20,12 +20,12 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Link Checker
|
||||
uses: lycheeverse/lychee-action@c053181aa0c3d17606addfe97a9075a32723548a # v1.9.3
|
||||
uses: lycheeverse/lychee-action@2b973e86fc7b1f6b36a93795fe2c9c6ae1118621 # v1.10.0
|
||||
with:
|
||||
args: "--config ./.lychee.toml './**/*.md' './**/*.html'"
|
||||
fail: true
|
||||
|
|
|
@ -34,17 +34,17 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Setup Go environment
|
||||
if: matrix.language == 'go'
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
||||
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
|
||||
with:
|
||||
go-version: "1.22.2"
|
||||
go-version: "1.22.3"
|
||||
cache: false
|
||||
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@cf7e9f23492505046de9a37830c3711dd0f25bb3 # v2.16.2
|
||||
uses: github/codeql-action/init@ceaec5c11a131e0d282ff3b6f095917d234caace # v2.25.3
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
|
||||
|
@ -63,6 +63,6 @@ jobs:
|
|||
echo "::endgroup::"
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@cf7e9f23492505046de9a37830c3711dd0f25bb3 # v2.16.2
|
||||
uses: github/codeql-action/analyze@ceaec5c11a131e0d282ff3b6f095917d234caace # v2.25.3
|
||||
with:
|
||||
category: "/language:${{ matrix.language }}"
|
||||
|
|
|
@ -16,12 +16,12 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Vale
|
||||
uses: errata-ai/vale-action@3f7188c866bcb3259339a09f517d7c4a8838303c # tag=reviewdog
|
||||
uses: errata-ai/vale-action@38bf078c328061f59879b347ca344a718a736018 # tag=reviewdog
|
||||
with:
|
||||
files: docs/docs
|
||||
fail_on_error: true
|
||||
|
|
|
@ -72,7 +72,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -92,7 +92,7 @@ jobs:
|
|||
cosignPassword: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
|
||||
|
||||
- name: Upload CLI as artifact (unix)
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
if : ${{ matrix.os != 'windows' }}
|
||||
with:
|
||||
name: constellation-${{ matrix.os }}-${{ matrix.arch }}
|
||||
|
@ -101,7 +101,7 @@ jobs:
|
|||
build/constellation-${{ matrix.os }}-${{ matrix.arch }}.sig
|
||||
|
||||
- name: Upload CLI as artifact (windows)
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
if : ${{ matrix.os == 'windows' }}
|
||||
with:
|
||||
name: constellation-${{ matrix.os }}-${{ matrix.arch }}
|
||||
|
@ -133,7 +133,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -149,7 +149,7 @@ jobs:
|
|||
targetArch: ${{ matrix.arch }}
|
||||
|
||||
- name: Upload Terraform Provider Binary as artifact (unix)
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
if : ${{ matrix.os != 'windows' }}
|
||||
with:
|
||||
name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
|
||||
|
@ -157,7 +157,7 @@ jobs:
|
|||
build/terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
|
||||
|
||||
- name: Upload Terraform Provider Binary as artifact (windows)
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
if : ${{ matrix.os == 'windows' }}
|
||||
with:
|
||||
name: terraform-provider-constellation-${{ matrix.os }}-${{ matrix.arch }}
|
||||
|
@ -169,7 +169,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -187,7 +187,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -219,7 +219,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -227,7 +227,7 @@ jobs:
|
|||
uses: ./.github/actions/download_release_binaries
|
||||
|
||||
- name: Download CLI SBOM
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation.spdx.sbom
|
||||
|
||||
|
@ -256,12 +256,12 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
- name: Install Cosign
|
||||
uses: sigstore/cosign-installer@e1523de7571e31dbe865fd2e80c5c7c23ae71eb4 # v3.4.0
|
||||
uses: sigstore/cosign-installer@59acb6260d9c0ba8f4a2f9d9b48431a222b68e20 # v3.5.0
|
||||
|
||||
- name: Download Syft & Grype
|
||||
uses: ./.github/actions/install_syft_grype
|
||||
|
@ -296,13 +296,13 @@ jobs:
|
|||
COSIGN_PASSWORD: ${{ inputs.key == 'release' && secrets.COSIGN_PASSWORD || secrets.COSIGN_DEV_PASSWORD }}
|
||||
|
||||
- name: Upload Constellation CLI SBOM
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: constellation.spdx.sbom
|
||||
path: constellation.spdx.sbom
|
||||
|
||||
- name: Upload Constellation CLI SBOM's signature
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: constellation.spdx.sbom.sig
|
||||
path: constellation.spdx.sbom.sig
|
||||
|
@ -332,7 +332,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -340,7 +340,7 @@ jobs:
|
|||
uses: ./.github/actions/download_release_binaries
|
||||
|
||||
- name: Download CLI SBOM
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation.spdx.sbom
|
||||
|
||||
|
@ -407,7 +407,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
||||
|
@ -420,12 +420,12 @@ jobs:
|
|||
uses: ./.github/actions/download_release_binaries
|
||||
|
||||
- name: Download CLI SBOM
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation.spdx.sbom
|
||||
|
||||
- name: Download Constellation CLI SBOM's signature
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation.spdx.sbom.sig
|
||||
|
||||
|
|
|
@ -10,11 +10,6 @@ on:
|
|||
- "internal/api/**"
|
||||
- ".github/workflows/e2e-attestationconfigapi.yml"
|
||||
- "go.mod"
|
||||
pull_request:
|
||||
paths:
|
||||
- "internal/api/**"
|
||||
- ".github/workflows/e2e-attestationconfigapi.yml"
|
||||
- "go.mod"
|
||||
|
||||
jobs:
|
||||
e2e-api:
|
||||
|
@ -31,7 +26,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
# Don't trigger in forks, use head on pull requests, use default otherwise.
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || github.event.pull_request.head.sha || '' }}
|
||||
|
|
|
@ -14,7 +14,7 @@ jobs:
|
|||
id-token: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Cleanup
|
||||
uses: ./.github/actions/e2e_cleanup_timeframe
|
||||
|
|
|
@ -29,7 +29,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.ref || github.event.workflow_run.head_branch || github.head_ref }}
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ jobs:
|
|||
image-release-stable: ${{ steps.relabel-output.outputs.image-release-stable }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
@ -65,7 +65,7 @@ jobs:
|
|||
needs: [find-latest-image]
|
||||
steps:
|
||||
- name: Check out repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
@ -165,7 +165,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -311,7 +311,7 @@ jobs:
|
|||
run: brew install coreutils kubectl bash
|
||||
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ inputs.ref || github.head_ref }}
|
||||
|
|
|
@ -22,7 +22,7 @@ jobs:
|
|||
image-main-nightly: ${{ steps.relabel-output.outputs.image-main-nightly }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
@ -313,7 +313,7 @@ jobs:
|
|||
needs: [find-latest-image]
|
||||
steps:
|
||||
- name: Check out repository
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
@ -438,7 +438,7 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -174,13 +174,13 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout head
|
||||
if: inputs.git-ref == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.git-ref != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.git-ref }}
|
||||
|
||||
|
@ -211,13 +211,13 @@ jobs:
|
|||
|
||||
- name: Checkout head
|
||||
if: inputs.git-ref == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.git-ref != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ inputs.git-ref }}
|
||||
|
||||
|
|
|
@ -135,14 +135,14 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
if: inputs.gitRef == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.gitRef != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ inputs.gitRef }}
|
||||
|
@ -173,7 +173,7 @@ jobs:
|
|||
push: true
|
||||
|
||||
- name: Upload CLI binary
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: constellation-upgrade-${{ inputs.attestationVariant }}
|
||||
path: build/constellation
|
||||
|
@ -193,14 +193,14 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
if: inputs.gitRef == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.gitRef != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ inputs.gitRef }}
|
||||
|
@ -281,14 +281,14 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
if: inputs.gitRef == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.gitRef != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ inputs.gitRef }}
|
||||
|
@ -336,7 +336,7 @@ jobs:
|
|||
azure_credentials: ${{ secrets.AZURE_E2E_IAM_CREDENTIALS }}
|
||||
|
||||
- name: Download CLI
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-upgrade-${{ inputs.attestationVariant }}
|
||||
path: build
|
||||
|
@ -448,20 +448,20 @@ jobs:
|
|||
steps:
|
||||
- name: Checkout
|
||||
if: inputs.gitRef == 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Checkout ref
|
||||
if: inputs.gitRef != 'head'
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
ref: ${{ inputs.gitRef }}
|
||||
|
||||
- name: Download CLI
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: constellation-upgrade-${{ inputs.attestationVariant }}
|
||||
path: build
|
||||
|
|
|
@ -21,7 +21,7 @@ jobs:
|
|||
packages: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
@ -48,7 +48,7 @@ jobs:
|
|||
push: true
|
||||
|
||||
- name: Upload CLI artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
path: build/constellation.exe
|
||||
name: "constell-exe"
|
||||
|
@ -59,12 +59,12 @@ jobs:
|
|||
needs: build-cli
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Download CLI artifact
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
name: "constell-exe"
|
||||
|
||||
|
@ -189,7 +189,7 @@ jobs:
|
|||
inputs.scheduled
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ jobs:
|
|||
WORKING_BRANCH: ${{ env.WORKING_BRANCH }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
fetch-depth: 0 # fetch all history
|
||||
|
||||
|
@ -49,7 +49,7 @@ jobs:
|
|||
latest: ${{ steps.input-passthrough.outputs.latest }}${{ steps.check-last-release.outputs.latest }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Override latest
|
||||
if: github.event.inputs.latest == 'true'
|
||||
|
@ -123,7 +123,7 @@ jobs:
|
|||
contents: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Remove temporary branch
|
||||
run: git push origin --delete "${{needs.complete-release-branch-transaction.outputs.WORKING_BRANCH}}"
|
||||
|
@ -137,7 +137,7 @@ jobs:
|
|||
contents: read
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- uses: ./.github/actions/setup_bazel_nix
|
||||
with:
|
||||
|
|
|
@ -18,7 +18,7 @@ jobs:
|
|||
contents: read
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ github.head_ref }}
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ jobs:
|
|||
RELEASE_BRANCH: ${{ steps.version-info.outputs.RELEASE_BRANCH }}
|
||||
WORKING_BRANCH: ${{ steps.version-info.outputs.WORKING_BRANCH }}
|
||||
steps:
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Working branch
|
||||
run: echo "WORKING_BRANCH=$(git branch --show-current)" | tee -a "$GITHUB_ENV"
|
||||
|
@ -85,7 +85,7 @@ jobs:
|
|||
MAJOR_MINOR: ${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
|
||||
BRANCH: docs/${{ needs.verify-inputs.outputs.MAJOR_MINOR }}
|
||||
steps:
|
||||
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: main
|
||||
|
||||
|
@ -96,7 +96,7 @@ jobs:
|
|||
npm run docusaurus docs:version "${MAJOR_MINOR}"
|
||||
|
||||
- name: Create docs pull request
|
||||
uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
|
||||
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
|
||||
with:
|
||||
branch: ${{ env.BRANCH }}
|
||||
base: main
|
||||
|
@ -123,7 +123,7 @@ jobs:
|
|||
WORKING_BRANCH: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
|
||||
|
||||
|
@ -161,7 +161,7 @@ jobs:
|
|||
WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
|
||||
|
||||
|
@ -226,14 +226,14 @@ jobs:
|
|||
WITHOUT_V: ${{ needs.verify-inputs.outputs.WITHOUT_V }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ needs.verify-inputs.outputs.WORKING_BRANCH }}
|
||||
|
||||
- name: Setup Go environment
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
||||
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
|
||||
with:
|
||||
go-version: "1.22.2"
|
||||
go-version: "1.22.3"
|
||||
cache: true
|
||||
|
||||
- name: Build generateMeasurements tool
|
||||
|
|
|
@ -31,7 +31,7 @@ jobs:
|
|||
runs-on: ${{ matrix.runner }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
@ -60,13 +60,13 @@ jobs:
|
|||
run: shasum -a 256 "${binary}" | tee "${binary}.sha256"
|
||||
|
||||
- name: Upload binary artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: "binaries-${{ matrix.target }}-${{ matrix.runner }}"
|
||||
path: "${{ env.binary }}"
|
||||
|
||||
- name: Upload hash artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}"
|
||||
path: "${{ env.binary }}.sha256"
|
||||
|
@ -87,7 +87,7 @@ jobs:
|
|||
runs-on: ${{ matrix.runner }}
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
@ -116,13 +116,13 @@ jobs:
|
|||
run: shasum -a 256 "${binary}" | tee "${binary}.sha256"
|
||||
|
||||
- name: Upload binary artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: "osimages-${{ matrix.target }}-${{ matrix.runner }}"
|
||||
path: "${{ env.binary }}"
|
||||
|
||||
- name: Upload hash artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: "sha256sums-${{ matrix.target }}-${{ matrix.runner }}"
|
||||
path: "${{ env.binary }}.sha256"
|
||||
|
@ -145,7 +145,7 @@ jobs:
|
|||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Download binaries
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
pattern: "binaries-${{ matrix.target }}-*"
|
||||
merge-multiple: true
|
||||
|
@ -179,7 +179,7 @@ jobs:
|
|||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Download os images
|
||||
uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2
|
||||
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
|
||||
with:
|
||||
pattern: "osimages-${{ matrix.target }}-*"
|
||||
merge-multiple: true
|
||||
|
|
|
@ -18,7 +18,7 @@ jobs:
|
|||
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
|
@ -30,13 +30,13 @@ jobs:
|
|||
publish_results: true
|
||||
|
||||
- name: Upload artifact
|
||||
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: SARIF file
|
||||
path: results.sarif
|
||||
retention-days: 5
|
||||
|
||||
- name: Upload to code-scanning
|
||||
uses: github/codeql-action/upload-sarif@cf7e9f23492505046de9a37830c3711dd0f25bb3 # v2.16.2
|
||||
uses: github/codeql-action/upload-sarif@ceaec5c11a131e0d282ff3b6f095917d234caace # v2.25.3
|
||||
with:
|
||||
sarif_file: results.sarif
|
||||
|
|
|
@ -18,14 +18,14 @@ jobs:
|
|||
pull-requests: write
|
||||
steps:
|
||||
- name: Checkout constellation repo
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
fetch-depth: 0
|
||||
path: constellation
|
||||
|
||||
- name: Checkout terraform-provider-constellation repo
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
repository: edgelesssys/terraform-provider-constellation
|
||||
ref: main
|
||||
|
@ -40,7 +40,7 @@ jobs:
|
|||
|
||||
- name: Create pull request
|
||||
id: create-pull-request
|
||||
uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
|
||||
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
|
||||
with:
|
||||
path: terraform-provider-constellation
|
||||
branch: "feat/docs/update"
|
||||
|
|
|
@ -25,7 +25,7 @@ jobs:
|
|||
CTEST_OUTPUT_ON_FAILURE: True
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -21,14 +21,14 @@ jobs:
|
|||
runs-on: ubuntu-22.04
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
- name: Setup Go environment
|
||||
uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
|
||||
uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1
|
||||
with:
|
||||
go-version: "1.22.2"
|
||||
go-version: "1.22.3"
|
||||
cache: true
|
||||
|
||||
- name: Run code generation
|
||||
|
|
|
@ -23,7 +23,7 @@ jobs:
|
|||
pull-requests: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -17,7 +17,7 @@ jobs:
|
|||
contents: read
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
# No token available for forks, so we can't push changes
|
||||
|
|
|
@ -30,7 +30,7 @@ jobs:
|
|||
pull-requests: write
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
fetch-depth: 0
|
||||
|
|
|
@ -13,7 +13,7 @@ jobs:
|
|||
contents: read
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
|
||||
- name: Assume AWS role to upload Bazel dependencies to S3
|
||||
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
|
||||
|
@ -40,7 +40,7 @@ jobs:
|
|||
fi
|
||||
|
||||
- name: Create pull request
|
||||
uses: peter-evans/create-pull-request@b1ddad2c994a25fbc81a28b3ec0e368bb2021c50 # v6.0.0
|
||||
uses: peter-evans/create-pull-request@6d6857d36972b65feb161a90e484f2984215f83e # v6.0.5
|
||||
with:
|
||||
branch: "image/automated/update-rpms-${{ github.run_number }}"
|
||||
base: main
|
||||
|
|
|
@ -115,7 +115,7 @@ jobs:
|
|||
steps:
|
||||
- name: Check out repository
|
||||
id: checkout
|
||||
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
|
||||
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
|
||||
with:
|
||||
ref: ${{ !github.event.pull_request.head.repo.fork && github.head_ref || '' }}
|
||||
|
||||
|
|
|
@ -6,7 +6,7 @@ RUN apt-get update && apt-get install -y \
|
|||
git
|
||||
|
||||
# Install Go
|
||||
ARG GO_VER=1.22.2
|
||||
ARG GO_VER=1.22.3
|
||||
RUN wget -q https://go.dev/dl/go${GO_VER}.linux-amd64.tar.gz && \
|
||||
tar -C /usr/local -xzf go${GO_VER}.linux-amd64.tar.gz && \
|
||||
rm go${GO_VER}.linux-amd64.tar.gz
|
||||
|
|
|
@ -170,7 +170,7 @@ load("@io_bazel_rules_go//go:deps.bzl", "go_download_sdk", "go_register_toolchai
|
|||
go_download_sdk(
|
||||
name = "go_sdk",
|
||||
patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"],
|
||||
version = "1.22.2",
|
||||
version = "1.22.3",
|
||||
)
|
||||
|
||||
go_rules_dependencies()
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
# Bump Go version
|
||||
|
||||
`govulncheck` from the bazel `check` target will fail if our code is vulnerable, which is often the case when a patch version was released with security fixes.
|
||||
|
||||
## Steps
|
||||
|
@ -6,5 +7,13 @@
|
|||
Replace "1.xx.x" with the new version in [WORKSPACE.bazel](/WORKSPACE.bazel):
|
||||
|
||||
```starlark
|
||||
go_register_toolchains(version = "1.xx.x")
|
||||
load("@io_bazel_rules_go//go:deps.bzl", "go_download_sdk", "go_register_toolchains", "go_rules_dependencies")
|
||||
|
||||
go_download_sdk(
|
||||
name = "go_sdk",
|
||||
patches = ["//3rdparty/bazel/org_golang:go_tls_max_handshake_size.patch"],
|
||||
version = "1.xx.x", <--- Replace this one
|
||||
~~~~~~~~
|
||||
)
|
||||
|
||||
```
|
||||
|
|
4
go.work
4
go.work
|
@ -1,6 +1,6 @@
|
|||
go 1.22.2
|
||||
go 1.22.3
|
||||
|
||||
toolchain go1.22.2
|
||||
toolchain go1.22.3
|
||||
|
||||
use (
|
||||
.
|
||||
|
|
|
@ -33,14 +33,6 @@ import (
|
|||
// Also, the charts are not rendered correctly without all of these values.
|
||||
func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, output state.Infrastructure) map[string]any {
|
||||
extraVals := map[string]any{}
|
||||
if conformanceMode {
|
||||
extraVals["kubeProxyReplacementHealthzBindAddr"] = ""
|
||||
extraVals["kubeProxyReplacement"] = "partial"
|
||||
extraVals["sessionAffinity"] = true
|
||||
extraVals["cni"] = map[string]any{
|
||||
"chainingMode": "portmap",
|
||||
}
|
||||
}
|
||||
|
||||
strictMode := map[string]any{}
|
||||
// TODO(@3u13r): Once we are able to set the subnet of the load balancer VMs
|
||||
|
@ -75,6 +67,21 @@ func extraCiliumValues(provider cloudprovider.Provider, conformanceMode bool, ou
|
|||
},
|
||||
}
|
||||
|
||||
if conformanceMode {
|
||||
extraVals["kubeProxyReplacementHealthzBindAddr"] = ""
|
||||
extraVals["kubeProxyReplacement"] = "false"
|
||||
extraVals["sessionAffinity"] = true
|
||||
extraVals["cni"] = map[string]any{
|
||||
"chainingMode": "portmap",
|
||||
}
|
||||
extraVals["ipMasqAgent"] = map[string]any{
|
||||
"enabled": false,
|
||||
}
|
||||
extraVals["bpf"] = map[string]any{
|
||||
"masquerade": false,
|
||||
}
|
||||
}
|
||||
|
||||
return extraVals
|
||||
}
|
||||
|
||||
|
|
|
@ -42,44 +42,44 @@
|
|||
"prPriority": -30,
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^k8s.io", "^sigs.k8s.io"],
|
||||
"matchDepPatterns": ["^k8s.io", "^sigs.k8s.io"],
|
||||
"groupName": "K8s dependencies",
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^go.etcd.io/etcd"],
|
||||
"matchDepPatterns": ["^go.etcd.io/etcd"],
|
||||
"groupName": "etcd dependencies",
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^github.com/hashicorp/go-kms-wrapping"],
|
||||
"matchDepPatterns": ["^github.com/hashicorp/go-kms-wrapping"],
|
||||
"groupName": "github.com/hashicorp/go-kms-wrapping",
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^github.com/aws/aws-sdk-go-v2"],
|
||||
"matchDepPatterns": ["^github.com/aws/aws-sdk-go-v2"],
|
||||
"groupName": "AWS SDK",
|
||||
"prPriority": -10,
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": [
|
||||
"matchDepPatterns": [
|
||||
"^github.com/Azure/",
|
||||
"^github.com/AzureAD/microsoft-authentication-library-for-go",
|
||||
],
|
||||
"groupName": "Azure SDK",
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^cloud.google.com/go"],
|
||||
"matchDepPatterns": ["^cloud.google.com/go"],
|
||||
"groupName": "Google SDK",
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^google.golang.org/genproto"],
|
||||
"matchDepPatterns": ["^google.golang.org/genproto"],
|
||||
"prPriority": -10,
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["^libvirt.org/go"],
|
||||
"matchDepPatterns": ["^libvirt.org/go"],
|
||||
"groupName": "libvirt.org/go",
|
||||
},
|
||||
{
|
||||
"matchManagers": ["bazelisk", "bazel", "bazel-module"],
|
||||
"matchPackageNames": ["bazel", "io_bazel_rules_go", "bazel_gazelle"],
|
||||
"matchDepNames": ["bazel", "io_bazel_rules_go", "bazel_gazelle"],
|
||||
"groupName": "bazel (core)",
|
||||
},
|
||||
{
|
||||
|
@ -105,14 +105,14 @@
|
|||
],
|
||||
},
|
||||
{
|
||||
"matchPackageNames": ["kubernetes/kubernetes"],
|
||||
"matchDepNames": ["kubernetes/kubernetes"],
|
||||
// example match: v1.2.3 (1.2 -> compatibility, 3 -> patch)
|
||||
"versioning": "regex:^(?<compatibility>v?\\d+\\.\\d+\\.)(?<patch>\\d+)$",
|
||||
"groupName": "Kubernetes versions",
|
||||
"prPriority": 15,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": [
|
||||
"matchDepNames": [
|
||||
"registry.k8s.io/provider-aws/cloud-controller-manager",
|
||||
],
|
||||
// example match: v1.2.3 (1.2 -> compatibility, 3 -> patch)
|
||||
|
@ -121,7 +121,7 @@
|
|||
"prPriority": 15,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": [
|
||||
"matchDepNames": [
|
||||
"mcr.microsoft.com/oss/kubernetes/azure-cloud-controller-manager",
|
||||
"mcr.microsoft.com/oss/kubernetes/azure-cloud-node-manager",
|
||||
],
|
||||
|
@ -131,7 +131,7 @@
|
|||
"prPriority": 15,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": [
|
||||
"matchDepNames": [
|
||||
"docker.io/k8scloudprovider/openstack-cloud-controller-manager",
|
||||
],
|
||||
// example match: v1.2.3 (1.2 -> compatibility, 3 -> patch)
|
||||
|
@ -140,14 +140,14 @@
|
|||
"prPriority": 15,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": ["registry.k8s.io/autoscaling/cluster-autoscaler"],
|
||||
"matchDepNames": ["registry.k8s.io/autoscaling/cluster-autoscaler"],
|
||||
// example match: v1.2.3 (1.2 -> compatibility, 3 -> patch)
|
||||
"versioning": "regex:^(?<compatibility>v?\\d+\\.\\d+\\.)(?<patch>\\d+)$",
|
||||
"groupName": "K8s constrained GCP versions",
|
||||
"prPriority": 15,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": ["ghcr.io/edgelesssys/cloud-provider-gcp"],
|
||||
"matchDepNames": ["ghcr.io/edgelesssys/cloud-provider-gcp"],
|
||||
// example match: v1.2.3 (1. -> compatibility, 2 -> minor, 3 -> patch)
|
||||
"versioning": "regex:^(?<compatibility>v\\d+\\.)(?<minor>\\d+)\\.(?<patch>\\d+)$",
|
||||
"groupName": "cloud-provider-gcp (K8s version constrained)",
|
||||
|
@ -166,7 +166,7 @@
|
|||
"prPriority": 20,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": [
|
||||
"matchDepNames": [
|
||||
"registry.k8s.io/kas-network-proxy/proxy-agent",
|
||||
"registry.k8s.io/kas-network-proxy/proxy-server",
|
||||
],
|
||||
|
@ -175,7 +175,7 @@
|
|||
"prPriority": 15,
|
||||
},
|
||||
{
|
||||
"matchPackageNames": ["^k8s.io/client-go"],
|
||||
"matchDepNames": ["^k8s.io/client-go"],
|
||||
"matchUpdateTypes": ["major"],
|
||||
"enabled": false,
|
||||
},
|
||||
|
@ -185,11 +185,11 @@
|
|||
},
|
||||
{
|
||||
"matchManagers": ["github-actions"],
|
||||
"matchPackageNames": ["slsa-framework/slsa-github-generator"],
|
||||
"matchDepNames": ["slsa-framework/slsa-github-generator"],
|
||||
"pinDigests": false,
|
||||
},
|
||||
{
|
||||
"matchPackagePatterns": ["_(darwin|linux)_(arm64|amd64)$"],
|
||||
"matchDepPatterns": ["_(darwin|linux)_(arm64|amd64)$"],
|
||||
"additionalBranchPrefix": "{{packageName}}-",
|
||||
"groupName": "{{packageName}}",
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue