Skip to content

Commit

Permalink
ci: canonicalize input name
Browse files Browse the repository at this point in the history
  • Loading branch information
msanft committed Dec 22, 2023
1 parent ccdf3bf commit 041ad08
Show file tree
Hide file tree
Showing 17 changed files with 49 additions and 49 deletions.
4 changes: 2 additions & 2 deletions .github/actions/artifact_download/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ inputs:
description: 'Download to a specified path.'
required: false
default: ./
encryptionSecret:
encryption-secret:
description: 'The secret to use for decrypting the artifact.'
required: true

Expand Down Expand Up @@ -37,4 +37,4 @@ runs:
shell: bash
run: |
mkdir -p ${{ inputs.path }}
unzip -P '${{ inputs.encryptionSecret }}' -qq -d ${{ inputs.path }} ${{ steps.tempdir.outputs.directory }}/archive.zip
unzip -P '${{ inputs.encryption-secret }}' -qq -d ${{ inputs.path }} ${{ steps.tempdir.outputs.directory }}/archive.zip
4 changes: 2 additions & 2 deletions .github/actions/artifact_upload/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ inputs:
retention-days:
description: 'How long the artifact should be retained for.'
default: 60
encryptionSecret:
encryption-secret:
description: 'The secret to use for encrypting the files.'
required: true

Expand Down Expand Up @@ -58,7 +58,7 @@ runs:
for target in ${paths}
do
pushd "$(dirname "${target}")" || exit 1
zip -e -P '${{ inputs.encryptionSecret }}' -r "${{ steps.tempdir.outputs.directory }}/archive.zip" "$(basename "${target}")"
zip -e -P '${{ inputs.encryption-secret }}' -r "${{ steps.tempdir.outputs.directory }}/archive.zip" "$(basename "${target}")"
popd || exit 1
done
Expand Down
4 changes: 2 additions & 2 deletions .github/actions/constellation_create/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,7 @@ inputs:
force:
description: "Set the force-flag on apply to ignore version mismatches."
required: false
encryptionSecret:
encryption-secret:
description: "The secret to use for encrypting the artifact."
required: true

Expand Down Expand Up @@ -267,4 +267,4 @@ runs:
name: serial-logs-${{ inputs.artifactNameSuffix }}
path: >
!(terraform).log
encryptionSecret: ${{ inputs.encryptionSecret }}
encryption-secret: ${{ inputs.encryption-secret }}
8 changes: 4 additions & 4 deletions .github/actions/e2e_benchmark/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ inputs:
awsOpenSearchPwd:
description: "AWS OpenSearch Password to upload the results."
required: false
encryptionSecret:
encryption-secret:
description: 'The secret to use for encrypting the artifact.'
required: true

Expand Down Expand Up @@ -100,7 +100,7 @@ runs:
with:
path: "out/fio-constellation-${{ inputs.cloudProvider }}.json"
name: "fio-constellation-${{ inputs.cloudProvider }}.json"
encryptionSecret: ${{ inputs.encryptionSecret }}
encryption-secret: ${{ inputs.encryption-secret }}

- name: Run knb benchmark
shell: bash
Expand All @@ -122,7 +122,7 @@ runs:
with:
path: "out/knb-constellation-${{ inputs.cloudProvider }}.json"
name: "knb-constellation-${{ inputs.cloudProvider }}.json"
encryptionSecret: ${{ inputs.encryptionSecret }}
encryption-secret: ${{ inputs.encryption-secret }}

- name: Assume AWS role to retrieve and update benchmarks in S3
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
Expand Down Expand Up @@ -176,7 +176,7 @@ runs:
path: >
benchmarks/constellation-${{ inputs.cloudProvider }}.json
name: "benchmarks"
encryptionSecret: ${{ inputs.encryptionSecret }}
encryption-secret: ${{ inputs.encryption-secret }}

- name: Upload benchmark results to opensearch
if: (!env.ACT)
Expand Down
4 changes: 2 additions & 2 deletions .github/actions/e2e_sonobuoy/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ inputs:
kubeconfig:
description: "The kubeconfig of the cluster to test."
required: true
encryptionSecret:
encryption-secret:
description: 'The secret to use for encrypting the artifact.'
required: true

Expand Down Expand Up @@ -51,7 +51,7 @@ runs:
with:
name: "sonobuoy-logs-${{ inputs.artifactNameSuffix }}.tar.gz"
path: "*_sonobuoy_*.tar.gz"
encryptionSecret: ${{ inputs.encryptionSecret }}
encryption-secret: ${{ inputs.encryption-secret }}

# Only works on "sonobuoy full" tests (e2e plugin)
- name: Extract test results
Expand Down
10 changes: 5 additions & 5 deletions .github/actions/e2e_test/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ inputs:
force:
description: "Set the force-flag on apply to ignore version mismatches."
required: false
encryptionSecret:
encryption-secret:
description: 'The secret to use for decrypting the artifact.'
required: true

Expand Down Expand Up @@ -299,7 +299,7 @@ runs:
clusterCreation: ${{ inputs.clusterCreation }}
marketplaceImageVersion: ${{ inputs.marketplaceImageVersion }}
force: ${{ inputs.force }}
encryptionSecret: ${{ inputs.encryptionSecret }}
encryption-secret: ${{ inputs.encryption-secret }}

- name: Deploy log- and metrics-collection (Kubernetes)
id: deploy-logcollection
Expand Down Expand Up @@ -334,7 +334,7 @@ runs:
sonobuoyTestSuiteCmd: "--mode quick"
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
artifactNameSuffix: ${{ steps.create-prefix.outputs.prefix }}
encryptionSecret: ${{ inputs.encryptionSecret }}
encryption-secret: ${{ inputs.encryption-secret }}

- name: Run sonobuoy full test
if: inputs.test == 'sonobuoy full'
Expand All @@ -344,7 +344,7 @@ runs:
sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml'
kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }}
artifactNameSuffix: ${{ steps.create-prefix.outputs.prefix }}
encryptionSecret: ${{ inputs.encryptionSecret }}
encryption-secret: ${{ inputs.encryption-secret }}

- name: Run autoscaling test
if: inputs.test == 'autoscaling'
Expand All @@ -367,7 +367,7 @@ runs:
awsOpenSearchDomain: ${{ inputs.awsOpenSearchDomain }}
awsOpenSearchUsers: ${{ inputs.awsOpenSearchUsers }}
awsOpenSearchPwd: ${{ inputs.awsOpenSearchPwd }}
encryptionSecret: ${{ inputs.encryptionSecret }}
encryption-secret: ${{ inputs.encryption-secret }}

- name: Run constellation verify test
if: inputs.test == 'verify'
Expand Down
4 changes: 2 additions & 2 deletions .github/actions/upload_terraform_module/action.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
name: Upload Terraform infrastructure module
description: "Upload the Terraform infrastructure module as an artifact."
inputs:
encryptionSecret:
encryption-secret:
description: 'The secret to use for encrypting the artifact.'
required: true

Expand All @@ -24,7 +24,7 @@ runs:
with:
name: terraform-module
path: terraform-module.zip
encryptionSecret: ${{ inputs.encryptionSecret }}
encryption-secret: ${{ inputs.encryption-secret }}

- name: Cleanup Terraform module dir
shell: bash
Expand Down
20 changes: 10 additions & 10 deletions .github/workflows/build-os-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -182,7 +182,7 @@ jobs:
with:
name: image-${{ matrix.csp }}-${{ matrix.attestation_variant }}
path: ${{ steps.build.outputs.image-dir }}/constellation.raw
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Upload individual OS parts as artifacts
uses: ./.github/actions/artifact_upload
Expand All @@ -192,14 +192,14 @@ jobs:
${{ steps.build.outputs.image-dir }}/constellation.efi
${{ steps.build.outputs.image-dir }}/constellation.initrd
${{ steps.build.outputs.image-dir }}/constellation.vmlinuz
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Upload sbom info as artifact
uses: ./.github/actions/artifact_upload
with:
name: sbom-${{ matrix.csp }}-${{ matrix.attestation_variant }}
path: ${{ steps.build.outputs.rpmdb }}
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

upload-os-image:
name: "Upload OS image to CSP"
Expand Down Expand Up @@ -248,7 +248,7 @@ jobs:
with:
name: image-${{ matrix.csp }}-${{ matrix.attestation_variant }}
path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}_${{ matrix.attestation_variant }}/fedora~38
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Install tools
shell: bash
Expand Down Expand Up @@ -362,7 +362,7 @@ jobs:
with:
name: lookup-table
path: ${{ github.workspace }}/image/mkosi.output.*/*/image-upload*.json
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

calculate-pcrs:
name: "Calculate PCRs"
Expand Down Expand Up @@ -399,7 +399,7 @@ jobs:
uses: ./.github/actions/artifact_download
with:
name: image-${{ matrix.csp }}-${{ matrix.attestation_variant }}
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- uses: ./.github/actions/setup_bazel_nix
with:
Expand Down Expand Up @@ -546,7 +546,7 @@ jobs:
with:
name: measurements
path: pcrs-${{ matrix.csp }}-${{ matrix.attestation_variant }}.json
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

upload-pcrs:
name: "Sign & upload PCRs"
Expand All @@ -569,7 +569,7 @@ jobs:
uses: ./.github/actions/artifact_download
with:
name: measurements
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Login to AWS
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
Expand Down Expand Up @@ -657,7 +657,7 @@ jobs:
# downloading / using only the QEMU manifest is fine
# since the images only differ in the ESP partition
name: sbom-qemu-qemu-vtpm
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Upload SBOMs to S3
shell: bash
Expand Down Expand Up @@ -688,7 +688,7 @@ jobs:
uses: ./.github/actions/artifact_download
with:
name: lookup-table
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Login to AWS
uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/draft-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,7 @@ jobs:
- name: Upload Terraform infrastructure module
uses: ./.github/actions/upload_terraform_module
with:
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

push-containers:
runs-on: ubuntu-22.04
Expand Down Expand Up @@ -232,7 +232,7 @@ jobs:
uses: ./.github/actions/artifact_download
with:
name: constellation.spdx.sbom
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Generate provenance subjects
id: provenance-subjects
Expand Down Expand Up @@ -346,13 +346,13 @@ jobs:
uses: ./.github/actions/artifact_download
with:
name: constellation.spdx.sbom
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Download provenance
uses: ./.github/actions/artifact_download
with:
name: ${{ needs.provenance.outputs.provenance-name }}
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Install slsa-verifier
run: |
Expand Down Expand Up @@ -426,19 +426,19 @@ jobs:
uses: ./.github/actions/artifact_download
with:
name: constellation.spdx.sbom
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Download Constellation CLI SBOM's signature
uses: ./.github/actions/artifact_download
with:
name: constellation.spdx.sbom.sig
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Download Constellation provenance
uses: ./.github/actions/artifact_download
with:
name: ${{ needs.provenance.outputs.provenance-name }}
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Rename provenance file
run: |
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/e2e-test-daily.yml
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ jobs:
awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }}
awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }}
clusterCreation: "cli"
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Always terminate cluster
if: always()
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/e2e-test-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -265,7 +265,7 @@ jobs:
clusterCreation: ${{ matrix.clusterCreation }}
s3AccessKey: ${{ secrets.AWS_ACCESS_KEY_ID_S3PROXY }}
s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }}
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Always terminate cluster
if: always()
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/e2e-test-weekly.yml
Original file line number Diff line number Diff line change
Expand Up @@ -305,7 +305,7 @@ jobs:
clusterCreation: ${{ matrix.clusterCreation }}
s3AccessKey: ${{ secrets.AWS_ACCESS_KEY_ID_S3PROXY }}
s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }}
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Always terminate cluster
if: always()
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/e2e-test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -246,7 +246,7 @@ jobs:
s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }}
marketplaceImageVersion: ${{ inputs.marketplaceImageVersion }}
force: ${{ inputs.force }}
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Always terminate cluster
if: always()
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/e2e-upgrade.yml
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ jobs:
awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }}
awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }}
clusterCreation: "cli"
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Remove Terraform plugin cache
if: always()
Expand Down Expand Up @@ -471,7 +471,7 @@ jobs:
node-operator.logs
node-maintenance-operator.logs
constellation-version.yaml
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Always terminate cluster
if: always()
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/e2e-windows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
with:
path: "bazel-bin/cli/cli_enterprise_windows_amd64"
name: "constell-exe"
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

e2e-test:
name: E2E Test Windows
Expand All @@ -54,7 +54,7 @@ jobs:
uses: ./.github/actions/artifact_download
with:
name: "constell-exe"
encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}
encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }}

- name: Check CLI version
shell: pwsh
Expand Down
Loading

0 comments on commit 041ad08

Please sign in to comment.