From 1da9190b1232995889678ff970d28fda4b53a449 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?=
 <jsalmeron@vmware.com>
Date: Thu, 2 Mar 2023 09:43:23 +0100
Subject: [PATCH] [bitnami/fluxcd-*-controller] chore: :wrench: Add VIB
 integration (#25801)

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
---
 .vib/fluxcd-helm-controller/vib-publish.json  | 94 +++++++++++++++++++
 .vib/fluxcd-helm-controller/vib-verify.json   | 53 +++++++++++
 .../vib-publish.json                          | 94 +++++++++++++++++++
 .../vib-verify.json                           | 53 +++++++++++
 .../fluxcd-source-controller/vib-publish.json | 94 +++++++++++++++++++
 .vib/fluxcd-source-controller/vib-verify.json | 53 +++++++++++
 6 files changed, 441 insertions(+)
 create mode 100644 .vib/fluxcd-helm-controller/vib-publish.json
 create mode 100644 .vib/fluxcd-helm-controller/vib-verify.json
 create mode 100644 .vib/fluxcd-kustomize-controller/vib-publish.json
 create mode 100644 .vib/fluxcd-kustomize-controller/vib-verify.json
 create mode 100644 .vib/fluxcd-source-controller/vib-publish.json
 create mode 100644 .vib/fluxcd-source-controller/vib-verify.json

diff --git a/.vib/fluxcd-helm-controller/vib-publish.json b/.vib/fluxcd-helm-controller/vib-publish.json
new file mode 100644
index 000000000000..f58738648055
--- /dev/null
+++ b/.vib/fluxcd-helm-controller/vib-publish.json
@@ -0,0 +1,94 @@
+{
+  "context": {
+    "resources": {
+      "url": "{VIB_ENV_CONTAINER_URL}",
+      "path": "{VIB_ENV_PATH}"
+    }
+  },
+  "phases": {
+    "package": {
+      "actions": [
+        {
+          "action_id": "container-image-package",
+          "params": {
+            "application": {
+              "details": {
+                "name": "{VIB_ENV_CONTAINER}",
+                "tag": "{VIB_ENV_TAG}"
+              }
+            },
+            "architectures": [
+              "linux/amd64",
+              "linux/arm64"
+            ]
+          }
+        },
+        {
+          "action_id": "container-image-lint",
+          "params": {
+            "threshold": "error"
+          }
+        }
+      ]
+    },
+    "verify": {
+      "actions": [
+        {
+          "action_id": "trivy",
+          "params": {
+            "threshold": "CRITICAL",
+            "vuln_type": [
+              "OS"
+            ]
+          }
+        },
+        {
+          "action_id": "grype",
+          "params": {
+            "threshold": "CRITICAL",
+            "package_type": [
+              "OS"
+            ]
+          }
+        },
+        {
+          "action_id": "osspi-application",
+          "params": {
+            "additional_packages_file": "{VIB_ENV_PATH}/osspi-packages.json",
+            "scan_type": "BASE_OS",
+            "osm": {
+              "product_name": "main-catalog-{VIB_ENV_CONTAINER}",
+              "product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container"
+            },
+            "resources": {
+              "url": "{VIB_ENV_PACKAGES_JSON_URL}",
+              "path": "/",
+              "authn": {
+                  "header": "Authorization",
+                  "token": "Bearer {VIB_ENV_GITHUB_TOKEN}"
+                }
+            }
+          }
+        }
+      ]
+    },
+    "publish": {
+      "actions": [
+        {
+          "action_id": "container-image-publish",
+          "params": {
+            "metadata": {
+              "tags": {VIB_ENV_ROLLING_TAGS}
+            },
+            "repository": {
+              "kind": "OCI",
+              "url": "{VIB_ENV_REGISTRY_URL}",
+              "username": "{VIB_ENV_REGISTRY_USERNAME}",
+              "password":  "{VIB_ENV_REGISTRY_PASSWORD}"
+            }
+          }
+        }
+      ]
+    }
+  }
+}
diff --git a/.vib/fluxcd-helm-controller/vib-verify.json b/.vib/fluxcd-helm-controller/vib-verify.json
new file mode 100644
index 000000000000..835cd556e241
--- /dev/null
+++ b/.vib/fluxcd-helm-controller/vib-verify.json
@@ -0,0 +1,53 @@
+{
+  "context": {
+    "resources": {
+      "url": "{SHA_ARCHIVE}",
+      "path": "{VIB_ENV_PATH}"
+    }
+  },
+  "phases": {
+    "package": {
+      "actions": [
+        {
+          "action_id": "container-image-package",
+          "params": {
+            "application": {
+              "details": {
+                "name": "{VIB_ENV_CONTAINER}",
+                "tag": "{VIB_ENV_TAG}"
+              }
+            }
+          }
+        },
+        {
+          "action_id": "container-image-lint",
+          "params": {
+            "threshold": "error"
+          }
+        }
+      ]
+    },
+    "verify": {
+      "actions": [
+        {
+          "action_id": "trivy",
+          "params": {
+            "threshold": "CRITICAL",
+            "vuln_type": [
+              "OS"
+            ]
+          }
+        },
+        {
+          "action_id": "grype",
+          "params": {
+            "threshold": "CRITICAL",
+            "package_type": [
+              "OS"
+            ]
+          }
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/.vib/fluxcd-kustomize-controller/vib-publish.json b/.vib/fluxcd-kustomize-controller/vib-publish.json
new file mode 100644
index 000000000000..f58738648055
--- /dev/null
+++ b/.vib/fluxcd-kustomize-controller/vib-publish.json
@@ -0,0 +1,94 @@
+{
+  "context": {
+    "resources": {
+      "url": "{VIB_ENV_CONTAINER_URL}",
+      "path": "{VIB_ENV_PATH}"
+    }
+  },
+  "phases": {
+    "package": {
+      "actions": [
+        {
+          "action_id": "container-image-package",
+          "params": {
+            "application": {
+              "details": {
+                "name": "{VIB_ENV_CONTAINER}",
+                "tag": "{VIB_ENV_TAG}"
+              }
+            },
+            "architectures": [
+              "linux/amd64",
+              "linux/arm64"
+            ]
+          }
+        },
+        {
+          "action_id": "container-image-lint",
+          "params": {
+            "threshold": "error"
+          }
+        }
+      ]
+    },
+    "verify": {
+      "actions": [
+        {
+          "action_id": "trivy",
+          "params": {
+            "threshold": "CRITICAL",
+            "vuln_type": [
+              "OS"
+            ]
+          }
+        },
+        {
+          "action_id": "grype",
+          "params": {
+            "threshold": "CRITICAL",
+            "package_type": [
+              "OS"
+            ]
+          }
+        },
+        {
+          "action_id": "osspi-application",
+          "params": {
+            "additional_packages_file": "{VIB_ENV_PATH}/osspi-packages.json",
+            "scan_type": "BASE_OS",
+            "osm": {
+              "product_name": "main-catalog-{VIB_ENV_CONTAINER}",
+              "product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container"
+            },
+            "resources": {
+              "url": "{VIB_ENV_PACKAGES_JSON_URL}",
+              "path": "/",
+              "authn": {
+                  "header": "Authorization",
+                  "token": "Bearer {VIB_ENV_GITHUB_TOKEN}"
+                }
+            }
+          }
+        }
+      ]
+    },
+    "publish": {
+      "actions": [
+        {
+          "action_id": "container-image-publish",
+          "params": {
+            "metadata": {
+              "tags": {VIB_ENV_ROLLING_TAGS}
+            },
+            "repository": {
+              "kind": "OCI",
+              "url": "{VIB_ENV_REGISTRY_URL}",
+              "username": "{VIB_ENV_REGISTRY_USERNAME}",
+              "password":  "{VIB_ENV_REGISTRY_PASSWORD}"
+            }
+          }
+        }
+      ]
+    }
+  }
+}
diff --git a/.vib/fluxcd-kustomize-controller/vib-verify.json b/.vib/fluxcd-kustomize-controller/vib-verify.json
new file mode 100644
index 000000000000..835cd556e241
--- /dev/null
+++ b/.vib/fluxcd-kustomize-controller/vib-verify.json
@@ -0,0 +1,53 @@
+{
+  "context": {
+    "resources": {
+      "url": "{SHA_ARCHIVE}",
+      "path": "{VIB_ENV_PATH}"
+    }
+  },
+  "phases": {
+    "package": {
+      "actions": [
+        {
+          "action_id": "container-image-package",
+          "params": {
+            "application": {
+              "details": {
+                "name": "{VIB_ENV_CONTAINER}",
+                "tag": "{VIB_ENV_TAG}"
+              }
+            }
+          }
+        },
+        {
+          "action_id": "container-image-lint",
+          "params": {
+            "threshold": "error"
+          }
+        }
+      ]
+    },
+    "verify": {
+      "actions": [
+        {
+          "action_id": "trivy",
+          "params": {
+            "threshold": "CRITICAL",
+            "vuln_type": [
+              "OS"
+            ]
+          }
+        },
+        {
+          "action_id": "grype",
+          "params": {
+            "threshold": "CRITICAL",
+            "package_type": [
+              "OS"
+            ]
+          }
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/.vib/fluxcd-source-controller/vib-publish.json b/.vib/fluxcd-source-controller/vib-publish.json
new file mode 100644
index 000000000000..f58738648055
--- /dev/null
+++ b/.vib/fluxcd-source-controller/vib-publish.json
@@ -0,0 +1,94 @@
+{
+  "context": {
+    "resources": {
+      "url": "{VIB_ENV_CONTAINER_URL}",
+      "path": "{VIB_ENV_PATH}"
+    }
+  },
+  "phases": {
+    "package": {
+      "actions": [
+        {
+          "action_id": "container-image-package",
+          "params": {
+            "application": {
+              "details": {
+                "name": "{VIB_ENV_CONTAINER}",
+                "tag": "{VIB_ENV_TAG}"
+              }
+            },
+            "architectures": [
+              "linux/amd64",
+              "linux/arm64"
+            ]
+          }
+        },
+        {
+          "action_id": "container-image-lint",
+          "params": {
+            "threshold": "error"
+          }
+        }
+      ]
+    },
+    "verify": {
+      "actions": [
+        {
+          "action_id": "trivy",
+          "params": {
+            "threshold": "CRITICAL",
+            "vuln_type": [
+              "OS"
+            ]
+          }
+        },
+        {
+          "action_id": "grype",
+          "params": {
+            "threshold": "CRITICAL",
+            "package_type": [
+              "OS"
+            ]
+          }
+        },
+        {
+          "action_id": "osspi-application",
+          "params": {
+            "additional_packages_file": "{VIB_ENV_PATH}/osspi-packages.json",
+            "scan_type": "BASE_OS",
+            "osm": {
+              "product_name": "main-catalog-{VIB_ENV_CONTAINER}",
+              "product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container"
+            },
+            "resources": {
+              "url": "{VIB_ENV_PACKAGES_JSON_URL}",
+              "path": "/",
+              "authn": {
+                  "header": "Authorization",
+                  "token": "Bearer {VIB_ENV_GITHUB_TOKEN}"
+                }
+            }
+          }
+        }
+      ]
+    },
+    "publish": {
+      "actions": [
+        {
+          "action_id": "container-image-publish",
+          "params": {
+            "metadata": {
+              "tags": {VIB_ENV_ROLLING_TAGS}
+            },
+            "repository": {
+              "kind": "OCI",
+              "url": "{VIB_ENV_REGISTRY_URL}",
+              "username": "{VIB_ENV_REGISTRY_USERNAME}",
+              "password":  "{VIB_ENV_REGISTRY_PASSWORD}"
+            }
+          }
+        }
+      ]
+    }
+  }
+}
diff --git a/.vib/fluxcd-source-controller/vib-verify.json b/.vib/fluxcd-source-controller/vib-verify.json
new file mode 100644
index 000000000000..835cd556e241
--- /dev/null
+++ b/.vib/fluxcd-source-controller/vib-verify.json
@@ -0,0 +1,53 @@
+{
+  "context": {
+    "resources": {
+      "url": "{SHA_ARCHIVE}",
+      "path": "{VIB_ENV_PATH}"
+    }
+  },
+  "phases": {
+    "package": {
+      "actions": [
+        {
+          "action_id": "container-image-package",
+          "params": {
+            "application": {
+              "details": {
+                "name": "{VIB_ENV_CONTAINER}",
+                "tag": "{VIB_ENV_TAG}"
+              }
+            }
+          }
+        },
+        {
+          "action_id": "container-image-lint",
+          "params": {
+            "threshold": "error"
+          }
+        }
+      ]
+    },
+    "verify": {
+      "actions": [
+        {
+          "action_id": "trivy",
+          "params": {
+            "threshold": "CRITICAL",
+            "vuln_type": [
+              "OS"
+            ]
+          }
+        },
+        {
+          "action_id": "grype",
+          "params": {
+            "threshold": "CRITICAL",
+            "package_type": [
+              "OS"
+            ]
+          }
+        }
+      ]
+    }
+  }
+}
\ No newline at end of file