Aqua Security Image Registration and Scan Gate to Slack

arazzo: 1.0.1
info:
  title: Aqua Security Image Registration and Scan Gate to Slack
  summary: Register an image in Aqua, read its scan verdict, and notify Slack of the gate result.
  description: >-
    A container image security gate that registers an image for scanning in Aqua Security,
    retrieves the scanned image's assurance status, and posts the gate result to a Slack
    channel so a release can be approved or blocked. Demonstrates orchestrating a container
    security platform with a chat platform for CI/CD image gating in a single Arazzo workflow.
  version: 1.0.0
sourceDescriptions:
  - name: aquaSecurityApi
    url: https://raw.githubusercontent.com/api-evangelist/aqua-security/refs/heads/main/openapi/aqua-security-api.yaml
    type: openapi
  - name: slackChatApi
    url: https://raw.githubusercontent.com/api-evangelist/slack/refs/heads/main/openapi/slack-chat-openapi.yml
    type: openapi
workflows:
  - workflowId: register-scan-and-gate
    summary: Register an Aqua image, read its scan result, and post the gate to Slack.
    description: >-
      Registers a container image for scanning in Aqua Security, retrieves the image's
      scan and assurance status, and posts the resulting gate decision to a Slack channel.
    inputs:
      type: object
      properties:
        registry:
          type: string
        imageName:
          type: string
        slackChannel:
          type: string
    steps:
      - stepId: register-image
        description: Register a container image for scanning in Aqua Security.
        operationId: $sourceDescriptions.aquaSecurityApi.registerImage
        requestBody:
          contentType: application/json
          payload:
            registry: $inputs.registry
            image: $inputs.imageName
        successCriteria:
          - condition: $statusCode == 201
        outputs:
          registeredImage: $response.body#/name
      - stepId: get-image
        description: Retrieve the scanned image's assurance and vulnerability status.
        operationId: $sourceDescriptions.aquaSecurityApi.getImage
        parameters:
          - name: registry
            in: path
            value: $inputs.registry
          - name: repository
            in: path
            value: $inputs.imageName
          - name: tag
            in: path
            value: latest
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          assurancePassed: $response.body#/assurance_results/disallowed
          criticalCount: $response.body#/crit_vulns
      - stepId: post-gate-result
        description: Post the image scan gate decision to a Slack channel.
        operationId: $sourceDescriptions.slackChatApi.postChatPostmessage
        requestBody:
          contentType: application/x-www-form-urlencoded
          payload:
            channel: $inputs.slackChannel
            text: Aqua image scan gate result is ready for release review.
        successCriteria:
          - condition: $statusCode == 200
        outputs:
          messageTs: $response.body#/ts
    outputs:
      criticalCount: $steps.get-image.outputs.criticalCount
      messageTs: $steps.post-gate-result.outputs.messageTs