From 144b315e9c02933230190dcc50d8da9730f0c4f4 Mon Sep 17 00:00:00 2001
From: yashvardhannanavati
 <22090997+yashvardhannanavati@users.noreply.github.com>
Date: Mon, 17 Feb 2025 15:06:03 -0800
Subject: [PATCH] feat(KONFLUX-4158): add fbc-fips-check task to FBC pipeline

This commit adds the fbc-fips-check to the FBC pipeline.
It also adds a template file named images-mirror-set.yaml which is required by
the FIPS task itself and will be used by other tasks in the future.

Signed-off-by: yashvardhannanavati <22090997+yashvardhannanavati@users.noreply.github.com>
---
 ...-validation-operator-fbc-pull-request.yaml | 25 +++++++++++++++++++
 ...ployment-validation-operator-fbc-push.yaml | 25 +++++++++++++++++++
 .tekton/images-mirror-set.yaml                | 10 ++++++++
 3 files changed, 60 insertions(+)
 create mode 100644 .tekton/images-mirror-set.yaml

diff --git a/.tekton/deployment-validation-operator-fbc-pull-request.yaml b/.tekton/deployment-validation-operator-fbc-pull-request.yaml
index 09139926..cab175b2 100644
--- a/.tekton/deployment-validation-operator-fbc-pull-request.yaml
+++ b/.tekton/deployment-validation-operator-fbc-pull-request.yaml
@@ -242,6 +242,31 @@ spec:
         operator: in
         values:
         - "true"
+    - name: fbc-fips-check
+      params:
+      - name: image-digest
+        value: $(tasks.build-image-index.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-image-index.results.IMAGE_URL)
+      runAfter:
+      - build-image-index
+      taskRef:
+        params:
+        - name: name
+          value: fbc-fips-check
+        - name: bundle
+          value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check:0.1@sha256:03e9fd8c7c7fdcb8c965333fa7b2ea83e75da766f5ecd92cbc02ae4a92b2e247
+        - name: kind
+          value: task
+        resolver: bundles
+      when:
+      - input: $(params.skip-checks)
+        operator: in
+        values:
+        - "false"
+      workspaces:
+      - name: workspace
+        workspace: workspace
     - name: deprecated-base-image-check
       params:
       - name: IMAGE_URL
diff --git a/.tekton/deployment-validation-operator-fbc-push.yaml b/.tekton/deployment-validation-operator-fbc-push.yaml
index ae7dccd3..11d7ef80 100644
--- a/.tekton/deployment-validation-operator-fbc-push.yaml
+++ b/.tekton/deployment-validation-operator-fbc-push.yaml
@@ -238,6 +238,31 @@ spec:
         operator: in
         values:
         - "true"
+    - name: fbc-fips-check
+      params:
+      - name: image-digest
+        value: $(tasks.build-image-index.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-image-index.results.IMAGE_URL)
+      runAfter:
+      - build-image-index
+      taskRef:
+        params:
+        - name: name
+          value: fbc-fips-check
+        - name: bundle
+          value: quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check:0.1@sha256:03e9fd8c7c7fdcb8c965333fa7b2ea83e75da766f5ecd92cbc02ae4a92b2e247
+        - name: kind
+          value: task
+        resolver: bundles
+      when:
+      - input: $(params.skip-checks)
+        operator: in
+        values:
+        - "false"
+      workspaces:
+      - name: workspace
+        workspace: workspace
     - name: deprecated-base-image-check
       params:
       - name: IMAGE_URL
diff --git a/.tekton/images-mirror-set.yaml b/.tekton/images-mirror-set.yaml
new file mode 100644
index 00000000..73646bbd
--- /dev/null
+++ b/.tekton/images-mirror-set.yaml
@@ -0,0 +1,10 @@
+---
+apiVersion: operator.openshift.io/v1alpha1
+kind: ImageDigestMirrorSet
+metadata:
+  name: example-mirror-set
+spec:
+  imageDigestMirrors:
+    - mirrors:
+        - quay.io/my-namespace/valid-repo
+      source: registry.redhat.io/unreleased-image/or-inaccessible-image