constellation/.github/actions/e2e_verify/action.yml
Fabian Kammel 4c5ab7c5e9
ci: refactor image measurement generation (#1152)
* Merge measurements.image.json and measurements.json into latter.
* Use static (known) measurement values for the ones we cannot precompute.
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2023-02-09 13:33:17 +01:00

35 lines
1.4 KiB
YAML

name: Constellation verify
description: "Verify a Constellation cluster."
inputs:
osImage:
description: "The OS image used in the cluster."
required: true
cloudProvider:
description: "The cloud provider used in the cluster."
required: true
runs:
using: "composite"
steps:
- name: Clear current measurements
shell: bash
run: |
yq -i 'del(.provider.${{ inputs.cloudProvider }}.measurements)' constellation-conf.yaml
- name: Fetch & write measurements
shell: bash
run: |
MEASUREMENTS=$(curl -fsSL https://cdn.confidential.cloud/constellation/v1/${{ inputs.osImage }}/image/csp/${{ inputs.cloudProvider }}/measurements.json | jq '.measurements' -r)
for key in $(echo $MEASUREMENTS | jq 'keys[]' -r); do
echo Updating $key to $(echo $MEASUREMENTS | jq ".\"$key\"" -r)
yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key] = $(echo $MEASUREMENTS | jq ".\"$key\"")" constellation-conf.yaml
yq -i ".provider.${{ inputs.cloudProvider }}.measurements.[$key].warnOnly = false" constellation-conf.yaml
done
yq -i '.provider.${{ inputs.cloudProvider }}.measurements |= array_to_map' constellation-conf.yaml
cat constellation-conf.yaml
- name: Constellation verify
shell: bash
run: constellation verify --cluster-id $(jq -r ".clusterID" constellation-id.json)