feat: generate playground examples

Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com>

Makefile

@@ -267,8 +267,13 @@ codegen-schemas-json: codegen-schemas-openapi ## Generate json schemas
 .PHONY: codegen-schemas
 codegen-schemas: codegen-schemas-openapi codegen-schemas-json ## Generate openapi and json schemas
 
+.PHONY: codegen-playground-examples
+codegen-playground-examples: ## Generate playground examples
+	@echo Generate playground examples... >&2
+	@go run ./website/playground-examples/main.go
+
 .PHONY: codegen-playground
-codegen-playground: build-wasm ## Generate playground
+codegen-playground: build-wasm codegen-playground-examples ## Generate playground
 	@echo Generate playground... >&2
 	@rm -rf ./pkg/server/ui/dist && mkdir -p ./pkg/server/ui/dist && cp -r ./website/playground/* ./pkg/server/ui/dist
 	@rm -rf ./website/docs/_playground && mkdir -p ./website/docs/_playground && cp -r ./website/playground/* ./website/docs/_playground

pkg/server/ui/dist/assets/data.json

@@ -1,10 +1,10 @@
 {
   "examples": [
     {
+      "category": "dockerfile",
       "name": "check-dockerfile",
-      "policy": "apiVersion: json.kyverno.io/v1alpha1\nkind: ValidatingPolicy\nmetadata:\n  name: check-dockerfile\nspec:\n  rules:\n    - name: deny-external-calls\n      assert:\n        all:\n        - message: \"HTTP calls are not allowed\"\n          check:\n            ~.(Stages[].Commands[].Args[].Value):\n              (contains(@, 'https://') || contains(@, 'http://')): false\n        - message: \"HTTP calls are not allowed\"\n          check:\n            ~.(Stages[].Commands[].CmdLine[]):\n              (contains(@, 'https://') || contains(@, 'http://')): false\n        - message: \"curl is not allowed\"\n          check:\n            ~.(Stages[].Commands[].CmdLine[]):\n              (contains(@, 'curl')): false\n        - message: \"wget is not allowed\"\n          check:\n            ~.(Stages[].Commands[].CmdLine[]):\n              (contains(@, 'wget')): false\n",
-      "payload": "MetaArgs:\n- Key: BUILD_PLATFORM\n  DefaultValue: '\"linux/amd64\"'\n  ProvidedValue:\n  Value: '\"linux/amd64\"'\n- Key: BUILDER_IMAGE\n  DefaultValue: '\"golang:1.20.6-alpine3.18\"'\n  ProvidedValue:\n  Value: '\"golang:1.20.6-alpine3.18\"'\nStages:\n- Name: builder\n  BaseName: '\"golang:1.20.6-alpine3.18\"'\n  Platform: \"$BUILD_PLATFORM\"\n  Comment: ''\n  SourceCode: FROM --platform=$BUILD_PLATFORM $BUILDER_IMAGE as builder\n  Location:\n  - Start:\n      Line: 4\n      Character: 0\n    End:\n      Line: 4\n      Character: 0\n  As: builder\n  From:\n    Image: '\"golang:1.20.6-alpine3.18\"'\n  Commands:\n  - Name: WORKDIR\n    Path: \"/\"\n  - Chmod: ''\n    Chown: ''\n    DestPath: \"./\"\n    From: ''\n    Link: false\n    Name: COPY\n    SourceContents:\n    SourcePaths:\n    - \".\"\n  - Args:\n    - Comment: ''\n      Key: SIGNER_BINARY_LINK\n      Value: '\"https://d2hvyiie56hcat.cloudfront.net/linux/amd64/plugin/latest/notation-aws-signer-plugin.zip\"'\n    Name: ARG\n  - Args:\n    - Comment: ''\n      Key: SIGNER_BINARY_FILE\n      Value: '\"notation-aws-signer-plugin.zip\"'\n    Name: ARG\n  - CmdLine:\n    - wget -O ${SIGNER_BINARY_FILE} ${SIGNER_BINARY_LINK}\n    Files:\n    FlagsUsed: []\n    Name: RUN\n    PrependShell: true\n  - CmdLine:\n    - apk update &&     apk add unzip &&     unzip -o ${SIGNER_BINARY_FILE}\n    Files:\n    FlagsUsed: []\n    Name: RUN\n    PrependShell: true\n  - CmdLine:\n    - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags=\"-w -s\" -o kyverno-notation-aws\n      .\n    Files:\n    FlagsUsed: []\n    Name: RUN\n    PrependShell: true\n- Name: ''\n  BaseName: gcr.io/distroless/static:nonroot\n  Platform: ''\n  Comment: ''\n  SourceCode: FROM gcr.io/distroless/static:nonroot\n  Location:\n  - Start:\n      Line: 20\n      Character: 0\n    End:\n      Line: 20\n      Character: 0\n  From:\n    Image: gcr.io/distroless/static:nonroot\n  Commands:\n  - Name: WORKDIR\n    Path: \"/\"\n  - Env:\n    - Key: PLUGINS_DIR\n      Value: \"/plugins\"\n    Name: ENV\n  - Chmod: ''\n    Chown: ''\n    DestPath: plugins/com.amazonaws.signer.notation.plugin/notation-com.amazonaws.signer.notation.plugin\n    From: builder\n    Link: false\n    Name: COPY\n    SourceContents:\n    SourcePaths:\n    - notation-com.amazonaws.signer.notation.plugin\n  - Chmod: ''\n    Chown: ''\n    DestPath: kyverno-notation-aws\n    From: builder\n    Link: false\n    Name: COPY\n    SourceContents:\n    SourcePaths:\n    - kyverno-notation-aws\n  - CmdLine:\n    - \"/kyverno-notation-aws\"\n    Files:\n    Name: ENTRYPOINT\n    PrependShell: false\n",
-      "category": "dockerfile"
+      "policy": "apiVersion: json.kyverno.io/v1alpha1\nkind: ValidatingPolicy\nmetadata:\n  name: check-dockerfile\nspec:\n  rules:\n    - name: deny-external-calls\n      assert:\n        all:\n        - message: \"HTTP calls are not allowed\"\n          check:\n            ~.(Stages[].Commands[].Args[].Value):\n              (contains(@, 'https://') || contains(@, 'http://')): false\n        - message: \"HTTP calls are not allowed\"\n          check:\n            ~.(Stages[].Commands[].CmdLine[]):\n              (contains(@, 'https://') || contains(@, 'http://')): false\n        - message: \"curl is not allowed\"\n          check:\n            ~.(Stages[].Commands[].CmdLine[]):\n              (contains(@, 'curl')): false\n        - message: \"wget is not allowed\"\n          check:\n            ~.(Stages[].Commands[].CmdLine[]):\n              (contains(@, 'wget')): false",
+      "payload": "MetaArgs:\n- DefaultValue: '\"linux/amd64\"'\n  Key: BUILD_PLATFORM\n  ProvidedValue: null\n  Value: '\"linux/amd64\"'\n- DefaultValue: '\"golang:1.20.6-alpine3.18\"'\n  Key: BUILDER_IMAGE\n  ProvidedValue: null\n  Value: '\"golang:1.20.6-alpine3.18\"'\nStages:\n- As: builder\n  BaseName: '\"golang:1.20.6-alpine3.18\"'\n  Commands:\n  - Name: WORKDIR\n    Path: /\n  - Chmod: \"\"\n    Chown: \"\"\n    DestPath: ./\n    From: \"\"\n    Link: false\n    Name: COPY\n    SourceContents: null\n    SourcePaths:\n    - .\n  - Args:\n    - Comment: \"\"\n      Key: SIGNER_BINARY_LINK\n      Value: '\"https://d2hvyiie56hcat.cloudfront.net/linux/amd64/plugin/latest/notation-aws-signer-plugin.zip\"'\n    Name: ARG\n  - Args:\n    - Comment: \"\"\n      Key: SIGNER_BINARY_FILE\n      Value: '\"notation-aws-signer-plugin.zip\"'\n    Name: ARG\n  - CmdLine:\n    - wget -O ${SIGNER_BINARY_FILE} ${SIGNER_BINARY_LINK}\n    Files: null\n    FlagsUsed: []\n    Name: RUN\n    PrependShell: true\n  - CmdLine:\n    - apk update \u0026\u0026     apk add unzip \u0026\u0026     unzip -o ${SIGNER_BINARY_FILE}\n    Files: null\n    FlagsUsed: []\n    Name: RUN\n    PrependShell: true\n  - CmdLine:\n    - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags=\"-w -s\" -o kyverno-notation-aws\n      .\n    Files: null\n    FlagsUsed: []\n    Name: RUN\n    PrependShell: true\n  Comment: \"\"\n  From:\n    Image: '\"golang:1.20.6-alpine3.18\"'\n  Location:\n  - End:\n      Character: 0\n      Line: 4\n    Start:\n      Character: 0\n      Line: 4\n  Name: builder\n  Platform: $BUILD_PLATFORM\n  SourceCode: FROM --platform=$BUILD_PLATFORM $BUILDER_IMAGE as builder\n- BaseName: gcr.io/distroless/static:nonroot\n  Commands:\n  - Name: WORKDIR\n    Path: /\n  - Env:\n    - Key: PLUGINS_DIR\n      Value: /plugins\n    Name: ENV\n  - Chmod: \"\"\n    Chown: \"\"\n    DestPath: plugins/com.amazonaws.signer.notation.plugin/notation-com.amazonaws.signer.notation.plugin\n    From: builder\n    Link: false\n    Name: COPY\n    SourceContents: null\n    SourcePaths:\n    - notation-com.amazonaws.signer.notation.plugin\n  - Chmod: \"\"\n    Chown: \"\"\n    DestPath: kyverno-notation-aws\n    From: builder\n    Link: false\n    Name: COPY\n    SourceContents: null\n    SourcePaths:\n    - kyverno-notation-aws\n  - CmdLine:\n    - /kyverno-notation-aws\n    Files: null\n    Name: ENTRYPOINT\n    PrependShell: false\n  Comment: \"\"\n  From:\n    Image: gcr.io/distroless/static:nonroot\n  Location:\n  - End:\n      Character: 0\n      Line: 20\n    Start:\n      Character: 0\n      Line: 20\n  Name: \"\"\n  Platform: \"\"\n  SourceCode: FROM gcr.io/distroless/static:nonroot\n"
     }
   ]
 }

playground-examples.yaml

@@ -0,0 +1,6 @@
+# categories
+dockerfile:
+  # names
+  check-dockerfile:
+    policy:   test/commands/scan/dockerfile/policy.yaml
+    payload:  test/commands/scan/dockerfile/payload.json

website/playground-examples/main.go

@@ -0,0 +1,81 @@
+package main
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/fs"
+	"os"
+	"path/filepath"
+
+	"gopkg.in/yaml.v2"
+)
+
+type Content struct {
+	Policy  string `yaml:"policy"`
+	Payload string `yaml:"payload"`
+}
+
+type Example struct {
+	Category string `json:"category"`
+	Name     string `json:"name"`
+	Policy   string `json:"policy"`
+	Payload  string `json:"payload"`
+}
+
+type Examples struct {
+	Examples []Example `json:"examples"`
+}
+
+func load(file string) string {
+	if filepath.Ext(file) == ".json" {
+		content, err := os.ReadFile(file)
+		if err != nil {
+			panic(err)
+		}
+		var obj interface{}
+		if err := json.Unmarshal(content, &obj); err != nil {
+			panic(err)
+		}
+		data, err := yaml.Marshal(obj)
+		if err != nil {
+			panic(err)
+		}
+		return string(data)
+	} else if filepath.Ext(file) == ".yaml" || filepath.Ext(file) == ".yml" {
+		content, err := os.ReadFile(file)
+		if err != nil {
+			panic(err)
+		}
+		return string(content)
+	}
+	panic(fmt.Sprintf("unsupported file type %s", file))
+}
+
+func main() {
+	bytes, err := os.ReadFile("playground-examples.yaml")
+	if err != nil {
+		panic(err)
+	}
+	var content map[string]map[string]Content
+	if err := yaml.Unmarshal(bytes, &content); err != nil {
+		panic(err)
+	}
+	var examples Examples
+	for category, names := range content {
+		for name, value := range names {
+			examples.Examples = append(examples.Examples, Example{
+				Category: category,
+				Name:     name,
+				Policy:   load(value.Policy),
+				Payload:  load(value.Payload),
+			})
+		}
+	}
+	data, err := json.MarshalIndent(&examples, "", "  ")
+	if err != nil {
+		panic(err)
+	}
+	if err := os.WriteFile("website/playground/assets/data.json", data, fs.ModePerm); err != nil {
+		panic(err)
+	}
+}

website/playground/assets/data.json

@@ -1,10 +1,10 @@
 {
   "examples": [
     {
+      "category": "dockerfile",
       "name": "check-dockerfile",
-      "policy": "apiVersion: json.kyverno.io/v1alpha1\nkind: ValidatingPolicy\nmetadata:\n  name: check-dockerfile\nspec:\n  rules:\n    - name: deny-external-calls\n      assert:\n        all:\n        - message: \"HTTP calls are not allowed\"\n          check:\n            ~.(Stages[].Commands[].Args[].Value):\n              (contains(@, 'https://') || contains(@, 'http://')): false\n        - message: \"HTTP calls are not allowed\"\n          check:\n            ~.(Stages[].Commands[].CmdLine[]):\n              (contains(@, 'https://') || contains(@, 'http://')): false\n        - message: \"curl is not allowed\"\n          check:\n            ~.(Stages[].Commands[].CmdLine[]):\n              (contains(@, 'curl')): false\n        - message: \"wget is not allowed\"\n          check:\n            ~.(Stages[].Commands[].CmdLine[]):\n              (contains(@, 'wget')): false\n",
-      "payload": "MetaArgs:\n- Key: BUILD_PLATFORM\n  DefaultValue: '\"linux/amd64\"'\n  ProvidedValue:\n  Value: '\"linux/amd64\"'\n- Key: BUILDER_IMAGE\n  DefaultValue: '\"golang:1.20.6-alpine3.18\"'\n  ProvidedValue:\n  Value: '\"golang:1.20.6-alpine3.18\"'\nStages:\n- Name: builder\n  BaseName: '\"golang:1.20.6-alpine3.18\"'\n  Platform: \"$BUILD_PLATFORM\"\n  Comment: ''\n  SourceCode: FROM --platform=$BUILD_PLATFORM $BUILDER_IMAGE as builder\n  Location:\n  - Start:\n      Line: 4\n      Character: 0\n    End:\n      Line: 4\n      Character: 0\n  As: builder\n  From:\n    Image: '\"golang:1.20.6-alpine3.18\"'\n  Commands:\n  - Name: WORKDIR\n    Path: \"/\"\n  - Chmod: ''\n    Chown: ''\n    DestPath: \"./\"\n    From: ''\n    Link: false\n    Name: COPY\n    SourceContents:\n    SourcePaths:\n    - \".\"\n  - Args:\n    - Comment: ''\n      Key: SIGNER_BINARY_LINK\n      Value: '\"https://d2hvyiie56hcat.cloudfront.net/linux/amd64/plugin/latest/notation-aws-signer-plugin.zip\"'\n    Name: ARG\n  - Args:\n    - Comment: ''\n      Key: SIGNER_BINARY_FILE\n      Value: '\"notation-aws-signer-plugin.zip\"'\n    Name: ARG\n  - CmdLine:\n    - wget -O ${SIGNER_BINARY_FILE} ${SIGNER_BINARY_LINK}\n    Files:\n    FlagsUsed: []\n    Name: RUN\n    PrependShell: true\n  - CmdLine:\n    - apk update &&     apk add unzip &&     unzip -o ${SIGNER_BINARY_FILE}\n    Files:\n    FlagsUsed: []\n    Name: RUN\n    PrependShell: true\n  - CmdLine:\n    - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags=\"-w -s\" -o kyverno-notation-aws\n      .\n    Files:\n    FlagsUsed: []\n    Name: RUN\n    PrependShell: true\n- Name: ''\n  BaseName: gcr.io/distroless/static:nonroot\n  Platform: ''\n  Comment: ''\n  SourceCode: FROM gcr.io/distroless/static:nonroot\n  Location:\n  - Start:\n      Line: 20\n      Character: 0\n    End:\n      Line: 20\n      Character: 0\n  From:\n    Image: gcr.io/distroless/static:nonroot\n  Commands:\n  - Name: WORKDIR\n    Path: \"/\"\n  - Env:\n    - Key: PLUGINS_DIR\n      Value: \"/plugins\"\n    Name: ENV\n  - Chmod: ''\n    Chown: ''\n    DestPath: plugins/com.amazonaws.signer.notation.plugin/notation-com.amazonaws.signer.notation.plugin\n    From: builder\n    Link: false\n    Name: COPY\n    SourceContents:\n    SourcePaths:\n    - notation-com.amazonaws.signer.notation.plugin\n  - Chmod: ''\n    Chown: ''\n    DestPath: kyverno-notation-aws\n    From: builder\n    Link: false\n    Name: COPY\n    SourceContents:\n    SourcePaths:\n    - kyverno-notation-aws\n  - CmdLine:\n    - \"/kyverno-notation-aws\"\n    Files:\n    Name: ENTRYPOINT\n    PrependShell: false\n",
-      "category": "dockerfile"
+      "policy": "apiVersion: json.kyverno.io/v1alpha1\nkind: ValidatingPolicy\nmetadata:\n  name: check-dockerfile\nspec:\n  rules:\n    - name: deny-external-calls\n      assert:\n        all:\n        - message: \"HTTP calls are not allowed\"\n          check:\n            ~.(Stages[].Commands[].Args[].Value):\n              (contains(@, 'https://') || contains(@, 'http://')): false\n        - message: \"HTTP calls are not allowed\"\n          check:\n            ~.(Stages[].Commands[].CmdLine[]):\n              (contains(@, 'https://') || contains(@, 'http://')): false\n        - message: \"curl is not allowed\"\n          check:\n            ~.(Stages[].Commands[].CmdLine[]):\n              (contains(@, 'curl')): false\n        - message: \"wget is not allowed\"\n          check:\n            ~.(Stages[].Commands[].CmdLine[]):\n              (contains(@, 'wget')): false",
+      "payload": "MetaArgs:\n- DefaultValue: '\"linux/amd64\"'\n  Key: BUILD_PLATFORM\n  ProvidedValue: null\n  Value: '\"linux/amd64\"'\n- DefaultValue: '\"golang:1.20.6-alpine3.18\"'\n  Key: BUILDER_IMAGE\n  ProvidedValue: null\n  Value: '\"golang:1.20.6-alpine3.18\"'\nStages:\n- As: builder\n  BaseName: '\"golang:1.20.6-alpine3.18\"'\n  Commands:\n  - Name: WORKDIR\n    Path: /\n  - Chmod: \"\"\n    Chown: \"\"\n    DestPath: ./\n    From: \"\"\n    Link: false\n    Name: COPY\n    SourceContents: null\n    SourcePaths:\n    - .\n  - Args:\n    - Comment: \"\"\n      Key: SIGNER_BINARY_LINK\n      Value: '\"https://d2hvyiie56hcat.cloudfront.net/linux/amd64/plugin/latest/notation-aws-signer-plugin.zip\"'\n    Name: ARG\n  - Args:\n    - Comment: \"\"\n      Key: SIGNER_BINARY_FILE\n      Value: '\"notation-aws-signer-plugin.zip\"'\n    Name: ARG\n  - CmdLine:\n    - wget -O ${SIGNER_BINARY_FILE} ${SIGNER_BINARY_LINK}\n    Files: null\n    FlagsUsed: []\n    Name: RUN\n    PrependShell: true\n  - CmdLine:\n    - apk update \u0026\u0026     apk add unzip \u0026\u0026     unzip -o ${SIGNER_BINARY_FILE}\n    Files: null\n    FlagsUsed: []\n    Name: RUN\n    PrependShell: true\n  - CmdLine:\n    - GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags=\"-w -s\" -o kyverno-notation-aws\n      .\n    Files: null\n    FlagsUsed: []\n    Name: RUN\n    PrependShell: true\n  Comment: \"\"\n  From:\n    Image: '\"golang:1.20.6-alpine3.18\"'\n  Location:\n  - End:\n      Character: 0\n      Line: 4\n    Start:\n      Character: 0\n      Line: 4\n  Name: builder\n  Platform: $BUILD_PLATFORM\n  SourceCode: FROM --platform=$BUILD_PLATFORM $BUILDER_IMAGE as builder\n- BaseName: gcr.io/distroless/static:nonroot\n  Commands:\n  - Name: WORKDIR\n    Path: /\n  - Env:\n    - Key: PLUGINS_DIR\n      Value: /plugins\n    Name: ENV\n  - Chmod: \"\"\n    Chown: \"\"\n    DestPath: plugins/com.amazonaws.signer.notation.plugin/notation-com.amazonaws.signer.notation.plugin\n    From: builder\n    Link: false\n    Name: COPY\n    SourceContents: null\n    SourcePaths:\n    - notation-com.amazonaws.signer.notation.plugin\n  - Chmod: \"\"\n    Chown: \"\"\n    DestPath: kyverno-notation-aws\n    From: builder\n    Link: false\n    Name: COPY\n    SourceContents: null\n    SourcePaths:\n    - kyverno-notation-aws\n  - CmdLine:\n    - /kyverno-notation-aws\n    Files: null\n    Name: ENTRYPOINT\n    PrependShell: false\n  Comment: \"\"\n  From:\n    Image: gcr.io/distroless/static:nonroot\n  Location:\n  - End:\n      Character: 0\n      Line: 20\n    Start:\n      Character: 0\n      Line: 20\n  Name: \"\"\n  Platform: \"\"\n  SourceCode: FROM gcr.io/distroless/static:nonroot\n"
     }
   ]
 }