Merge branch 'bitnami:main' into fix-mysqldump-master-database

bitnami · Feb 15, 2024 · afe7c54 · afe7c54
2 parents e76f117 + 20ce36a
commit afe7c54
Show file tree

Hide file tree

Showing 16 changed files with 139 additions and 22 deletions.
diff --git a/.vib/kubescape/goss/goss.yaml b/.vib/kubescape/goss/goss.yaml
@@ -0,0 +1,15 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+gossfile:
+  # Goss tests exclusive to the current container
+  ../../kubescape/goss/kubescape.yaml: {}
+  # Load scripts from .vib/common/goss/templates
+  ../../common/goss/templates/check-app-version.yaml: {}
+  ../../common/goss/templates/check-binaries.yaml: {}
+  ../../common/goss/templates/check-broken-symlinks.yaml: {}
+  ../../common/goss/templates/check-ca-certs.yaml: {}
+  ../../common/goss/templates/check-directories.yaml: {}
+  ../../common/goss/templates/check-linked-libraries.yaml: {}
+  ../../common/goss/templates/check-sed-in-place.yaml: {}
+  ../../common/goss/templates/check-spdx.yaml: {}
diff --git a/.vib/kubescape/goss/kubescape.yaml b/.vib/kubescape/goss/kubescape.yaml
@@ -0,0 +1,18 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+command:
+  {{- $target := printf "/tmp/%s" (randAlpha 5) }}
+  check-scan:
+    exec: mkdir {{ $target }} && tar -xf ./kubescape/goss/testfiles/sealed-secrets.tar.gz -C {{ $target }}; kubescape scan ./kubescape/goss/testfiles/sealed-secrets.tar.gz --format=json {{ $target }}
+    exit-status: 0
+    timeout: 30000
+    stderr:
+      - "Overall compliance-score"
+  {{- $target := printf "/tmp/%s" (randAlpha 5) }}
+  check-oss-assessment:
+    exec: mkdir {{ $target }} && tar -xf ./kubescape/goss/testfiles/sealed-secrets.tar.gz -C {{ $target }}; /opt/bitnami/scripts/kubescape/entrypoint.sh oss-assessment {{ $target }}
+    exit-status: 0
+    timeout: 30000
+    stdout:
+      - "\"security\":"
diff --git a/.vib/kubescape/goss/testfiles/sealed-secrets.tar.gz b/.vib/kubescape/goss/testfiles/sealed-secrets.tar.gz
diff --git a/.vib/kubescape/goss/vars.yaml b/.vib/kubescape/goss/vars.yaml
@@ -0,0 +1,11 @@
+binaries:
+  - kubescape
+root_dir: /opt/bitnami
+directories:
+  - mode: "0775"
+    paths:
+      - /opt/bitnami/kubescape/.kubescape
+      - /opt/bitnami/kubescape/.cache
+version:
+  bin_name: kubescape
+  flag: version
diff --git a/.vib/kubescape/vib-verify.json b/.vib/kubescape/vib-verify.json
@@ -0,0 +1,73 @@
+{
+  "context": {
+    "resources": {
+      "url": "{SHA_ARCHIVE}",
+      "path": "{VIB_ENV_PATH}"
+    },
+    "runtime_parameters": "Y29tbWFuZDogWyJ0YWlsIiwgIi1mIiwgIi9kZXYvbnVsbCJd"
+  },
+  "phases": {
+    "package": {
+      "actions": [
+        {
+          "action_id": "container-image-package",
+          "params": {
+            "application": {
+              "details": {
+                "name": "{VIB_ENV_CONTAINER}",
+                "tag": "{VIB_ENV_TAG}"
+              }
+            },
+            "architectures": [
+              "linux/amd64",
+              "linux/arm64"
+            ]
+          }
+        },
+        {
+          "action_id": "container-image-lint",
+          "params": {
+            "threshold": "error"
+          }
+        }
+      ]
+    },
+    "verify": {
+      "actions": [
+        {
+          "action_id": "trivy",
+          "params": {
+            "threshold": "LOW",
+            "vuln_type": [
+              "OS"
+            ]
+          }
+        },
+        {
+          "action_id": "grype",
+          "params": {
+            "threshold": "CRITICAL",
+            "package_type": [
+              "OS"
+            ]
+          }
+        },
+        {
+          "action_id": "goss",
+          "params": {
+            "resources": {
+              "path": "/.vib"
+            },
+            "tests_file": "kubescape/goss/goss.yaml",
+            "vars_file": "kubescape/goss/vars.yaml",
+            "remote": {
+              "pod": {
+                "workload": "deploy-kubescape"
+              }
+            }
+          }
+        }
+      ]
+    }
+  }
+}
diff --git a/bitnami/apache/2.4/debian-11/Dockerfile b/bitnami/apache/2.4/debian-11/Dockerfile
@@ -7,10 +7,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2024-02-15T08:45:07Z" \
+      org.opencontainers.image.created="2024-02-15T15:26:18Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="2.4.58-debian-11-r24" \
+      org.opencontainers.image.ref.name="2.4.58-debian-11-r25" \
       org.opencontainers.image.title="apache" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="2.4.58"

diff --git a/bitnami/apisix-dashboard/3/debian-11/Dockerfile b/bitnami/apisix-dashboard/3/debian-11/Dockerfile
@@ -7,10 +7,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2024-02-15T10:44:10Z" \
+      org.opencontainers.image.created="2024-02-15T15:23:09Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="3.0.1-debian-11-r158" \
+      org.opencontainers.image.ref.name="3.0.1-debian-11-r159" \
       org.opencontainers.image.title="apisix-dashboard" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="3.0.1"

diff --git a/bitnami/dotnet/7/debian-11/Dockerfile b/bitnami/dotnet/7/debian-11/Dockerfile
@@ -7,10 +7,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2024-02-15T08:59:10Z" \
+      org.opencontainers.image.created="2024-02-15T15:26:30Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="7.0.16-debian-11-r5" \
+      org.opencontainers.image.ref.name="7.0.16-debian-11-r6" \
       org.opencontainers.image.title="dotnet" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="7.0.16"

diff --git a/bitnami/fluentd/1/debian-11/Dockerfile b/bitnami/fluentd/1/debian-11/Dockerfile
@@ -7,10 +7,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2024-02-15T09:05:26Z" \
+      org.opencontainers.image.created="2024-02-15T15:23:10Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="1.16.3-debian-11-r20" \
+      org.opencontainers.image.ref.name="1.16.3-debian-11-r21" \
       org.opencontainers.image.title="fluentd" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="1.16.3"

diff --git a/bitnami/ksql/7.2/debian-11/Dockerfile b/bitnami/ksql/7.2/debian-11/Dockerfile
@@ -8,10 +8,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2024-02-15T09:30:37Z" \
+      org.opencontainers.image.created="2024-02-15T15:26:19Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="7.2.9-debian-11-r17" \
+      org.opencontainers.image.ref.name="7.2.9-debian-11-r18" \
       org.opencontainers.image.title="ksql" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="7.2.9"

diff --git a/bitnami/kubeapps-dashboard/2/debian-11/Dockerfile b/bitnami/kubeapps-dashboard/2/debian-11/Dockerfile
@@ -7,10 +7,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2024-02-15T09:31:12Z" \
+      org.opencontainers.image.created="2024-02-15T15:26:18Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="2.9.0-debian-11-r36" \
+      org.opencontainers.image.ref.name="2.9.0-debian-11-r37" \
       org.opencontainers.image.title="kubeapps-dashboard" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="2.9.0"

diff --git a/bitnami/mongodb-sharded/6.0/debian-11/Dockerfile b/bitnami/mongodb-sharded/6.0/debian-11/Dockerfile
@@ -7,10 +7,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2024-02-15T09:52:53Z" \
+      org.opencontainers.image.created="2024-02-15T15:26:20Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="6.0.13-debian-11-r17" \
+      org.opencontainers.image.ref.name="6.0.13-debian-11-r18" \
       org.opencontainers.image.title="mongodb-sharded" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="6.0.13"

diff --git a/bitnami/mysql/8.3/debian-11/Dockerfile b/bitnami/mysql/8.3/debian-11/Dockerfile
@@ -7,10 +7,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2024-02-15T09:46:03Z" \
+      org.opencontainers.image.created="2024-02-15T15:26:17Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="8.3.0-debian-11-r14" \
+      org.opencontainers.image.ref.name="8.3.0-debian-11-r15" \
       org.opencontainers.image.title="mysql" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="8.3.0"

diff --git a/bitnami/nginx/1.25/debian-11/Dockerfile b/bitnami/nginx/1.25/debian-11/Dockerfile
@@ -7,10 +7,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2024-02-15T09:54:19Z" \
+      org.opencontainers.image.created="2024-02-15T15:23:33Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="1.25.4-debian-11-r2" \
+      org.opencontainers.image.ref.name="1.25.4-debian-11-r3" \
       org.opencontainers.image.title="nginx" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="1.25.4"

diff --git a/bitnami/parse/6/debian-11/Dockerfile b/bitnami/parse/6/debian-11/Dockerfile
@@ -7,10 +7,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2024-02-15T10:00:48Z" \
+      org.opencontainers.image.created="2024-02-15T15:23:08Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="6.4.0-debian-11-r17" \
+      org.opencontainers.image.ref.name="6.4.0-debian-11-r18" \
       org.opencontainers.image.title="parse" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="6.4.0"

diff --git a/bitnami/pgpool/4/debian-11/Dockerfile b/bitnami/pgpool/4/debian-11/Dockerfile
@@ -7,10 +7,10 @@ ARG TARGETARCH
 
 LABEL com.vmware.cp.artifact.flavor="sha256:1e1b4657a77f0d47e9220f0c37b9bf7802581b93214fff7d1bd2364c8bf22e8e" \
       org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2024-02-15T07:53:46Z" \
+      org.opencontainers.image.created="2024-02-15T15:23:07Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="4.5.0-debian-11-r17" \
+      org.opencontainers.image.ref.name="4.5.0-debian-11-r18" \
       org.opencontainers.image.title="pgpool" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="4.5.0"