diff --git a/.vib/harbor-core/goss/goss.yaml b/.vib/harbor-core/goss/goss.yaml new file mode 100644 index 000000000000..ae5744585b8d --- /dev/null +++ b/.vib/harbor-core/goss/goss.yaml @@ -0,0 +1,12 @@ +gossfile: + # Goss tests exclusive to the current container + ../../harbor-core/goss/harbor-core.yaml: {} + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-files.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/harbor-core/goss/harbor-core.yaml b/.vib/harbor-core/goss/harbor-core.yaml new file mode 100644 index 000000000000..fd9ac41238b7 --- /dev/null +++ b/.vib/harbor-core/goss/harbor-core.yaml @@ -0,0 +1,36 @@ +group: + harbor: + exists: true +user: + harbor: + exists: true +file: + /etc/core: + exists: true + mode: "0775" + owner: harbor + filetype: directory + /data: + exists: true + mode: "0775" + owner: harbor + filetype: directory + /etc/core/certificates: + exists: true + filetype: symlink + linked-to: /data/certificates + /etc/core/ca_download: + exists: true + filetype: symlink + linked-to: /data/ca_download + /etc/core/token: + exists: true + filetype: symlink + linked-to: /data/psc + /opt/bitnami/harbor-core/bin/swagger: + exists: false +command: + # Ensure permissions for Internal TLS + check-permissions-system-certs: + exec: ls -l /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca-bundle.trust.crt /etc/ssl/certs/ca-certificates.crt 2>/dev/null | grep ".*-rw-rw-r--" + exit-status: 0 \ No newline at end of file diff --git a/.vib/harbor-core/goss/vars.yaml b/.vib/harbor-core/goss/vars.yaml new file mode 100644 index 000000000000..9cf748161934 --- /dev/null +++ b/.vib/harbor-core/goss/vars.yaml @@ -0,0 +1,13 @@ +binaries: + - harbor_core + - ini-file + - wait-for-port +directories: + - paths: + - /opt/bitnami/harbor-core/views + - /opt/bitnami/harbor-core/migrations + - /opt/bitnami/harbor-core/icons +files: + - paths: + - /opt/bitnami/harbor-core/UIVERSION +root_dir: /opt/bitnami diff --git a/.vib/harbor-core/vib-publish.json b/.vib/harbor-core/vib-publish.json index 8b6fe8eab4e6..7893d47eb34c 100644 --- a/.vib/harbor-core/vib-publish.json +++ b/.vib/harbor-core/vib-publish.json @@ -3,7 +3,8 @@ "resources": { "url": "{VIB_ENV_CONTAINER_URL}", "path": "{VIB_ENV_PATH}" - } + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" }, "phases": { "package": { @@ -33,6 +34,21 @@ }, "verify": { "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "harbor-core/goss/goss.yaml", + "vars_file": "harbor-core/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-harbor-core" + } + } + } + }, { "action_id": "trivy", "params": { diff --git a/.vib/harbor-core/vib-verify.json b/.vib/harbor-core/vib-verify.json index a34e8aee9161..e8a1fa844c3b 100644 --- a/.vib/harbor-core/vib-verify.json +++ b/.vib/harbor-core/vib-verify.json @@ -3,7 +3,8 @@ "resources": { "url": "{SHA_ARCHIVE}", "path": "{VIB_ENV_PATH}" - } + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" }, "phases": { "package": { @@ -29,6 +30,21 @@ }, "verify": { "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "harbor-core/goss/goss.yaml", + "vars_file": "harbor-core/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-harbor-core" + } + } + } + }, { "action_id": "trivy", "params": {