Merge pull request #759 from lcarva/EC-42

Add example policy data

example/data/README.md

@@ -0,0 +1,8 @@
+# Example Policy Data
+
+This repository provides a set of files that include example policy data. These are meant to help
+users that want to create their own policy data.
+
+Currently, the data is split up into three different files. This is done purely to facilitate
+maintenance of the data. They could, instead, be split across many other files, or even combined
+into a single one. In any case, the data is merged into a single data source.

example/data/acceptable_tekton_bundles.yml

@@ -0,0 +1,58 @@
+---
+# Usage: https://enterprisecontract.dev/docs/ec-policies/acceptable_bundles.html
+pipeline-bundles:
+  quay.io/redhat-appstudio-tekton-catalog/pipeline-docker-build:
+    - digest: sha256:48841b87d60e855f50c92ad142d1ec374191c443c32008c3476e209a892f1b60
+      effective_on: "2023-12-01T00:00:00Z"
+      tag: 87eb21df3b9949aba765f6768298dd4cb28e0ade
+    - digest: sha256:47f306d36f97fa0acb64b6cf343bc808a876ac83c35990c13e521329b87acd91
+      effective_on: "2023-11-06T00:00:00Z"
+      tag: 58955dd900d3fe7adc3d8842f5984fcb068cda76
+    - digest: sha256:037999f15cc62ce94931ce9a6c795fccff69e0ed08f013199515cf3cd5a5782d
+      effective_on: "2023-11-03T00:00:00Z"
+      tag: 00cf7e06044c12738add87c18e4d73d5f832b547
+
+  quay.io/redhat-appstudio-tekton-catalog/pipeline-fbc-builder:
+    - digest: sha256:5be601d04f791f4e3ae42fd6a790cfe923db9470d99605f65e209e065a8899c1
+      effective_on: "2023-12-01T00:00:00Z"
+      tag: 87eb21df3b9949aba765f6768298dd4cb28e0ade
+    - digest: sha256:6b570fec154ce354325f6eaf3122aeb21aa8e6659db1adced0220b9eab485862
+      effective_on: "2023-11-06T00:00:00Z"
+      tag: 58955dd900d3fe7adc3d8842f5984fcb068cda76
+    - digest: sha256:5c33b3c84f3027b7ce79c5e43024d0e080c2c44962bcf5d9a8361b508ebbb5ef
+      effective_on: "2023-11-03T00:00:00Z"
+      tag: 00cf7e06044c12738add87c18e4d73d5f832b547
+
+  quay.io/redhat-appstudio-tekton-catalog/pipeline-nodejs-builder:
+    - digest: sha256:4cd9b81c84603edd5635e1eb9bf2c9a64851991dbc8c54def54de0ad30b3ce3a
+      effective_on: "2023-12-01T00:00:00Z"
+      tag: 87eb21df3b9949aba765f6768298dd4cb28e0ade
+    - digest: sha256:5d0ab17e88563c38ada64d0cb45a68bce2c12c244cdcf2b10d9ba9b14d0ca4b8
+      effective_on: "2023-11-06T00:00:00Z"
+      tag: 58955dd900d3fe7adc3d8842f5984fcb068cda76
+    - digest: sha256:b7f1a273c0447e338c27eff10a6ebef990c42389cba4b68116c900f661895cb2
+      effective_on: "2023-11-03T00:00:00Z"
+      tag: 00cf7e06044c12738add87c18e4d73d5f832b547
+
+task-bundles:
+  quay.io/redhat-appstudio-tekton-catalog/task-buildah:
+    - digest: sha256:c37e542031de193398cd54463af146e42539b5f5c9082df56d65354494566db0
+      effective_on: "2023-11-06T00:00:00Z"
+      tag: "0.1"
+    - digest: sha256:97f21661e237735af04b37feeeaedd328424bfa0ebd4cd0f79ac39cde17137f6
+      effective_on: "2023-10-25T00:00:00Z"
+      tag: "0.1"
+    - digest: sha256:487b82bbdbd361d6ef3cd7a522bb6fe2f163a2d517181f13fe07565a4838f1bb
+      effective_on: "2023-10-21T00:00:00Z"
+      tag: "0.1"
+
+  quay.io/redhat-appstudio-tekton-catalog/task-clair-scan:
+    - digest: sha256:4d8588502c3265cca7c43f131d77661f9254b4b12e5af0cf093afcc464bfb850
+      effective_on: "2023-11-01T00:00:00Z"
+      tag: "0.1"
+    - digest: sha256:64203069d09be49e45082ec02588ee0308e693c7777999ed351a78d554657c61
+      effective_on: "2023-10-29T00:00:00Z"
+      tag: "0.1"
+    - digest: sha256:aa9595966afe40bdc1935c8bec51648e2266500120b02fe336a8f26c58ae7387
+      effective_on: "2023-10-28T00:00:00Z"
+      tag: "0.1"

example/data/required_tasks.yml

@@ -0,0 +1,93 @@
+---
+# Usage: https://enterprisecontract.dev/docs/ec-policies/release_policy.html#tasks_package
+pipeline-required-tasks:
+  fbc:
+    - effective_on: "2023-08-31T00:00:00Z"
+      tasks:
+        - buildah
+        - clair-scan
+        - clamav-scan
+        - deprecated-image-check
+        - fbc-related-image-check
+        - fbc-validation
+        - git-clone
+        - init
+        - prefetch-dependencies
+        - inspect-image
+        - sast-snyk-check
+        - sbom-json-check
+        - show-sbom
+        - summary
+  docker:
+    - effective_on: "2023-11-11T00:00:00Z"
+      tasks:
+        - buildah
+        - clair-scan
+        - clamav-scan
+        - deprecated-image-check
+        - git-clone
+        - init
+        - prefetch-dependencies
+        - inspect-image
+        - sast-snyk-check
+        - sbom-json-check
+        - show-sbom
+        - summary
+  generic:
+    - effective_on: "2023-08-31T00:00:00Z"
+      tasks:
+        - buildah
+        - clair-scan
+        - clamav-scan
+        - deprecated-image-check
+        - git-clone
+        - init
+        - prefetch-dependencies
+        - inspect-image
+        - sast-snyk-check
+        - sbom-json-check
+        - show-sbom
+        - summary
+  java:
+    - effective_on: "2023-08-31T00:00:00Z"
+      tasks:
+        - clair-scan
+        - clamav-scan
+        - deprecated-image-check
+        - git-clone
+        - init
+        - prefetch-dependencies
+        - s2i-java
+        - inspect-image
+        - sast-snyk-check
+        - sbom-json-check
+        - show-sbom
+        - summary
+  nodejs:
+    - effective_on: "2023-08-31T00:00:00Z"
+      tasks:
+        - clair-scan
+        - clamav-scan
+        - deprecated-image-check
+        - git-clone
+        - init
+        - prefetch-dependencies
+        - s2i-nodejs
+        - inspect-image
+        - sast-snyk-check
+        - sbom-json-check
+        - show-sbom
+        - summary
+
+# Usage: https://enterprisecontract.dev/docs/ec-policies/release_policy.html#tasks_package
+required-tasks:
+  - effective_on: "2023-08-31T00:00:00Z"
+    tasks:
+      - clair-scan
+      - clamav-scan
+      - git-clone
+      - init
+      - inspect-image
+      - prefetch-dependencies
+      - sast-snyk-check
+      - summary

example/data/rule_data.yml

@@ -0,0 +1,72 @@
+---
+rule_data:
+  # Usage: https://enterprisecontract.dev/docs/ec-policies/release_policy.html#base_image_registries__allowed_registries_provided
+  allowed_registry_prefixes:
+  - localhost:5000/
+  - registry.local/namespace/repo/
+
+  # Usage: https://enterprisecontract.dev/docs/ec-policies/release_policy.html#step_image_registries_package
+  allowed_step_image_registry_prefixes:
+  - localhost:5000/
+  - registry.local/namespace/repo/
+
+  # Usage: https://enterprisecontract.dev/docs/ec-policies/release_policy.html#java__no_foreign_dependencies
+  # TODO: Document in the policy docs which values are expected here.
+  allowed_java_component_sources:
+  - redhat
+  - rebuilt
+
+  # Usage: https://enterprisecontract.dev/docs/ec-policies/release_policy.html#external_parameters_package
+  pipeline_run_params:
+  - git-repo
+  - git-revision
+  - output-image
+
+  # Usage: https://enterprisecontract.dev/docs/ec-policies/release_policy.html#labels__deprecated_labels
+  deprecated_labels:
+  - name: INSTALL
+    replacement: install
+  - name: Architecture
+    replacement: architecture
+  - name: Name
+    replacement: name
+
+  # Usage: https://enterprisecontract.dev/docs/ec-policies/release_policy.html#labels__required_labels
+  required_labels:
+  - name: architecture
+    description: Architecture the software in the image should target.
+  - name: build-date
+    description: Date/Time image was built as RFC 3339 date-time.
+  - name: description
+    description: Detailed description of the image.
+  - name: vendor
+    description: Name of the vendor.
+
+  # Usage: https://enterprisecontract.dev/docs/ec-policies/release_policy.html#labels__optional_labels
+  optional_labels:
+  - name: maintainer
+    description: >-
+      The name and email of the maintainer (usually the submitter).
+      Should contain `@redhat.com` or `Red Hat`.
+  - name: summary
+    description: A short description of the image.
+
+  # Usage: https://enterprisecontract.dev/docs/ec-policies/release_policy.html#labels__disallowed_inherited_labels
+  disallowed_inherited_labels:
+  - name: description
+  - name: summary
+
+  # Usage: https://enterprisecontract.dev/docs/ec-policies/release_policy.html#labels__required_labels
+  fbc_required_labels:
+  - name: build-date
+    description: Date/Time image was built as RFC 3339 date-time.
+
+  # Usage: https://enterprisecontract.dev/docs/ec-policies/release_policy.html#labels__optional_labels
+  fbc_optional_labels:
+  - name: summary
+    description: A short description of the image.
+
+  # https://enterprisecontract.dev/docs/ec-policies/release_policy.html#labels__disallowed_inherited_labels
+  fbc_disallowed_inherited_labels:
+  - name: description
+  - name: summary