mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
f032508c54
* Configure renovate * pin remaining github actions Signed-off-by: Fabian Kammel <fk@edgeless.systems> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
81 lines
2.5 KiB
YAML
81 lines
2.5 KiB
YAML
name: Fetch, validate and report SNP report data.
|
|
on:
|
|
workflow_dispatch:
|
|
schedule:
|
|
- cron: "0 14 * * 0"
|
|
|
|
# Abort runs of *this* workflow, if a new commit with the same ref is pushed that is not main.
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
|
|
|
|
jobs:
|
|
build-snp-reporter:
|
|
name: "Build SNP-reporter container"
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # tag=v3.3.0
|
|
with:
|
|
go-version: 1.19.2
|
|
|
|
- name: Build and upload azure SNP reporter container image
|
|
id: build-and-upload
|
|
uses: ./.github/actions/build_micro_service
|
|
with:
|
|
name: azure-snp-reporter
|
|
dockerfile: ./hack/azure-snp-report-verify/Dockerfile
|
|
githubToken: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
fetch-snp-report:
|
|
needs: build-snp-reporter
|
|
name: "Fetch SNP report"
|
|
runs-on: [self-hosted, azure-cvm]
|
|
env:
|
|
SHELL: /bin/bash
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
|
|
|
|
- name: Fetch SNP report
|
|
uses: ./.github/actions/azure_snp_reporter
|
|
with:
|
|
outputPath: ${{ github.workspace }}/maa-report.jwt
|
|
|
|
- name: Upload report JWT
|
|
uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
|
|
with:
|
|
name: maa-report.jwt
|
|
path: "${{ github.workspace }}/maa-report.jwt"
|
|
|
|
validate-snp-report:
|
|
needs: fetch-snp-report
|
|
name: "Validate SNP report"
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
SHELL: /bin/bash
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
|
|
with:
|
|
submodules: recursive
|
|
token: ${{ secrets.CI_GITHUB_REPOSITORY }}
|
|
|
|
- name: Set up Go
|
|
uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f # tag=v3.3.0
|
|
with:
|
|
go-version: 1.19.2
|
|
|
|
- name: Download report JWT
|
|
uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741 # tag=v3.0.0
|
|
with:
|
|
name: "maa-report.jwt"
|
|
path: "."
|
|
|
|
- name: Verify report
|
|
shell: bash
|
|
run: go run ./hack/azure-snp-report-verify/verify.go $(cat ./maa-report.jwt)
|