[bitnami/notation] Add tests for notation

Signed-off-by: sfelipe <[email protected]>
bitnami · Oct 16, 2023 · a33c95a · a33c95a
1 parent ebc916e
commit a33c95a
Show file tree

Hide file tree

Showing 4 changed files with 100 additions and 0 deletions.
diff --git a/.vib/notation/goss/goss.yaml b/.vib/notation/goss/goss.yaml
@@ -0,0 +1,14 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+gossfile:
+  # Goss tests exclusive to the current container
+  ../../notation/goss/notation.yaml: {}
+  # Load scripts from .vib/common/goss/templates
+  ../../common/goss/templates/check-app-version.yaml: {}
+  ../../common/goss/templates/check-binaries.yaml: {}
+  ../../common/goss/templates/check-broken-symlinks.yaml: {}
+  ../../common/goss/templates/check-ca-certs.yaml: {}
+  ../../common/goss/templates/check-linked-libraries.yaml: {}
+  ../../common/goss/templates/check-sed-in-place.yaml: {}
+  ../../common/goss/templates/check-spdx.yaml: {}
diff --git a/.vib/notation/goss/notation.yaml b/.vib/notation/goss/notation.yaml
@@ -0,0 +1,7 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+command:
+  generate-test-key:
+    exec: notation cert generate-test --default "wabbit-networks.io"
+    exit-status: 0
diff --git a/.vib/notation/goss/vars.yaml b/.vib/notation/goss/vars.yaml
@@ -0,0 +1,6 @@
+binaries:
+  - notation
+root_dir: /opt/bitnami
+version:
+  bin_name: notation
+  flag: version
diff --git a/.vib/notation/vib-verify.json b/.vib/notation/vib-verify.json
@@ -0,0 +1,73 @@
+{
+  "context": {
+    "resources": {
+      "url": "{SHA_ARCHIVE}",
+      "path": "{VIB_ENV_PATH}"
+    },
+    "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
+  },
+  "phases": {
+    "package": {
+      "actions": [
+        {
+          "action_id": "container-image-package",
+          "params": {
+            "application": {
+              "details": {
+                "name": "{VIB_ENV_CONTAINER}",
+                "tag": "{VIB_ENV_TAG}"
+              }
+            },
+            "architectures": [
+              "linux/amd64",
+              "linux/arm64"
+            ]
+          }
+        },
+        {
+          "action_id": "container-image-lint",
+          "params": {
+            "threshold": "error"
+          }
+        }
+      ]
+    },
+    "verify": {
+      "actions": [
+        {
+          "action_id": "goss",
+          "params": {
+            "resources": {
+              "path": "/.vib"
+            },
+            "tests_file": "notation/goss/goss.yaml",
+            "vars_file": "notation/goss/vars.yaml",
+            "remote": {
+              "pod": {
+                "workload": "deploy-notation"
+              }
+            }
+          }
+        },
+        {
+          "action_id": "trivy",
+          "params": {
+            "threshold": "CRITICAL",
+            "vuln_type": [
+              "OS"
+            ]
+          }
+        },
+        {
+          "action_id": "grype",
+          "params": {
+            "threshold": "CRITICAL",
+            "package_type": [
+              "OS"
+            ]
+          }
+        }
+      ]
+    }
+  }
+}