Skip to content

Add terragrunt cfg for OmniGCP#343

Merged
AlCutter merged 3 commits into
transparency-dev:mainfrom
AlCutter:omnigcp_on_distributor
Aug 21, 2025
Merged

Add terragrunt cfg for OmniGCP#343
AlCutter merged 3 commits into
transparency-dev:mainfrom
AlCutter:omnigcp_on_distributor

Conversation

@AlCutter
Copy link
Copy Markdown
Contributor

@AlCutter AlCutter commented Aug 20, 2025

This PR adds:

  • A cloud build trigger for building the OmniGCP docker image from the witness repo.
  • A witness terraform module and terragrunt configs for spinning it up in dev.

Towards transparency-dev/witness#386.

@AlCutter AlCutter requested a review from mhutchinson August 20, 2025 18:58
@AlCutter AlCutter added the enhancement New feature or request label Aug 20, 2025
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented Aug 20, 2025

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (main@67cdc72). Learn more about missing BASE report.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #343   +/-   ##
=======================================
  Coverage        ?   30.12%           
=======================================
  Files           ?        8           
  Lines           ?      664           
  Branches        ?        0           
=======================================
  Hits            ?      200           
  Misses          ?      437           
  Partials        ?       27

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

mhutchinson
mhutchinson reviewed Aug 21, 2025
View reviewed changes
Comment thread deployment/live/witness/README.md Outdated
gcloud auth, e.g. CloudShell.
The example command below will generate a public and private note key-pair, using the provided
witness name, and will use those to create and populate the initial version of two Secret Manager
secrets called `witness_public_XXX` and `witness_secret_XXX` respectively, where XXX is the name
Copy link
Copy Markdown
Contributor

@mhutchinson mhutchinson Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have code to generate the public key from the private key, and you referenced this in some docs the other day. Did something change that means the public key is now needed here?

Copy link
Copy Markdown
Contributor Author

@AlCutter AlCutter Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You're right, and I think that's almost always going to be the right answer for recovering the public key in a code setting - and indeed in the first cut of this I dide just throw that line away.

However, I was then thinking about what happens next once someone's spun this up: they need to share the URL and identity with the world, at which point it's less of a technical issue and more just "convenience"; we already have the public key right here, so let's just print it out for the operator to just cut'n'paste. Then I figured that it's just as easy to pop it into somewhere durable so there's no stress if they mess up/forget to do the copy.

The alternative would be to have the omniwitness log the public key into its debug logging, which is fine but then we're asking the opr to go scrobbling in the log vs just storing it in a convenient location.

mhutchinson
mhutchinson reviewed Aug 21, 2025
View reviewed changes
Comment thread deployment/modules/witness/main.tf Outdated
@AlCutter AlCutter force-pushed the omnigcp_on_distributor branch 2 times, most recently from b515f6a to fdb7d4d Compare August 21, 2025 09:36
@AlCutter AlCutter force-pushed the omnigcp_on_distributor branch from fdb7d4d to 13feeed Compare August 21, 2025 09:36
@AlCutter AlCutter merged commit 6e3203a into transparency-dev:main Aug 21, 2025
7 checks passed
@AlCutter AlCutter deleted the omnigcp_on_distributor branch August 21, 2025 09:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mhutchinson mhutchinson mhutchinson approved these changes

Assignees

@mhutchinson mhutchinson

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@AlCutter @codecov-commenter @mhutchinson