diff --git a/.vib/nessie-utils/goss/goss.yaml b/.vib/nessie-utils/goss/goss.yaml new file mode 100644 index 0000000000000..e2ead3e954410 --- /dev/null +++ b/.vib/nessie-utils/goss/goss.yaml @@ -0,0 +1,15 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Goss tests exclusive to the current container + ../../nessie-utils/goss/nessie-utils.yaml: {} + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/nessie-utils/goss/nessie-utils.yaml b/.vib/nessie-utils/goss/nessie-utils.yaml new file mode 100644 index 0000000000000..fccdcec23d0b4 --- /dev/null +++ b/.vib/nessie-utils/goss/nessie-utils.yaml @@ -0,0 +1,19 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +command: + check-cli-present: + exec: java -jar /opt/bitnami/nessie-utils/nessie-cli/nessie-cli.jar --help + exit-status: 0 + stdout: + - "Statements to execute" + check-gc-present: + exec: java -jar /opt/bitnami/nessie-utils/nessie-gc/nessie-gc.jar --help + exit-status: 0 + stdout: + - "list-deferred" + check-admin-tool-present: + exec: java -jar /opt/bitnami/nessie-utils/nessie-server-admin-tool/quarkus-run.jar --help + exit-status: 0 + stdout: + - "erase-repository" diff --git a/.vib/nessie-utils/goss/vars.yaml b/.vib/nessie-utils/goss/vars.yaml new file mode 100644 index 0000000000000..1ec50a51dc935 --- /dev/null +++ b/.vib/nessie-utils/goss/vars.yaml @@ -0,0 +1,15 @@ +binaries: + - java +directories: + - mode: "0775" + paths: + - /.nessie + - paths: + - /opt/bitnami/nessie-utils/nessie-cli + - /opt/bitnami/nessie-utils/nessie-gc + - /opt/bitnami/nessie-utils/nessie-server-admin-tool +root_dir: /opt/bitnami +# The application does not have a --version flag, but the server logs do show the version +version: + bin_name: java + flag: -jar /opt/bitnami/nessie-utils/nessie-cli/nessie-cli.jar --version diff --git a/.vib/nessie-utils/vib-verify.json b/.vib/nessie-utils/vib-verify.json new file mode 100644 index 0000000000000..807217b320b27 --- /dev/null +++ b/.vib/nessie-utils/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "nessie-utils/goss/goss.yaml", + "vars_file": "nessie-utils/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-nessie-utils" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/nessie/goss/goss.yaml b/.vib/nessie/goss/goss.yaml new file mode 100644 index 0000000000000..9f52ef8baa6aa --- /dev/null +++ b/.vib/nessie/goss/goss.yaml @@ -0,0 +1,13 @@ +# Copyright Broadcom, Inc. All Rights Reserved. +# SPDX-License-Identifier: APACHE-2.0 + +gossfile: + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-app-version.yaml: {} + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-directories.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/nessie/goss/vars.yaml b/.vib/nessie/goss/vars.yaml new file mode 100644 index 0000000000000..c8b5792b50ccb --- /dev/null +++ b/.vib/nessie/goss/vars.yaml @@ -0,0 +1,13 @@ +binaries: + - java +directories: + - mode: "0775" + paths: + - /bitnami/nessie/secrets + - paths: + - /opt/bitnami/nessie +root_dir: /opt/bitnami +# The application does not have a --version flag, but the server logs do show the version +version: + bin_name: timeout + flag: --preserve-status 9 java -jar /opt/bitnami/nessie/quarkus-run.jar || true diff --git a/.vib/nessie/vib-verify.json b/.vib/nessie/vib-verify.json new file mode 100644 index 0000000000000..60e052dd5c204 --- /dev/null +++ b/.vib/nessie/vib-verify.json @@ -0,0 +1,73 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "nessie/goss/goss.yaml", + "vars_file": "nessie/goss/vars.yaml", + "remote": { + "pod": { + "workload": "deploy-nessie" + } + } + } + }, + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +}