name: Generate measurements description: "Generates measurements for a specific image" inputs: cloudProvider: description: "Which cloud provider to use." required: true osImage: description: "OS image to run." required: true isDebugImage: description: "Is OS img a debug img?" required: true workerNodesCount: description: "Number of worker nodes to spawn." required: false default: "1" controlNodesCount: description: "Number of control-plane nodes to spawn." required: false default: "1" machineType: description: "VM machine type. Make sure it matches selected cloud provider!" required: false kubernetesVersion: description: "Kubernetes version to create the cluster from." required: false default: "1.23" gcpProject: description: "The GCP project to deploy Constellation in." required: false gcp_service_account_json: description: "Service account with permissions to create Constellation on GCP." required: false gcpClusterServiceAccountKey: description: "Service account to use inside the created Constellation cluster on GCP." required: false azureSubscription: description: "The Azure subscription ID to deploy Constellation in." required: false azureTenant: description: "The Azure tenant ID to deploy Constellation in." required: false azureClientID: description: "The client ID of the application registration created for Constellation in Azure." required: false azureClientSecret: description: "The client secret value of the used secret" required: false azureResourceGroup: description: "The resource group to use" required: false azureUserAssignedIdentity: description: "The Azure user assigned identity to use for Constellation." required: false cosignPublicKey: description: "Cosign public key to sign measurements." required: true cosignPrivateKey: description: "Cosign private key to sign measurements." required: true cosignPassword: description: "Cosign password for private key." required: true awsAccessKeyID: description: "AWS access key ID to upload measurements." required: true awsSecretAccessKey: description: "AWS secrets access key to upload measurements." required: true awsDefaultRegion: description: "AWS region of S3 bucket. to upload measurements." required: true awsBucketName: description: "AWS S3 bucket name to upload measurements." required: true outputs: kubeconfig: description: "Kubeconfig file of the created cluster." value: ${{ steps.create-cluster.outputs.kubeconfig }} runs: using: "composite" steps: - name: Build CLI uses: ./.github/actions/build_cli - name: Build the bootstrapper id: build-bootstrapper uses: ./.github/actions/build_bootstrapper if: ${{ inputs.isDebugImage == 'true' }} - name: Build cdbg id: build-cdbg uses: ./.github/actions/build_cdbg if: ${{ inputs.isDebugImage == 'true' }} - name: Login to GCP uses: ./.github/actions/login_gcp with: gcp_service_account_json: ${{ inputs.gcp_service_account_json }} if: ${{ inputs.cloudProvider == 'gcp' }} - name: Create cluster id: create-cluster uses: ./.github/actions/constellation_create with: cloudProvider: ${{ inputs.cloudProvider }} gcpProject: ${{ inputs.gcpProject }} gcpClusterServiceAccountKey: ${{ inputs.gcpClusterServiceAccountKey }} workerNodesCount: ${{ inputs.workerNodesCount }} controlNodesCount: ${{ inputs.controlNodesCount }} machineType: ${{ inputs.machineType }} osImage: ${{ inputs.osImage }} isDebugImage: ${{ inputs.isDebugImage }} kubernetesVersion: ${{ inputs.kubernetesVersion }} azureSubscription: ${{ inputs.azureSubscription }} azureTenant: ${{ inputs.azureTenant }} azureClientID: ${{ inputs.azureClientID }} azureClientSecret: ${{ inputs.azureClientSecret }} azureUserAssignedIdentity: ${{ inputs.azureUserAssignedIdentity }} azureResourceGroup: ${{ inputs.azureResourceGroup }} - name: Measure cluster uses: ./.github/actions/constellation_measure with: cloudProvider: ${{ inputs.cloudProvider }} cosignPublicKey: ${{ inputs.cosignPublicKey }} cosignPrivateKey: ${{ inputs.cosignPrivateKey }} cosignPassword: ${{ inputs.cosignPassword }} awsAccessKeyID: ${{ inputs.awsAccessKeyID }} awsSecretAccessKey: ${{ inputs.awsSecretAccessKey }} awsDefaultRegion: ${{ inputs.awsDefaultRegion }} awsBucketName: ${{ inputs.awsBucketName }}