Bitnami/containers
2
0
Fork 0
mirror of https://github.com/bitnami/containers.git synced 2026-03-27 07:17:59 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/apisix] chore: 👷 Add VIB integration (#33236)

Browse Source 
* [bitnami/apisix] chore: 👷 Add VIB integration

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* test:  Add goss tests

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* test:  Add goss tests

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* chore: 🚨 Fix JSON format

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2023-05-12 09:02:21 +02:00
committed by GitHub
parent 9959df6e9a
commit de28f595b1
12 changed files with 640 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.vib/apisix-dashboard/goss/goss.yaml Normal file
View File

@@ -0,0 +1,10 @@
gossfile:
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

10
.vib/apisix-dashboard/goss/vars.yaml Normal file
View File

@@ -0,0 +1,10 @@
binaries:
- manager-api
directories:
- mode: "0775"
paths:
- /opt/bitnami/apisix-dashboard/logs
root_dir: /opt/bitnami
version:
bin_name: manager-api
flag: version

125
.vib/apisix-dashboard/vib-publish.json Normal file
View File

@@ -0,0 +1,125 @@
{
"context": {
"resources": {
"url": "{VIB_ENV_CONTAINER_URL}",
"path": "{VIB_ENV_PATH}"
}
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
}
},
{
"action_id": "container-image-lint",
"params": {
"threshold": "error"
}
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "apisix-dashboard/goss/goss.yaml",
"vars_file": "apisix-dashboard/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-apisix-dashboard"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "CRITICAL",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
},
{
"action_id": "osspi-application",
"params": {
"additional_packages_file": "osspi-packages-amd64.json",
"scan_type": "BASE_OS",
"osm": {
"associated_bossd_release": "{VIB_ENV_BOSSD_RELEASE_ID}",
"product_name": "main-catalog-{VIB_ENV_CONTAINER}",
"product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container",
"architecture_overrides": [
{
"architecture": "linux/amd64",
"product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container",
"additional_packages_file": "osspi-packages-amd64.json"
},
{
"architecture": "linux/arm64",
"product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container-arm64",
"additional_packages_file": "osspi-packages-arm64.json"
}
]
},
"resources": {
"url": "{VIB_ENV_PACKAGES_JSON_URL}",
"path": "/{VIB_ENV_PATH}",
"authn": {
"header": "Authorization",
"token": "Bearer {VIB_ENV_GITHUB_TOKEN}"
}
}
}
}
]
},
"publish": {
"actions": [
{
"action_id": "container-image-publish",
"params": {
"metadata": {
"tags": {VIB_ENV_ROLLING_TAGS}
},
"repository": {
"kind": "OCI",
"url": "{VIB_ENV_REGISTRY_URL}",
"authn": {
"username": "{VIB_ENV_REGISTRY_USERNAME}",
"password": "{VIB_ENV_REGISTRY_PASSWORD}"
}
}
}
}
]
}
}
}

69
.vib/apisix-dashboard/vib-verify.json Normal file
View File

@@ -0,0 +1,69 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
}
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
}
}
},
{
"action_id": "container-image-lint",
"params": {
"threshold": "error"
}
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "apisix-dashboard/goss/goss.yaml",
"vars_file": "apisix-dashboard/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-apisix-dashboard"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "CRITICAL",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

9
.vib/apisix-ingress-controller/goss/goss.yaml Normal file
View File

@@ -0,0 +1,9 @@
gossfile:
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

6
.vib/apisix-ingress-controller/goss/vars.yaml Normal file
View File

@@ -0,0 +1,6 @@
binaries:
- apisix-ingress-controller
root_dir: /opt/bitnami
version:
bin_name: apisix-ingress-controller
flag: -v

125
.vib/apisix-ingress-controller/vib-publish.json Normal file
View File

@@ -0,0 +1,125 @@
{
"context": {
"resources": {
"url": "{VIB_ENV_CONTAINER_URL}",
"path": "{VIB_ENV_PATH}"
}
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
}
},
{
"action_id": "container-image-lint",
"params": {
"threshold": "error"
}
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "apisix-ingress-controller/goss/goss.yaml",
"vars_file": "apisix-ingress-controller/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-apisix-ingress-controller"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "CRITICAL",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
},
{
"action_id": "osspi-application",
"params": {
"additional_packages_file": "osspi-packages-amd64.json",
"scan_type": "BASE_OS",
"osm": {
"associated_bossd_release": "{VIB_ENV_BOSSD_RELEASE_ID}",
"product_name": "main-catalog-{VIB_ENV_CONTAINER}",
"product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container",
"architecture_overrides": [
{
"architecture": "linux/amd64",
"product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container",
"additional_packages_file": "osspi-packages-amd64.json"
},
{
"architecture": "linux/arm64",
"product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container-arm64",
"additional_packages_file": "osspi-packages-arm64.json"
}
]
},
"resources": {
"url": "{VIB_ENV_PACKAGES_JSON_URL}",
"path": "/{VIB_ENV_PATH}",
"authn": {
"header": "Authorization",
"token": "Bearer {VIB_ENV_GITHUB_TOKEN}"
}
}
}
}
]
},
"publish": {
"actions": [
{
"action_id": "container-image-publish",
"params": {
"metadata": {
"tags": {VIB_ENV_ROLLING_TAGS}
},
"repository": {
"kind": "OCI",
"url": "{VIB_ENV_REGISTRY_URL}",
"authn": {
"username": "{VIB_ENV_REGISTRY_USERNAME}",
"password": "{VIB_ENV_REGISTRY_PASSWORD}"
}
}
}
}
]
}
}
}

69
.vib/apisix-ingress-controller/vib-verify.json Normal file
View File

@@ -0,0 +1,69 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
}
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
}
}
},
{
"action_id": "container-image-lint",
"params": {
"threshold": "error"
}
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "apisix-ingress-controller/goss/goss.yaml",
"vars_file": "apisix-ingress-controller/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-apisix-ingress-controller"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "CRITICAL",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}

10
.vib/apisix/goss/goss.yaml Normal file
View File

@@ -0,0 +1,10 @@
gossfile:
# Load scripts from .vib/common/goss/templates
../../common/goss/templates/check-app-version.yaml: {}
../../common/goss/templates/check-binaries.yaml: {}
../../common/goss/templates/check-broken-symlinks.yaml: {}
../../common/goss/templates/check-ca-certs.yaml: {}
../../common/goss/templates/check-directories.yaml: {}
../../common/goss/templates/check-linked-libraries.yaml: {}
../../common/goss/templates/check-sed-in-place.yaml: {}
../../common/goss/templates/check-spdx.yaml: {}

13
.vib/apisix/goss/vars.yaml Normal file
View File

@@ -0,0 +1,13 @@
binaries:
- apisix
directories:
- mode: "0775"
paths:
- /opt/bitnami/apisix/conf
# APISIX hardcodes its home to /usr/local/apisix
- /usr/local/apisix/logs
- /usr/local/apisix
root_dir: /opt/bitnami
version:
bin_name: apisix
flag: version

125
.vib/apisix/vib-publish.json Normal file
View File

@@ -0,0 +1,125 @@
{
"context": {
"resources": {
"url": "{VIB_ENV_CONTAINER_URL}",
"path": "{VIB_ENV_PATH}"
}
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
},
"architectures": [
"linux/amd64",
"linux/arm64"
]
}
},
{
"action_id": "container-image-lint",
"params": {
"threshold": "error"
}
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "apisix/goss/goss.yaml",
"vars_file": "apisix/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-apisix"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "CRITICAL",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
},
{
"action_id": "osspi-application",
"params": {
"additional_packages_file": "osspi-packages-amd64.json",
"scan_type": "BASE_OS",
"osm": {
"associated_bossd_release": "{VIB_ENV_BOSSD_RELEASE_ID}",
"product_name": "main-catalog-{VIB_ENV_CONTAINER}",
"product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container",
"architecture_overrides": [
{
"architecture": "linux/amd64",
"product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container",
"additional_packages_file": "osspi-packages-amd64.json"
},
{
"architecture": "linux/arm64",
"product_version": "{VIB_ENV_APP_VERSION}-{VIB_ENV_OS_FLAVOUR}-container-arm64",
"additional_packages_file": "osspi-packages-arm64.json"
}
]
},
"resources": {
"url": "{VIB_ENV_PACKAGES_JSON_URL}",
"path": "/{VIB_ENV_PATH}",
"authn": {
"header": "Authorization",
"token": "Bearer {VIB_ENV_GITHUB_TOKEN}"
}
}
}
}
]
},
"publish": {
"actions": [
{
"action_id": "container-image-publish",
"params": {
"metadata": {
"tags": {VIB_ENV_ROLLING_TAGS}
},
"repository": {
"kind": "OCI",
"url": "{VIB_ENV_REGISTRY_URL}",
"authn": {
"username": "{VIB_ENV_REGISTRY_USERNAME}",
"password": "{VIB_ENV_REGISTRY_PASSWORD}"
}
}
}
}
]
}
}
}

69
.vib/apisix/vib-verify.json Normal file
View File

@@ -0,0 +1,69 @@
{
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "{VIB_ENV_PATH}"
}
"runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
},
"phases": {
"package": {
"actions": [
{
"action_id": "container-image-package",
"params": {
"application": {
"details": {
"name": "{VIB_ENV_CONTAINER}",
"tag": "{VIB_ENV_TAG}"
}
}
}
},
{
"action_id": "container-image-lint",
"params": {
"threshold": "error"
}
}
]
},
"verify": {
"actions": [
{
"action_id": "goss",
"params": {
"resources": {
"path": "/.vib"
},
"tests_file": "apisix/goss/goss.yaml",
"vars_file": "apisix/goss/vars.yaml",
"remote": {
"pod": {
"workload": "deploy-apisix"
}
}
}
},
{
"action_id": "trivy",
"params": {
"threshold": "CRITICAL",
"vuln_type": [
"OS"
]
}
},
{
"action_id": "grype",
"params": {
"threshold": "CRITICAL",
"package_type": [
"OS"
]
}
}
]
}
}
}