From bd72e47e71038d4233b0b33e27bac3e22b027dba Mon Sep 17 00:00:00 2001 From: Francisco de Paz Galan Date: Thu, 9 Mar 2023 13:00:26 +0100 Subject: [PATCH] [bitnami/cosign] Add VIB tests (#26789) * [bitnami/cosign] Add VIB tests Signed-off-by: FraPazGal * Use custom version check and fix spdx test Signed-off-by: FraPazGal * Improve spdx test sintax Signed-off-by: FraPazGal * Remove VIB trigger Signed-off-by: FraPazGal * Remove ending newlines Signed-off-by: FraPazGal --------- Signed-off-by: FraPazGal --- .vib/common/goss/scripts/check-spdx.sh | 2 +- .vib/cosign/goss/cosign.yaml | 9 +++++++++ .vib/cosign/goss/goss.yaml | 10 ++++++++++ .vib/cosign/goss/vars.yaml | 3 +++ .vib/cosign/vib-publish.json | 16 +++++++++++++++- .vib/cosign/vib-verify.json | 18 ++++++++++++++++-- 6 files changed, 54 insertions(+), 4 deletions(-) create mode 100644 .vib/cosign/goss/cosign.yaml create mode 100644 .vib/cosign/goss/goss.yaml create mode 100644 .vib/cosign/goss/vars.yaml diff --git a/.vib/common/goss/scripts/check-spdx.sh b/.vib/common/goss/scripts/check-spdx.sh index c6fd24ed03d0..371268a05deb 100755 --- a/.vib/common/goss/scripts/check-spdx.sh +++ b/.vib/common/goss/scripts/check-spdx.sh @@ -6,4 +6,4 @@ set -o pipefail mapfile -t files < <( find /bitnami "$BITNAMI_ROOT_DIR" -name '.spdx-*.json' ) -[[ ${#files[@]} -eq 0 ]] && exit 1 +[[ ${#files[@]} -gt 0 ]] diff --git a/.vib/cosign/goss/cosign.yaml b/.vib/cosign/goss/cosign.yaml new file mode 100644 index 000000000000..28e95c3304ec --- /dev/null +++ b/.vib/cosign/goss/cosign.yaml @@ -0,0 +1,9 @@ +command: + check-app-version: + exec: cosign version 2>&1 + exit-status: 0 + stdout: + - {{ .Env.APP_VERSION }} + initialize-sigstore: + exec: cosign initialize + exit-status: 0 diff --git a/.vib/cosign/goss/goss.yaml b/.vib/cosign/goss/goss.yaml new file mode 100644 index 000000000000..1203d0afcfe6 --- /dev/null +++ b/.vib/cosign/goss/goss.yaml @@ -0,0 +1,10 @@ +gossfile: + # Goss tests exclusive to the current container + ../../cosign/goss/cosign.yaml: {} + # Load scripts from .vib/common/goss/templates + ../../common/goss/templates/check-binaries.yaml: {} + ../../common/goss/templates/check-broken-symlinks.yaml: {} + ../../common/goss/templates/check-ca-certs.yaml: {} + ../../common/goss/templates/check-linked-libraries.yaml: {} + ../../common/goss/templates/check-sed-in-place.yaml: {} + ../../common/goss/templates/check-spdx.yaml: {} diff --git a/.vib/cosign/goss/vars.yaml b/.vib/cosign/goss/vars.yaml new file mode 100644 index 000000000000..ecb379a354b9 --- /dev/null +++ b/.vib/cosign/goss/vars.yaml @@ -0,0 +1,3 @@ +binaries: + - cosign +root_dir: /opt/bitnami diff --git a/.vib/cosign/vib-publish.json b/.vib/cosign/vib-publish.json index f58738648055..0ffdec2c0cc7 100644 --- a/.vib/cosign/vib-publish.json +++ b/.vib/cosign/vib-publish.json @@ -3,7 +3,8 @@ "resources": { "url": "{VIB_ENV_CONTAINER_URL}", "path": "{VIB_ENV_PATH}" - } + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" }, "phases": { "package": { @@ -33,6 +34,19 @@ }, "verify": { "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "cosign/goss/goss.yaml", + "vars_file": "cosign/goss/vars.yaml", + "remote": { + "workload": "deploy-cosign" + } + } + }, { "action_id": "trivy", "params": { diff --git a/.vib/cosign/vib-verify.json b/.vib/cosign/vib-verify.json index 835cd556e241..039049f54fdb 100644 --- a/.vib/cosign/vib-verify.json +++ b/.vib/cosign/vib-verify.json @@ -3,7 +3,8 @@ "resources": { "url": "{SHA_ARCHIVE}", "path": "{VIB_ENV_PATH}" - } + }, + "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd" }, "phases": { "package": { @@ -29,6 +30,19 @@ }, "verify": { "actions": [ + { + "action_id": "goss", + "params": { + "resources": { + "path": "/.vib" + }, + "tests_file": "cosign/goss/goss.yaml", + "vars_file": "cosign/goss/vars.yaml", + "remote": { + "workload": "deploy-cosign" + } + } + }, { "action_id": "trivy", "params": { @@ -50,4 +64,4 @@ ] } } -} \ No newline at end of file +}