From 000c98fa5ee6ad677f3b2689ca2ade88ccaafc88 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sat, 30 Nov 2024 08:34:57 +0000 Subject: [PATCH 1/5] Update Konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- .tekton/playbook-dispatcher-pull-request.yaml | 24 +++++++++---------- .tekton/playbook-dispatcher-push.yaml | 24 +++++++++---------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.tekton/playbook-dispatcher-pull-request.yaml b/.tekton/playbook-dispatcher-pull-request.yaml index c43bc4c1..af9c8656 100644 --- a/.tekton/playbook-dispatcher-pull-request.yaml +++ b/.tekton/playbook-dispatcher-pull-request.yaml @@ -39,7 +39,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:52f8b96b96ce4203d4b74d850a85f963125bf8eef0683ea5acdd80818d335a28 + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - name: kind value: task resolver: bundles @@ -130,7 +130,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:5efc5c71ddcad74f250ee03506f2a84e00ba7d8b59abfdaf9796ed9684b6b1b6 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:0523b51c28375a3f222da91690e22eff11888ebc98a0c73c468af44762265c69 - name: kind value: task resolver: bundles @@ -151,7 +151,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:d1e63ec00bed1c9f0f571fa76b4da570be49a7c255c610544a461495230ba1b1 + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:4bf48d038ff12d25bdeb5ab3e98dc2271818056f454c83d7393ebbd413028147 - name: kind value: task resolver: bundles @@ -180,7 +180,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:f8d98ae0396ccbd6880b0872a5634cbb075e0ed0926fd1b20c1b9efda2619745 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:4072f732119864d12ec8e2ff075f01487aaee9df4440166dbe85fdd447865161 - name: kind value: task resolver: bundles @@ -221,7 +221,7 @@ spec: - name: name value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:f97017111b7e26f7f3cfa2c956d12772c61955149ca84107f02b1ee0bb4ed3f1 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ee8a91b85cd51394489ec09c9d5e8742328ef9f64a692716449a166519f4b948 - name: kind value: task resolver: bundles @@ -245,7 +245,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:178298b5c8bbc2f8fa91ef94aca57a5a2dcb3834c71c8835bae51a20fe30e4e7 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:24dba7b4eb207592e4a24710a24a01b57e9477bc37bdb2f2d04bff5d4fb7ccec - name: kind value: task resolver: bundles @@ -271,7 +271,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:4eb168d443461bf81cf5e9c705cd554fbef74bffc1ae717bf49da5325c2f4b54 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 - name: kind value: task resolver: bundles @@ -293,7 +293,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:b824db3c56c75bee40089630b4fbdd5093e219530565eabd03efdb7aa9a1f7dd + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a - name: kind value: task resolver: bundles @@ -313,7 +313,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:9918d8d92c1d2815522786386a2608cfab6894187d74ed1c55dd0fe641b84b2e + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 - name: kind value: task resolver: bundles @@ -333,7 +333,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:497b7498a1873cb47245525edb2ce0fb204b403049f048ac30b7cdd798faeb81 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 - name: kind value: task resolver: bundles @@ -355,7 +355,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:59a538a9c8affbfc584ddbe57468d8ce59c4830b37a472bc98ab8f46df82afce + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 - name: kind value: task resolver: bundles @@ -420,7 +420,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:eee2eb7b5ce2e55dde37114fefe842080c8a8e443dcc2ccf324cfb22b0453db4 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 - name: kind value: task resolver: bundles diff --git a/.tekton/playbook-dispatcher-push.yaml b/.tekton/playbook-dispatcher-push.yaml index 1a379c6f..65b323a5 100644 --- a/.tekton/playbook-dispatcher-push.yaml +++ b/.tekton/playbook-dispatcher-push.yaml @@ -36,7 +36,7 @@ spec: - name: name value: show-sbom - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:52f8b96b96ce4203d4b74d850a85f963125bf8eef0683ea5acdd80818d335a28 + value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:945a7c9066d3e0a95d3fddb7e8a6992e4d632a2a75d8f3a9bd2ff2fef0ec9aa0 - name: kind value: task resolver: bundles @@ -127,7 +127,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:5efc5c71ddcad74f250ee03506f2a84e00ba7d8b59abfdaf9796ed9684b6b1b6 + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:0523b51c28375a3f222da91690e22eff11888ebc98a0c73c468af44762265c69 - name: kind value: task resolver: bundles @@ -148,7 +148,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:d1e63ec00bed1c9f0f571fa76b4da570be49a7c255c610544a461495230ba1b1 + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:4bf48d038ff12d25bdeb5ab3e98dc2271818056f454c83d7393ebbd413028147 - name: kind value: task resolver: bundles @@ -177,7 +177,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:f8d98ae0396ccbd6880b0872a5634cbb075e0ed0926fd1b20c1b9efda2619745 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.1@sha256:4072f732119864d12ec8e2ff075f01487aaee9df4440166dbe85fdd447865161 - name: kind value: task resolver: bundles @@ -218,7 +218,7 @@ spec: - name: name value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:f97017111b7e26f7f3cfa2c956d12772c61955149ca84107f02b1ee0bb4ed3f1 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.2@sha256:ee8a91b85cd51394489ec09c9d5e8742328ef9f64a692716449a166519f4b948 - name: kind value: task resolver: bundles @@ -242,7 +242,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:178298b5c8bbc2f8fa91ef94aca57a5a2dcb3834c71c8835bae51a20fe30e4e7 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.1@sha256:24dba7b4eb207592e4a24710a24a01b57e9477bc37bdb2f2d04bff5d4fb7ccec - name: kind value: task resolver: bundles @@ -268,7 +268,7 @@ spec: - name: name value: deprecated-image-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:4eb168d443461bf81cf5e9c705cd554fbef74bffc1ae717bf49da5325c2f4b54 + value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.4@sha256:5a1a165fa02270f0a947d8a2131ee9d8be0b8e9d34123828c2bef589e504ee84 - name: kind value: task resolver: bundles @@ -290,7 +290,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:b824db3c56c75bee40089630b4fbdd5093e219530565eabd03efdb7aa9a1f7dd + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2@sha256:0a5421111e7092740398691d5bd7c125cc0896f29531d19414bb5724ae41692a - name: kind value: task resolver: bundles @@ -310,7 +310,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:9918d8d92c1d2815522786386a2608cfab6894187d74ed1c55dd0fe641b84b2e + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.1@sha256:df8a25a3431a70544172ed4844f9d0c6229d39130633960729f825a031a7dea9 - name: kind value: task resolver: bundles @@ -330,7 +330,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:497b7498a1873cb47245525edb2ce0fb204b403049f048ac30b7cdd798faeb81 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.3@sha256:65a213322ea7c64159e37071d369d74b6378b23403150e29537865cada90f022 - name: kind value: task resolver: bundles @@ -352,7 +352,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:59a538a9c8affbfc584ddbe57468d8ce59c4830b37a472bc98ab8f46df82afce + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.1@sha256:b4f450f1447b166da671f1d5819ab5a1485083e5c27ab91f7d8b7a2ff994c8c2 - name: kind value: task resolver: bundles @@ -417,7 +417,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:eee2eb7b5ce2e55dde37114fefe842080c8a8e443dcc2ccf324cfb22b0453db4 + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:80d48a1b9d2707490309941ec9f79338533938f959ca9a207b481b0e8a5e7a93 - name: kind value: task resolver: bundles From 2e2203f5962c5f5b0fbda59c8a0f0134a0c2de09 Mon Sep 17 00:00:00 2001 From: Dalia <111240801+dscervantes@users.noreply.github.com> Date: Mon, 2 Dec 2024 12:04:12 -0600 Subject: [PATCH 2/5] Update playbook-dispatcher-pull-request.yaml --- .tekton/playbook-dispatcher-pull-request.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.tekton/playbook-dispatcher-pull-request.yaml b/.tekton/playbook-dispatcher-pull-request.yaml index af9c8656..18288fa9 100644 --- a/.tekton/playbook-dispatcher-pull-request.yaml +++ b/.tekton/playbook-dispatcher-pull-request.yaml @@ -258,6 +258,23 @@ spec: operator: in values: - "true" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:8f3b23bf1b0ef55cc79d28604d2397a0101ac9c0c42ae26e26532eb2778c801b + - name: kind + value: task + resolver: bundles - name: deprecated-base-image-check params: - name: IMAGE_URL From 190b4a0d25d9b967c4ec8b8e335c20c7ff38f773 Mon Sep 17 00:00:00 2001 From: Dalia <111240801+dscervantes@users.noreply.github.com> Date: Mon, 2 Dec 2024 12:04:59 -0600 Subject: [PATCH 3/5] Update playbook-dispatcher-push.yaml --- .tekton/playbook-dispatcher-push.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/.tekton/playbook-dispatcher-push.yaml b/.tekton/playbook-dispatcher-push.yaml index 65b323a5..d0265af7 100644 --- a/.tekton/playbook-dispatcher-push.yaml +++ b/.tekton/playbook-dispatcher-push.yaml @@ -255,6 +255,23 @@ spec: operator: in values: - "true" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:8f3b23bf1b0ef55cc79d28604d2397a0101ac9c0c42ae26e26532eb2778c801b + - name: kind + value: task + resolver: bundles - name: deprecated-base-image-check params: - name: IMAGE_URL From abcea73e733f6bb5a2f090057339d39af662e7ba Mon Sep 17 00:00:00 2001 From: Dalia <111240801+dscervantes@users.noreply.github.com> Date: Tue, 3 Dec 2024 11:25:55 -0600 Subject: [PATCH 4/5] Update playbook-dispatcher-pull-request.yaml --- .tekton/playbook-dispatcher-pull-request.yaml | 22 ------------------- 1 file changed, 22 deletions(-) diff --git a/.tekton/playbook-dispatcher-pull-request.yaml b/.tekton/playbook-dispatcher-pull-request.yaml index 18288fa9..365e0b88 100644 --- a/.tekton/playbook-dispatcher-pull-request.yaml +++ b/.tekton/playbook-dispatcher-pull-request.yaml @@ -381,28 +381,6 @@ spec: operator: in values: - "false" - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: sbom-json-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.2@sha256:f3f441de3002c5654acdff0553fd54cb1409e6bef6ff68e514d1731c9688b5cc - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - name: apply-tags params: - name: IMAGE From da3a42e26a4b1c019a00f63ca2f0d30ad093da1e Mon Sep 17 00:00:00 2001 From: Dalia <111240801+dscervantes@users.noreply.github.com> Date: Tue, 3 Dec 2024 11:26:27 -0600 Subject: [PATCH 5/5] Update playbook-dispatcher-push.yaml --- .tekton/playbook-dispatcher-push.yaml | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/.tekton/playbook-dispatcher-push.yaml b/.tekton/playbook-dispatcher-push.yaml index d0265af7..bb00512f 100644 --- a/.tekton/playbook-dispatcher-push.yaml +++ b/.tekton/playbook-dispatcher-push.yaml @@ -378,28 +378,6 @@ spec: operator: in values: - "false" - - name: sbom-json-check - params: - - name: IMAGE_URL - value: $(tasks.build-container.results.IMAGE_URL) - - name: IMAGE_DIGEST - value: $(tasks.build-container.results.IMAGE_DIGEST) - runAfter: - - build-container - taskRef: - params: - - name: name - value: sbom-json-check - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.2@sha256:f3f441de3002c5654acdff0553fd54cb1409e6bef6ff68e514d1731c9688b5cc - - name: kind - value: task - resolver: bundles - when: - - input: $(params.skip-checks) - operator: in - values: - - "false" - name: apply-tags params: - name: IMAGE