diff --git a/.github/actions/artifact_download/action.yml b/.github/actions/artifact_download/action.yml index 5db482d3d11..9eb16d77d29 100644 --- a/.github/actions/artifact_download/action.yml +++ b/.github/actions/artifact_download/action.yml @@ -9,7 +9,7 @@ inputs: description: 'Download to a specified path.' required: false default: ./ - encryptionSecret: + encryption-secret: description: 'The secret to use for decrypting the artifact.' required: true @@ -37,4 +37,4 @@ runs: shell: bash run: | mkdir -p ${{ inputs.path }} - unzip -P '${{ inputs.encryptionSecret }}' -qq -d ${{ inputs.path }} ${{ steps.tempdir.outputs.directory }}/archive.zip + unzip -P '${{ inputs.encryption-secret }}' -qq -d ${{ inputs.path }} ${{ steps.tempdir.outputs.directory }}/archive.zip diff --git a/.github/actions/artifact_upload/action.yml b/.github/actions/artifact_upload/action.yml index 8de9b113ae6..f6a5ec9bf9e 100644 --- a/.github/actions/artifact_upload/action.yml +++ b/.github/actions/artifact_upload/action.yml @@ -11,7 +11,7 @@ inputs: retention-days: description: 'How long the artifact should be retained for.' default: 60 - encryptionSecret: + encryption-secret: description: 'The secret to use for encrypting the files.' required: true @@ -58,7 +58,7 @@ runs: for target in ${paths} do pushd "$(dirname "${target}")" || exit 1 - zip -e -P '${{ inputs.encryptionSecret }}' -r "${{ steps.tempdir.outputs.directory }}/archive.zip" "$(basename "${target}")" + zip -e -P '${{ inputs.encryption-secret }}' -r "${{ steps.tempdir.outputs.directory }}/archive.zip" "$(basename "${target}")" popd || exit 1 done diff --git a/.github/actions/constellation_create/action.yml b/.github/actions/constellation_create/action.yml index e009803c944..cb264283b64 100644 --- a/.github/actions/constellation_create/action.yml +++ b/.github/actions/constellation_create/action.yml @@ -59,7 +59,7 @@ inputs: force: description: "Set the force-flag on apply to ignore version mismatches." required: false - encryptionSecret: + encryption-secret: description: "The secret to use for encrypting the artifact." required: true @@ -267,4 +267,4 @@ runs: name: serial-logs-${{ inputs.artifactNameSuffix }} path: > !(terraform).log - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} diff --git a/.github/actions/e2e_benchmark/action.yml b/.github/actions/e2e_benchmark/action.yml index 88631a62a2c..1536c8ea268 100644 --- a/.github/actions/e2e_benchmark/action.yml +++ b/.github/actions/e2e_benchmark/action.yml @@ -17,7 +17,7 @@ inputs: awsOpenSearchPwd: description: "AWS OpenSearch Password to upload the results." required: false - encryptionSecret: + encryption-secret: description: 'The secret to use for encrypting the artifact.' required: true @@ -100,7 +100,7 @@ runs: with: path: "out/fio-constellation-${{ inputs.cloudProvider }}.json" name: "fio-constellation-${{ inputs.cloudProvider }}.json" - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Run knb benchmark shell: bash @@ -122,7 +122,7 @@ runs: with: path: "out/knb-constellation-${{ inputs.cloudProvider }}.json" name: "knb-constellation-${{ inputs.cloudProvider }}.json" - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Assume AWS role to retrieve and update benchmarks in S3 uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 @@ -176,7 +176,7 @@ runs: path: > benchmarks/constellation-${{ inputs.cloudProvider }}.json name: "benchmarks" - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Upload benchmark results to opensearch if: (!env.ACT) diff --git a/.github/actions/e2e_sonobuoy/action.yml b/.github/actions/e2e_sonobuoy/action.yml index 1628dadb8bf..6d8a1905d08 100644 --- a/.github/actions/e2e_sonobuoy/action.yml +++ b/.github/actions/e2e_sonobuoy/action.yml @@ -11,7 +11,7 @@ inputs: kubeconfig: description: "The kubeconfig of the cluster to test." required: true - encryptionSecret: + encryption-secret: description: 'The secret to use for encrypting the artifact.' required: true @@ -51,7 +51,7 @@ runs: with: name: "sonobuoy-logs-${{ inputs.artifactNameSuffix }}.tar.gz" path: "*_sonobuoy_*.tar.gz" - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} # Only works on "sonobuoy full" tests (e2e plugin) - name: Extract test results diff --git a/.github/actions/e2e_test/action.yml b/.github/actions/e2e_test/action.yml index c0b336fe5b4..f8a3400498b 100644 --- a/.github/actions/e2e_test/action.yml +++ b/.github/actions/e2e_test/action.yml @@ -86,7 +86,7 @@ inputs: force: description: "Set the force-flag on apply to ignore version mismatches." required: false - encryptionSecret: + encryption-secret: description: 'The secret to use for decrypting the artifact.' required: true @@ -299,7 +299,7 @@ runs: clusterCreation: ${{ inputs.clusterCreation }} marketplaceImageVersion: ${{ inputs.marketplaceImageVersion }} force: ${{ inputs.force }} - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Deploy log- and metrics-collection (Kubernetes) id: deploy-logcollection @@ -334,7 +334,7 @@ runs: sonobuoyTestSuiteCmd: "--mode quick" kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }} artifactNameSuffix: ${{ steps.create-prefix.outputs.prefix }} - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Run sonobuoy full test if: inputs.test == 'sonobuoy full' @@ -344,7 +344,7 @@ runs: sonobuoyTestSuiteCmd: '--plugin e2e --plugin-env e2e.E2E_FOCUS="\[Conformance\]" --plugin-env e2e.E2E_SKIP="for service with type clusterIP|HostPort validates that there is no conflict between pods with same hostPort but different hostIP and protocol" --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-plugin.yaml --plugin https://raw.githubusercontent.com/vmware-tanzu/sonobuoy-plugins/master/cis-benchmarks/kube-bench-master-plugin.yaml' kubeconfig: ${{ steps.constellation-create.outputs.kubeconfig }} artifactNameSuffix: ${{ steps.create-prefix.outputs.prefix }} - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Run autoscaling test if: inputs.test == 'autoscaling' @@ -367,7 +367,7 @@ runs: awsOpenSearchDomain: ${{ inputs.awsOpenSearchDomain }} awsOpenSearchUsers: ${{ inputs.awsOpenSearchUsers }} awsOpenSearchPwd: ${{ inputs.awsOpenSearchPwd }} - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Run constellation verify test if: inputs.test == 'verify' diff --git a/.github/actions/upload_terraform_module/action.yml b/.github/actions/upload_terraform_module/action.yml index a2c78f5651e..ab6a7794ff1 100644 --- a/.github/actions/upload_terraform_module/action.yml +++ b/.github/actions/upload_terraform_module/action.yml @@ -1,7 +1,7 @@ name: Upload Terraform infrastructure module description: "Upload the Terraform infrastructure module as an artifact." inputs: - encryptionSecret: + encryption-secret: description: 'The secret to use for encrypting the artifact.' required: true @@ -24,7 +24,7 @@ runs: with: name: terraform-module path: terraform-module.zip - encryptionSecret: ${{ inputs.encryptionSecret }} + encryption-secret: ${{ inputs.encryption-secret }} - name: Cleanup Terraform module dir shell: bash diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml index 7ac1f75da7b..43c360080ce 100644 --- a/.github/workflows/build-os-image.yml +++ b/.github/workflows/build-os-image.yml @@ -182,7 +182,7 @@ jobs: with: name: image-${{ matrix.csp }}-${{ matrix.attestation_variant }} path: ${{ steps.build.outputs.image-dir }}/constellation.raw - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Upload individual OS parts as artifacts uses: ./.github/actions/artifact_upload @@ -192,14 +192,14 @@ jobs: ${{ steps.build.outputs.image-dir }}/constellation.efi ${{ steps.build.outputs.image-dir }}/constellation.initrd ${{ steps.build.outputs.image-dir }}/constellation.vmlinuz - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Upload sbom info as artifact uses: ./.github/actions/artifact_upload with: name: sbom-${{ matrix.csp }}-${{ matrix.attestation_variant }} path: ${{ steps.build.outputs.rpmdb }} - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} upload-os-image: name: "Upload OS image to CSP" @@ -248,7 +248,7 @@ jobs: with: name: image-${{ matrix.csp }}-${{ matrix.attestation_variant }} path: ${{ github.workspace }}/image/mkosi.output.${{ matrix.csp }}_${{ matrix.attestation_variant }}/fedora~38 - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Install tools shell: bash @@ -362,7 +362,7 @@ jobs: with: name: lookup-table path: ${{ github.workspace }}/image/mkosi.output.*/*/image-upload*.json - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} calculate-pcrs: name: "Calculate PCRs" @@ -399,7 +399,7 @@ jobs: uses: ./.github/actions/artifact_download with: name: image-${{ matrix.csp }}-${{ matrix.attestation_variant }} - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - uses: ./.github/actions/setup_bazel_nix with: @@ -546,7 +546,7 @@ jobs: with: name: measurements path: pcrs-${{ matrix.csp }}-${{ matrix.attestation_variant }}.json - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} upload-pcrs: name: "Sign & upload PCRs" @@ -569,7 +569,7 @@ jobs: uses: ./.github/actions/artifact_download with: name: measurements - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Login to AWS uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 @@ -657,7 +657,7 @@ jobs: # downloading / using only the QEMU manifest is fine # since the images only differ in the ESP partition name: sbom-qemu-qemu-vtpm - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Upload SBOMs to S3 shell: bash @@ -688,7 +688,7 @@ jobs: uses: ./.github/actions/artifact_download with: name: lookup-table - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Login to AWS uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1 diff --git a/.github/workflows/draft-release.yml b/.github/workflows/draft-release.yml index 2a02c981576..018d59d5543 100644 --- a/.github/workflows/draft-release.yml +++ b/.github/workflows/draft-release.yml @@ -176,7 +176,7 @@ jobs: - name: Upload Terraform infrastructure module uses: ./.github/actions/upload_terraform_module with: - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} push-containers: runs-on: ubuntu-22.04 @@ -232,7 +232,7 @@ jobs: uses: ./.github/actions/artifact_download with: name: constellation.spdx.sbom - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Generate provenance subjects id: provenance-subjects @@ -346,13 +346,13 @@ jobs: uses: ./.github/actions/artifact_download with: name: constellation.spdx.sbom - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Download provenance uses: ./.github/actions/artifact_download with: name: ${{ needs.provenance.outputs.provenance-name }} - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Install slsa-verifier run: | @@ -426,19 +426,19 @@ jobs: uses: ./.github/actions/artifact_download with: name: constellation.spdx.sbom - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Download Constellation CLI SBOM's signature uses: ./.github/actions/artifact_download with: name: constellation.spdx.sbom.sig - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Download Constellation provenance uses: ./.github/actions/artifact_download with: name: ${{ needs.provenance.outputs.provenance-name }} - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Rename provenance file run: | diff --git a/.github/workflows/e2e-test-daily.yml b/.github/workflows/e2e-test-daily.yml index 5d03095eb60..72c29adc914 100644 --- a/.github/workflows/e2e-test-daily.yml +++ b/.github/workflows/e2e-test-daily.yml @@ -91,7 +91,7 @@ jobs: awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} clusterCreation: "cli" - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() diff --git a/.github/workflows/e2e-test-release.yml b/.github/workflows/e2e-test-release.yml index a1599446973..a048922a5c9 100644 --- a/.github/workflows/e2e-test-release.yml +++ b/.github/workflows/e2e-test-release.yml @@ -265,7 +265,7 @@ jobs: clusterCreation: ${{ matrix.clusterCreation }} s3AccessKey: ${{ secrets.AWS_ACCESS_KEY_ID_S3PROXY }} s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }} - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() diff --git a/.github/workflows/e2e-test-weekly.yml b/.github/workflows/e2e-test-weekly.yml index c5706ad34df..d875f56914a 100644 --- a/.github/workflows/e2e-test-weekly.yml +++ b/.github/workflows/e2e-test-weekly.yml @@ -305,7 +305,7 @@ jobs: clusterCreation: ${{ matrix.clusterCreation }} s3AccessKey: ${{ secrets.AWS_ACCESS_KEY_ID_S3PROXY }} s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }} - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() diff --git a/.github/workflows/e2e-test.yml b/.github/workflows/e2e-test.yml index d2682a3bd1d..d2987281331 100644 --- a/.github/workflows/e2e-test.yml +++ b/.github/workflows/e2e-test.yml @@ -246,7 +246,7 @@ jobs: s3SecretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY_S3PROXY }} marketplaceImageVersion: ${{ inputs.marketplaceImageVersion }} force: ${{ inputs.force }} - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() diff --git a/.github/workflows/e2e-upgrade.yml b/.github/workflows/e2e-upgrade.yml index c1131204ec2..63f42fffb24 100644 --- a/.github/workflows/e2e-upgrade.yml +++ b/.github/workflows/e2e-upgrade.yml @@ -215,7 +215,7 @@ jobs: awsOpenSearchUsers: ${{ secrets.AWS_OPENSEARCH_USER }} awsOpenSearchPwd: ${{ secrets.AWS_OPENSEARCH_PWD }} clusterCreation: "cli" - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Remove Terraform plugin cache if: always() @@ -471,7 +471,7 @@ jobs: node-operator.logs node-maintenance-operator.logs constellation-version.yaml - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Always terminate cluster if: always() diff --git a/.github/workflows/e2e-windows.yml b/.github/workflows/e2e-windows.yml index 33bf4d41fba..4ce861c34a9 100644 --- a/.github/workflows/e2e-windows.yml +++ b/.github/workflows/e2e-windows.yml @@ -38,7 +38,7 @@ jobs: with: path: "bazel-bin/cli/cli_enterprise_windows_amd64" name: "constell-exe" - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} e2e-test: name: E2E Test Windows @@ -54,7 +54,7 @@ jobs: uses: ./.github/actions/artifact_download with: name: "constell-exe" - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Check CLI version shell: pwsh diff --git a/.github/workflows/reproducible-builds.yml b/.github/workflows/reproducible-builds.yml index f6a1c462cf8..5dce432afeb 100644 --- a/.github/workflows/reproducible-builds.yml +++ b/.github/workflows/reproducible-builds.yml @@ -57,14 +57,14 @@ jobs: with: name: "binaries-${{ matrix.target }}" path: "${{ env.binary }}" - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Upload hash artifact uses: ./.github/actions/artifact_upload with: name: "sha256sums" path: "${{ env.binary }}.sha256" - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} build-osimages: strategy: @@ -143,7 +143,7 @@ jobs: uses: ./.github/actions/artifact_download with: name: "binaries-${{ matrix.target }}" - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Hash shell: bash @@ -177,7 +177,7 @@ jobs: uses: ./.github/actions/artifact_download with: name: "osimages-${{ matrix.target }}" - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Hash shell: bash diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8a3fb4f9619..46cfd8b90b8 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -35,7 +35,7 @@ jobs: name: SARIF file path: results.sarif retention-days: 5 - encryptionSecret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} + encryption-secret: ${{ secrets.ARTIFACT_ENCRYPT_PASSWD }} - name: Upload to code-scanning uses: github/codeql-action/upload-sarif@fdcae64e1484d349b3366718cdfef3d404390e85 # v2.22.1