Bitnami/containers
2
0
Fork 0
mirror of https://github.com/bitnami/containers.git synced 2026-02-09 18:57:39 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/*] Remove public .vib folder (#87285)

Browse Source 
* [bitnami/*] Remove public .vib folder
* Remove VIB verification from public repository
* Remove verification-summary job

---------

Signed-off-by: Jota Martos <jota.martos@broadcom.com>
This commit is contained in:
Juan José Martos
2025-10-29 09:58:05 +01:00
committed by GitHub
parent 4f87e44a6f
commit 5f19e31040
1026 changed files with 0 additions and 30630 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
.github/workflows/ci-pipeline.yml vendored
View File

@@ -83,126 +83,6 @@ jobs:
- name: Check license Headers
uses: apache/skywalking-eyes/header@61275cc80d0798a405cb070f7d3a8aaf7cf2c2c1
if: ${{ steps.get-modified-files.outputs.result == 'success' }}
vib-verify:
runs-on: ubuntu-latest
needs: get-containers
# Automatic PRs do not need to be re-tested in GitHub
if: |
needs.get-containers.outputs.result == 'ok' &&
github.event.pull_request.user.login != 'bitnami-bot'
name: VIB Verify
permissions:
contents: read
env:
CSP_API_URL: https://console.tanzu.broadcom.com
CSP_API_TOKEN: ${{ secrets.CSP_API_TOKEN }}
VIB_PUBLIC_URL: https://cp.app-catalog.vmware.com
continue-on-error: false
strategy:
fail-fast: false
max-parallel: 2
matrix:
container: ${{ fromJSON(needs.get-containers.outputs.containers) }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
name: Checkout Repository
with:
# Full history is not required anymore
fetch-depth: 1
# labeled events trigger the event with the latest commit in main
ref: ${{ github.event.pull_request.head.ref }}
repository: ${{ github.event.pull_request.head.repo.full_name }}
- id: get-container-metadata
name: Get image tag and container name
run: |
if [[ -d "${{ matrix.container }}" ]]; then
name="$(echo "${{ matrix.container }}" | awk -F '/' '{print $2}')"
branch="$(echo "${{ matrix.container }}" | awk -F '/' '{print $3}')"
tag=""
if [[ "${{ github.event.pull_request.user.login }}" == "bitnami-bot" ]]; then
tag="$(grep -oE "org.opencontainers.image.ref.name=\".+\"" ${{ matrix.container }}/Dockerfile | sed -nr "s|org.opencontainers.image.ref.name=\"(.+)\"|\1|p")"
else
# Build a tag based on current RUN number
tag="$(echo "${{ matrix.container }}" | awk -F '/' -v run_number="${GITHUB_RUN_NUMBER}" '{printf "%s-rc.%s", $3, run_number}')"
fi
if [[ -z "${tag}" ]]; then
echo "No tag found for: ${{ matrix.container }}"
exit 1
else
dsl_path="${name}"
if [[ -d ".vib/${dsl_path}/${branch}" ]]; then
dsl_path="${dsl_path}/${branch}"
fi
echo "tag=${tag}" >> $GITHUB_OUTPUT
echo "name=${name}" >> $GITHUB_OUTPUT
echo "dsl_path=${dsl_path}" >> $GITHUB_OUTPUT
echo "result=ok" >> $GITHUB_OUTPUT
fi
else
# Container folder doesn't exists we are assuming a deprecation
echo "result=skip" >> $GITHUB_OUTPUT
fi
- uses: vmware-labs/vmware-image-builder-action@v0
name: Verify
if: ${{ steps.get-container-metadata.outputs.result == 'ok' }}
with:
pipeline: ${{ steps.get-container-metadata.outputs.dsl_path }}/vib-verify.json
env:
# Path with docker resources
VIB_ENV_PATH: ${{ matrix.container }}
# Container name
VIB_ENV_CONTAINER: ${{ steps.get-container-metadata.outputs.name }}
VIB_ENV_TAG: ${{ steps.get-container-metadata.outputs.tag }}
verification-summary:
# Ensure all containers passed the verification
runs-on: ubuntu-latest
name: Check Matrix Outcome
permissions:
statuses: write
needs:
- get-containers
- vib-verify
outputs:
result: ${{ steps.get-status.outputs.result }}
if: ${{ always() && github.event.pull_request.user.login != 'bitnami-bot' }}
steps:
- id: get-status
name: Check Status
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd
with:
result-encoding: string
script: |
state = 'success'
description = 'Well done! Everything looks good. Please wait for the Bitnami Team review.'
if ("${{ needs.get-containers.result }}" != "success" ) {
description = "If you've just created this PR, don't worry about this message. The Bitnami Team has to review it and make the verification possible."
core.warning(description)
state = 'pending'
} else if ("${{ needs.get-containers.outputs.result }}" == "skip" ) {
description = "It seems these changes don't involve any container"
core.warning(description)
} else if ("${{ needs.vib-verify.result }}" != "success" ) {
description = "Please review previous jobs to get more information"
core.error(description)
state = 'error'
} else {
core.notice(description)
}
try {
await github.rest.repos.createCommitStatus({
context: `${context.workflow} / Verification Summary (${context.eventName})`,
owner: context.payload.repository.owner.login,
repo: context.payload.repository.name,
sha: context.payload.pull_request.head.sha,
target_url: `${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}`,
description: description,
state: state
})
core.info(`Updated build status: ${state}`)
} catch (error) {
core.setFailed(error.message)
}
return state
auto-pr-review:
runs-on: ubuntu-latest
name: Reviewal for automated PRs

7
.vib/acmesolver/goss/acmesolver.yaml
View File

@@ -1,7 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
check-app-run:
exec: acmesolver -h
exit-status: 0

13
.vib/acmesolver/goss/goss.yaml
View File

@@ -1,13 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../acmesolver/goss/acmesolver.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

3
.vib/acmesolver/goss/vars.yaml
View File

@@ -1,3 +0,0 @@
binaries:
- acmesolver
root_dir: /opt/bitnami

73
.vib/acmesolver/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "80MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "acmesolver/goss/goss.yaml",
"vars_file": "acmesolver/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-acmesolver"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

27
.vib/airflow/goss/airflow.yaml
View File

@@ -1,27 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
check-airflow-home:
timeout: 30000
exec: airflow info | grep airflow_home
exit-status: 0
stdout:
- {{ .Env.AIRFLOW_HOME }}
check-airflow-on-path:
timeout: 30000
exec: airflow info | grep airflow_on_path
exit-status: 0
stdout:
- "True"
check-subpackages:
# Check python packages that should have been installed
exec: . /opt/bitnami/airflow/venv/bin/activate && pip list
exit-status: 0
stdout:
{{ range $subpackage := .Vars.subpackages }}
- "{{ $subpackage }}"
{{ end }}
file:
/opt/bitnami/airflow/venv/lib/python3.9/site-packages/airflow/www/node_modules:
exists: false

15
.vib/airflow/goss/goss.yaml
View File

@@ -1,15 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../airflow/goss/airflow.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

38
.vib/airflow/goss/vars.yaml
View File

@@ -1,38 +0,0 @@
binaries:
- airflow
- ini-file
- python
- wait-for-port
linked_libraries:
exclude_paths:
# Ignore python venv executable scripts
- /opt/bitnami/airflow/venv/.*
sed_in_place:
exclude_paths:
# Ignore python venv executable scripts
- /opt/bitnami/airflow/venv/.*
directories:
- mode: "0775"
paths:
- /opt/bitnami/airflow
- /opt/bitnami/airflow/dags
- /opt/bitnami/airflow/logs
- /opt/bitnami/airflow/logs/scheduler
- /opt/bitnami/airflow/tmp
root_dir: /opt/bitnami
version:
bin_name: airflow
flag: version
timeout: 30000
subpackages:
- amazon
- celery
- docker
- elasticsearch
- google
- hashicorp
- ldap
- mysql
- postgres
- redis
- statsd

74
.vib/airflow/vib-verify.json
View File

@@ -1,74 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"timeout_minutes": 50,
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "790MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "airflow/goss/goss.yaml",
"vars_file": "airflow/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-airflow"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

7
.vib/alertmanager/goss/alertmanager.yaml
View File

@@ -1,7 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
check-app-run:
exec: timeout --preserve-status 5 /opt/bitnami/alertmanager/bin/alertmanager --config.file=/opt/bitnami/alertmanager/conf/config.yml --storage.path=/opt/bitnami/alertmanager/data
exit-status: 0

14
.vib/alertmanager/goss/goss.yaml
View File

@@ -1,14 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../alertmanager/goss/alertmanager.yaml: { }
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

7
.vib/alertmanager/goss/vars.yaml
View File

@@ -1,7 +0,0 @@
binaries:
- alertmanager
- amtool
version:
bin_name: alertmanager
flag: --version
root_dir: /opt/bitnami

73
.vib/alertmanager/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "95MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "alertmanager/goss/goss.yaml",
"vars_file": "alertmanager/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-alertmanager"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

10
.vib/apache-exporter/goss/apache-exporter.yaml
View File

@@ -1,10 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
check-apache-exporter-run:
exec: timeout --preserve-status 5 apache_exporter
timeout: 8000
exit-status: 0
stderr:
- "Starting apache_exporter"

13
.vib/apache-exporter/goss/goss.yaml
View File

@@ -1,13 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../apache-exporter/goss/apache-exporter.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

6
.vib/apache-exporter/goss/vars.yaml
View File

@@ -1,6 +0,0 @@
binaries:
- apache_exporter
root_dir: /opt/bitnami
version:
bin_name: apache_exporter
flag: --version

73
.vib/apache-exporter/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "70MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "apache-exporter/goss/goss.yaml",
"vars_file": "apache-exporter/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-apache-exporter"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

51
.vib/apache/goss/apache.yaml
View File

@@ -1,51 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
# There are no syntax error in the configuration
check-configuration:
exec: apachectl -t
exit-status: 0
# Check explicitly enabled and disabled modules
check-loaded-modules:
exec: apachectl -M
exit-status: 0
stdout:
{{ range $module := .Vars.modules.loaded }}
- "{{ $module }}_module"
{{ end }}
{{ range $module := .Vars.modules.disabled }}
- "!{{ $module }}_module"
{{ end }}
file:
# Main Apache config file includes other config files
/opt/bitnami/apache/conf/httpd.conf:
exists: true
filetype: file
contents:
- /^Include.*/opt/bitnami/apache/conf/bitnami/bitnami.conf/
- /^Include.*/opt/bitnami/apache/conf/vhosts/\*.conf/
- /^Include.*/opt/bitnami/apache/conf/deflate.conf/
# Main Bitnami config file was correctly generated
/opt/bitnami/apache/conf/bitnami/bitnami.conf:
exists: true
filetype: file
contents:
- /DocumentRoot.*/opt/bitnami/apache/htdocs/
# Main Bitnami ssl config file was correctly generated
/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf:
exists: true
filetype: file
contents:
- "SSLProtocol all -SSLv2 -SSLv3"
- /SSLCertificateFile.*bitnami/certs/tls.crt/
- /SSLCertificateKeyFile.*bitnami/certs/tls.key/
# CGI folder has been removed, as recommended by Apache
/opt/bitnami/apache/cgi-bin:
exists: false
# Compiled disabled modules should have been generated
{{ range $module := .Vars.modules.extra }}
/opt/bitnami/apache/modules/mod_{{ $module }}.so:
exists: true
filetype: file
{{ end }}

16
.vib/apache/goss/goss.yaml
View File

@@ -1,16 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../apache/goss/apache.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-files.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

49
.vib/apache/goss/vars.yaml
View File

@@ -1,49 +0,0 @@
binaries:
- httpd
- render-template
files:
- paths:
- /opt/bitnami/apache/conf/modsecurity.conf
- /opt/bitnami/apache/conf/unicode.mapping
directories:
- mode: "0775"
paths:
- /opt/bitnami/apache/var/run
- /opt/bitnami/apache/conf
- /opt/bitnami/apache/logs
- /opt/bitnami/apache/conf/vhosts
- /opt/bitnami/apache/conf/vhosts/htaccess
- /opt/bitnami/apache/htdocs
modules:
loaded:
# Explicitly enabled in postunpack
- deflate
- negotiation
- proxy
- proxy_http
- rewrite
- slotmem_shm
- socache_shmcb
- ssl
- status
- version
# Explicitly set at compilation time
- mpm_prefork
disabled:
# Explicitly disabled in postunpack
- http2
- proxy_hcheck
- proxy_html
extra:
# Not enabled, but compiled
- mpm_event
- mpm_prefork
- mpm_worker
- http2
- ldap
- authnz_ldap
- security3
root_dir: /opt/bitnami
version:
bin_name: apachectl
flag: -v

73
.vib/apache/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "105MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "apache/goss/goss.yaml",
"vars_file": "apache/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-apache"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

13
.vib/apisix-dashboard/goss/goss.yaml
View File

@@ -1,13 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

10
.vib/apisix-dashboard/goss/vars.yaml
View File

@@ -1,10 +0,0 @@
binaries:
- manager-api
directories:
- mode: "0775"
paths:
- /opt/bitnami/apisix-dashboard/logs
root_dir: /opt/bitnami
version:
bin_name: manager-api
flag: version

73
.vib/apisix-dashboard/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "110MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "apisix-dashboard/goss/goss.yaml",
"vars_file": "apisix-dashboard/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-apisix-dashboard"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

12
.vib/apisix-ingress-controller/goss/goss.yaml
View File

@@ -1,12 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

6
.vib/apisix-ingress-controller/goss/vars.yaml
View File

@@ -1,6 +0,0 @@
binaries:
- apisix-ingress-controller
root_dir: /opt/bitnami
version:
bin_name: apisix-ingress-controller
flag: -v

73
.vib/apisix-ingress-controller/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "90MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "apisix-ingress-controller/goss/goss.yaml",
"vars_file": "apisix-ingress-controller/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-apisix-ingress-controller"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

13
.vib/apisix/goss/goss.yaml
View File

@@ -1,13 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

13
.vib/apisix/goss/vars.yaml
View File

@@ -1,13 +0,0 @@
binaries:
- apisix
directories:
- mode: "0775"
paths:
- /opt/bitnami/apisix/conf
# APISIX hardcodes its home to /usr/local/apisix
- /usr/local/apisix/logs
- /usr/local/apisix
root_dir: /opt/bitnami
version:
bin_name: apisix
flag: version

73
.vib/apisix/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "105MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "apisix/goss/goss.yaml",
"vars_file": "apisix/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-apisix"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

33
.vib/appsmith/goss/appsmith.yaml
View File

@@ -1,33 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
file:
/opt/appsmith:
exists: true
filetype: symlink
linked-to: /opt/bitnami/appsmith
/opt/bitnami/appsmith/templates/docker.env.sh:
exists: true
filetype: file
contents:
- /cat.*EOF/
- "APPSMITH_SUPERVISOR_USER"
command:
check-server-init:
exec: java -jar /opt/bitnami/appsmith/backend/server.jar
exit-status: 1
timeout: 30000
stdout:
- "{{ .Env.APP_VERSION }}"
- "Starting ServerApplication"
check-rts-init:
exec: cd /opt/appsmith/rts/bundle && timeout --preserve-status 5s node server.js || true
exit-status: 0
stdout:
- "RTS version v{{ .Env.APP_VERSION }} running"
group:
appsmith:
exists: true
user:
appsmith:
exists: true

15
.vib/appsmith/goss/goss.yaml
View File

@@ -1,15 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../appsmith/goss/appsmith.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-files.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

32
.vib/appsmith/goss/vars.yaml
View File

@@ -1,32 +0,0 @@
binaries:
- java
- mongosh
- nginx
- node
- python
- render-template
directories:
- mode: "0775"
paths:
- /bitnami/appsmith
- /opt/bitnami/appsmith/conf
- /opt/bitnami/appsmith/logs
- /opt/bitnami/appsmith/tmp
- paths:
- /opt/bitnami/appsmith/backend/plugins
- /opt/bitnami/appsmith/editor
- /opt/bitnami/appsmith/templates/client
files:
- mode: "0664"
paths:
- /opt/bitnami/appsmith/conf/docker.env
- paths:
- /opt/bitnami/appsmith/editor/index.html
- /opt/bitnami/appsmith/backend/server.jar
- /opt/bitnami/appsmith/rts/package.json
linked_libraries:
timeout: 45000
sed_in_place:
exclude_paths:
- /opt/bitnami/appsmith/rts/node_modules
root_dir: /opt/bitnami

73
.vib/appsmith/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "1GB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
},
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "appsmith/goss/goss.yaml",
"vars_file": "appsmith/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-appsmith"
}
}
}
}
]
}
}
}

12
.vib/arangodb/goss/goss.yaml
View File

@@ -1,12 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

16
.vib/arangodb/goss/vars.yaml
View File

@@ -1,16 +0,0 @@
binaries:
- arangod
- arangobench
- arangodump
- arangoexport
- arangoimport
- arangorestore
- arangosh
- arangovpack
root_dir: /opt/bitnami
directories:
- paths:
- /opt/bitnami/arangodb
version:
bin_name: arangod
flag: --version

73
.vib/arangodb/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "160MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "arangodb/goss/goss.yaml",
"vars_file": "arangodb/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-arangodb"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

19
.vib/argo-cd/goss/argo-cd.yaml
View File

@@ -1,19 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
check-app-version:
# argocd version exits with exit code 1
exec: argocd version
exit-status: 1
stdout:
- "{{ .Env.APP_VERSION }}"
file:
/opt/bitnami/argo-cd/bin/argocd-server:
exists: true
filetype: symlink
linked-to: "/opt/bitnami/argo-cd/bin/argocd"
/opt/bitnami/argo-cd/bin/argocd-util:
exists: true
filetype: symlink
linked-to: "/opt/bitnami/argo-cd/bin/argocd"

14
.vib/argo-cd/goss/goss.yaml
View File

@@ -1,14 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../argo-cd/goss/argo-cd.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

18
.vib/argo-cd/goss/vars.yaml
View File

@@ -1,18 +0,0 @@
binaries:
- argocd
- argocd-server
- argocd-util
directories:
- paths:
- /.argocd
- /app/config/gpg/keys
- /app/config/gpg/source
- /bitnami/argocd
mode: "0775"
- paths:
- /opt/bitnami/argo-cd/bin
root_dir: /opt/bitnami
sed_in_place:
exclude_paths:
# Ignore hack directory (not bitnami-related)
- /opt/bitnami/argo-cd/hack

73
.vib/argo-cd/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "250MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "argo-cd/goss/goss.yaml",
"vars_file": "argo-cd/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-argo-cd"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

9
.vib/argo-workflow-cli/goss/argo-workflow-cli.yaml
View File

@@ -1,9 +0,0 @@
command:
check-argo-help:
exec:
- argo
- --help
exit-status: 0
stdout:
- "Usage:"
- "argo [flags]"

10
.vib/argo-workflow-cli/goss/goss.yaml
View File

@@ -1,10 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../argo-workflow-cli/goss/argo-workflow-cli.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version-no-shell-stdout.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-files.yaml: {}

10
.vib/argo-workflow-cli/goss/vars.yaml
View File

@@ -1,10 +0,0 @@
files:
- mode: "0644"
paths:
- /opt/bitnami/argo-workflows/.spdx-argo-workflows.spdx
- mode: "0755"
paths:
- /opt/bitnami/argo-workflows/bin/argo
version:
bin_name: argo
flag: version

73
.vib/argo-workflow-cli/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyIvc2hhcmVkL2J1c3lib3giLCAic2xlZXAiLCAiMzYwMCJdCg=="
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "60MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "argo-workflow-cli/goss/goss.yaml",
"vars_file": "argo-workflow-cli/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-argo-workflow-cli"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

9
.vib/argo-workflow-controller/goss/argo-workflow-controller.yaml
View File

@@ -1,9 +0,0 @@
command:
check-workflow-controller-help:
exec:
- workflow-controller
- --help
exit-status: 0
stdout:
- "Usage:"
- "workflow-controller [flags]"

10
.vib/argo-workflow-controller/goss/goss.yaml
View File

@@ -1,10 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../argo-workflow-controller/goss/argo-workflow-controller.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version-no-shell-stdout.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-files.yaml: {}

10
.vib/argo-workflow-controller/goss/vars.yaml
View File

@@ -1,10 +0,0 @@
files:
- mode: "0644"
paths:
- /opt/bitnami/argo-workflow-controller/.spdx-argo-workflow-controller.spdx
- mode: "0755"
paths:
- /opt/bitnami/argo-workflow-controller/bin/workflow-controller
version:
bin_name: workflow-controller
flag: version

73
.vib/argo-workflow-controller/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyIvc2hhcmVkL2J1c3lib3giLCAic2xlZXAiLCAiMzYwMCJdCg=="
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "35MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "argo-workflow-controller/goss/goss.yaml",
"vars_file": "argo-workflow-controller/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-argo-workflow-controller"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

7
.vib/argo-workflow-exec/goss/argo-workflow-exec.yaml
View File

@@ -1,7 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
directory:
/opt/bitnami/argo-workflow-exec/hack/git:
exists: false

15
.vib/argo-workflow-exec/goss/goss.yaml
View File

@@ -1,15 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../argo-workflow-exec/goss/argo-workflow-exec.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

18
.vib/argo-workflow-exec/goss/vars.yaml
View File

@@ -1,18 +0,0 @@
binaries:
- argoexec
- kubectl
directories:
- paths:
- /etc/ssh
- /opt/bitnami/argo-workflow-exec/hack
files:
- paths:
- /etc/ssh/ssh_known_hosts
- /etc/nsswitch.conf
root_dir: /opt/bitnami
version:
bin_name: argoexec
flag: version
sed_in_place:
exclude_paths:
- /opt/bitnami/argo-workflow-exec/hack/copy-readme.sh

73
.vib/argo-workflow-exec/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "150MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "argo-workflow-exec/goss/goss.yaml",
"vars_file": "argo-workflow-exec/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-argo-workflow-exec"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

15
.vib/aspnet-core/goss/aspnet-core.yaml
View File

@@ -1,15 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
check-bin-caps:
exec: getcap /opt/bitnami/aspnet-core/bin/dotnet
stdout:
- /{{ .Vars.binary.capabilities }}/
exit-status: 0
check-installed-runtimes:
exec: dotnet --list-runtimes
stdout:
- "AspNetCore.App {{ .Env.APP_VERSION }}"
- "NETCore.App {{ .Env.APP_VERSION }}"
exit-status: 0

15
.vib/aspnet-core/goss/goss.yaml
View File

@@ -1,15 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../aspnet-core/goss/aspnet-core.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

17
.vib/aspnet-core/goss/vars.yaml
View File

@@ -1,17 +0,0 @@
binaries:
- dotnet
directories:
- paths:
- /app
mode: "0775"
- paths:
- /opt/bitnami/aspnet-core/bin/host
- /opt/bitnami/aspnet-core/bin/shared
root_dir: /opt/bitnami
linked_libraries:
exclude_paths: .*\/Microsoft.NETCore.App/.*\/libcoreclrtraceptprovider.so
version:
bin_name: dotnet
flag: --info
binary:
capabilities: cap_net_bind_service[+=]eip

72
.vib/aspnet-core/vib-verify.json
View File

@@ -1,72 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64"
]
},
"size_thresholds": [
{
"size": "190MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "aspnet-core/goss/goss.yaml",
"vars_file": "aspnet-core/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-aspnet-core"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

25
.vib/attu/goss/attu.yaml
View File

@@ -1,25 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
user:
attu:
exists: true
uid: 1001
gid: 0
file:
/app:
exists: true
filetype: symlink
linked-to: /opt/bitnami/attu
command:
attu-command-available:
exec: cd /opt/bitnami/attu; npm run
exit-status: 0
stdout:
- "start:prod"
run-attu:
exec: cd /opt/bitnami/attu; timeout --preserve-status 5 yarn start:prod || true
timeout: 8000
exit-status: 0
stdout:
- "Attu server started"

15
.vib/attu/goss/goss.yaml
View File

@@ -1,15 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../attu/goss/attu.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

13
.vib/attu/goss/vars.yaml
View File

@@ -1,13 +0,0 @@
binaries:
- node
- yarn
- npm
root_dir: /opt/bitnami
directories:
- paths:
# Paths to the client and server directories
- /opt/bitnami/attu/dist
- /opt/bitnami/attu/build
version:
bin_name: cd /opt/bitnami/attu; npm
flag: list /opt/bitnami/attu || true

73
.vib/attu/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "235MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "attu/goss/goss.yaml",
"vars_file": "attu/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-attu"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

7
.vib/aws-cli/goss/aws-cli.yaml
View File

@@ -1,7 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
check-python-module:
exec: /opt/bitnami/aws-cli/venv/bin/python -c 'import awscli'
exit-status: 0

14
.vib/aws-cli/goss/goss.yaml
View File

@@ -1,14 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../aws-cli/goss/aws-cli.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

7
.vib/aws-cli/goss/vars.yaml
View File

@@ -1,7 +0,0 @@
binaries:
- aws
- python
root_dir: /opt/bitnami
version:
bin_name: aws
flag: --version

73
.vib/aws-cli/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "200MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "aws-cli/goss/goss.yaml",
"vars_file": "aws-cli/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-aws-cli"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

7
.vib/azure-cli/goss/azure-cli.yaml
View File

@@ -1,7 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
check-python-module:
exec: /opt/bitnami/azure-cli/venv/bin/python -c 'import azure.cli'
exit-status: 0

14
.vib/azure-cli/goss/goss.yaml
View File

@@ -1,14 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../azure-cli/goss/azure-cli.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

7
.vib/azure-cli/goss/vars.yaml
View File

@@ -1,7 +0,0 @@
binaries:
- az
- python
root_dir: /opt/bitnami
version:
bin_name: az
flag: --version

73
.vib/azure-cli/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "285MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "azure-cli/goss/goss.yaml",
"vars_file": "azure-cli/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-azure-cli"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

12
.vib/blackbox-exporter/goss/blackbox-exporter.yaml
View File

@@ -1,12 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
check-blackbox-exporter-run:
exec: cd /opt/bitnami/blackbox-exporter && timeout --preserve-status 5 blackbox_exporter
timeout: 8000
exit-status: 0
stderr:
- "Starting blackbox_exporter"
- "Loaded config file"
- "Listening on"

14
.vib/blackbox-exporter/goss/goss.yaml
View File

@@ -1,14 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../blackbox-exporter/goss/blackbox-exporter.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

6
.vib/blackbox-exporter/goss/vars.yaml
View File

@@ -1,6 +0,0 @@
binaries:
- blackbox_exporter
root_dir: /opt/bitnami
version:
bin_name: blackbox_exporter
flag: --version

73
.vib/blackbox-exporter/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "80MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "blackbox-exporter/goss/goss.yaml",
"vars_file": "blackbox-exporter/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-blackbox-exporter"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

12
.vib/cadvisor/goss/goss.yaml
View File

@@ -1,12 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

9
.vib/cadvisor/goss/vars.yaml
View File

@@ -1,9 +0,0 @@
binaries:
- cadvisor
root_dir: /opt/bitnami
directories:
- paths:
- /opt/bitnami/cadvisor
version:
bin_name: cadvisor
flag: -version

73
.vib/cadvisor/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "85MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "cadvisor/goss/goss.yaml",
"vars_file": "cadvisor/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-cadvisor"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

7
.vib/cainjector/goss/cainjector.yaml
View File

@@ -1,7 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
check-cainjector:
exec: /opt/bitnami/cainjector/bin/cainjector --help
exit-status: 0

14
.vib/cainjector/goss/goss.yaml
View File

@@ -1,14 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../cainjector/goss/cainjector.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

6
.vib/cainjector/goss/vars.yaml
View File

@@ -1,6 +0,0 @@
binaries:
- cainjector
directories:
- paths:
- /opt/bitnami/cainjector
root_dir: /opt/bitnami

73
.vib/cainjector/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "90MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "cainjector/goss/goss.yaml",
"vars_file": "cainjector/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-cainjector"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

11
.vib/cassandra-exporter/goss/cassandra-exporter.yaml
View File

@@ -1,11 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
check-cassandra-exporter-jar:
exec: timeout --preserve-status 5 java -jar /opt/bitnami/cassandra-exporter/cassandra_exporter.jar /opt/bitnami/cassandra-exporter/config.yml
exit-status: 143
timeout: 8000
stderr:
- "Loading yaml config"
- "Connection refused to host"

13
.vib/cassandra-exporter/goss/goss.yaml
View File

@@ -1,13 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../cassandra-exporter/goss/cassandra-exporter.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

3
.vib/cassandra-exporter/goss/vars.yaml
View File

@@ -1,3 +0,0 @@
binaries:
- java
root_dir: /opt/bitnami

73
.vib/cassandra-exporter/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "160MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "cassandra-exporter/goss/goss.yaml",
"vars_file": "cassandra-exporter/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-cassandra-exporter"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

14
.vib/cassandra/goss/goss.yaml
View File

@@ -1,14 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-files.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

29
.vib/cassandra/goss/vars.yaml
View File

@@ -1,29 +0,0 @@
binaries:
- cassandra
- cqlsh
- python
- java
files:
- mode: "0755"
paths:
- /opt/bitnami/cassandra/bin/cqlsh
directories:
- mode: "0775"
paths:
- /.cassandra
- /bitnami/cassandra
- /bitnami/cassandra/conf
- /opt/bitnami/cassandra/tmp
- /opt/bitnami/cassandra/conf
- /opt/bitnami/cassandra/logs
- /docker-entrypoint-initdb.d
- paths:
- /opt/bitnami/cassandra/conf.default
root_dir: /opt/bitnami
sed_in_place:
exclude_paths:
# Ignore PyLib directory (not bitnami-related)
- \/opt\/bitnami\/cassandra\/pylib\/.*
version:
bin_name: cassandra
flag: -v

72
.vib/cassandra/vib-verify.json
View File

@@ -1,72 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64"
]
},
"size_thresholds": [
{
"size": "305MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "cassandra/goss/goss.yaml",
"vars_file": "cassandra/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-cassandra"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

7
.vib/cert-manager-webhook/goss/cert-manager-webhook.yaml
View File

@@ -1,7 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
check-cert-manager-webhook:
exec: cert-manager-webhook -h
exit-status: 0

13
.vib/cert-manager-webhook/goss/goss.yaml
View File

@@ -1,13 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../cert-manager-webhook/goss/cert-manager-webhook.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

3
.vib/cert-manager-webhook/goss/vars.yaml
View File

@@ -1,3 +0,0 @@
binaries:
- cert-manager-webhook
root_dir: /opt/bitnami

73
.vib/cert-manager-webhook/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "95MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "cert-manager-webhook/goss/goss.yaml",
"vars_file": "cert-manager-webhook/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-cert-manager-webhook"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

7
.vib/cert-manager/goss/cert-manager.yaml
View File

@@ -1,7 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
command:
check-cert-manager:
exec: cert-manager -h
exit-status: 0

13
.vib/cert-manager/goss/goss.yaml
View File

@@ -1,13 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../cert-manager/goss/cert-manager.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

3
.vib/cert-manager/goss/vars.yaml
View File

@@ -1,3 +0,0 @@
binaries:
- cert-manager
root_dir: /opt/bitnami

73
.vib/cert-manager/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "95MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "cert-manager/goss/goss.yaml",
"vars_file": "cert-manager/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-cert-manager"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

8
.vib/chainloop-artifact-cas/goss/chainloop-artifact-cas.yaml
View File

@@ -1,8 +0,0 @@
command:
check-artifact-cas-help:
exec:
- artifact-cas
- --help
exit-status: 0
stderr:
- "Usage of artifact-cas"

9
.vib/chainloop-artifact-cas/goss/goss.yaml
View File

@@ -1,9 +0,0 @@
# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
gossfile:
# Goss tests exclusive to the current container
../../chainloop-artifact-cas/goss/chainloop-artifact-cas.yaml: {}
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-files.yaml: {}

7
.vib/chainloop-artifact-cas/goss/vars.yaml
View File

@@ -1,7 +0,0 @@
files:
- mode: "0644"
paths:
- /opt/bitnami/chainloop/.spdx-chainloop-artifact-cas.spdx
- mode: "0755"
paths:
- /opt/bitnami/chainloop/bin/artifact-cas

73
.vib/chainloop-artifact-cas/vib-verify.json
View File

@@ -1,73 +0,0 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
},
"runtime_parameters": "Y29tbWFuZDogWyIvc2hhcmVkL2J1c3lib3giLCAic2xlZXAiLCAiMzYwMCJdCg=="
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
},
"size_thresholds": [
{
"size": "20MB",
"kind": "COMPRESSED"
}
]
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "chainloop-artifact-cas/goss/goss.yaml",
"vars_file": "chainloop-artifact-cas/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-chainloop-artifact-cas"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "LOW",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

8
.vib/chainloop-control-plane-migrations/goss/chainloop-control-plane-migrations.yaml
View File

@@ -1,8 +0,0 @@
command:
check-atlas-help:
exec:
- atlas
- --help
exit-status: 0
stdout:
- "atlas [command]"

Some files were not shown because too many files have changed in this diff Show More