From a6a7cd571f17d47888344c9df0e640c0ec796e95 Mon Sep 17 00:00:00 2001 From: Miguel Ruiz Date: Thu, 1 Aug 2024 13:40:19 +0200 Subject: [PATCH] [.vib] Add chainloop containers VIB files (#70431) Signed-off-by: Miguel Ruiz --- .vib/chainloop-artifact-cas/vib-verify.json | 57 +++++++++++++++++++ .../vib-verify.json | 57 +++++++++++++++++++ .vib/chainloop-control-plane/vib-verify.json | 57 +++++++++++++++++++ 3 files changed, 171 insertions(+) create mode 100644 .vib/chainloop-artifact-cas/vib-verify.json create mode 100644 .vib/chainloop-control-plane-migrations/vib-verify.json create mode 100644 .vib/chainloop-control-plane/vib-verify.json diff --git a/.vib/chainloop-artifact-cas/vib-verify.json b/.vib/chainloop-artifact-cas/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/chainloop-artifact-cas/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/chainloop-control-plane-migrations/vib-verify.json b/.vib/chainloop-control-plane-migrations/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/chainloop-control-plane-migrations/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/chainloop-control-plane/vib-verify.json b/.vib/chainloop-control-plane/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/chainloop-control-plane/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +}