From c253241c0a07f4ecfbd642a32b574652819d2ccf Mon Sep 17 00:00:00 2001 From: Javier Salmeron Garcia Date: Tue, 10 Oct 2023 17:14:10 +0200 Subject: [PATCH 1/2] [bitnami/natscli,pinniped-cli] chore: :construction_worker: Add VIB integration Signed-off-by: Javier Salmeron Garcia --- .vib/natscli/goss/goss.yaml | 14 +++++ .vib/natscli/goss/natscli.yaml | 8 +++ .vib/natscli/goss/vars.yaml | 9 ++++ .vib/natscli/vib-verify.json | 66 ++++++++++++++++++++++++ .vib/pinniped-cli/goss/goss.yaml | 14 +++++ .vib/pinniped-cli/goss/pinniped-cli.yaml | 8 +++ .vib/pinniped-cli/goss/vars.yaml | 9 ++++ .vib/pinniped-cli/vib-verify.json | 66 ++++++++++++++++++++++++ 8 files changed, 194 insertions(+) create mode 100644 .vib/natscli/goss/goss.yaml create mode 100644 .vib/natscli/goss/natscli.yaml create mode 100644 .vib/natscli/goss/vars.yaml create mode 100644 .vib/natscli/vib-verify.json create mode 100644 .vib/pinniped-cli/goss/goss.yaml create mode 100644 .vib/pinniped-cli/goss/pinniped-cli.yaml create mode 100644 .vib/pinniped-cli/goss/vars.yaml create mode 100644 .vib/pinniped-cli/vib-verify.json diff --git a/.vib/natscli/goss/goss.yaml b/.vib/natscli/goss/goss.yaml new file mode 100644 index 0000000000000..1d88a455881de --- /dev/null +++ b/.vib/natscli/goss/goss.yaml @@ -0,0 +1,14 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Goss tests exclusive to the current container + ../../natscli/goss/natscli.yaml: {} + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/natscli/goss/natscli.yaml b/.vib/natscli/goss/natscli.yaml new file mode 100644 index 0000000000000..d25a1d6361e37 --- /dev/null +++ b/.vib/natscli/goss/natscli.yaml @@ -0,0 +1,8 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +user: + natscli: + exists: true + uid: 1001 + gid: 0 diff --git a/.vib/natscli/goss/vars.yaml b/.vib/natscli/goss/vars.yaml new file mode 100644 index 0000000000000..1e2241eaa3af8 --- /dev/null +++ b/.vib/natscli/goss/vars.yaml @@ -0,0 +1,9 @@ +binaries: + - nats +root_dir: /opt/bitnami +directories: + - paths: + - /opt/bitnami/natscli +version: + bin_name: nats + flag: --version diff --git a/.vib/natscli/vib-verify.json b/.vib/natscli/vib-verify.json new file mode 100644 index 0000000000000..eb1711c9d34a8 --- /dev/null +++ b/.vib/natscli/vib-verify.json @@ -0,0 +1,66 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": ["linux/amd64", "linux/arm64"] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "natscli/goss/goss.yaml", + "vars_file": "natscli/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-natscli" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "CRITICAL", + "vuln_type": ["OS"] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": ["OS"] + } + } + ] + } + } +} diff --git a/.vib/pinniped-cli/goss/goss.yaml b/.vib/pinniped-cli/goss/goss.yaml new file mode 100644 index 0000000000000..72a0aa580a5ca --- /dev/null +++ b/.vib/pinniped-cli/goss/goss.yaml @@ -0,0 +1,14 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Goss tests exclusive to the current container + ../../pinniped-cli/goss/pinniped-cli.yaml: {} + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/pinniped-cli/goss/pinniped-cli.yaml b/.vib/pinniped-cli/goss/pinniped-cli.yaml new file mode 100644 index 0000000000000..3cebd6629d78c --- /dev/null +++ b/.vib/pinniped-cli/goss/pinniped-cli.yaml @@ -0,0 +1,8 @@ +# Copyright VMware, Inc. +# SPDX-License-Identifier: APACHE-2.0 + +user: + pinniped-cli: + exists: true + uid: 1001 + gid: 0 diff --git a/.vib/pinniped-cli/goss/vars.yaml b/.vib/pinniped-cli/goss/vars.yaml new file mode 100644 index 0000000000000..da7518869fb8b --- /dev/null +++ b/.vib/pinniped-cli/goss/vars.yaml @@ -0,0 +1,9 @@ +binaries: + - pinniped +root_dir: /opt/bitnami +directories: + - paths: + - /opt/bitnami/pinniped-cli +version: + bin_name: pinniped + flag: version diff --git a/.vib/pinniped-cli/vib-verify.json b/.vib/pinniped-cli/vib-verify.json new file mode 100644 index 0000000000000..9100e955f8510 --- /dev/null +++ b/.vib/pinniped-cli/vib-verify.json @@ -0,0 +1,66 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": ["linux/amd64"] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "pinniped-cli/goss/goss.yaml", + "vars_file": "pinniped-cli/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-pinniped-cli" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "CRITICAL", + "vuln_type": ["OS"] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": ["OS"] + } + } + ] + } + } +} From bbc0962d5b4231b3fef4d619521d1cccda454376 Mon Sep 17 00:00:00 2001 From: Javier Salmeron Garcia Date: Tue, 10 Oct 2023 17:19:34 +0200 Subject: [PATCH 2/2] fix: :wrench: Add arm64 in pinniped-cli Signed-off-by: Javier Salmeron Garcia --- .vib/pinniped-cli/vib-verify.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.vib/pinniped-cli/vib-verify.json b/.vib/pinniped-cli/vib-verify.json index 9100e955f8510..a481574bf26d2 100644 --- a/.vib/pinniped-cli/vib-verify.json +++ b/.vib/pinniped-cli/vib-verify.json @@ -18,7 +18,7 @@ "tag": "{VIB_ENV_TAG}" } }, - "architectures": ["linux/amd64"] + "architectures": ["linux/amd64", "linux/arm64"] } }, {