[bitnami/mlflow] chore: 👷 Add VIB integration (#50293)

* [bitnami/mlflow] chore: 👷 Add VIB integration This PR adds basic goss tests to the MLflow container. Runs: - Common tests - Version test - User tests - MLflow tracking server test Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> * test: ✅ Improve signal handling and permissions In the `mlflow-serve` test, the timeout command must be changed to use SIGINT as `mlflow server` does not behave correctly when using SIGTERM. In the directory tests, the permissions of the `/opt/bitnami/python` folder are more restricted Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com> --------- Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
2026-03-16 06:49:12 +08:00 · 2023-09-29 11:22:32 +02:00
parent 17bd6c4aa1
commit 460c70ac6c
4 changed files with 109 additions and 0 deletions
--- a/.vib/mlflow/goss/goss.yaml
+++ b/.vib/mlflow/goss/goss.yaml
@@ -0,0 +1,14 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+gossfile:
+  # Goss tests exclusive to the current container
+  ../../mlflow/goss/mlflow.yaml: {}
+  # Load scripts from .vib/common/goss/templates
+  ../../common/goss/templates/check-app-version.yaml: {}
+  ../../common/goss/templates/check-binaries.yaml: {}
+  ../../common/goss/templates/check-broken-symlinks.yaml: {}
+  ../../common/goss/templates/check-ca-certs.yaml: {}
+  ../../common/goss/templates/check-directories.yaml: {}
+  ../../common/goss/templates/check-linked-libraries.yaml: {}
+  ../../common/goss/templates/check-spdx.yaml: {}
--- a/.vib/mlflow/goss/mlflow.yaml
+++ b/.vib/mlflow/goss/mlflow.yaml
@@ -0,0 +1,15 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+user:
+  mlflow:
+    exists: true
+    uid: 1001
+    gid: 0
+command:
+  mlflow-serve:
+    exec: cd /app && timeout --signal 2 --preserve-status 5 mlflow server
+    timeout: 10000
+    exit-status: 1
+    stderr:
+      - "Listening at"
--- a/.vib/mlflow/goss/vars.yaml
+++ b/.vib/mlflow/goss/vars.yaml
@@ -0,0 +1,14 @@
+binaries:
+  - python
+  - mlflow
+root_dir: /opt/bitnami
+directories:
+  - mode: "0755"
+    paths:
+      - /opt/bitnami/python
+  - mode: "0775"
+    paths:
+      - /app
+version:
+  bin_name: python
+  flag: "-c 'import mlflow; print(mlflow.__version__)'"
--- a/.vib/mlflow/vib-verify.json
+++ b/.vib/mlflow/vib-verify.json
@@ -0,0 +1,66 @@
+{
+  "context": {
+    "resources": {
+      "url": "{SHA_ARCHIVE}",
+      "path": "{VIB_ENV_PATH}"
+    },
+    "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
+  },
+  "phases": {
+    "package": {
+      "actions": [
+        {
+          "action_id": "container-image-package",
+          "params": {
+            "application": {
+              "details": {
+                "name": "{VIB_ENV_CONTAINER}",
+                "tag": "{VIB_ENV_TAG}"
+              }
+            },
+            "architectures": ["linux/amd64", "linux/arm64"]
+          }
+        },
+        {
+          "action_id": "container-image-lint",
+          "params": {
+            "threshold": "error"
+          }
+        }
+      ]
+    },
+    "verify": {
+      "actions": [
+        {
+          "action_id": "goss",
+          "params": {
+            "resources": {
+              "path": "/.vib"
+            },
+            "tests_file": "mlflow/goss/goss.yaml",
+            "vars_file": "mlflow/goss/vars.yaml",
+            "remote": {
+              "pod": {
+                "workload": "deploy-mlflow"
+              }
+            }
+          }
+        },
+        {
+          "action_id": "trivy",
+          "params": {
+            "threshold": "CRITICAL",
+            "vuln_type": ["OS"]
+          }
+        },
+        {
+          "action_id": "grype",
+          "params": {
+            "threshold": "CRITICAL",
+            "package_type": ["OS"]
+          }
+        }
+      ]
+    }
+  }
+}