From 4dc35ee77ca7613d283f3d1d5c19e86f0ec42832 Mon Sep 17 00:00:00 2001
From: Martin Hrabovcin <martin.hrabovcin@nutanix.com>
Date: Thu, 21 Dec 2023 15:20:07 +0100
Subject: [PATCH 1/9] chore: separate whitelisted images target

---
 make/release.mk | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/make/release.mk b/make/release.mk
index 52ab552..f1c93f0 100644
--- a/make/release.mk
+++ b/make/release.mk
@@ -3,6 +3,7 @@ IMAGE_TAR_FILE := $(BUILD_DIR)/dkp-catalog-applications-image-bundle.tar
 REPO_ARCHIVE_FILE := $(BUILD_DIR)/dkp-catalog-applications.tar.gz
 CHART_BUNDLE := $(BUILD_DIR)/dkp-catalog-applications-chart-bundle.tar.gz
 CATALOG_IMAGES_TXT := $(BUILD_DIR)/dkp_catalog_images.txt
+CATALOG_IMAGES_TXT_WHITELISTED := $(BUILD_DIR)/dkp_catalog_images_whitelisted.txt
 RELEASE_S3_BUCKET ?= downloads.mesosphere.io
 
 CATALOG_APPLICATIONS_VERSION ?= ""
@@ -20,17 +21,24 @@ release.save-images.tar:
 	@$(MINDTHEGAP_BIN) create image-bundle --platform linux/amd64 --images-file $(CATALOG_IMAGES_TXT) --output-file $(IMAGE_TAR_FILE)
 	@ls -latrh $(IMAGE_TAR_FILE)
 
+
+.PHONY: release.whitelisted-images
+release.whitelisted-images: $(GOJQ_BIN) $(BUILD_DIR)
+release.whitelisted-images:
+	$(call print-target)
+	$(GOJQ_BIN) -r --yaml-input \
+		--argjson whitelist '$(shell $(GOJQ_BIN) -rc --yaml-input '.' hack/cve/whitelist.yaml)' \
+		'with_entries( select( .key | IN($$whitelist[]) ) ) | flatten | sort | unique' hack/images.yaml > $(CATALOG_IMAGES_TXT_WHITELISTED)
+
 .PHONY: cve-reporter.push-images
-cve-reporter.push-images: $(GOJQ_BIN) $(BUILD_DIR)
+cve-reporter.push-images: $(GOJQ_BIN)
+cve-reporter.push-images: release.whitelisted-images 
 cve-reporter.push-images: CVE_REPORTER_PROJECT_VERSION ?= main
 cve-reporter.push-images:
 	$(call print-target)
-	$(GOJQ_BIN) -r --yaml-input \
-		--argjson whitelist '$(shell $(GOJQ_BIN) -rc --yaml-input '.' hack/cve/whitelist.yaml)' \
-		'with_entries( select( .key | IN($$whitelist[]) ) ) | flatten | sort | unique' hack/images.yaml > $(CATALOG_IMAGES_TXT)
 	TMP_IMAGES_JSON=$$(mktemp) && \
 	$(GOJQ_BIN) --arg DKP_CATALOG_VERSION $(CVE_REPORTER_PROJECT_VERSION) \
-		-r -f ./hack/cve/convert-images-json.jq $(CATALOG_IMAGES_TXT) > $$TMP_IMAGES_JSON && \
+		-r -f ./hack/cve/convert-images-json.jq $(CATALOG_IMAGES_TXT_WHITELISTED) > $$TMP_IMAGES_JSON && \
 	CVE_REPORTER_PROJECT_VERSION=$(CVE_REPORTER_PROJECT_VERSION) ./hack/cve/push-images.sh $$TMP_IMAGES_JSON && \
 	rm -f $$TMP_IMAGES_JSON
 

From aca67023602b084b4b16600d5814a02c85b40f3f Mon Sep 17 00:00:00 2001
From: Martin Hrabovcin <martin.hrabovcin@nutanix.com>
Date: Wed, 27 Dec 2023 16:04:57 +0100
Subject: [PATCH 2/9] feat: add licenses mapping file

---
 licenses.d2iq.yaml | 83 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 licenses.d2iq.yaml

diff --git a/licenses.d2iq.yaml b/licenses.d2iq.yaml
new file mode 100644
index 0000000..f3e964a
--- /dev/null
+++ b/licenses.d2iq.yaml
@@ -0,0 +1,83 @@
+resource:
+  - container_image: docker.io/lachlanevenson/k8s-kubectl:v1.23.2
+    sources:
+      - url: https://github.com/lachie83/k8s-kubectl
+        ref: ${image_tag}
+        license_path: LICENSE
+  - container_image: docker.io/lachlanevenson/k8s-kubectl:v1.25.4
+    sources:
+      - url: https://github.com/lachie83/k8s-kubectl
+        ref: ${image_tag}
+        license_path: LICENSE
+  - container_image: docker.io/mesosphere/zookeeper-operator:0.2.14-d2iq
+    sources:
+      - url: https://github.com/mesosphere/zookeeper-operator
+        ref: v${image_tag}
+        license_path: LICENSE
+  - container_image: docker.io/pravega/zookeeper-operator:0.2.15
+    sources:
+      - url: https://github.com/pravega/zookeeper-operator
+        ref: v${image_tag}
+        license_path: LICENSE
+  - container_image: docker.io/pravega/zookeeper:0.2.13
+    sources:
+      - url: https://github.com/pravega/zookeeper-operator
+        ref: v${image_tag}
+        license_path: LICENSE
+  - container_image: docker.io/pravega/zookeeper:0.2.14
+    sources:
+      - url: https://github.com/pravega/zookeeper-operator
+        ref: v${image_tag}
+        license_path: LICENSE
+  - container_image: docker.io/pravega/zookeeper:0.2.15
+    sources:
+      - url: https://github.com/pravega/zookeeper-operator
+        ref: v${image_tag}
+        license_path: LICENSE
+  - container_image: gcr.io/kubebuilder/kube-rbac-proxy:v0.13.0
+    sources:
+      - url: https://github.com/brancz/kube-rbac-proxy
+        ref: ${image_tag}
+        license_path: LICENSE
+  - container_image: gcr.io/kubebuilder/kube-rbac-proxy:v0.14.1
+    sources:
+      - url: https://github.com/brancz/kube-rbac-proxy
+        ref: ${image_tag}
+        license_path: LICENSE
+  - container_image: ghcr.io/banzaicloud/cruise-control:2.5.101
+    sources:
+      - url: https://github.com/banzaicloud/docker-cruise-control
+        ref: ${image_tag}
+        license_path: LICENSE
+  - container_image: ghcr.io/banzaicloud/cruise-control:2.5.123
+    sources:
+      - url: https://github.com/banzaicloud/docker-cruise-control
+        ref: ${image_tag}
+        license_path: LICENSE
+  - container_image: ghcr.io/banzaicloud/jmx-javaagent:0.16.1
+    sources:
+      - url: https://github.com/banzaicloud/docker-jmx-exporter
+        ref: ${image_tag}
+        license_path: LICENSE
+  - container_image: ghcr.io/banzaicloud/kafka-operator:v0.23.0-dev.0
+    sources:
+      - url: https://github.com/banzaicloud/koperator
+        ref: ${image_tag}
+        license_path: LICENSE
+        notice_path: NOTICE
+  - container_image: ghcr.io/banzaicloud/kafka-operator:v0.25.1
+    sources:
+      - url: https://github.com/banzaicloud/koperator
+        ref: ${image_tag}
+        license_path: LICENSE
+        notice_path: NOTICE
+  - container_image: ghcr.io/banzaicloud/kafka:2.13-3.1.0
+    sources:
+      - url: https://github.com/banzaicloud/docker-kafka
+        ref: ${image_tag}
+        license_path: LICENSE
+  - container_image: ghcr.io/banzaicloud/kafka:2.13-3.1.2
+    sources:
+      - url: https://github.com/banzaicloud/docker-kafka
+        ref: ${image_tag}
+        license_path: LICENSE

From d855bc3c418ad78d34d344e70c58ddc12870d3c0 Mon Sep 17 00:00:00 2001
From: Martin Hrabovcin <martin.hrabovcin@nutanix.com>
Date: Wed, 27 Dec 2023 16:23:21 +0100
Subject: [PATCH 3/9] feat: add license CI check

---
 .github/workflows/check-licenses.yaml | 33 +++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 .github/workflows/check-licenses.yaml

diff --git a/.github/workflows/check-licenses.yaml b/.github/workflows/check-licenses.yaml
new file mode 100644
index 0000000..2b44d1c
--- /dev/null
+++ b/.github/workflows/check-licenses.yaml
@@ -0,0 +1,33 @@
+name: Check licenses.d2iq.yaml
+on:
+  pull_request:
+    types: [opened, reopened]
+  workflow_dispatch: {}
+
+env:
+  # see release.mk
+  IMAGES_TXT_PATH: _build/dkp_catalog_images_whitelisted.txt
+
+jobs:
+  check-license-yaml:
+    runs-on: ubuntu-latest
+    name: Check licenses.d2iq.yaml
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.head_ref }}
+          fetch-depth: 0
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Setup asdf
+        uses: asdf-vm/actions/setup@v2
+      - name: Generate image list
+        run: |
+          release.whitelisted-images
+          cat ${{ env.IMAGES_TXT_PATH }}
+      - name: Run validation
+        uses: docker://mesosphere/dkp-licenses-cli:licenses-v0.0.11
+        with:
+          args: validate container-images-mapping --input=${{ env.IMAGES_TXT_PATH }} --mapping-file=licenses.d2iq.yaml --check-sources --output-format=github
+        env:
+          GITHUB_TOKEN: "${{ secrets.MESOSPHERECI_USER_TOKEN }}"

From 1ab6abbdcf3b1cb23c3e3bfd1c237db9599dc7a3 Mon Sep 17 00:00:00 2001
From: Martin Hrabovcin <martin.hrabovcin@nutanix.com>
Date: Wed, 27 Dec 2023 16:25:09 +0100
Subject: [PATCH 4/9] fix: make command

---
 .github/workflows/check-licenses.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/check-licenses.yaml b/.github/workflows/check-licenses.yaml
index 2b44d1c..243bd29 100644
--- a/.github/workflows/check-licenses.yaml
+++ b/.github/workflows/check-licenses.yaml
@@ -23,7 +23,7 @@ jobs:
         uses: asdf-vm/actions/setup@v2
       - name: Generate image list
         run: |
-          release.whitelisted-images
+          make release.whitelisted-images
           cat ${{ env.IMAGES_TXT_PATH }}
       - name: Run validation
         uses: docker://mesosphere/dkp-licenses-cli:licenses-v0.0.11

From 36a8b2c219cf4b1619a715d43cd880c9bd173e72 Mon Sep 17 00:00:00 2001
From: Martin Hrabovcin <martin.hrabovcin@nutanix.com>
Date: Wed, 27 Dec 2023 16:30:37 +0100
Subject: [PATCH 5/9] fix: run license check on custom runner

---
 .github/workflows/check-licenses.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/check-licenses.yaml b/.github/workflows/check-licenses.yaml
index 243bd29..0fb77f6 100644
--- a/.github/workflows/check-licenses.yaml
+++ b/.github/workflows/check-licenses.yaml
@@ -10,7 +10,9 @@ env:
 
 jobs:
   check-license-yaml:
-    runs-on: ubuntu-latest
+    runs-on:
+    - self-hosted
+    - small
     name: Check licenses.d2iq.yaml
     steps:
       - name: Checkout code

From c8c4fbdc28d1189a781ed2699885f4bf34c06120 Mon Sep 17 00:00:00 2001
From: Martin Hrabovcin <martin.hrabovcin@nutanix.com>
Date: Wed, 27 Dec 2023 16:32:24 +0100
Subject: [PATCH 6/9] fix: remove unnecessary setup-asdf action

---
 .github/workflows/check-licenses.yaml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.github/workflows/check-licenses.yaml b/.github/workflows/check-licenses.yaml
index 0fb77f6..5c77403 100644
--- a/.github/workflows/check-licenses.yaml
+++ b/.github/workflows/check-licenses.yaml
@@ -21,8 +21,6 @@ jobs:
           ref: ${{ github.head_ref }}
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Setup asdf
-        uses: asdf-vm/actions/setup@v2
       - name: Generate image list
         run: |
           make release.whitelisted-images

From 2bfee2e46e167d226004abbc38ff1e55f738a5ed Mon Sep 17 00:00:00 2001
From: Martin Hrabovcin <martin.hrabovcin@nutanix.com>
Date: Wed, 27 Dec 2023 16:34:10 +0100
Subject: [PATCH 7/9] fix: licenses main key

---
 licenses.d2iq.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/licenses.d2iq.yaml b/licenses.d2iq.yaml
index f3e964a..ae8d17d 100644
--- a/licenses.d2iq.yaml
+++ b/licenses.d2iq.yaml
@@ -1,4 +1,4 @@
-resource:
+resources:
   - container_image: docker.io/lachlanevenson/k8s-kubectl:v1.23.2
     sources:
       - url: https://github.com/lachie83/k8s-kubectl

From 680cdc3d075527155ed975d890a59706a1a8947b Mon Sep 17 00:00:00 2001
From: Martin Hrabovcin <martin.hrabovcin@nutanix.com>
Date: Wed, 27 Dec 2023 16:37:30 +0100
Subject: [PATCH 8/9] fix: add setup-go action

---
 .github/workflows/check-licenses.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/check-licenses.yaml b/.github/workflows/check-licenses.yaml
index 5c77403..c62ae9e 100644
--- a/.github/workflows/check-licenses.yaml
+++ b/.github/workflows/check-licenses.yaml
@@ -21,6 +21,7 @@ jobs:
           ref: ${{ github.head_ref }}
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
+      - uses: actions/setup-go@v4
       - name: Generate image list
         run: |
           make release.whitelisted-images

From 05e68a9555d3e2543c228885d0a30a20fd274f6e Mon Sep 17 00:00:00 2001
From: Martin Hrabovcin <martin.hrabovcin@nutanix.com>
Date: Wed, 27 Dec 2023 16:39:40 +0100
Subject: [PATCH 9/9] fix: add go stable version

---
 .github/workflows/check-licenses.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/check-licenses.yaml b/.github/workflows/check-licenses.yaml
index c62ae9e..6e00a1a 100644
--- a/.github/workflows/check-licenses.yaml
+++ b/.github/workflows/check-licenses.yaml
@@ -22,6 +22,8 @@ jobs:
           fetch-depth: 0
           token: ${{ secrets.GITHUB_TOKEN }}
       - uses: actions/setup-go@v4
+        with:
+          go-version: 'stable'
       - name: Generate image list
         run: |
           make release.whitelisted-images