Commits on Jan 12, 2024

1. e2e-test: enable TEE test on self-hosted runners …

   We want to be able to test PRs in a real TEE on self-hosted runners. By
   default the tests are executed in the fork from which the PR is crated.
   The fork does not have the self-hosted runners which provide the TEE. We
   need to run them in the scope of the target repository in a safe fashion
   that prevents untrusted PRs from running arbitrary code on self-hosted
   runners.
   
   This change is modelled after simular workflows in kata and CAA repos.
   
   The matrix-based kbs-e2e workflow has been turned into a reusable
   workflow that is being called by specific TEE workflows. In this PR that
   would be the "sample" and "az-snp-vtpm" TEE.
   
   For a real TEE we follow the following ceremony:
   1) verify whether the PR is authorized to run (a maintainer needs to set
      a label on the PR).
   2) checkout the main branch from the target
   3) rebase the changes from the source atop the main branch (using a
      script copied verbatim from CAA)
   4) archive the resulting HEAD and upload it as artifact
   5) call the re-usable workflow with the required runners param
   6) extract the artifact
   7) run the test
   
   For the sample TEE steps 1-3 are replaced by a simple checkout
   
   Signed-off-by: Magnus Kulke <[email protected]>

   

   mkulke committed Jan 12, 2024
   Configuration menu

   • View commit details
   • Copy full SHA for 54606ce
   • Browse repository at this point

   Copy the full SHA

   54606ce View commit details

   Browse the repository at this point in the history