Bitnami/containers
2
0
Fork 0
mirror of https://github.com/bitnami/containers.git synced 2026-03-27 15:27:48 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/vault] chore: 👷 Add VIB integration (#30334)

Browse Source
This commit is contained in:
Javier J. Salmerón-García
2023-04-14 13:18:38 +02:00
committed by GitHub
parent 12131a5d1a
commit a541866421
6 changed files with 447 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
.vib/vault-csi-provider/vib-publish.json Normal file
View File

@@ -0,0 +1,96 @@
{
"context": {
"resources": {
"url": "{VIB_ENV_CONTAINER_URL}",
"path": "{VIB_ENV_PATH}"
}
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
}
},
{
"action_id": "container-image-lint",
"params": {
"threshold": "error"
}
}
]
},
"verify": {
"actions": [
{
"action_id": "trivy",
"params": {
"threshold": "CRITICAL",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
},
{
"action_id": "osspi-application",
"params": {
"additional_packages_file": "{VIB_ENV_PATH}/osspi-packages.json",
"scan_type": "BASE_OS",
"osm": {
"product_name": "main-catalog-{VIB_ENV_CONTAINER}",
"product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container"
},
"resources": {
"url": "{VIB_ENV_PACKAGES_JSON_URL}",
"path": "/",
"authn": {
"header": "Authorization",
"token": "Bearer {VIB_ENV_GITHUB_TOKEN}"
}
}
}
}
]
},
"publish": {
"actions": [
{
"action_id": "container-image-publish",
"params": {
"metadata": {
"tags": {VIB_ENV_ROLLING_TAGS}
},
"repository": {
"kind": "OCI",
"url": "{VIB_ENV_REGISTRY_URL}",
"authn": {
"username": "{VIB_ENV_REGISTRY_USERNAME}",
"password": "{VIB_ENV_REGISTRY_PASSWORD}"
}
}
}
}
]
}
}
}

53
.vib/vault-csi-provider/vib-verify.json Normal file
View File

@@ -0,0 +1,53 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
}
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
}
}
},
{
"action_id": "container-image-lint",
"params": {
"threshold": "error"
}
}
]
},
"verify": {
"actions": [
{
"action_id": "trivy",
"params": {
"threshold": "CRITICAL",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

96
.vib/vault-k8s/vib-publish.json Normal file
View File

@@ -0,0 +1,96 @@
{
"context": {
"resources": {
"url": "{VIB_ENV_CONTAINER_URL}",
"path": "{VIB_ENV_PATH}"
}
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
}
},
{
"action_id": "container-image-lint",
"params": {
"threshold": "error"
}
}
]
},
"verify": {
"actions": [
{
"action_id": "trivy",
"params": {
"threshold": "CRITICAL",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
},
{
"action_id": "osspi-application",
"params": {
"additional_packages_file": "{VIB_ENV_PATH}/osspi-packages.json",
"scan_type": "BASE_OS",
"osm": {
"product_name": "main-catalog-{VIB_ENV_CONTAINER}",
"product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container"
},
"resources": {
"url": "{VIB_ENV_PACKAGES_JSON_URL}",
"path": "/",
"authn": {
"header": "Authorization",
"token": "Bearer {VIB_ENV_GITHUB_TOKEN}"
}
}
}
}
]
},
"publish": {
"actions": [
{
"action_id": "container-image-publish",
"params": {
"metadata": {
"tags": {VIB_ENV_ROLLING_TAGS}
},
"repository": {
"kind": "OCI",
"url": "{VIB_ENV_REGISTRY_URL}",
"authn": {
"username": "{VIB_ENV_REGISTRY_USERNAME}",
"password": "{VIB_ENV_REGISTRY_PASSWORD}"
}
}
}
}
]
}
}
}

53
.vib/vault-k8s/vib-verify.json Normal file
View File

@@ -0,0 +1,53 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
}
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
}
}
},
{
"action_id": "container-image-lint",
"params": {
"threshold": "error"
}
}
]
},
"verify": {
"actions": [
{
"action_id": "trivy",
"params": {
"threshold": "CRITICAL",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

96
.vib/vault/vib-publish.json Normal file
View File

@@ -0,0 +1,96 @@
{
"context": {
"resources": {
"url": "{VIB_ENV_CONTAINER_URL}",
"path": "{VIB_ENV_PATH}"
}
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
}
},
{
"action_id": "container-image-lint",
"params": {
"threshold": "error"
}
}
]
},
"verify": {
"actions": [
{
"action_id": "trivy",
"params": {
"threshold": "CRITICAL",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
},
{
"action_id": "osspi-application",
"params": {
"additional_packages_file": "{VIB_ENV_PATH}/osspi-packages.json",
"scan_type": "BASE_OS",
"osm": {
"product_name": "main-catalog-{VIB_ENV_CONTAINER}",
"product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container"
},
"resources": {
"url": "{VIB_ENV_PACKAGES_JSON_URL}",
"path": "/",
"authn": {
"header": "Authorization",
"token": "Bearer {VIB_ENV_GITHUB_TOKEN}"
}
}
}
}
]
},
"publish": {
"actions": [
{
"action_id": "container-image-publish",
"params": {
"metadata": {
"tags": {VIB_ENV_ROLLING_TAGS}
},
"repository": {
"kind": "OCI",
"url": "{VIB_ENV_REGISTRY_URL}",
"authn": {
"username": "{VIB_ENV_REGISTRY_USERNAME}",
"password": "{VIB_ENV_REGISTRY_PASSWORD}"
}
}
}
}
]
}
}
}

53
.vib/vault/vib-verify.json Normal file
View File

@@ -0,0 +1,53 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
}
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
}
}
},
{
"action_id": "container-image-lint",
"params": {
"threshold": "error"
}
}
]
},
"verify": {
"actions": [
{
"action_id": "trivy",
"params": {
"threshold": "CRITICAL",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}