From 6e434ed3d570f64fc35847971a7c1a5805d2f8e5 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Thu, 24 Jul 2025 05:16:57 +0000 Subject: [PATCH 1/2] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- .tekton/scanner-component-pipeline.yaml | 124 +++++++++--------------- 1 file changed, 46 insertions(+), 78 deletions(-) diff --git a/.tekton/scanner-component-pipeline.yaml b/.tekton/scanner-component-pipeline.yaml index ef7e88410..ed95bdfa2 100644 --- a/.tekton/scanner-component-pipeline.yaml +++ b/.tekton/scanner-component-pipeline.yaml @@ -2,9 +2,7 @@ apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: scanner-component-pipeline - spec: - finally: - name: slack-notification params: @@ -13,10 +11,10 @@ spec: - name: key-name value: 'acs-konflux-notifications' when: - # Run when any task has Failed + # Run when any task has Failed - input: $(tasks.status) operator: in - values: [ "Failed" ] + values: ["Failed"] taskRef: params: - name: name @@ -26,7 +24,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-sbom params: - name: IMAGE_URL @@ -36,11 +33,10 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:1b1df4da95966d08ac6a5b8198710e09e68b5c2cdc707c37d9d19769e65884b2 + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:86c069cac0a669797e8049faa8aa4088e70ff7fcd579d5bdc37626a9e0488a05 - name: kind value: task resolver: bundles - - name: post-metric-end params: - name: AGGREGATE_TASKS_STATUS @@ -54,7 +50,6 @@ spec: - name: kind value: task resolver: bundles - params: - description: Source Repository URL name: git-url @@ -79,13 +74,11 @@ spec: name: output-tag-suffix type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -104,8 +97,7 @@ spec: description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string - - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after type: string - default: "true" @@ -116,7 +108,7 @@ spec: description: Build stage to target in container build name: build-target-stage type: string - - default: [ ] + - default: [] description: List of scanner-data file names to fetch to include in the container build. name: blobs-to-fetch type: array @@ -124,7 +116,6 @@ spec: description: This sets the expiration time for intermediate OCI artifacts produced and used during builds after which they can be garbage collected. name: oci-artifact-expires-after type: string - results: - description: "" name: IMAGE_URL @@ -138,21 +129,17 @@ spec: - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) - workspaces: - name: git-auth - tasks: - - name: post-metric-start taskRef: *post-bigquery-metrics-ref - - name: init params: - name: image-url - # We can't provide a StackRox-style tag because it is not known at this time (requires cloning source, etc.) - # As a workaround, we still provide a unique tag that's based on a revision in order for this task to comply with - # its expected input. We later actually add this tag on a built image with the build-image-index-konflux task. + # We can't provide a StackRox-style tag because it is not known at this time (requires cloning source, etc.) + # As a workaround, we still provide a unique tag that's based on a revision in order for this task to comply with + # its expected input. We later actually add this tag on a built image with the build-image-index-konflux task. value: $(params.output-image-repo):konflux-$(params.revision) - name: rebuild value: $(params.rebuild) @@ -163,11 +150,10 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:66e90d31e1386bf516fb548cd3e3f0082b5d0234b8b90dbf9e0d4684b70dbe1a + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:1d8221c84f91b923d89de50bf16481ea729e3b68ea04a9a7cbe8485ddbb27ee6 - name: kind value: task resolver: bundles - - name: clone-repository params: - name: url @@ -194,11 +180,10 @@ spec: when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] workspaces: - name: basic-auth workspace: git-auth - - name: determine-image-expiration params: - name: DEFAULT_IMAGE_EXPIRES_AFTER @@ -214,7 +199,6 @@ spec: - name: kind value: task resolver: bundles - - name: determine-image-tag params: - name: TAG_SUFFIX @@ -230,11 +214,10 @@ spec: - name: kind value: task resolver: bundles - - name: fetch-scanner-data params: - name: BLOBS_TO_FETCH - value: [ "$(params.blobs-to-fetch[*])" ] + value: ["$(params.blobs-to-fetch[*])"] - name: TARGET_DIR value: .konflux/scanner-data - name: SOURCE_ARTIFACT @@ -252,7 +235,6 @@ spec: - name: kind value: task resolver: bundles - - name: prefetch-dependencies params: - name: input @@ -265,7 +247,7 @@ spec: value: $(params.oci-artifact-expires-after) - name: ACTIVATION_KEY value: subscription-manager-activation-key-prod - # Required for RPM prefetching support + # Required for RPM prefetching support - name: dev-package-managers value: "true" taskRef: @@ -273,14 +255,13 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:a1ddc34bf0a169bb2e64a98caf9027b66af8fc66a3a60f71bb451ce36af6a399 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:092491ac0f6e1009d10c58a1319d1029371bf637cc1293cceba53c6da5314ed1 - name: kind value: task resolver: bundles workspaces: - name: git-basic-auth workspace: git-auth - - name: build-container-amd64 params: - name: IMAGE @@ -311,15 +292,14 @@ spec: - name: name value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:48b99ad18fd3bde2d22ec2c397d36c55e45ca90ddf1620c9e00bdee518e297bf + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:9e9bac2044d6231b44114046b9d528c135388699365f0f210ee810c01bd4d702 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-container-s390x params: - name: IMAGE @@ -352,15 +332,14 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:5b8d51fa889cdac873750904c3fccc0cca1c4f65af16902ebb2b573151f80657 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:9e866d4d0489a6ab84ae263db416c9f86d2d6117ef4444f495a0e97388ae3ac0 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-container-ppc64le params: - name: IMAGE @@ -393,15 +372,14 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:5b8d51fa889cdac873750904c3fccc0cca1c4f65af16902ebb2b573151f80657 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:9e866d4d0489a6ab84ae263db416c9f86d2d6117ef4444f495a0e97388ae3ac0 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-container-arm64 params: - name: IMAGE @@ -434,15 +412,14 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:5b8d51fa889cdac873750904c3fccc0cca1c4f65af16902ebb2b573151f80657 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:9e866d4d0489a6ab84ae263db416c9f86d2d6117ef4444f495a0e97388ae3ac0 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-image-index params: - name: IMAGE @@ -462,15 +439,14 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:846dc9975914f31380ec2712fdbac9df3b06c00a9cc7df678315a7f97145efc2 + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:3499772af90aad0d3935629be6d37dd9292195fb629e6f43ec839c7f545a0faa - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-image-index-konflux params: - name: IMAGE @@ -490,15 +466,14 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:846dc9975914f31380ec2712fdbac9df3b06c00a9cc7df678315a7f97145efc2 + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:3499772af90aad0d3935629be6d37dd9292195fb629e6f43ec839c7f545a0faa - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-source-image params: - name: BINARY_IMAGE @@ -507,23 +482,24 @@ spec: value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: BINARY_IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) taskRef: params: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:b424894fc8e806c12658daa565b835fd2d66e7f7608afc47529eb7b410f030d7 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b1eb49583b41872b27356fee20d5f0eb6ff7f5cdeacde7ffb39655f031104728 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] - input: $(params.build-source-image) operator: in - values: [ "true" ] - + values: ["true"] - name: deprecated-base-image-check params: - name: IMAGE_URL @@ -542,8 +518,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: clair-scan params: - name: image-digest @@ -555,15 +530,14 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:d354939892f3a904223ec080cc3771bd11931085a5d202323ea491ee8e8c5e43 + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:417f44117f8d87a4a62fea6589b5746612ac61640b454dbd88f74892380411f2 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: ecosystem-cert-preflight-checks params: - name: image-url @@ -573,15 +547,14 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:ba7ed837f467904e7b38513174a707a9eec4009d009d6f272ff71d1250bc8854 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:f99d2bdb02f13223d494077a2cde31418d09369f33c02134a8e7e5fad2f61eda - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: sast-shell-check params: - name: image-digest @@ -597,15 +570,14 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:808bcaf75271db6a999f53fdefb973a385add94a277d37fbd3df68f8ac7dfaa3 + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:bf7bdde00b7212f730c1356672290af6f38d070da2c8a316987b5c32fd49e0b9 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: sast-unicode-check params: - name: image-digest @@ -628,8 +600,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: sast-snyk-check params: - name: SOURCE_ARTIFACT @@ -645,15 +616,14 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:e61f541189b30d14292ef8df36ccaf13f7feb2378fed5f74cb6293b3e79eb687 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:fe5e5ba3a72632cd505910de2eacd62c9d11ed570c325173188f8d568ac60771 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: clamav-scan params: - name: image-digest @@ -665,15 +635,14 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:9cab95ac9e833d77a63c079893258b73b8d5a298d93aaf9bdd6722471bc2f338 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:7749146f7e4fe530846f1b15c9366178ec9f44776ef1922a60d3e7e2b8c6426b - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: rpms-signature-scan params: - name: image-digest @@ -692,8 +661,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: push-dockerfile params: - name: IMAGE @@ -711,7 +679,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:5d8013b6a27bbc5e4ff261144616268f28417ed0950d583ef36349fcd59d3d3d + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:8c75c4a747e635e5f3e12266a3bb6e5d3132bf54e37eaa53d505f89897dd8eca - name: kind value: task resolver: bundles From 7a1bd12c8974456823775653fa5ff9d2fe6ca93f Mon Sep 17 00:00:00 2001 From: Tom Martensen Date: Thu, 24 Jul 2025 13:32:25 +0200 Subject: [PATCH 2/2] undo whitespace changes --- .tekton/scanner-component-pipeline.yaml | 132 +++++++++++++++--------- 1 file changed, 82 insertions(+), 50 deletions(-) diff --git a/.tekton/scanner-component-pipeline.yaml b/.tekton/scanner-component-pipeline.yaml index ed95bdfa2..471a51729 100644 --- a/.tekton/scanner-component-pipeline.yaml +++ b/.tekton/scanner-component-pipeline.yaml @@ -2,7 +2,9 @@ apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: scanner-component-pipeline + spec: + finally: - name: slack-notification params: @@ -11,10 +13,10 @@ spec: - name: key-name value: 'acs-konflux-notifications' when: - # Run when any task has Failed + # Run when any task has Failed - input: $(tasks.status) operator: in - values: ["Failed"] + values: [ "Failed" ] taskRef: params: - name: name @@ -24,6 +26,7 @@ spec: - name: kind value: task resolver: bundles + - name: show-sbom params: - name: IMAGE_URL @@ -33,10 +36,11 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:86c069cac0a669797e8049faa8aa4088e70ff7fcd579d5bdc37626a9e0488a05 + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:1b1df4da95966d08ac6a5b8198710e09e68b5c2cdc707c37d9d19769e65884b2 - name: kind value: task resolver: bundles + - name: post-metric-end params: - name: AGGREGATE_TASKS_STATUS @@ -46,10 +50,11 @@ spec: - name: name value: post-bigquery-metrics - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:4746fb4dc0c4af037502e1e23dd155333b945e33e8ab59edc12dc22b86bf7087 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1d62dbd1367d1e9b059a8d9a553bc4b6ccc508adce9cbb61c9f2c2bc104e6bab - name: kind value: task resolver: bundles + params: - description: Source Repository URL name: git-url @@ -74,11 +79,13 @@ spec: name: output-tag-suffix type: string - default: . - description: Path to the source code of an application's component from where to build image. + description: Path to the source code of an application's component from where + to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context + description: Path to the Dockerfile inside the context specified by parameter + path-context name: dockerfile type: string - default: "false" @@ -97,7 +104,8 @@ spec: description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string - - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. + - description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after type: string - default: "true" @@ -108,7 +116,7 @@ spec: description: Build stage to target in container build name: build-target-stage type: string - - default: [] + - default: [ ] description: List of scanner-data file names to fetch to include in the container build. name: blobs-to-fetch type: array @@ -116,6 +124,7 @@ spec: description: This sets the expiration time for intermediate OCI artifacts produced and used during builds after which they can be garbage collected. name: oci-artifact-expires-after type: string + results: - description: "" name: IMAGE_URL @@ -129,17 +138,21 @@ spec: - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) + workspaces: - name: git-auth + tasks: + - name: post-metric-start taskRef: *post-bigquery-metrics-ref + - name: init params: - name: image-url - # We can't provide a StackRox-style tag because it is not known at this time (requires cloning source, etc.) - # As a workaround, we still provide a unique tag that's based on a revision in order for this task to comply with - # its expected input. We later actually add this tag on a built image with the build-image-index-konflux task. + # We can't provide a StackRox-style tag because it is not known at this time (requires cloning source, etc.) + # As a workaround, we still provide a unique tag that's based on a revision in order for this task to comply with + # its expected input. We later actually add this tag on a built image with the build-image-index-konflux task. value: $(params.output-image-repo):konflux-$(params.revision) - name: rebuild value: $(params.rebuild) @@ -150,10 +163,11 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:1d8221c84f91b923d89de50bf16481ea729e3b68ea04a9a7cbe8485ddbb27ee6 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:66e90d31e1386bf516fb548cd3e3f0082b5d0234b8b90dbf9e0d4684b70dbe1a - name: kind value: task resolver: bundles + - name: clone-repository params: - name: url @@ -180,10 +194,11 @@ spec: when: - input: $(tasks.init.results.build) operator: in - values: ["true"] + values: [ "true" ] workspaces: - name: basic-auth workspace: git-auth + - name: determine-image-expiration params: - name: DEFAULT_IMAGE_EXPIRES_AFTER @@ -195,10 +210,11 @@ spec: - name: name value: determine-image-expiration - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:4746fb4dc0c4af037502e1e23dd155333b945e33e8ab59edc12dc22b86bf7087 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1d62dbd1367d1e9b059a8d9a553bc4b6ccc508adce9cbb61c9f2c2bc104e6bab - name: kind value: task resolver: bundles + - name: determine-image-tag params: - name: TAG_SUFFIX @@ -210,14 +226,15 @@ spec: - name: name value: determine-image-tag - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:4746fb4dc0c4af037502e1e23dd155333b945e33e8ab59edc12dc22b86bf7087 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1d62dbd1367d1e9b059a8d9a553bc4b6ccc508adce9cbb61c9f2c2bc104e6bab - name: kind value: task resolver: bundles + - name: fetch-scanner-data params: - name: BLOBS_TO_FETCH - value: ["$(params.blobs-to-fetch[*])"] + value: [ "$(params.blobs-to-fetch[*])" ] - name: TARGET_DIR value: .konflux/scanner-data - name: SOURCE_ARTIFACT @@ -231,10 +248,11 @@ spec: - name: name value: fetch-scanner-v2-data - name: bundle - value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:4746fb4dc0c4af037502e1e23dd155333b945e33e8ab59edc12dc22b86bf7087 + value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:1d62dbd1367d1e9b059a8d9a553bc4b6ccc508adce9cbb61c9f2c2bc104e6bab - name: kind value: task resolver: bundles + - name: prefetch-dependencies params: - name: input @@ -247,7 +265,7 @@ spec: value: $(params.oci-artifact-expires-after) - name: ACTIVATION_KEY value: subscription-manager-activation-key-prod - # Required for RPM prefetching support + # Required for RPM prefetching support - name: dev-package-managers value: "true" taskRef: @@ -255,13 +273,14 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:092491ac0f6e1009d10c58a1319d1029371bf637cc1293cceba53c6da5314ed1 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:a1ddc34bf0a169bb2e64a98caf9027b66af8fc66a3a60f71bb451ce36af6a399 - name: kind value: task resolver: bundles workspaces: - name: git-basic-auth workspace: git-auth + - name: build-container-amd64 params: - name: IMAGE @@ -292,14 +311,15 @@ spec: - name: name value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:9e9bac2044d6231b44114046b9d528c135388699365f0f210ee810c01bd4d702 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4@sha256:48b99ad18fd3bde2d22ec2c397d36c55e45ca90ddf1620c9e00bdee518e297bf - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: ["true"] + values: [ "true" ] + - name: build-container-s390x params: - name: IMAGE @@ -332,14 +352,15 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:9e866d4d0489a6ab84ae263db416c9f86d2d6117ef4444f495a0e97388ae3ac0 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:5b8d51fa889cdac873750904c3fccc0cca1c4f65af16902ebb2b573151f80657 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: ["true"] + values: [ "true" ] + - name: build-container-ppc64le params: - name: IMAGE @@ -372,14 +393,15 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:9e866d4d0489a6ab84ae263db416c9f86d2d6117ef4444f495a0e97388ae3ac0 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:5b8d51fa889cdac873750904c3fccc0cca1c4f65af16902ebb2b573151f80657 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: ["true"] + values: [ "true" ] + - name: build-container-arm64 params: - name: IMAGE @@ -412,14 +434,15 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:9e866d4d0489a6ab84ae263db416c9f86d2d6117ef4444f495a0e97388ae3ac0 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.4@sha256:5b8d51fa889cdac873750904c3fccc0cca1c4f65af16902ebb2b573151f80657 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: ["true"] + values: [ "true" ] + - name: build-image-index params: - name: IMAGE @@ -439,14 +462,15 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:3499772af90aad0d3935629be6d37dd9292195fb629e6f43ec839c7f545a0faa + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:846dc9975914f31380ec2712fdbac9df3b06c00a9cc7df678315a7f97145efc2 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: ["true"] + values: [ "true" ] + - name: build-image-index-konflux params: - name: IMAGE @@ -466,14 +490,15 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:3499772af90aad0d3935629be6d37dd9292195fb629e6f43ec839c7f545a0faa + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:846dc9975914f31380ec2712fdbac9df3b06c00a9cc7df678315a7f97145efc2 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: ["true"] + values: [ "true" ] + - name: build-source-image params: - name: BINARY_IMAGE @@ -482,24 +507,23 @@ spec: value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: BINARY_IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) taskRef: params: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b1eb49583b41872b27356fee20d5f0eb6ff7f5cdeacde7ffb39655f031104728 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2@sha256:b424894fc8e806c12658daa565b835fd2d66e7f7608afc47529eb7b410f030d7 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: ["true"] + values: [ "true" ] - input: $(params.build-source-image) operator: in - values: ["true"] + values: [ "true" ] + - name: deprecated-base-image-check params: - name: IMAGE_URL @@ -518,7 +542,8 @@ spec: when: - input: $(params.skip-checks) operator: in - values: ["false"] + values: [ "false" ] + - name: clair-scan params: - name: image-digest @@ -530,14 +555,15 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:417f44117f8d87a4a62fea6589b5746612ac61640b454dbd88f74892380411f2 + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:d354939892f3a904223ec080cc3771bd11931085a5d202323ea491ee8e8c5e43 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: ["false"] + values: [ "false" ] + - name: ecosystem-cert-preflight-checks params: - name: image-url @@ -547,14 +573,15 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:f99d2bdb02f13223d494077a2cde31418d09369f33c02134a8e7e5fad2f61eda + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:ba7ed837f467904e7b38513174a707a9eec4009d009d6f272ff71d1250bc8854 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: ["false"] + values: [ "false" ] + - name: sast-shell-check params: - name: image-digest @@ -570,14 +597,15 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:bf7bdde00b7212f730c1356672290af6f38d070da2c8a316987b5c32fd49e0b9 + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:808bcaf75271db6a999f53fdefb973a385add94a277d37fbd3df68f8ac7dfaa3 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: ["false"] + values: [ "false" ] + - name: sast-unicode-check params: - name: image-digest @@ -600,7 +628,8 @@ spec: when: - input: $(params.skip-checks) operator: in - values: ["false"] + values: [ "false" ] + - name: sast-snyk-check params: - name: SOURCE_ARTIFACT @@ -616,14 +645,15 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:fe5e5ba3a72632cd505910de2eacd62c9d11ed570c325173188f8d568ac60771 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:e61f541189b30d14292ef8df36ccaf13f7feb2378fed5f74cb6293b3e79eb687 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: ["false"] + values: [ "false" ] + - name: clamav-scan params: - name: image-digest @@ -635,14 +665,15 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:7749146f7e4fe530846f1b15c9366178ec9f44776ef1922a60d3e7e2b8c6426b + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2@sha256:9cab95ac9e833d77a63c079893258b73b8d5a298d93aaf9bdd6722471bc2f338 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: ["false"] + values: [ "false" ] + - name: rpms-signature-scan params: - name: image-digest @@ -661,7 +692,8 @@ spec: when: - input: $(params.skip-checks) operator: in - values: ["false"] + values: [ "false" ] + - name: push-dockerfile params: - name: IMAGE @@ -679,7 +711,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:8c75c4a747e635e5f3e12266a3bb6e5d3132bf54e37eaa53d505f89897dd8eca + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:5d8013b6a27bbc5e4ff261144616268f28417ed0950d583ef36349fcd59d3d3d - name: kind value: task resolver: bundles