harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 23:23:57 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
302 commits 23 branches 61 tags 2.2 MiB
Commit graph

48 commits

Author SHA1 Message Date
Harald Hoyer
e7b743b213
chore: tag container with git tag 
Allow all tags and tag the matterlabsrobot container with it.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-09-17 14:48:49 +02:00
renovate[bot]
5162acd666
chore(deps): update trufflesecurity/trufflehog action to v3.81.10 2024-09-03 13:17:07 +00:00
Patryk Bęza
5e4b8901b0
feat(verify-attestation): RPC attestation and batch signature verification binary 
This is another variant of the binary tool for verifying attestation and
the signature of a given batch. Unlike the existing tool, this variant
does not require you to provide two separate files—one for the
attestation and one for the signature. Instead, it automatically fetches
both from the RPC node.

Unfortunately, after discussing with @popzxc, we found that there is no way
to reuse the RPC client because our published crates on crates.io are
outdated and do not include the recently merged TEE-specific code
changes. To be fixed in the future.
 2024-08-30 12:14:55 +02:00
renovate[bot]
cec4785d49
chore(deps): update trufflesecurity/trufflehog action to v3.81.7 2024-08-08 08:12:27 +00:00
renovate[bot]
847a950500
chore(deps): update trufflesecurity/trufflehog action to v3.81.6 2024-08-07 13:47:32 +00:00
D025
7f525eb172
ci: change runners for execute jobs 2024-07-23 13:55:01 +00:00
Harald Hoyer
915cbf88a9
chore: use attic nix cache 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-01 16:34:19 +02:00
Harald Hoyer
116c7f31e6
chore: update GitHub Actions workflow configuration 
This update removes usage of cachix/cachix-action and updates job runner from ubuntu-latest to matterlabs-ci-runner in the GitHub Actions workflow. New configurations have been added for trusted-public-keys and substituters.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-01 10:33:29 +02:00
Harald Hoyer
695355d095
chore: Update GitHub actions to run on custom runner and push to Google Artifact Registry 
This commit updates the GitHub workflows to push Docker images to Google Artifact Registry.
Additionally, it refines event conditions, separates build ID generation for normal pushes and tag pushes, and introduces tagging workflow for '*-sgx-*' tags.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-28 10:41:58 +02:00
renovate[bot]
1699b1cc87
chore(deps): update trufflesecurity/trufflehog action to v3.79.0 2024-06-27 15:12:18 +00:00
renovate[bot]
ca690df77d
chore(deps): update trufflesecurity/trufflehog action to v3.78.2 2024-06-21 08:12:20 +00:00
Harald Hoyer
df7973c501
chore: cargo update + taplo fmt 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-20 14:00:18 +02:00
renovate[bot]
6e57e4f1c9
chore(deps): update actions/checkout digest to 692973e 2024-06-13 17:10:58 +00:00
Harald Hoyer
7870e08779
ci: fix infra docker push 
s/::/:/g

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-12 15:12:55 +02:00
Harald Hoyer
cfb133bca9
ci: fix and revise docker push strategy 
- containers are not `latest` by default anymore
- `latest` tag is only set on push to main branch
- buildid tag is only set on push to main branch, and
  changed to the infra repo soonish
- added the missing `vault-unseal` and `vault-admin` container

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-12 14:06:27 +02:00
renovate[bot]
8049ae5cf1
chore(deps): update trufflesecurity/trufflehog action to v3.78.1 2024-06-11 19:59:54 +00:00
Harald Hoyer
d0c5950c0e
feat: use nixsgx nix function to create containers 
It refactors the way the SGX containers are built.
This removes all `Dockerfile` and gramine manifest files.
It also enables a single recipe for azure and non-azure variants.

Additionally the `teepot-crate.nix` is now the inherited recipe to
build the rust `teepot` crate.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-10 16:32:02 +02:00
renovate[bot]
01fb85ef04
chore(deps): update cachix/install-nix-action action to v27 2024-05-22 12:08:24 +00:00
renovate[bot]
d5b44bae8f
chore(deps): update cachix/cachix-action action to v15 2024-05-22 11:31:25 +00:00
renovate[bot]
8863d4d691
chore(deps): update trufflesecurity/trufflehog action to v3.76.3 2024-05-21 22:33:59 +00:00
renovate[bot]
ea91acadc0
chore(deps): update actions/checkout digest to a5ac7e5 2024-05-21 11:07:53 +00:00
renovate[bot]
dc51edba09
chore(deps): update trufflesecurity/trufflehog action to v3.75.1 2024-05-07 01:09:52 +00:00
renovate[bot]
7cc38a78df
chore(deps): update actions/checkout digest to 0ad4b8f 2024-04-29 09:46:45 +00:00
renovate[bot]
9716eb44a7
chore(deps): update trufflesecurity/trufflehog action to v3.74.0 2024-04-29 09:42:38 +00:00
Harald Hoyer
6dbafa13d9
ci: pin nixci version to the 23.11 release 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-04-25 09:38:43 +02:00
renovate[bot]
b0e6ff7c67
chore(deps): update trufflesecurity/trufflehog action to v3.73.0 2024-04-18 12:04:02 +00:00
renovate[bot]
84afb301ff
chore(deps): update trufflesecurity/trufflehog action to v3.71.2 2024-03-28 16:07:07 +00:00
renovate[bot]
8757c91316
chore(deps): update trufflesecurity/trufflehog action to v3.71.1 2024-03-27 16:05:37 +00:00
Harald Hoyer
9e068871c1
ci: remove workflows already in nix check 
reduces time to run the CI.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-27 17:00:50 +01:00
Harald Hoyer
0654bacdb5
ci: use crane flake to build with nix 
This enables to add cargo `fmt`, `clippy` and `deny` to nix, using cached results.

Move the `teepot` crate to the `crates` subdir to make the life easier for
the `crane` flake.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-11 10:01:59 +01:00
Harald Hoyer
7a427b68c7
ci: use --check for nix fmt 
otherwise the ci job does not fail

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-08 15:32:38 +01:00
renovate[bot]
373504c581
chore(deps): update trufflesecurity/trufflehog action to v3.69.0 2024-03-08 14:25:47 +00:00
renovate[bot]
a0510ec32d
chore(deps): update cachix/install-nix-action action to v26 2024-03-08 13:31:52 +00:00
Harald Hoyer
a8a9a94380
ci: fix nix push_to_docker concurrency group 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-08 12:17:51 +01:00
Harald Hoyer
97420df006
feat: attestation test on azure and default dcap 
```
❯ docker run -i --rm --privileged  --device /dev/sgx_enclave --net host \
  matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \
  | base64 -d --ignore-garbage \
  | docker run -i --rm --net host matterlabsrobot/verify-attestation-sgx-azure:latest
```

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-07 16:05:27 +01:00
renovate[bot]
d118158c77
chore(deps): update trufflesecurity/trufflehog action to v3.68.5 2024-03-07 03:39:38 +00:00
Harald Hoyer
f875e7a6e4
chore(deps): update rust crate base64 to 0.22.0 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-05 11:10:41 +01:00
renovate[bot]
5d2e5dccd6
chore(deps): update trufflesecurity/trufflehog action to v3.68.4 2024-03-05 08:35:12 +00:00
Harald Hoyer
91f1612e0f
chore: cleanup and nixify 
* create containers with nix
* updated README.md
* added SPDX license headers

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-28 11:09:34 +01:00
renovate[bot]
8784837184
chore(deps): update trufflesecurity/trufflehog action to v3.68.0 2024-02-21 18:34:14 +00:00
Harald Hoyer
ec26f75cfb
ci: fix docker push 
docker does not support pushing and tagging with a different name in one
go as podman does.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-15 09:42:34 +01:00
Harald Hoyer
a52b611f86
ci: fix pushing to docker 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-15 09:26:49 +01:00
Harald Hoyer
b59db0f996
fix: use matterlabsrobot docker namespace 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-14 16:45:38 +01:00
Harald Hoyer
d8110f3720
feat: build and push container-verify-attestation 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-14 16:01:59 +01:00
renovate[bot]
8ba6f5651f
chore(deps): update trufflesecurity/trufflehog action to v3.67.6 2024-02-13 16:05:13 +00:00
Harald Hoyer
f8c94c3e6b
chore: do not publish containers to ghcr.io anymore 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-13 16:54:21 +01:00
renovate[bot]
0b8ee36068
chore(deps): update trufflesecurity/trufflehog action to v3.67.5 2024-02-09 12:39:15 +00:00
Harald Hoyer
89ffbd35a8
feat: initial commit 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-02-09 10:10:53 +01:00