chore: add testing scanning v2 namespace provisioner samples

ns-provisioner-samples/testing-scanning-v2-supplychain/metadata-store-access.yaml

@@ -0,0 +1,27 @@
+#@ load("@ytt:data", "data")
+#@ load("@ytt:base64", "base64")
+---
+apiVersion: v1
+data:
+  accessToken: #@ data.values.imported.metadataStore.accessToken
+kind: Secret
+metadata:
+  name: metadata-store-access-token
+type: Opaque
+---
+apiVersion: v1
+data:
+  caCrt: #@ data.values.imported.metadataStore.caCrt
+kind: Secret
+metadata:
+  name: metadata-store-cert
+type: Opaque
+---
+apiVersion: v1
+data:
+  #! put the right protocol in front of the url
+  url: #@ base64.encode("http://" + data.values.imported.metadataStore.url)
+kind: Secret
+metadata:
+  name: metadata-store-url
+type: Opaque

ns-provisioner-samples/testing-scanning-v2-supplychain/scan-policy.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: v1
+stringData:
+  # Comma separated list of CVEs to ignore
+  ignoreCves: ""
+  # Comma separated list of severities to block
+  notAllowedSeverities: "critical,high"
+kind: Secret
+metadata:
+  name: scan-policy
+type: Opaque

ns-provisioner-samples/testing-scanning-v2-supplychain/tekton-pipeline-java.yaml

@@ -0,0 +1,63 @@
+#@ load("@ytt:data", "data")
+#@ def in_list(key, list):
+#@  return hasattr(data.values.tap_values, key) and (data.values.tap_values[key] in list)
+#@ end
+#! This if condition ensures that this Java Tekton pipeline is only created if the supply chain is testing or testing_scanning, and the TAP profile used is full, iterate or build.
+#@ if/end in_list('supply_chain', ['testing', 'testing_scanning']) and in_list('profile', ['full', 'iterate', 'build']):
+---
+apiVersion: tekton.dev/v1beta1
+kind: Pipeline
+metadata:
+  name: tekton-pipeline-java
+  labels:
+    apps.tanzu.vmware.com/pipeline: test
+  annotations:
+    kapp.k14s.io/create-strategy: fallback-on-update
+spec:
+  params:
+    - name: source-url
+    - name: source-revision
+    - name: sub-path
+      default: "."
+  tasks:
+    - name: test
+      params:
+        - name: source-url
+          value: $(params.source-url)
+        - name: source-revision
+          value: $(params.source-revision)
+        - name: sub-path
+          value: $(params.sub-path)
+      taskSpec:
+        stepTemplate:
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsUser: 1000
+            runAsNonRoot: true
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
+        params:
+          - name: source-url
+          - name: source-revision
+          - name: sub-path
+        steps:
+          - name: test
+            image: mirror.gcr.io/gradle
+            script: |-
+              cd `mktemp -d`
+              wget -qO- $(params.source-url) | tar xvz -m
+              pwd
+              MVNW=mvnw
+              GRADLE="build.gradle"
+              cd $(params.sub-path)
+              if [ -f "$MVNW" ]; then
+                  ./mvnw test
+              elif [ -f "$GRADLE" ]; then
+                  gradle test --debug
+              else
+                  echo "WARNING: No tests were run. This workload is not built with one of the currently supported frameworks (maven or gradle). If using another language/framework, update the image and the script sections of the 'pipeline.tekton.dev' resource in your namespace to match your language/framework."
+                  #exit 1
+              fi