Skip to content

Commit

Permalink
Fix various small things throughout the codebase (#2800)
Browse files Browse the repository at this point in the history
* bootstrapper: remove obsolete log statement

* ci: simplify variable usage

Co-authored-by: Daniel Weiße <[email protected]>

* cli: add missing formatting directive

* helm: fix rm invocation

* ci: document reproducible-builds workflow

* constants: use variables for measurement files

* constants: use variables for CDN distribution ID

* ci: make Helm version explicit

* api: prettify versionsapi-list output

* ci: remove obsolete docstring

---------

Co-authored-by: Daniel Weiße <[email protected]>
  • Loading branch information
burgerdev and daniel-weisse authored Jan 9, 2024
1 parent badcdcb commit ef6f63d
Show file tree
Hide file tree
Showing 19 changed files with 33 additions and 26 deletions.
2 changes: 1 addition & 1 deletion .github/actions/deploy_logcollection/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ runs:
- name: Install Helm
uses: azure/setup-helm@5119fcb9089d432beecbf79bb2c7915207344b78 # v3.5
with:
version: latest
version: v3.9.0

- name: Deploy Logstash
id: deploy-logstash
Expand Down
2 changes: 0 additions & 2 deletions .github/actions/login_gcp/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@ runs:
echo "GCP_PROJECT=" >> "$GITHUB_ENV"
echo "GOOGLE_CLOUD_PROJECT=" >> "$GITHUB_ENV"
# As described at:
# https://github.com/google-github-actions/setup-gcloud#service-account-key-json
- name: Authorize GCP access
uses: google-github-actions/auth@35b0e87d162680511bf346c299f71c9c5c379033 # v1.1.1
with:
Expand Down
4 changes: 1 addition & 3 deletions .github/workflows/on-release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,4 @@ jobs:
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

- name: Remove temporary branch
env:
WORKING_BRANCH: ${{needs.complete-release-branch-transaction.outputs.WORKING_BRANCH}}
run: git push origin --delete "${WORKING_BRANCH}"
run: git push origin --delete "${{needs.complete-release-branch-transaction.outputs.WORKING_BRANCH}}"
9 changes: 8 additions & 1 deletion .github/workflows/reproducible-builds.yml
Original file line number Diff line number Diff line change
@@ -1,4 +1,11 @@
# Build Constellation CLI + OS images and check for reproducible builds
# Verify that Constellation builds are reproducible.
#
# The build-* jobs' matrix has two dimensions: a list of targets to build and
# a list of runners to build on. The produced binaries and OS images are
# expected to be bit-for-bit identical, regardless of the chosen build runner.
#
# The compare-* jobs only have the target dimension. They obtain the built
# targets from all runners and check that there are no diffs between them.
name: Reproducible Builds

on:
Expand Down
1 change: 0 additions & 1 deletion bootstrapper/cmd/bootstrapper/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,6 @@ func main() {
)
openDevice = vtpm.OpenVTPM
fs = afero.NewOsFs()
log.Infof("Added load balancer IP to routing table")

case cloudprovider.Azure:
metadata, err := azurecloud.New(ctx)
Expand Down
2 changes: 1 addition & 1 deletion cli/internal/cmd/configfetchmeasurements.go
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ func (cfm *configFetchMeasurementsCmd) configFetchMeasurements(
return fmt.Errorf("fetching and verifying measurements: %w", err)
}
}
cfm.log.Debugf("Measurements:\n", fetchedMeasurements)
cfm.log.Debugf("Measurements: %#v\n", fetchedMeasurements)

cfm.log.Debugf("Updating measurements in configuration")
conf.UpdateMeasurements(fetchedMeasurements)
Expand Down
1 change: 1 addition & 0 deletions hack/cli-k8s-compatibility/BUILD.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ go_library(
visibility = ["//visibility:private"],
deps = [
"//internal/api/versionsapi",
"//internal/constants",
"//internal/logger",
"//internal/versions",
"@org_uber_go_zap//zapcore",
Expand Down
3 changes: 2 additions & 1 deletion hack/cli-k8s-compatibility/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"flag"

"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/versions"
"go.uber.org/zap/zapcore"
Expand Down Expand Up @@ -49,7 +50,7 @@ func main() {
cliInfo.Kubernetes = append(cliInfo.Kubernetes, v.ClusterVersion)
}

c, cclose, err := versionsapi.NewClient(ctx, "eu-central-1", "cdn-constellation-backend", "E1H77EZTHC3NE4", false, log)
c, cclose, err := versionsapi.NewClient(ctx, "eu-central-1", "cdn-constellation-backend", constants.CDNDefaultDistributionID, false, log)
if err != nil {
log.Fatalf("creating s3 client: %w", err)
}
Expand Down
1 change: 1 addition & 0 deletions image/upload/internal/cmd/BUILD.bazel
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ go_library(
"//internal/api/versionsapi",
"//internal/attestation/measurements",
"//internal/cloud/cloudprovider",
"//internal/constants",
"//internal/logger",
"//internal/osimage",
"//internal/osimage/archive",
Expand Down
3 changes: 2 additions & 1 deletion image/upload/internal/cmd/image.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ package cmd
import (
"os"

"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/spf13/cobra"
)

Expand All @@ -32,7 +33,7 @@ func NewImageCmd() *cobra.Command {
cmd.PersistentFlags().String("timestamp", "", "Optional timestamp to use for resource names. Uses format 2006-01-02T15:04:05Z07:00.")
cmd.PersistentFlags().String("region", "eu-central-1", "AWS region of the archive S3 bucket")
cmd.PersistentFlags().String("bucket", "cdn-constellation-backend", "S3 bucket name of the archive")
cmd.PersistentFlags().String("distribution-id", "E1H77EZTHC3NE4", "CloudFront distribution ID of the API")
cmd.PersistentFlags().String("distribution-id", constants.CDNDefaultDistributionID, "CloudFront distribution ID of the API")
cmd.PersistentFlags().String("out", "", "Optional path to write the upload result to. If not set, the result is written to stdout.")
cmd.PersistentFlags().Bool("verbose", false, "Enable verbose output")
must(cmd.MarkPersistentFlagRequired("raw-image"))
Expand Down
3 changes: 2 additions & 1 deletion image/upload/internal/cmd/info.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"os"

"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/logger"
infoupload "github.com/edgelesssys/constellation/v2/internal/osimage/imageinfo"
"github.com/spf13/cobra"
Expand All @@ -31,7 +32,7 @@ func NewInfoCmd() *cobra.Command {

cmd.Flags().String("region", "eu-central-1", "AWS region of the archive S3 bucket")
cmd.Flags().String("bucket", "cdn-constellation-backend", "S3 bucket name of the archive")
cmd.Flags().String("distribution-id", "E1H77EZTHC3NE4", "CloudFront distribution ID of the API")
cmd.Flags().String("distribution-id", constants.CDNDefaultDistributionID, "CloudFront distribution ID of the API")
cmd.Flags().Bool("verbose", false, "Enable verbose output")

return cmd
Expand Down
3 changes: 2 additions & 1 deletion image/upload/internal/cmd/measurementsupload.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ import (
"fmt"
"os"

"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/logger"
"github.com/edgelesssys/constellation/v2/internal/osimage/measurementsuploader"
"github.com/spf13/cobra"
Expand All @@ -31,7 +32,7 @@ func newMeasurementsUploadCmd() *cobra.Command {
cmd.Flags().String("signature", "", "Path to signature file to upload")
cmd.Flags().String("region", "eu-central-1", "AWS region of the archive S3 bucket")
cmd.Flags().String("bucket", "cdn-constellation-backend", "S3 bucket name of the archive")
cmd.Flags().String("distribution-id", "E1H77EZTHC3NE4", "CloudFront distribution ID of the API")
cmd.Flags().String("distribution-id", constants.CDNDefaultDistributionID, "CloudFront distribution ID of the API")
cmd.Flags().Bool("verbose", false, "Enable verbose output")

must(cmd.MarkFlagRequired("measurements"))
Expand Down
2 changes: 1 addition & 1 deletion internal/api/versionsapi/cli/list.go
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ func runList(cmd *cobra.Command, _ []string) (retErr error) {
for _, v := range patchVersions {
vers = append(vers, v.Version())
}
raw, err := json.Marshal(vers)
raw, err := json.MarshalIndent(vers, "", " ")
if err != nil {
return fmt.Errorf("marshaling versions: %w", err)
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@ go_library(
"//internal/attestation/measurements",
"//internal/attestation/variant",
"//internal/cloud/cloudprovider",
"//internal/constants",
"//internal/sigstore",
"//internal/sigstore/keyselect",
"@org_golang_x_tools//go/ast/astutil",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"github.com/edgelesssys/constellation/v2/internal/attestation/measurements"
"github.com/edgelesssys/constellation/v2/internal/attestation/variant"
"github.com/edgelesssys/constellation/v2/internal/cloud/cloudprovider"
"github.com/edgelesssys/constellation/v2/internal/constants"
"github.com/edgelesssys/constellation/v2/internal/sigstore"
"github.com/edgelesssys/constellation/v2/internal/sigstore/keyselect"
"golang.org/x/tools/go/ast/astutil"
Expand Down Expand Up @@ -109,11 +110,11 @@ func main() {

// mustGetMeasurements fetches the measurements for the given image and CSP and verifies them.
func mustGetMeasurements(ctx context.Context, verifier rekorVerifier, provider cloudprovider.Provider, attestationVariant variant.Variant, image string) measurements.M {
measurementsURL, err := measurementURL(image, "measurements.json")
measurementsURL, err := measurementURL(image, constants.CDNMeasurementsFile)
if err != nil {
panic(err)
}
signatureURL, err := measurementURL(image, "measurements.json.sig")
signatureURL, err := measurementURL(image, constants.CDNMeasurementsSignature)
if err != nil {
panic(err)
}
Expand Down
2 changes: 1 addition & 1 deletion internal/constellation/helm/generateCertManager.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ echo "Pulling cert-manager Helm chart..."
version="1.12.6"

function cleanup {
rm -r "charts/cert-manager/README.md" "charts/cert-manager-v${version}.tgz"
rm -rf "charts/cert-manager/README.md" "charts/cert-manager-v${version}.tgz"
}

trap cleanup EXIT
Expand Down
2 changes: 1 addition & 1 deletion internal/constellation/helm/generateCilium.sh
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ shopt -s inherit_errexit
echo "Pulling Cilium Helm chart..."

function cleanup {
rm -r "${ciliumTmpDir}"
rm -rf -- "${ciliumTmpDir}"
}

trap cleanup EXIT
Expand Down
9 changes: 3 additions & 6 deletions internal/constellation/helm/update-csi-charts.sh
Original file line number Diff line number Diff line change
Expand Up @@ -27,9 +27,6 @@ fi
# $3: path to the Helm chart in the git repo
# $4: name of the Helm chart
download_chart() {
cleanup() {
rm -r "${repo_tmp_dir}"
}
chart_url=$1
branch=$2
chart_dir=$3
Expand All @@ -55,19 +52,19 @@ download_chart() {
cd "${callDir}"

# remove old chart
rm -r "${chart_base_path:?}/${chart_name}"
rm -rf -- "${chart_base_path:?}/${chart_name}"

# move new chart
mkdir -p "${chart_base_path}/${chart_name}"
cp -r "${repo_tmp_dir}/${chart_dir}"/* "${chart_base_path}/${chart_name}"

rm -r -- "${repo_tmp_dir}"

# get new version from Chart.yaml
new_version=$(yq '.version' "${chart_base_path}/${chart_name}/Chart.yaml")

# update dependency version in parent Chart.yaml
yq -i "(.dependencies[] | select( .name== \"${chart_name}\").version) = \"${new_version}\"" "${csi_chart_path}/Chart.yaml"

return
}

## AWS CSI Driver
Expand Down
4 changes: 2 additions & 2 deletions internal/osimage/measurementsuploader/measurementsuploader.go
Original file line number Diff line number Diff line change
Expand Up @@ -84,11 +84,11 @@ func (a *Uploader) Upload(ctx context.Context, rawMeasurement, signature io.Read
if err != nil {
return "", "", fmt.Errorf("creating version: %w", err)
}
key, err := url.JoinPath(ver.ArtifactPath(versionsapi.APIV2), ver.Kind().String(), "measurements.json")
key, err := url.JoinPath(ver.ArtifactPath(versionsapi.APIV2), ver.Kind().String(), constants.CDNMeasurementsFile)
if err != nil {
return "", "", err
}
sigKey, err := url.JoinPath(ver.ArtifactPath(versionsapi.APIV2), ver.Kind().String(), "measurements.json.sig")
sigKey, err := url.JoinPath(ver.ArtifactPath(versionsapi.APIV2), ver.Kind().String(), constants.CDNMeasurementsSignature)
if err != nil {
return "", "", err
}
Expand Down

0 comments on commit ef6f63d

Please sign in to comment.