Add a yara image. (#2418)

Signed-off-by: Matt Moore <[email protected]>

images/yara/README.md

@@ -0,0 +1,36 @@
+<!--monopod:start-->
+# yara
+| | |
+| - | - |
+| **OCI Reference** | `cgr.dev/chainguard/yara` |
+
+
+* [View Image in Chainguard Academy](https://edu.chainguard.dev/chainguard/chainguard-images/reference/yara/overview/)
+* [View Image Catalog](https://console.enforce.dev/images/catalog) for a full list of available tags.
+* [Contact Chainguard](https://www.chainguard.dev/chainguard-images) for enterprise support, SLAs, and access to older tags.*
+
+---
+<!--monopod:end-->
+
+<!--overview:start-->
+The pattern matching swiss knife.
+<!--overview:end-->
+
+<!--getting:start-->
+## Download this Image
+The image is available on `cgr.dev`:
+
+```
+docker pull cgr.dev/chainguard/yara:latest
+```
+<!--getting:end-->
+
+<!--body:start-->
+## Usage
+
+Inspect the crane image manifest using the crane image:
+
+```
+docker run --rm cgr.dev/chainguard/crane:latest manifest cgr.dev/chainguard/crane:latest --platform=linux/amd64
+```
+<!--body:end-->

images/yara/config/main.tf

@@ -0,0 +1,19 @@
+terraform {
+  required_providers {
+    apko = { source = "chainguard-dev/apko" }
+  }
+}
+
+variable "extra_packages" {
+  description = "The additional packages to install (e.g. yara)."
+  default     = ["yara"]
+}
+
+data "apko_config" "this" {
+  config_contents = file("${path.module}/template.apko.yaml")
+  extra_packages  = var.extra_packages
+}
+
+output "config" {
+  value = jsonencode(data.apko_config.this.config)
+}

images/yara/config/template.apko.yaml

@@ -0,0 +1,15 @@
+contents:
+  packages: []
+
+accounts:
+  groups:
+    - groupname: nonroot
+      gid: 65532
+  users:
+    - username: nonroot
+      uid: 65532
+      gid: 65532
+  run-as: 65532
+
+entrypoint:
+  command: /usr/bin/yara

images/yara/main.tf

@@ -0,0 +1,36 @@
+terraform {
+  required_providers {
+    oci = { source = "chainguard-dev/oci" }
+  }
+}
+
+variable "target_repository" {
+  description = "The docker repo into which the image and attestations should be published."
+}
+
+module "latest-config" { source = "./config" }
+
+module "latest" {
+  source            = "../../tflib/publisher"
+  name              = basename(path.module)
+  target_repository = var.target_repository
+  config            = module.latest-config.config
+  build-dev         = true
+}
+
+module "test-latest" {
+  source = "./tests"
+  digest = module.latest.image_ref
+}
+
+resource "oci_tag" "latest" {
+  depends_on = [module.test-latest]
+  digest_ref = module.latest.image_ref
+  tag        = "latest"
+}
+
+resource "oci_tag" "latest-dev" {
+  depends_on = [module.test-latest]
+  digest_ref = module.latest.dev_ref
+  tag        = "latest-dev"
+}

images/yara/metadata.yaml

@@ -0,0 +1,13 @@
+name: yara
+image: cgr.dev/chainguard/yara
+logo: https://github.com/VirusTotal.png
+endoflife: ""
+console_summary: ""
+short_description: The pattern matching swiss knife.
+compatibility_notes: ""
+readme_file: README.md
+upstream_url: https://github.com/VirusTotal/yara
+keywords:
+  - security
+  - yara
+  - malware

images/yara/tests/main.tf

@@ -0,0 +1,21 @@
+terraform {
+  required_providers {
+    oci = { source = "chainguard-dev/oci" }
+  }
+}
+
+variable "digest" {
+  description = "The image digest to run tests over."
+}
+
+data "oci_exec_test" "version" {
+  digest = var.digest
+  script = "docker run --rm $IMAGE_NAME --version"
+}
+
+data "oci_exec_test" "test-yar" {
+  digest = var.digest
+  script = "./test-yar.sh"
+
+  working_dir = path.module
+}

images/yara/tests/test-yar.sh

@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+set -o errexit -o nounset -o errtrace -o pipefail -x
+
+# Grep checks for the expected output
+docker run --rm -v "${PWD}:/work" -w /work "${IMAGE_NAME}" test.yar /usr/bin/yara | grep test_rule | grep /usr/bin/yara

images/yara/tests/test.yar

@@ -0,0 +1,6 @@
+rule test_rule {
+  strings:
+    $a = "yr_scanner_create"
+  condition:
+    $a
+}

main.tf

@@ -1508,6 +1508,11 @@ module "wolfi-base" {
   target_repository = "${var.target_repository}/wolfi-base"
 }
 
+module "yara" {
+  source            = "./images/yara"
+  target_repository = "${var.target_repository}/yara"
+}
+
 module "zig" {
   source            = "./images/zig"
   target_repository = "${var.target_repository}/zig"