From 8e0cef2baf11bb19aa9ba272731840bccffe1f58 Mon Sep 17 00:00:00 2001 From: "red-hat-konflux[bot]" <126015336+red-hat-konflux[bot]@users.noreply.github.com> Date: Sat, 4 Oct 2025 04:43:00 +0000 Subject: [PATCH] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> --- .tekton/scanner-component-pipeline.yaml | 116 +++++++++--------------- 1 file changed, 45 insertions(+), 71 deletions(-) diff --git a/.tekton/scanner-component-pipeline.yaml b/.tekton/scanner-component-pipeline.yaml index 339fa3b96..be9246c3b 100644 --- a/.tekton/scanner-component-pipeline.yaml +++ b/.tekton/scanner-component-pipeline.yaml @@ -2,9 +2,7 @@ apiVersion: tekton.dev/v1 kind: Pipeline metadata: name: scanner-component-pipeline - spec: - finally: - name: slack-notification params: @@ -13,10 +11,10 @@ spec: - name: key-name value: 'acs-konflux-notifications' when: - # Run when any task has Failed + # Run when any task has Failed - input: $(tasks.status) operator: in - values: [ "Failed" ] + values: ["Failed"] taskRef: params: - name: name @@ -26,7 +24,6 @@ spec: - name: kind value: task resolver: bundles - - name: show-sbom params: - name: IMAGE_URL @@ -40,7 +37,6 @@ spec: - name: kind value: task resolver: bundles - - name: post-metric-end params: - name: AGGREGATE_TASKS_STATUS @@ -54,7 +50,6 @@ spec: - name: kind value: task resolver: bundles - params: - description: Source Repository URL name: git-url @@ -79,13 +74,11 @@ spec: name: output-tag-suffix type: string - default: . - description: Path to the source code of an application's component from where - to build image. + description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter - path-context + description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" @@ -104,8 +97,7 @@ spec: description: Build dependencies to be prefetched by Cachi2 name: prefetch-input type: string - - description: Image tag expiration time, time values could be something like - 1h, 2d, 3w for hours, days, and weeks, respectively. + - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after type: string - default: "true" @@ -116,7 +108,7 @@ spec: description: Build stage to target in container build name: build-target-stage type: string - - default: [ ] + - default: [] description: List of scanner-data file names to fetch to include in the container build. name: blobs-to-fetch type: array @@ -124,7 +116,10 @@ spec: description: This sets the expiration time for intermediate OCI artifacts produced and used during builds after which they can be garbage collected. name: oci-artifact-expires-after type: string - + - name: buildah-format + default: docker + type: string + description: The format for the resulting image's mediaType. Valid values are oci or docker. results: - description: "" name: IMAGE_URL @@ -138,21 +133,17 @@ spec: - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) - workspaces: - name: git-auth - tasks: - - name: post-metric-start taskRef: *post-bigquery-metrics-ref - - name: init params: - name: image-url - # We can't provide a StackRox-style tag because it is not known at this time (requires cloning source, etc.) - # As a workaround, we still provide a unique tag that's based on a revision in order for this task to comply with - # its expected input. We later actually add this tag on a built image with the apply-index-image-tag task. + # We can't provide a StackRox-style tag because it is not known at this time (requires cloning source, etc.) + # As a workaround, we still provide a unique tag that's based on a revision in order for this task to comply with + # its expected input. We later actually add this tag on a built image with the apply-index-image-tag task. value: $(params.output-image-repo):konflux-$(params.revision) - name: rebuild value: $(params.rebuild) @@ -163,11 +154,10 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ec962d0be18f36ca7d331c99bf243800f569fc0a2ea6f8c8c3d3a574b71c44dc + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:bbf313b09740fb39b3343bc69ee94b2a2c21d16a9304f9b7c111c305558fc346 - name: kind value: task resolver: bundles - - name: clone-repository params: - name: url @@ -187,18 +177,17 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0d80f66610efd1f957700f61dcd5080689321b10ad544e136d58fc4673290d1b - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] workspaces: - name: basic-auth workspace: git-auth - - name: determine-image-expiration params: - name: DEFAULT_IMAGE_EXPIRES_AFTER @@ -214,7 +203,6 @@ spec: - name: kind value: task resolver: bundles - - name: determine-image-tag params: - name: TAG_SUFFIX @@ -230,11 +218,10 @@ spec: - name: kind value: task resolver: bundles - - name: fetch-scanner-data params: - name: BLOBS_TO_FETCH - value: [ "$(params.blobs-to-fetch[*])" ] + value: ["$(params.blobs-to-fetch[*])"] - name: TARGET_DIR value: .konflux/scanner-data - name: SOURCE_ARTIFACT @@ -252,7 +239,6 @@ spec: - name: kind value: task resolver: bundles - - name: prefetch-dependencies params: - name: input @@ -265,7 +251,7 @@ spec: value: $(params.oci-artifact-expires-after) - name: ACTIVATION_KEY value: subscription-manager-activation-key-prod - # Required for RPM prefetching support + # Required for RPM prefetching support - name: dev-package-managers value: "true" taskRef: @@ -280,7 +266,6 @@ spec: workspaces: - name: git-basic-auth workspace: git-auth - - name: build-container-amd64 params: - name: IMAGE @@ -306,20 +291,21 @@ spec: value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) taskRef: params: - name: name value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:fdd3f39c8ea97de0d77bcde160704dbd33fdcb9cd235836927bbb170aaefb80f + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:38d08ea58511a67f8754dc025feebdec8ae342fb4e25bc67a3726ec84f7cb7d1 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-container-s390x params: - name: IMAGE @@ -352,15 +338,14 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:a60e433e02bfda6811719690edbf1e924820d107ad658c8a9690498d4c7e9c7b + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:5e59c05455619580f4383010726f7db8440ecf6959882e9053ac697dd6d277fd - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-container-ppc64le params: - name: IMAGE @@ -393,15 +378,14 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:a60e433e02bfda6811719690edbf1e924820d107ad658c8a9690498d4c7e9c7b + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:5e59c05455619580f4383010726f7db8440ecf6959882e9053ac697dd6d277fd - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-container-arm64 params: - name: IMAGE @@ -434,15 +418,14 @@ spec: - name: name value: buildah-remote-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:a60e433e02bfda6811719690edbf1e924820d107ad658c8a9690498d4c7e9c7b + value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:5e59c05455619580f4383010726f7db8440ecf6959882e9053ac697dd6d277fd - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-image-index params: - name: IMAGE @@ -457,6 +440,8 @@ spec: - $(tasks.build-container-arm64.results.IMAGE_REF) - name: IMAGE_EXPIRES_AFTER value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) taskRef: params: - name: name @@ -469,8 +454,7 @@ spec: when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: apply-index-image-tag params: - name: IMAGE_URL @@ -492,8 +476,7 @@ spec: when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] - + values: ["true"] - name: build-source-image params: - name: BINARY_IMAGE @@ -509,18 +492,17 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:36d44f2924f60da00a079a9ab7ce25ad8b2ad593c16d90509203c125ff0ccd46 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in - values: [ "true" ] + values: ["true"] - input: $(params.build-source-image) operator: in - values: [ "true" ] - + values: ["true"] - name: deprecated-base-image-check params: - name: IMAGE_URL @@ -539,8 +521,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: clair-scan params: - name: image-digest @@ -559,8 +540,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: ecosystem-cert-preflight-checks params: - name: image-url @@ -577,8 +557,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: sast-shell-check params: - name: image-digest @@ -601,8 +580,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: sast-unicode-check params: - name: image-digest @@ -625,8 +603,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: sast-snyk-check params: - name: SOURCE_ARTIFACT @@ -642,15 +619,14 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:783f5de1b4def2fb3fad20b914f4b3afee46ffb8f652114946e321ef3fa86449 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:181d63c126e3119a9d57b8feed4eb66a875b5208c3e90724c22758e65dca8733 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: clamav-scan params: - name: image-digest @@ -669,8 +645,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: rpms-signature-scan params: - name: image-digest @@ -689,8 +664,7 @@ spec: when: - input: $(params.skip-checks) operator: in - values: [ "false" ] - + values: ["false"] - name: push-dockerfile params: - name: IMAGE @@ -708,7 +682,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:2bc5b3afc5de56da0f06eac60b65e86f6b861b16a63f48579fc0bac7d657e14c - name: kind value: task resolver: bundles