update ci to use new template

ratify-project · Nov 30, 2023 · 7242c1c · 7242c1c
1 parent 497c82e
commit 7242c1c
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 10 deletions.
diff --git a/dev.helmfile.yaml b/dev.helmfile.yaml
@@ -19,7 +19,7 @@ releases:
       - name: mutatingWebhookTimeoutSeconds
         value: 2
       - name: externaldataProviderResponseCacheTTL
-        value: 10s
+        value: 1s
   - name: ratify
     namespace: gatekeeper-system
     chart: charts/ratify # PRERELEASE: Change to 'ratify/ratify' before copying to helmfile.yaml
@@ -33,22 +33,22 @@ releases:
         command: "bash"
         args:
           - "-c"
-          - "kubectl apply -f https://deislabs.github.io/ratify/library/default/template.yaml && kubectl apply -f https://deislabs.github.io/ratify/library/default/samples/constraint.yaml"
+          - "kubectl apply -f /home/devuser/code/ratify/library/vulnerability-report-validation/template.yaml && kubectl apply -f /home/devuser/code/ratify/library/vulnerability-report-validation/samples/constraint.yaml"
       - events: ["postuninstall"]
         showlogs: true
         command: "kubectl"
         args:
           - "delete"
           - "-f"
-          - "https://deislabs.github.io/ratify/library/default/template.yaml"
+          - "/home/devuser/code/ratify/library/vulnerability-report-validation/template.yaml"
           - "--ignore-not-found=true"
       - events: ["postuninstall"]
         showlogs: true
         command: "kubectl"
         args:
           - "delete"
           - "-f"
-          - "https://deislabs.github.io/ratify/library/default/samples/constraint.yaml"
+          - "/home/devuser/code/ratify/library/vulnerability-report-validation/samples/constraint.yaml"
           - "--ignore-not-found=true"
       - events: ["postuninstall"]
         showlogs: true
@@ -75,10 +75,24 @@ releases:
       - name: featureFlags.RATIFY_CERT_ROTATION
         value: true
       - name: image.repository # PRERELEASE: REMOVE before copying to helmfile.yaml
-        value: ghcr.io/deislabs/ratify-dev # PRERELEASE: REMOVE before copying to helmfile.yaml
+        value: generaltest.azurecr.io/deislabs/ratify # PRERELEASE: REMOVE before copying to helmfile.yaml
       - name: image.crdRepository # PRERELEASE: REMOVE before copying to helmfile.yaml
-        value: ghcr.io/deislabs/ratify-crds-dev # PRERELEASE: REMOVE before copying to helmfile.yaml
+        value: generaltest.azurecr.io/deislabs/ratify-crds # PRERELEASE: REMOVE before copying to helmfile.yaml
       - name: image.tag # PRERELEASE: REMOVE before copying to helmfile.yaml
-        value: dev.20230822.cd81c6e # PRERELEASE: REMOVE before copying to helmfile.yaml
+        value: vuln-verifier-prod # PRERELEASE: REMOVE before copying to helmfile.yaml
       - name: image.pullPolicy # PRERELEASE: REMOVE before copying to helmfile.yaml
         value: Always # PRERELEASE: REMOVE before copying to helmfile.yaml
+      - name: akvCertConfig.enabled
+        value: true
+      - name: akvCertConfig.vaultURI
+        value: https://aksinghal-kv.vault.azure.net/
+      - name: akvCertConfig.cert1Name
+        value: wabbit-networks-io
+      - name: akvCertConfig.tenantId
+        value: 72f988bf-86f1-41af-91ab-2d7cd011db47
+      - name: oras.authProviders.azureWorkloadIdentityEnabled
+        value: true
+      - name: azureWorkloadIdentity.clientId
+        value: 9bb0417d-2f98-4d61-a124-103c2007d0f1
+      - name: logger.level
+        value: debug
diff --git a/library/vulnerability-report-validation/template.yaml b/library/vulnerability-report-validation/template.yaml
@@ -65,7 +65,7 @@ spec:
           subject_validation := remote_data.responses[_]
           subject_result := subject_validation[1]
           not process_vuln_reports(subject_result)
-          result := sprintf("Subject failed verification: %s", [subject_validation[0]])
+          result := sprintf("Subject failed vulnerability report validation: %s", [subject_validation[0]])
         }
 
         process_vuln_reports(subject_result) if {

diff --git a/test/bats/plugin-test.bats b/test/bats/plugin-test.bats
@@ -187,12 +187,17 @@ SLEEP_TIME=1
         wait_for_process ${WAIT_TIME} ${SLEEP_TIME} 'kubectl delete verifiers.config.ratify.deislabs.io/verifier-vulnerabilityreport --namespace default --ignore-not-found=true'
         wait_for_process ${WAIT_TIME} ${SLEEP_TIME} 'kubectl delete pod vulnerabilityreport --namespace default --force --ignore-not-found=true'
         wait_for_process ${WAIT_TIME} ${SLEEP_TIME} 'kubectl delete pod vulnerabilityreport2 --namespace default --force --ignore-not-found=true'
+        wait_for_process ${WAIT_TIME} ${SLEEP_TIME} 'kubectl delete -f ./library/vulnerability-report-validation/template.yaml --ignore-not-found=true'
+        wait_for_process ${WAIT_TIME} ${SLEEP_TIME} 'kubectl delete -f ./library/vulnerability-report-validation/samples/constraint.yaml --ignore-not-found=true'
     }
 
-    run kubectl apply -f ./library/default/template.yaml
+    run kubectl delete -f ./library/default/samples/constraint.yaml --ignore-not-found=true
+    assert_success 
+    sleep 5
+    run kubectl apply -f ./library/vulnerability-report-validation/template.yaml
     assert_success
     sleep 5
-    run kubectl apply -f ./library/default/samples/constraint.yaml
+    run kubectl apply -f ./library/vulnerability-report-validation/samples/constraint.yaml
     assert_success
     sleep 5