diff --git a/.tekton/operator-1-0-z-pull-request.yaml b/.tekton/operator-1-1-z-pull-request.yaml similarity index 86% rename from .tekton/operator-1-0-z-pull-request.yaml rename to .tekton/operator-1-1-z-pull-request.yaml index 46b8e9d..8a49624 100644 --- a/.tekton/operator-1-0-z-pull-request.yaml +++ b/.tekton/operator-1-1-z-pull-request.yaml @@ -8,14 +8,14 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/cancel-in-progress: "true" pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: | - event == "pull_request" && target_branch == "release/1.0.z" && !files.all.all(f, f.matches('bundle/')) - creationTimestamp: + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch + == "release/1.1.z" + creationTimestamp: null labels: - appstudio.openshift.io/application: rhtpa-operator-1-0-z - appstudio.openshift.io/component: operator-1-0-z + appstudio.openshift.io/application: rhtpa-operator-1-1-z + appstudio.openshift.io/component: operator-1-1-z pipelines.appstudio.openshift.io/type: build - name: operator-1-0-z-on-pull-request + name: operator-1-1-z-on-pull-request namespace: trusted-content-tenant spec: params: @@ -24,7 +24,7 @@ spec: - name: revision value: '{{revision}}' - name: output-image - value: quay.io/redhat-user-workloads/trusted-content-tenant/operator-1-0-z:on-pr-{{revision}} + value: quay.io/redhat-user-workloads/trusted-content-tenant/operator-1-1-z:on-pr-{{revision}} - name: image-expires-after value: 5d - name: dockerfile @@ -34,27 +34,13 @@ spec: - name: build-source-image value: "true" - name: hermetic - value: "false" + value: "false" pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. - _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. + _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_ - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7 - - name: kind - value: task - resolver: bundles params: - description: Source Repository URL name: git-url @@ -67,11 +53,13 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where to build image. + description: Path to the source code of an application's component from where + to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context + description: Path to the Dockerfile inside the context specified by parameter + path-context name: dockerfile type: string - default: "false" @@ -87,12 +75,14 @@ spec: name: hermetic type: string - default: "" - description: Build dependencies to be prefetched by Cachi2 + description: Build dependencies to be prefetched name: prefetch-input type: string - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after + type: string - default: "false" description: Build a source image. name: build-source-image @@ -101,6 +91,11 @@ spec: description: Add built image into an OCI image index name: build-image-index type: string + - default: docker + description: The format for the resulting image's mediaType. Valid values are + oci or docker. + name: buildah-format + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -110,7 +105,8 @@ spec: name: build-args-file type: string - default: "false" - description: Whether to enable privileged mode, should be used only with remote VMs + description: Whether to enable privileged mode, should be used only with remote + VMs name: privileged-nested type: string results: @@ -140,7 +136,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ec962d0be18f36ca7d331c99bf243800f569fc0a2ea6f8c8c3d3a574b71c44dc + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:3ca52e1d8885fc229bd9067275f44d5b21a9a609981d0324b525ddeca909bf10 - name: kind value: task resolver: bundles @@ -161,7 +157,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3dc39eae48745a96097c07c577b944d6203a91c35d3f71d9ed5feab41d327a6a - name: kind value: task resolver: bundles @@ -190,7 +186,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:dc82a7270aace9b1c26f7e96f8ccab2752e53d32980c41a45e1733baad76cde6 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:0503f9313dfe70e4defda88a7226ec91a74af42198dccfa3280397d965aa16d6 - name: kind value: task resolver: bundles @@ -222,6 +218,10 @@ spec: value: $(params.build-args-file) - name: PRIVILEGED_NESTED value: $(params.privileged-nested) + - name: SOURCE_URL + value: $(tasks.clone-repository.results.url) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -233,7 +233,7 @@ spec: - name: name value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:6ec006242975a17388bfe813e2afd0ae721dd013247580c0d988e3c4a9c7f867 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.6@sha256:acf743a3caec54be0f7d29f0f40e10d64255aa1cf0d22e2c363c1ad0e5206434 - name: kind value: task resolver: bundles @@ -255,6 +255,8 @@ spec: - name: IMAGES value: - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) runAfter: - build-container taskRef: @@ -262,7 +264,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:79784d53749584bc5a8de32142ec4e2f01cdbf42c20d94e59280e0b927c8597d + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:5da3230a9ecfc5aa58f3e2224327d38d7b4556bda98ea77c6e7b0e80ac1353ad - name: kind value: task resolver: bundles @@ -275,12 +277,12 @@ spec: params: - name: BINARY_IMAGE value: $(tasks.build-image-index.results.IMAGE_URL) + - name: BINARY_IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: BINARY_IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: @@ -288,7 +290,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:282cb5a9119a87e88559444feff67d76d6f356d03654b4845632c049b2314735 - name: kind value: task resolver: bundles @@ -336,7 +338,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8ec7d7b9438ace5ef3fb03a533d9440d0fd81e51c73b0dc1eb51602fb7cd044e - name: kind value: task resolver: bundles @@ -356,7 +358,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dae8e28761cee4ab0baf04ab9f8f1a4b3cee3c7decf461fda2bacc5c01652a60 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9568c51a5158d534248908b9b561cf67d2826ed4ea164ffd95628bb42380e6ec - name: kind value: task resolver: bundles @@ -382,7 +384,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:783f5de1b4def2fb3fad20b914f4b3afee46ffb8f652114946e321ef3fa86449 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:60f2dac41844d222086ff7f477e51f3563716b183d87db89f603d6f604c21760 - name: kind value: task resolver: bundles @@ -404,7 +406,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b0bd59748cda4a7abf311e4f448e6c1d00c6b6d8c0ecc1c2eb33e08dc0e0b802 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:f3d2d179cddcc07d0228d9f52959a233037a3afa2619d0a8b2effbb467db80c3 - name: kind value: task resolver: bundles @@ -449,7 +451,7 @@ spec: - name: name value: sast-coverity-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:cdbe1a968676e4f5519b082bf1e27a4cdcf66dd60af66dbc26b3e604f957f7e9 + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:ae62d14c999fd93246fef4e57d28570fa5200c3266b9a3263a39965e5a5b02d7 - name: kind value: task resolver: bundles @@ -470,7 +472,7 @@ spec: - name: name value: coverity-availability-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:db2b267dc15e4ed17f704ee91b8e9b38068e1a35b1018a328fdca621819d74c6 + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:36bcf1531b85c2c7d7b4382bc0a9c61b0501e2e54e84991b11b225bdec0e5928 - name: kind value: task resolver: bundles @@ -496,7 +498,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:bf7bdde00b7212f730c1356672290af6f38d070da2c8a316987b5c32fd49e0b9 + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:1f0fcba24ebc447d9f8a2ea2e8f262fa435d6c523ca6b0346cd67261551fc9ed - name: kind value: task resolver: bundles @@ -522,7 +524,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:a2bde66f6b4164620298c7d709b8f08515409404000fa1dc2260d2508b135651 + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:1833c618170ab9deb8455667f220df8e88d16ccd630a2361366f594e2bdcb712 - name: kind value: task resolver: bundles @@ -567,7 +569,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:13633d5ba8445c0f732a0a5d1b33ffbb708398e45ef1647542b0ab22fee25a6a - name: kind value: task resolver: bundles @@ -584,7 +586,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120 + value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:3d016c63bcab64ab82da762a52b013c0bcb534e9523b8c0e073cc3a0c02f0cac - name: kind value: task resolver: bundles @@ -599,7 +601,7 @@ spec: - name: netrc optional: true taskRunTemplate: - serviceAccountName: build-pipeline-operator-1-0-z + serviceAccountName: build-pipeline-operator-1-1-z workspaces: - name: git-auth secret: diff --git a/.tekton/operator-1-0-z-push.yaml b/.tekton/operator-1-1-z-push.yaml similarity index 86% rename from .tekton/operator-1-0-z-push.yaml rename to .tekton/operator-1-1-z-push.yaml index e5a80a4..eeb143b 100644 --- a/.tekton/operator-1-0-z-push.yaml +++ b/.tekton/operator-1-1-z-push.yaml @@ -5,22 +5,22 @@ metadata: build.appstudio.openshift.io/repo: https://github.com/trustification/trusted-profile-analyzer-operator?rev={{revision}} build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' - build.appstudio.openshift.io/build-nudge-files: ".*Dockerfile.*, .*.yaml, .*Containerfile.*. , .*.json" + build.appstudio.openshift.io/build-nudge-files: ".*Dockerfile.*, .*.yaml, .*Containerfile.*, .*.json" pipelinesascode.tekton.dev/cancel-in-progress: "false" pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: | - event == "push" && target_branch == "release/1.0.z" && !files.all.all(f, f.matches('bundle/')) - creationTimestamp: + event == "push" && target_branch == "release/1.1.z" && !files.all.all(f, f.matches('bundle/')) + creationTimestamp: null labels: - appstudio.openshift.io/application: rhtpa-operator-1-0-z - appstudio.openshift.io/component: operator-1-0-z + appstudio.openshift.io/application: rhtpa-operator-1-1-z + appstudio.openshift.io/component: operator-1-1-z pipelines.appstudio.openshift.io/type: build - name: operator-1-0-z-on-push + name: operator-1-1-z-on-push namespace: trusted-content-tenant spec: params: - name: version - value: "v1.0.3" + value: "v1.1.0" - name: version-postfix-qe value: "-rc" - name: git-url @@ -28,7 +28,7 @@ spec: - name: revision value: '{{revision}}' - name: output-image - value: quay.io/redhat-user-workloads/trusted-content-tenant/operator-1-0-z:{{revision}} + value: quay.io/redhat-user-workloads/trusted-content-tenant/operator-1-1-z:{{revision}} - name: dockerfile value: Dockerfile.rhtpa-operator.rh - name: path-context @@ -36,27 +36,13 @@ spec: - name: build-source-image value: "true" - name: hermetic - value: "false" + value: "false" pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. - _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. + _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_ - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7 - - name: kind - value: task - resolver: bundles params: - description: Source Repository URL name: git-url @@ -69,11 +55,13 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where to build image. + description: Path to the source code of an application's component from where + to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context + description: Path to the Dockerfile inside the context specified by parameter + path-context name: dockerfile type: string - default: "false" @@ -89,12 +77,14 @@ spec: name: hermetic type: string - default: "" - description: Build dependencies to be prefetched by Cachi2 + description: Build dependencies to be prefetched name: prefetch-input type: string - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after + type: string - default: "false" description: Build a source image. name: build-source-image @@ -103,6 +93,11 @@ spec: description: Add built image into an OCI image index name: build-image-index type: string + - default: docker + description: The format for the resulting image's mediaType. Valid values are + oci or docker. + name: buildah-format + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -112,7 +107,8 @@ spec: name: build-args-file type: string - default: "false" - description: Whether to enable privileged mode, should be used only with remote VMs + description: Whether to enable privileged mode, should be used only with remote + VMs name: privileged-nested type: string results: @@ -142,7 +138,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ec962d0be18f36ca7d331c99bf243800f569fc0a2ea6f8c8c3d3a574b71c44dc + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:3ca52e1d8885fc229bd9067275f44d5b21a9a609981d0324b525ddeca909bf10 - name: kind value: task resolver: bundles @@ -163,7 +159,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3dc39eae48745a96097c07c577b944d6203a91c35d3f71d9ed5feab41d327a6a - name: kind value: task resolver: bundles @@ -192,7 +188,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:dc82a7270aace9b1c26f7e96f8ccab2752e53d32980c41a45e1733baad76cde6 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:0503f9313dfe70e4defda88a7226ec91a74af42198dccfa3280397d965aa16d6 - name: kind value: task resolver: bundles @@ -224,6 +220,10 @@ spec: value: $(params.build-args-file) - name: PRIVILEGED_NESTED value: $(params.privileged-nested) + - name: SOURCE_URL + value: $(tasks.clone-repository.results.url) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -235,7 +235,7 @@ spec: - name: name value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:6ec006242975a17388bfe813e2afd0ae721dd013247580c0d988e3c4a9c7f867 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.6@sha256:acf743a3caec54be0f7d29f0f40e10d64255aa1cf0d22e2c363c1ad0e5206434 - name: kind value: task resolver: bundles @@ -257,6 +257,8 @@ spec: - name: IMAGES value: - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) runAfter: - build-container taskRef: @@ -264,7 +266,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:79784d53749584bc5a8de32142ec4e2f01cdbf42c20d94e59280e0b927c8597d + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:5da3230a9ecfc5aa58f3e2224327d38d7b4556bda98ea77c6e7b0e80ac1353ad - name: kind value: task resolver: bundles @@ -277,12 +279,12 @@ spec: params: - name: BINARY_IMAGE value: $(tasks.build-image-index.results.IMAGE_URL) + - name: BINARY_IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: BINARY_IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: @@ -290,7 +292,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:282cb5a9119a87e88559444feff67d76d6f356d03654b4845632c049b2314735 - name: kind value: task resolver: bundles @@ -338,7 +340,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8ec7d7b9438ace5ef3fb03a533d9440d0fd81e51c73b0dc1eb51602fb7cd044e - name: kind value: task resolver: bundles @@ -358,7 +360,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dae8e28761cee4ab0baf04ab9f8f1a4b3cee3c7decf461fda2bacc5c01652a60 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9568c51a5158d534248908b9b561cf67d2826ed4ea164ffd95628bb42380e6ec - name: kind value: task resolver: bundles @@ -384,7 +386,7 @@ spec: - name: name value: sast-snyk-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:783f5de1b4def2fb3fad20b914f4b3afee46ffb8f652114946e321ef3fa86449 + value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:60f2dac41844d222086ff7f477e51f3563716b183d87db89f603d6f604c21760 - name: kind value: task resolver: bundles @@ -406,7 +408,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b0bd59748cda4a7abf311e4f448e6c1d00c6b6d8c0ecc1c2eb33e08dc0e0b802 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:f3d2d179cddcc07d0228d9f52959a233037a3afa2619d0a8b2effbb467db80c3 - name: kind value: task resolver: bundles @@ -451,7 +453,7 @@ spec: - name: name value: sast-coverity-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:cdbe1a968676e4f5519b082bf1e27a4cdcf66dd60af66dbc26b3e604f957f7e9 + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:ae62d14c999fd93246fef4e57d28570fa5200c3266b9a3263a39965e5a5b02d7 - name: kind value: task resolver: bundles @@ -472,7 +474,7 @@ spec: - name: name value: coverity-availability-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:db2b267dc15e4ed17f704ee91b8e9b38068e1a35b1018a328fdca621819d74c6 + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:36bcf1531b85c2c7d7b4382bc0a9c61b0501e2e54e84991b11b225bdec0e5928 - name: kind value: task resolver: bundles @@ -498,7 +500,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:bf7bdde00b7212f730c1356672290af6f38d070da2c8a316987b5c32fd49e0b9 + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:1f0fcba24ebc447d9f8a2ea2e8f262fa435d6c523ca6b0346cd67261551fc9ed - name: kind value: task resolver: bundles @@ -524,7 +526,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:a2bde66f6b4164620298c7d709b8f08515409404000fa1dc2260d2508b135651 + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:1833c618170ab9deb8455667f220df8e88d16ccd630a2361366f594e2bdcb712 - name: kind value: task resolver: bundles @@ -540,7 +542,7 @@ spec: - name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: ADDITIONAL_TAGS - value: ['$(params.version)$(params.version-postfix-qe)','{{revision}}'] + value: [ '$(params.version)$(params.version-postfix-qe)','{{revision}}' ] runAfter: - build-image-index taskRef: @@ -571,7 +573,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:13633d5ba8445c0f732a0a5d1b33ffbb708398e45ef1647542b0ab22fee25a6a - name: kind value: task resolver: bundles @@ -588,7 +590,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120 + value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:3d016c63bcab64ab82da762a52b013c0bcb534e9523b8c0e073cc3a0c02f0cac - name: kind value: task resolver: bundles @@ -603,7 +605,7 @@ spec: - name: netrc optional: true taskRunTemplate: - serviceAccountName: build-pipeline-operator-1-0-z + serviceAccountName: build-pipeline-operator-1-1-z workspaces: - name: git-auth secret: diff --git a/.tekton/operator-bundle-1-0-z-pull-request.yaml b/.tekton/operator-bundle-1-1-z-pull-request.yaml similarity index 86% rename from .tekton/operator-bundle-1-0-z-pull-request.yaml rename to .tekton/operator-bundle-1-1-z-pull-request.yaml index 752d990..c346fdc 100644 --- a/.tekton/operator-bundle-1-0-z-pull-request.yaml +++ b/.tekton/operator-bundle-1-1-z-pull-request.yaml @@ -8,13 +8,14 @@ metadata: build.appstudio.redhat.com/target_branch: '{{target_branch}}' pipelinesascode.tekton.dev/cancel-in-progress: "true" pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "release/1.0.z" - creationTimestamp: + pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch + == "release/1.1.z" + creationTimestamp: null labels: - appstudio.openshift.io/application: rhtpa-operator-1-0-z - appstudio.openshift.io/component: operator-bundle-1-0-z + appstudio.openshift.io/application: rhtpa-operator-1-1-z + appstudio.openshift.io/component: operator-bundle-1-1-z pipelines.appstudio.openshift.io/type: build - name: operator-bundle-1-0-z-on-pull-request + name: operator-bundle-1-1-z-on-pull-request namespace: trusted-content-tenant spec: params: @@ -23,39 +24,19 @@ spec: - name: revision value: '{{revision}}' - name: output-image - value: quay.io/redhat-user-workloads/trusted-content-tenant/operator-bundle-1-0-z:on-pr-{{revision}} + value: quay.io/redhat-user-workloads/trusted-content-tenant/operator-bundle-1-1-z:on-pr-{{revision}} - name: image-expires-after value: 5d - name: dockerfile value: bundle.Dockerfile - name: path-context value: . - - name: manager-registry-url - value: registry.redhat.io/rhtpa/rhtpa-rhel9-operator - - name: build-source-image - value: "true" - - name: hermetic - value: "false" pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. - _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. + _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_ - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7 - - name: kind - value: task - resolver: bundles params: - description: Source Repository URL name: git-url @@ -68,11 +49,13 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where to build image. + description: Path to the source code of an application's component from where + to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context + description: Path to the Dockerfile inside the context specified by parameter + path-context name: dockerfile type: string - default: "false" @@ -88,12 +71,14 @@ spec: name: hermetic type: string - default: "" - description: Build dependencies to be prefetched by Cachi2 + description: Build dependencies to be prefetched name: prefetch-input type: string - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after + type: string - default: "false" description: Build a source image. name: build-source-image @@ -102,6 +87,11 @@ spec: description: Add built image into an OCI image index name: build-image-index type: string + - default: docker + description: The format for the resulting image's mediaType. Valid values are + oci or docker. + name: buildah-format + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -111,7 +101,8 @@ spec: name: build-args-file type: string - default: "false" - description: Whether to enable privileged mode, should be used only with remote VMs + description: Whether to enable privileged mode, should be used only with remote + VMs name: privileged-nested type: string results: @@ -141,7 +132,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ec962d0be18f36ca7d331c99bf243800f569fc0a2ea6f8c8c3d3a574b71c44dc + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:3ca52e1d8885fc229bd9067275f44d5b21a9a609981d0324b525ddeca909bf10 - name: kind value: task resolver: bundles @@ -162,7 +153,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3dc39eae48745a96097c07c577b944d6203a91c35d3f71d9ed5feab41d327a6a - name: kind value: task resolver: bundles @@ -191,7 +182,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:dc82a7270aace9b1c26f7e96f8ccab2752e53d32980c41a45e1733baad76cde6 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:0503f9313dfe70e4defda88a7226ec91a74af42198dccfa3280397d965aa16d6 - name: kind value: task resolver: bundles @@ -223,6 +214,10 @@ spec: value: $(params.build-args-file) - name: PRIVILEGED_NESTED value: $(params.privileged-nested) + - name: SOURCE_URL + value: $(tasks.clone-repository.results.url) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -234,7 +229,7 @@ spec: - name: name value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:6ec006242975a17388bfe813e2afd0ae721dd013247580c0d988e3c4a9c7f867 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.6@sha256:acf743a3caec54be0f7d29f0f40e10d64255aa1cf0d22e2c363c1ad0e5206434 - name: kind value: task resolver: bundles @@ -256,6 +251,8 @@ spec: - name: IMAGES value: - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) runAfter: - build-container taskRef: @@ -263,7 +260,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:79784d53749584bc5a8de32142ec4e2f01cdbf42c20d94e59280e0b927c8597d + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:5da3230a9ecfc5aa58f3e2224327d38d7b4556bda98ea77c6e7b0e80ac1353ad - name: kind value: task resolver: bundles @@ -276,12 +273,12 @@ spec: params: - name: BINARY_IMAGE value: $(tasks.build-image-index.results.IMAGE_URL) + - name: BINARY_IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: BINARY_IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: @@ -289,7 +286,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:282cb5a9119a87e88559444feff67d76d6f356d03654b4845632c049b2314735 - name: kind value: task resolver: bundles @@ -337,7 +334,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8ec7d7b9438ace5ef3fb03a533d9440d0fd81e51c73b0dc1eb51602fb7cd044e - name: kind value: task resolver: bundles @@ -357,7 +354,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dae8e28761cee4ab0baf04ab9f8f1a4b3cee3c7decf461fda2bacc5c01652a60 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9568c51a5158d534248908b9b561cf67d2826ed4ea164ffd95628bb42380e6ec - name: kind value: task resolver: bundles @@ -405,7 +402,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b0bd59748cda4a7abf311e4f448e6c1d00c6b6d8c0ecc1c2eb33e08dc0e0b802 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:f3d2d179cddcc07d0228d9f52959a233037a3afa2619d0a8b2effbb467db80c3 - name: kind value: task resolver: bundles @@ -450,7 +447,7 @@ spec: - name: name value: sast-coverity-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:cdbe1a968676e4f5519b082bf1e27a4cdcf66dd60af66dbc26b3e604f957f7e9 + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:ae62d14c999fd93246fef4e57d28570fa5200c3266b9a3263a39965e5a5b02d7 - name: kind value: task resolver: bundles @@ -471,7 +468,7 @@ spec: - name: name value: coverity-availability-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:db2b267dc15e4ed17f704ee91b8e9b38068e1a35b1018a328fdca621819d74c6 + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:36bcf1531b85c2c7d7b4382bc0a9c61b0501e2e54e84991b11b225bdec0e5928 - name: kind value: task resolver: bundles @@ -497,7 +494,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:bf7bdde00b7212f730c1356672290af6f38d070da2c8a316987b5c32fd49e0b9 + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:1f0fcba24ebc447d9f8a2ea2e8f262fa435d6c523ca6b0346cd67261551fc9ed - name: kind value: task resolver: bundles @@ -523,7 +520,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:a2bde66f6b4164620298c7d709b8f08515409404000fa1dc2260d2508b135651 + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:1833c618170ab9deb8455667f220df8e88d16ccd630a2361366f594e2bdcb712 - name: kind value: task resolver: bundles @@ -568,7 +565,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:13633d5ba8445c0f732a0a5d1b33ffbb708398e45ef1647542b0ab22fee25a6a - name: kind value: task resolver: bundles @@ -585,7 +582,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120 + value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:3d016c63bcab64ab82da762a52b013c0bcb534e9523b8c0e073cc3a0c02f0cac - name: kind value: task resolver: bundles @@ -600,7 +597,7 @@ spec: - name: netrc optional: true taskRunTemplate: - serviceAccountName: build-pipeline-operator-bundle-1-0-z + serviceAccountName: build-pipeline-operator-bundle-1-1-z workspaces: - name: git-auth secret: diff --git a/.tekton/operator-bundle-1-0-z-push.yaml b/.tekton/operator-bundle-1-1-z-push.yaml similarity index 86% rename from .tekton/operator-bundle-1-0-z-push.yaml rename to .tekton/operator-bundle-1-1-z-push.yaml index 4356c33..bcdc648 100644 --- a/.tekton/operator-bundle-1-0-z-push.yaml +++ b/.tekton/operator-bundle-1-1-z-push.yaml @@ -5,21 +5,21 @@ metadata: build.appstudio.openshift.io/repo: https://github.com/trustification/trusted-profile-analyzer-operator?rev={{revision}} build.appstudio.redhat.com/commit_sha: '{{revision}}' build.appstudio.redhat.com/target_branch: '{{target_branch}}' - build.appstudio.openshift.io/build-nudge-files: ".*Dockerfile.*, .*.yaml, .*Containerfile.*., .*.json" + build.appstudio.openshift.io/build-nudge-files: ".*Dockerfile.*, .*.yaml, .*Containerfile.*, .*.json" pipelinesascode.tekton.dev/cancel-in-progress: "false" pipelinesascode.tekton.dev/max-keep-runs: "3" - pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "release/1.0.z" - creationTimestamp: + pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "release/1.1.z" + creationTimestamp: null labels: - appstudio.openshift.io/application: rhtpa-operator-1-0-z - appstudio.openshift.io/component: operator-bundle-1-0-z + appstudio.openshift.io/application: rhtpa-operator-1-1-z + appstudio.openshift.io/component: operator-bundle-1-1-z pipelines.appstudio.openshift.io/type: build - name: operator-bundle-1-0-z-on-push + name: operator-bundle-1-1-z-on-push namespace: trusted-content-tenant spec: params: - name: version - value: "v1.0.3" + value: "v1.1.0" - name: version-postfix-qe value: "-rc" - name: git-url @@ -27,37 +27,21 @@ spec: - name: revision value: '{{revision}}' - name: output-image - value: quay.io/redhat-user-workloads/trusted-content-tenant/operator-bundle-1-0-z:{{revision}} + value: quay.io/redhat-user-workloads/trusted-content-tenant/operator-bundle-1-1-z:{{revision}} - name: dockerfile value: bundle.Dockerfile - name: path-context value: . - - name: manager-registry-url - value: registry.redhat.io/rhtpa/rhtpa-rhel9-operator - name: build-source-image value: "true" - name: hermetic - value: "false" + value: "true" pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while maintaining trust after pipeline customization. - _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://enterprisecontract.dev/docs/ec-policies/release_policy.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. + _Uses `buildah` to create a container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-oci-ta?tab=tags)_ - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7 - - name: kind - value: task - resolver: bundles params: - description: Source Repository URL name: git-url @@ -70,11 +54,13 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where to build image. + description: Path to the source code of an application's component from where + to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context + description: Path to the Dockerfile inside the context specified by parameter + path-context name: dockerfile type: string - default: "false" @@ -90,12 +76,14 @@ spec: name: hermetic type: string - default: "" - description: Build dependencies to be prefetched by Cachi2 + description: Build dependencies to be prefetched name: prefetch-input type: string - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like + 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after + type: string - default: "false" description: Build a source image. name: build-source-image @@ -104,6 +92,11 @@ spec: description: Add built image into an OCI image index name: build-image-index type: string + - default: docker + description: The format for the resulting image's mediaType. Valid values are + oci or docker. + name: buildah-format + type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -113,7 +106,8 @@ spec: name: build-args-file type: string - default: "false" - description: Whether to enable privileged mode, should be used only with remote VMs + description: Whether to enable privileged mode, should be used only with remote + VMs name: privileged-nested type: string results: @@ -143,7 +137,7 @@ spec: - name: name value: init - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ec962d0be18f36ca7d331c99bf243800f569fc0a2ea6f8c8c3d3a574b71c44dc + value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:3ca52e1d8885fc229bd9067275f44d5b21a9a609981d0324b525ddeca909bf10 - name: kind value: task resolver: bundles @@ -164,7 +158,7 @@ spec: - name: name value: git-clone-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3f1b468066b301083d8550e036f5a654fcb064810bd29eb06fec6d8ad3e35b9c + value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3dc39eae48745a96097c07c577b944d6203a91c35d3f71d9ed5feab41d327a6a - name: kind value: task resolver: bundles @@ -193,7 +187,7 @@ spec: - name: name value: prefetch-dependencies-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:dc82a7270aace9b1c26f7e96f8ccab2752e53d32980c41a45e1733baad76cde6 + value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:0503f9313dfe70e4defda88a7226ec91a74af42198dccfa3280397d965aa16d6 - name: kind value: task resolver: bundles @@ -225,6 +219,10 @@ spec: value: $(params.build-args-file) - name: PRIVILEGED_NESTED value: $(params.privileged-nested) + - name: SOURCE_URL + value: $(tasks.clone-repository.results.url) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT @@ -236,7 +234,7 @@ spec: - name: name value: buildah-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:6ec006242975a17388bfe813e2afd0ae721dd013247580c0d988e3c4a9c7f867 + value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.6@sha256:acf743a3caec54be0f7d29f0f40e10d64255aa1cf0d22e2c363c1ad0e5206434 - name: kind value: task resolver: bundles @@ -258,6 +256,8 @@ spec: - name: IMAGES value: - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) runAfter: - build-container taskRef: @@ -265,7 +265,7 @@ spec: - name: name value: build-image-index - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:79784d53749584bc5a8de32142ec4e2f01cdbf42c20d94e59280e0b927c8597d + value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:5da3230a9ecfc5aa58f3e2224327d38d7b4556bda98ea77c6e7b0e80ac1353ad - name: kind value: task resolver: bundles @@ -278,12 +278,12 @@ spec: params: - name: BINARY_IMAGE value: $(tasks.build-image-index.results.IMAGE_URL) + - name: BINARY_IMAGE_DIGEST + value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - - name: BINARY_IMAGE_DIGEST - value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: @@ -291,7 +291,7 @@ spec: - name: name value: source-build-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:b0d6cb28a23f20db4f5cf78ed78ae3a91b9a5adfe989696ed0bbc63840a485b6 + value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:282cb5a9119a87e88559444feff67d76d6f356d03654b4845632c049b2314735 - name: kind value: task resolver: bundles @@ -339,7 +339,7 @@ spec: - name: name value: clair-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af + value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8ec7d7b9438ace5ef3fb03a533d9440d0fd81e51c73b0dc1eb51602fb7cd044e - name: kind value: task resolver: bundles @@ -359,7 +359,7 @@ spec: - name: name value: ecosystem-cert-preflight-checks - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dae8e28761cee4ab0baf04ab9f8f1a4b3cee3c7decf461fda2bacc5c01652a60 + value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9568c51a5158d534248908b9b561cf67d2826ed4ea164ffd95628bb42380e6ec - name: kind value: task resolver: bundles @@ -407,7 +407,7 @@ spec: - name: name value: clamav-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b0bd59748cda4a7abf311e4f448e6c1d00c6b6d8c0ecc1c2eb33e08dc0e0b802 + value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:f3d2d179cddcc07d0228d9f52959a233037a3afa2619d0a8b2effbb467db80c3 - name: kind value: task resolver: bundles @@ -452,7 +452,7 @@ spec: - name: name value: sast-coverity-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:cdbe1a968676e4f5519b082bf1e27a4cdcf66dd60af66dbc26b3e604f957f7e9 + value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:ae62d14c999fd93246fef4e57d28570fa5200c3266b9a3263a39965e5a5b02d7 - name: kind value: task resolver: bundles @@ -473,7 +473,7 @@ spec: - name: name value: coverity-availability-check - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:db2b267dc15e4ed17f704ee91b8e9b38068e1a35b1018a328fdca621819d74c6 + value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:36bcf1531b85c2c7d7b4382bc0a9c61b0501e2e54e84991b11b225bdec0e5928 - name: kind value: task resolver: bundles @@ -499,7 +499,7 @@ spec: - name: name value: sast-shell-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:bf7bdde00b7212f730c1356672290af6f38d070da2c8a316987b5c32fd49e0b9 + value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:1f0fcba24ebc447d9f8a2ea2e8f262fa435d6c523ca6b0346cd67261551fc9ed - name: kind value: task resolver: bundles @@ -525,7 +525,7 @@ spec: - name: name value: sast-unicode-check-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:a2bde66f6b4164620298c7d709b8f08515409404000fa1dc2260d2508b135651 + value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.3@sha256:1833c618170ab9deb8455667f220df8e88d16ccd630a2361366f594e2bdcb712 - name: kind value: task resolver: bundles @@ -541,7 +541,7 @@ spec: - name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: ADDITIONAL_TAGS - value: ['$(params.version)$(params.version-postfix-qe)','{{revision}}'] + value: [ '$(params.version)$(params.version-postfix-qe)','{{revision}}' ] runAfter: - build-image-index taskRef: @@ -572,7 +572,7 @@ spec: - name: name value: push-dockerfile-oci-ta - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:49f778479f468e71c2cfef722e96aa813d7ef98bde8a612e1bf1a13cd70849ec + value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:13633d5ba8445c0f732a0a5d1b33ffbb708398e45ef1647542b0ab22fee25a6a - name: kind value: task resolver: bundles @@ -589,7 +589,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120 + value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:3d016c63bcab64ab82da762a52b013c0bcb534e9523b8c0e073cc3a0c02f0cac - name: kind value: task resolver: bundles @@ -604,7 +604,7 @@ spec: - name: netrc optional: true taskRunTemplate: - serviceAccountName: build-pipeline-operator-bundle-1-0-z + serviceAccountName: build-pipeline-operator-bundle-1-1-z workspaces: - name: git-auth secret: diff --git a/Dockerfile b/Dockerfile index b4bda5d..9904129 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,8 +37,8 @@ LABEL io.openshift.tags="RHTPA, rhtpa-operator, Red Hat Trusted Profile Analyzer LABEL name="rhtpa/rhtpa-rhel9-operator" LABEL org.opencontainers.image.source="https://github.com/trustification/trusted-profile-analyzer-operator" LABEL summary="RHTPA Operator" -LABEL version="1.0.3" -LABEL release=1.0.3 +LABEL version="1.1.0" +LABEL release=1.1.0 LABEL maintainer="Red Hat" RUN microdnf update -y && microdnf clean all -y diff --git a/Dockerfile.rhtpa-operator.rh b/Dockerfile.rhtpa-operator.rh index 8c5e54f..caf79fa 100644 --- a/Dockerfile.rhtpa-operator.rh +++ b/Dockerfile.rhtpa-operator.rh @@ -40,8 +40,8 @@ LABEL io.openshift.tags="RHTPA, rhtpa-operator, Red Hat Trusted Profile Analyzer LABEL name="rhtpa/rhtpa-rhel9-operator" LABEL org.opencontainers.image.source="https://github.com/trustification/trusted-profile-analyzer-operator" LABEL summary="RHTPA Operator" -LABEL version="1.0.3" -LABEL release=1.0.3 +LABEL version="1.1.0" +LABEL release=1.1.0 LABEL maintainer="Red Hat" LABEL cpe="cpe:/a:redhat:trusted_profile_analyzer:2.2::el9" LABEL org.opencontainers.image.created="${SOURCE_DATE_EPOCH}" diff --git a/Makefile b/Makefile index acc80c2..107dff5 100644 --- a/Makefile +++ b/Makefile @@ -3,9 +3,9 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 1.0.3 -IMAGE_TAG ?= 1.0.3 -REDUCED_VERSION ?= 1.0.3-snapshot +VERSION ?= 1.1.0 +IMAGE_TAG ?= 1.1.0 +REDUCED_VERSION ?= 1.1.0-snapshot CONTROLLER_TOOLS_VERSION ?= v0.18.0 # CHANNELS define the bundle channels used in the bundle. diff --git a/bundle.Dockerfile b/bundle.Dockerfile index e7cd7ac..0f7a80a 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -12,8 +12,8 @@ LABEL maintainer="Red Hat" LABEL vendor="Red Hat, Inc." LABEL distribution-scope="public" LABEL url="https://www.redhat.com" -LABEL version="1.0.3" -LABEL release=1.0.3 +LABEL version="1.1.0" +LABEL release=1.1.0 LABEL cpe="cpe:/a:redhat:trusted_profile_analyzer:2.2::el9" LABEL org.opencontainers.image.created="${SOURCE_DATE_EPOCH}" diff --git a/bundle/manifests/rhtpa-operator.clusterserviceversion.yaml b/bundle/manifests/rhtpa-operator.clusterserviceversion.yaml index de6099b..123ec14 100644 --- a/bundle/manifests/rhtpa-operator.clusterserviceversion.yaml +++ b/bundle/manifests/rhtpa-operator.clusterserviceversion.yaml @@ -14,10 +14,7 @@ metadata: "appDomain": "change-me", "collector": {}, "database": {}, - "image": { - "fullName": "registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:b716530c3b6ee8a79814fc75f55b65d5bcfaa61ac50c9947348751904b8351c7", - "pullPolicy": "IfNotPresent" - }, + "image": {}, "infrastructure": { "port": 9010 }, @@ -114,7 +111,7 @@ metadata: operators.operatorframework.io/project_layout: helm.sdk.operatorframework.io/v1 repository: https://github.com/trustification/trusted-profile-analyzer-operator support: Red Hat - name: rhtpa-operator.v1.0.3 + name: rhtpa-operator.v1.1.0 namespace: placeholder spec: apiservicedefinitions: {} @@ -359,7 +356,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - image: registry.redhat.io/rhtpa/rhtpa-rhel9-operator@sha256:d50382baaf924564b342778f38af18d4e7a16d13c55fc29be1dadfc8db9904eb + image: registry.redhat.io/rhtpa/rhtpa-rhel9-operator@sha256:61ab4185ab8c6bbbecb8ee03fd5e19b0f2cdacbf745069b2be808f8a97346b48 livenessProbe: httpGet: path: /healthz @@ -472,8 +469,6 @@ spec: name: Red Hat url: https://github.com/trustification/trusted-profile-analyzer-operator relatedImages: - - image: registry.redhat.io/rhtpa/rhtpa-rhel9-operator@sha256:d50382baaf924564b342778f38af18d4e7a16d13c55fc29be1dadfc8db9904eb + - image: registry.redhat.io/rhtpa/rhtpa-rhel9-operator@sha256:61ab4185ab8c6bbbecb8ee03fd5e19b0f2cdacbf745069b2be808f8a97346b48 name: manager - - image: registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:b716530c3b6ee8a79814fc75f55b65d5bcfaa61ac50c9947348751904b8351c7 - name: rhtpa-trustification-service-rhel9-b716530c3b6ee8a79814fc75f55b65d5bcfaa61ac50c9947348751904b8351c7-annotation - version: 1.0.3 + version: 1.1.0 diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 1245b46..5bc166e 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -5,4 +5,4 @@ kind: Kustomization images: - name: controller newName: registry.redhat.io/rhtpa/rhtpa-rhel9-operator - newTag: 1.0.3 + newTag: 1.1.0 diff --git a/config/manifests/bases/rhtpa-operator.clusterserviceversion.yaml b/config/manifests/bases/rhtpa-operator.clusterserviceversion.yaml index 3b2aeba..ba794e7 100644 --- a/config/manifests/bases/rhtpa-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/rhtpa-operator.clusterserviceversion.yaml @@ -73,4 +73,4 @@ spec: provider: name: Red Hat url: https://github.com/trustification/trusted-profile-analyzer-operator - version: 1.0.3 + version: 1.1.0 diff --git a/config/samples/v1_trustedprofileanalyzer.yaml b/config/samples/v1_trustedprofileanalyzer.yaml index 77f6b3b..0ccd7cb 100644 --- a/config/samples/v1_trustedprofileanalyzer.yaml +++ b/config/samples/v1_trustedprofileanalyzer.yaml @@ -7,9 +7,7 @@ spec: appDomain: change-me collector: {} database: {} - image: - fullName: registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:b716530c3b6ee8a79814fc75f55b65d5bcfaa61ac50c9947348751904b8351c7 - pullPolicy: IfNotPresent + image: {} infrastructure: port: 9010 ingress: {} diff --git a/devel/README.md b/devel/README.md index 538cf38..e8ba54f 100644 --- a/devel/README.md +++ b/devel/README.md @@ -52,7 +52,7 @@ update the operator sha and then run ```console make bundle-build make bundle-push - operator-sdk run bundle -n trustify quay.io//rhtpa-rhel9-operator-bundle:v1.0.3 + operator-sdk run bundle -n trustify quay.io//rhtpa-rhel9-operator-bundle:v1.1.0 ``` # Deploy an instance diff --git a/devel/trusted-profile-analyzer-demo.yaml b/devel/trusted-profile-analyzer-demo.yaml index f999b6d..96d2f69 100644 --- a/devel/trusted-profile-analyzer-demo.yaml +++ b/devel/trusted-profile-analyzer-demo.yaml @@ -29,9 +29,6 @@ spec: secretKeyRef: name: infrastructure-postgresql key: postgres-password - image: - fullName: 'registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:b716530c3b6ee8a79814fc75f55b65d5bcfaa61ac50c9947348751904b8351c7' - pullPolicy: IfNotPresent infrastructure: port: 9010 ingress: { diff --git a/devel/trusted-profile-analyzer-ocp.yaml b/devel/trusted-profile-analyzer-ocp.yaml index d9483b5..5dd7e6e 100644 --- a/devel/trusted-profile-analyzer-ocp.yaml +++ b/devel/trusted-profile-analyzer-ocp.yaml @@ -29,9 +29,6 @@ spec: secretKeyRef: name: infrastructure-postgresql key: postgres-password - image: - fullName: 'registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:b716530c3b6ee8a79814fc75f55b65d5bcfaa61ac50c9947348751904b8351c7' - pullPolicy: IfNotPresent infrastructure: port: 9010 ingress: { diff --git a/go.mod b/go.mod index 54fb4fe..de2143e 100644 --- a/go.mod +++ b/go.mod @@ -121,7 +121,7 @@ require ( gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 // indirect google.golang.org/grpc v1.73.0 // indirect - google.golang.org/protobuf v1.36.6 // indirect + google.golang.org/protobuf v1.36.10 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 92c4793..a5506fa 100644 --- a/go.sum +++ b/go.sum @@ -405,8 +405,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822 h1: google.golang.org/genproto/googleapis/rpc v0.0.0-20250603155806-513f23925822/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= google.golang.org/grpc v1.73.0 h1:VIWSmpI2MegBtTuFt5/JWy2oXxtjJ/e89Z70ImfD2ok= google.golang.org/grpc v1.73.0/go.mod h1:50sbHOUqWoCQGI8V2HQLJM0B+LMlIUjNSZmow7EVBQc= -google.golang.org/protobuf v1.36.6 h1:z1NpPI8ku2WgiWnf+t9wTPsn6eP1L7ksHUlkfLvd9xY= -google.golang.org/protobuf v1.36.6/go.mod h1:jduwjTPXsFjZGTmRluh+L6NjiWu7pchiJ2/5YcXBHnY= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= diff --git a/helm-charts/redhat-trusted-profile-analyzer/values.yaml b/helm-charts/redhat-trusted-profile-analyzer/values.yaml index 232dd80..0c2a751 100644 --- a/helm-charts/redhat-trusted-profile-analyzer/values.yaml +++ b/helm-charts/redhat-trusted-profile-analyzer/values.yaml @@ -3,7 +3,7 @@ partOf: trustify replicas: 1 image: - fullName: registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:b716530c3b6ee8a79814fc75f55b65d5bcfaa61ac50c9947348751904b8351c7 + fullName: registry.redhat.io/rhtpa/rhtpa-trustification-service-rhel9@sha256:1e7b633db296319a1c62b1ff026e12e2f830382f1201f55240996c5fc473b3aa pullPolicy: IfNotPresent rust: {}