harald/teepot
1
0
Fork 0
mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
492 commits 23 branches 61 tags 2.2 MiB
Commit graph

65 commits

Author SHA1 Message Date
renovate[bot]
c42d692863
chore(deps): update docker/login-action action to v3.4.0 2025-06-04 15:07:28 +00:00
Harald Hoyer
8c7922ae39
Merge branch 'main' into cargo_update 2025-06-04 16:02:47 +02:00
Harald Hoyer
716c782e6f
chore(deps): update crates and nix flakes 
- Updated multiple Rust dependencies, including `opentelemetry`, `const-oid`, and `webpki-roots` for enhanced features and bug fixes.
- Upgraded `nixpkgs` and `crane` in the nix flake configuration.
- Removed unused dependencies and introduced missing dependencies for improved build integrity.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2025-05-30 17:54:30 +02:00
renovate[bot]
a7e2939a54
chore(deps): update enarx/spdx digest to d4020ee 2025-05-30 06:43:14 +00:00
Harald Hoyer
7c133c4e4b
ci(nix): disable sandbox in nix-non-x86 workflow 
otherwise the mockito tests fail, because it cannot bind to 127.0.0.1 0

- Updated `nix build` command to include `--no-sandbox` flag.
 2025-05-28 13:31:15 +02:00
renovate[bot]
ad26c5e9ae
chore(deps): update trufflesecurity/trufflehog action to v3.88.30 2025-05-16 21:21:53 +00:00
Harald Hoyer
eb39705ff1
feat: compat code for non x86_64-linux 
- do not build packages, which require `x86_64-linux`
- use Phala `dcap-qvl` crate for remote attestation, if possible
- nix: exclude `nixsgx` on non `x86_64-linux` platforms

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2025-04-10 11:57:46 +02:00
Harald Hoyer
3257f316b5
feat(ci): switch to GitHub Container Registry for images 
Updated the workflow to push container images to GitHub Container Registry instead of Docker Hub. Added a login step for GHCR and updated image tagging and pushing commands accordingly.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2025-04-02 17:10:20 +02:00
Harald Hoyer
908579cd60
feat: rewrite google-metadata test as tdx-test 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2025-02-14 16:47:42 +01:00
renovate[bot]
f3f5147bb1
chore(deps): update trufflesecurity/trufflehog action to v3.88.6 2025-02-10 18:59:21 +00:00
renovate[bot]
49faaa984b
chore(deps): update enarx/spdx digest to b5bfdd4 2025-02-10 13:49:56 +00:00
renovate[bot]
01eac64182
chore(deps): update actions/checkout digest to 11bd719 2025-02-10 12:56:55 +00:00
renovate[bot]
129c3c1333
chore(deps): update trufflesecurity/trufflehog action to v3.88.5 2025-02-10 11:23:00 +00:00
Harald Hoyer
11a22c9e67
feat: add Google Metadata support and TDX container test 
- Introduced `google-metadata` binary for reading GCP instance attributes.
- Added TDX container test with new `container-test-tdx` package.
- Updated Nix workflow and deployment scripts for Google Metadata integration.
- Bumped `anyhow` to 1.0.95 and updated Cargo.lock.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2025-01-27 16:18:58 +01:00
renovate[bot]
102f73b1eb
chore(deps): update cachix/install-nix-action action to v30 2024-12-20 16:13:47 +00:00
Harald Hoyer
2c6a62a471
chore: update lint workflow actions 
- Changed spdx action to reference a stable commit instead of master.
- Changed license list to conform to new action parameter format
 2024-11-27 08:50:42 +01:00
Harald Hoyer
9bce6edfaa
ci: remove magic nix cache 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-09-18 14:56:04 +02:00
Harald Hoyer
e7b743b213
chore: tag container with git tag 
Allow all tags and tag the matterlabsrobot container with it.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-09-17 14:48:49 +02:00
renovate[bot]
5162acd666
chore(deps): update trufflesecurity/trufflehog action to v3.81.10 2024-09-03 13:17:07 +00:00
Patryk Bęza
5e4b8901b0
feat(verify-attestation): RPC attestation and batch signature verification binary 
This is another variant of the binary tool for verifying attestation and
the signature of a given batch. Unlike the existing tool, this variant
does not require you to provide two separate files—one for the
attestation and one for the signature. Instead, it automatically fetches
both from the RPC node.

Unfortunately, after discussing with @popzxc, we found that there is no way
to reuse the RPC client because our published crates on crates.io are
outdated and do not include the recently merged TEE-specific code
changes. To be fixed in the future.
 2024-08-30 12:14:55 +02:00
renovate[bot]
cec4785d49
chore(deps): update trufflesecurity/trufflehog action to v3.81.7 2024-08-08 08:12:27 +00:00
renovate[bot]
847a950500
chore(deps): update trufflesecurity/trufflehog action to v3.81.6 2024-08-07 13:47:32 +00:00
D025
7f525eb172
ci: change runners for execute jobs 2024-07-23 13:55:01 +00:00
Harald Hoyer
915cbf88a9
chore: use attic nix cache 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-01 16:34:19 +02:00
Harald Hoyer
116c7f31e6
chore: update GitHub Actions workflow configuration 
This update removes usage of cachix/cachix-action and updates job runner from ubuntu-latest to matterlabs-ci-runner in the GitHub Actions workflow. New configurations have been added for trusted-public-keys and substituters.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-07-01 10:33:29 +02:00
Harald Hoyer
695355d095
chore: Update GitHub actions to run on custom runner and push to Google Artifact Registry 
This commit updates the GitHub workflows to push Docker images to Google Artifact Registry.
Additionally, it refines event conditions, separates build ID generation for normal pushes and tag pushes, and introduces tagging workflow for '*-sgx-*' tags.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-28 10:41:58 +02:00
renovate[bot]
1699b1cc87
chore(deps): update trufflesecurity/trufflehog action to v3.79.0 2024-06-27 15:12:18 +00:00
renovate[bot]
ca690df77d
chore(deps): update trufflesecurity/trufflehog action to v3.78.2 2024-06-21 08:12:20 +00:00
Harald Hoyer
df7973c501
chore: cargo update + taplo fmt 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-20 14:00:18 +02:00
renovate[bot]
6e57e4f1c9
chore(deps): update actions/checkout digest to 692973e 2024-06-13 17:10:58 +00:00
Harald Hoyer
7870e08779
ci: fix infra docker push 
s/::/:/g

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-12 15:12:55 +02:00
Harald Hoyer
cfb133bca9
ci: fix and revise docker push strategy 
- containers are not `latest` by default anymore
- `latest` tag is only set on push to main branch
- buildid tag is only set on push to main branch, and
  changed to the infra repo soonish
- added the missing `vault-unseal` and `vault-admin` container

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-12 14:06:27 +02:00
renovate[bot]
8049ae5cf1
chore(deps): update trufflesecurity/trufflehog action to v3.78.1 2024-06-11 19:59:54 +00:00
Harald Hoyer
d0c5950c0e
feat: use nixsgx nix function to create containers 
It refactors the way the SGX containers are built.
This removes all `Dockerfile` and gramine manifest files.
It also enables a single recipe for azure and non-azure variants.

Additionally the `teepot-crate.nix` is now the inherited recipe to
build the rust `teepot` crate.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-06-10 16:32:02 +02:00
renovate[bot]
01fb85ef04
chore(deps): update cachix/install-nix-action action to v27 2024-05-22 12:08:24 +00:00
renovate[bot]
d5b44bae8f
chore(deps): update cachix/cachix-action action to v15 2024-05-22 11:31:25 +00:00
renovate[bot]
8863d4d691
chore(deps): update trufflesecurity/trufflehog action to v3.76.3 2024-05-21 22:33:59 +00:00
renovate[bot]
ea91acadc0
chore(deps): update actions/checkout digest to a5ac7e5 2024-05-21 11:07:53 +00:00
renovate[bot]
dc51edba09
chore(deps): update trufflesecurity/trufflehog action to v3.75.1 2024-05-07 01:09:52 +00:00
renovate[bot]
7cc38a78df
chore(deps): update actions/checkout digest to 0ad4b8f 2024-04-29 09:46:45 +00:00
renovate[bot]
9716eb44a7
chore(deps): update trufflesecurity/trufflehog action to v3.74.0 2024-04-29 09:42:38 +00:00
Harald Hoyer
6dbafa13d9
ci: pin nixci version to the 23.11 release 
Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-04-25 09:38:43 +02:00
renovate[bot]
b0e6ff7c67
chore(deps): update trufflesecurity/trufflehog action to v3.73.0 2024-04-18 12:04:02 +00:00
renovate[bot]
84afb301ff
chore(deps): update trufflesecurity/trufflehog action to v3.71.2 2024-03-28 16:07:07 +00:00
renovate[bot]
8757c91316
chore(deps): update trufflesecurity/trufflehog action to v3.71.1 2024-03-27 16:05:37 +00:00
Harald Hoyer
9e068871c1
ci: remove workflows already in nix check 
reduces time to run the CI.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-27 17:00:50 +01:00
Harald Hoyer
0654bacdb5
ci: use crane flake to build with nix 
This enables to add cargo `fmt`, `clippy` and `deny` to nix, using cached results.

Move the `teepot` crate to the `crates` subdir to make the life easier for
the `crane` flake.

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-11 10:01:59 +01:00
Harald Hoyer
7a427b68c7
ci: use --check for nix fmt 
otherwise the ci job does not fail

Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
 2024-03-08 15:32:38 +01:00
renovate[bot]
373504c581
chore(deps): update trufflesecurity/trufflehog action to v3.69.0 2024-03-08 14:25:47 +00:00
renovate[bot]
a0510ec32d
chore(deps): update cachix/install-nix-action action to v26 2024-03-08 13:31:52 +00:00