Add buildah-sast task prototype

[mmorhun]

This PR brings a prototype of buildah-sats scan task. The goal is to keep build with sast scanning as close to the original build as possible while providing mechanisms to instrument the build with needed sast scan tooling.
This includes:

• Ability to override the image used for the build step
• Ability to override the computeResources requirements for the task
• Ability to modify Dockerfile prior to running the buildah build
• Ability to specify additional volume mounts for the buildah build
• Ability to process the captured data after the container build
• Ability to prevent the resulting image from being used as the task result
• The instrumented build-container task will be provided with the same inputs as the original build-container task
• The instrumented build-container task will be able to upload the SAST scanning results to image registry

[tkdchen]

The gola is to keep build with sast scanning as close to the original build as possible while providing mechanisms to instrument the build with needed sast scan tooling.

What code ensures this?

[mmorhun]

The gola is to keep build with sast scanning as close to the original build as possible while providing mechanisms to instrument the build with needed sast scan tooling.

What code ensures this?

@tkdchen it's done by kustomize

[tkdchen]

The gola is to keep build with sast scanning as close to the original build as possible while providing mechanisms to instrument the build with needed sast scan tooling.

What code ensures this?

@tkdchen it's done by kustomize

Does "as close to the original build" mean the new task has the same build functionality but with needed sast scan tooling?

[mmorhun]

Does "as close to the original build" mean the new task has the same build functionality but with needed sast scan tooling?

@tkdchen yes, it should be the same but with sast interceptors. Also the sast build result is not used anywhere (just dropped), however the task produces sast report.

[openshift-ci]

The following users are mentioned in OWNERS file(s) but are untrusted for the following reasons. One way to make the user trusted is to add them as members of the konflux-ci org. You can then trigger verification by writing /verify-owners in a comment.

• kdudka
  • User is not a member of the org. User is not a collaborator. Satisfy at least one of these conditions to make the user trusted.
  • task/buildah-sast-oci-ta/OWNERS
  • task/buildah-sast/OWNERS

[mmorhun]

Closing this sample PR.
Actual changes and description see in #1525