@@ -8,9 +8,8 @@ metadata:
88 build.appstudio.redhat.com/target_branch : ' {{target_branch}}'
99 pipelinesascode.tekton.dev/cancel-in-progress : " true"
1010 pipelinesascode.tekton.dev/max-keep-runs : " 3"
11- pipelinesascode.tekton.dev/on-cel-expression : event == "pull_request" && target_branch
12- == "main"
13- creationTimestamp : null
11+ pipelinesascode.tekton.dev/on-cel-expression : event == "pull_request" && target_branch == "main"
12+ creationTimestamp :
1413 labels :
1514 appstudio.openshift.io/application : logilca-try1
1615 appstudio.openshift.io/component : gh-actions-exp-e0b28
4544 - name : name
4645 value : show-sbom
4746 - name : bundle
48- value : quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:002f7c8c1d2f9e09904035da414aba1188ae091df0ea9532cd997be05e73d594
47+ value : quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:a7346ed61237db4f82ff782e0c9e8b30536e0e67b907ad600341a6d192e80012
4948 - name : kind
5049 value : task
5150 resolver : bundles
@@ -61,13 +60,11 @@ spec:
6160 name : output-image
6261 type : string
6362 - default : .
64- description : Path to the source code of an application's component from where
65- to build image.
63+ description : Path to the source code of an application's component from where to build image.
6664 name : path-context
6765 type : string
6866 - default : Dockerfile
69- description : Path to the Dockerfile inside the context specified by parameter
70- path-context
67+ description : Path to the Dockerfile inside the context specified by parameter path-context
7168 name : dockerfile
7269 type : string
7370 - default : " false"
8784 name : prefetch-input
8885 type : string
8986 - default : " "
90- description : Image tag expiration time, time values could be something like
91- 1h, 2d, 3w for hours, days, and weeks, respectively.
87+ description : Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
9288 name : image-expires-after
9389 - default : " false"
9490 description : Build a source image.
@@ -107,10 +103,17 @@ spec:
107103 name : build-args-file
108104 type : string
109105 - default : " false"
110- description : Whether to enable privileged mode, should be used only with remote
111- VMs
106+ description : Whether to enable privileged mode, should be used only with remote VMs
112107 name : privileged-nested
113108 type : string
109+ - name : sast-target-dirs
110+ type : string
111+ default : .
112+ description : Target directories to scan with SAST tools. Multiple values should be separated with commas.
113+ - name : enable-package-registry-proxy
114+ default : ' true'
115+ description : Use the package registry proxy when prefetching dependencies
116+ type : string
114117 results :
115118 - description : " "
116119 name : IMAGE_URL
@@ -138,7 +141,7 @@ spec:
138141 - name : name
139142 value : init
140143 - name : bundle
141- value : quay.io/konflux-ci/tekton-catalog/task-init:0.2 @sha256:66e90d31e1386bf516fb548cd3e3f0082b5d0234b8b90dbf9e0d4684b70dbe1a
144+ value : quay.io/konflux-ci/tekton-catalog/task-init:0.4 @sha256:5a423246792ac501ea279229b42ee57da9927da441c04b5c9ff86817b0856b08
142145 - name : kind
143146 value : task
144147 resolver : bundles
@@ -159,7 +162,7 @@ spec:
159162 - name : name
160163 value : git-clone-oci-ta
161164 - name : bundle
162- value : quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0fea1e4bd2fdde46c5b7786629f423a51e357f681c32ceddd744a6e3d48b8327
165+ value : quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:d30f13dd15daf89dd6dc645243b3444d35570d13f7840c3fd65e366022515205
163166 - name : kind
164167 value : task
165168 resolver : bundles
@@ -181,14 +184,16 @@ spec:
181184 value : $(params.output-image).prefetch
182185 - name : ociArtifactExpiresAfter
183186 value : $(params.image-expires-after)
187+ - name : enable-package-registry-proxy
188+ value : $(params.enable-package-registry-proxy)
184189 runAfter :
185190 - clone-repository
186191 taskRef :
187192 params :
188193 - name : name
189194 value : prefetch-dependencies-oci-ta
190195 - name : bundle
191- value : quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2 @sha256:adbd819c6b727ac0c5519475d174dcad64cfa8df6ee50acd58f7fb562c59d4f7
196+ value : quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3 @sha256:3dc78afbf3a441e0280067433cb28ea3d2d0088ec214c73bf063f145b4f273ef
192197 - name : kind
193198 value : task
194199 resolver : bundles
@@ -231,7 +236,7 @@ spec:
231236 - name : name
232237 value : buildah-oci-ta
233238 - name : bundle
234- value : quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.4 @sha256:09f012a6c726c66922703f28846a3cfa196e8a391729192cda0d8f8a757b6ff5
239+ value : quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.9 @sha256:75ecb662f343f6f34e553c5b37734d28d9b53ce218c2321a19b96c39bf769357
235240 - name : kind
236241 value : task
237242 resolver : bundles
@@ -244,10 +249,6 @@ spec:
244249 params :
245250 - name : IMAGE
246251 value : $(params.output-image)
247- - name : COMMIT_SHA
248- value : $(tasks.clone-repository.results.commit)
249- - name : IMAGE_EXPIRES_AFTER
250- value : $(params.image-expires-after)
251252 - name : ALWAYS_BUILD_INDEX
252253 value : $(params.build-image-index)
253254 - name : IMAGES
@@ -260,7 +261,7 @@ spec:
260261 - name : name
261262 value : build-image-index
262263 - name : bundle
263- value : quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1 @sha256:9c95b1fe17db091ae364344ba2006af46648e08486eef1f6fe1b9e3f10866875
264+ value : quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3 @sha256:b33bfa8dc27dbf459f0779598ba45dcaa490bcc9f8efe1652bcf360ec8cb5582
264265 - name : kind
265266 value : task
266267 resolver : bundles
@@ -272,19 +273,21 @@ spec:
272273 - name : build-source-image
273274 params :
274275 - name : BINARY_IMAGE
275- value : $(params.output -image)
276+ value : $(tasks.build -image-index.results.IMAGE_URL )
276277 - name : SOURCE_ARTIFACT
277278 value : $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
278279 - name : CACHI2_ARTIFACT
279280 value : $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
281+ - name : BINARY_IMAGE_DIGEST
282+ value : $(tasks.build-image-index.results.IMAGE_DIGEST)
280283 runAfter :
281284 - build-image-index
282285 taskRef :
283286 params :
284287 - name : name
285288 value : source-build-oci-ta
286289 - name : bundle
287- value : quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.2 @sha256:c5e56643c0f5e19409e86c8fd4de4348413b6f10456aa0875498d5c63bf6ef0e
290+ value : quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3 @sha256:8567bb7bf8fa9147c96b297533336fa7079ecf972cb86c09ccdd6bddedb25711
288291 - name : kind
289292 value : task
290293 resolver : bundles
@@ -310,7 +313,7 @@ spec:
310313 - name : name
311314 value : deprecated-image-check
312315 - name : bundle
313- value : quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:ecd33669676b3a193ff4c2c6223cb912cc1b0cf5cc36e080eaec7718500272cf
316+ value : quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:e78d0d3baf3c8cfc1a5ad278196b74032d9568b143a87c7a79ab780fedfb296e
314317 - name : kind
315318 value : task
316319 resolver : bundles
@@ -332,7 +335,7 @@ spec:
332335 - name : name
333336 value : clair-scan
334337 - name : bundle
335- value : quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.2 @sha256:68a8fe28527c4469243119a449e2b3a6655f2acac589c069ea6433242da8ed4d
338+ value : quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3 @sha256:8fad4c2e2f470f82ee43d6b2ac72327b4d9c6e9cb514a678911c1c9359c29894
336339 - name : kind
337340 value : task
338341 resolver : bundles
@@ -352,7 +355,7 @@ spec:
352355 - name : name
353356 value : ecosystem-cert-preflight-checks
354357 - name : bundle
355- value : quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:8a2d3ce9205df1f59f410529cb38134336e0a4b06ee1187b3229f26c80ecc5ba
358+ value : quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:88f4fd6d7812a3c46f120f3035974f5fb8cb06b5e3e927badf6e8370f1516a88
356359 - name : kind
357360 value : task
358361 resolver : bundles
@@ -371,14 +374,16 @@ spec:
371374 value : $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
372375 - name : CACHI2_ARTIFACT
373376 value : $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
377+ - name : TARGET_DIRS
378+ value : $(params.sast-target-dirs)
374379 runAfter :
375380 - build-image-index
376381 taskRef :
377382 params :
378383 - name : name
379384 value : sast-snyk-check-oci-ta
380385 - name : bundle
381- value : quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:9a6ec5575f80668552d861e64414e736c85af772c272ca653a6fd1ec841d2627
386+ value : quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.4@sha256:0ebf28a0abd5a167438d4628938a74ade6f00a44a4b7ed1cfa9cfc57a5b24748
382387 - name : kind
383388 value : task
384389 resolver : bundles
@@ -400,7 +405,7 @@ spec:
400405 - name : name
401406 value : clamav-scan
402407 - name : bundle
403- value : quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.2 @sha256:386c8c3395b44f6eb927dbad72382808b0ae42008f183064ca77cb4cad998442
408+ value : quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3 @sha256:567cb66bd2e1f4b58b9d4d756f3317fc62479e0b40aa0de66094b1f12d296cfc
404409 - name : kind
405410 value : task
406411 resolver : bundles
@@ -438,14 +443,16 @@ spec:
438443 value : $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
439444 - name : CACHI2_ARTIFACT
440445 value : $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
446+ - name : TARGET_DIRS
447+ value : $(params.sast-target-dirs)
441448 runAfter :
442449 - coverity-availability-check
443450 taskRef :
444451 params :
445452 - name : name
446453 value : sast-coverity-check-oci-ta
447454 - name : bundle
448- value : quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:7c845b10d257b874f645ea30deeff3c1ce2b38e7b6e331564f32c8684f41b520
455+ value : quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta:0.3@sha256:e92d00ed858233d0096627861192d3e4fc013cf1559c0d0b0ea0657d3377ce75
449456 - name : kind
450457 value : task
451458 resolver : bundles
@@ -466,7 +473,7 @@ spec:
466473 - name : name
467474 value : coverity-availability-check
468475 - name : bundle
469- value : quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:8b58c4fae00c0dfe3937abfb8a9a61aa3c408cca4278b817db53d518428d944e
476+ value : quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:8b501440a960aec446db2ebc6625a49d0317a9fc7bf0f7bd9b18cb63052db7de
470477 - name : kind
471478 value : task
472479 resolver : bundles
@@ -485,14 +492,16 @@ spec:
485492 value : $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
486493 - name : CACHI2_ARTIFACT
487494 value : $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
495+ - name : TARGET_DIRS
496+ value : $(params.sast-target-dirs)
488497 runAfter :
489498 - build-image-index
490499 taskRef :
491500 params :
492501 - name : name
493502 value : sast-shell-check-oci-ta
494503 - name : bundle
495- value : quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:60a7ee6ec5d00920389f03befd328cdaa159b7122a94ff3c87da287e0f32420f
504+ value : quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:3cbb3535af6e7d4396858179a6427caaffb2e68775594795692fc01f28ae313f
496505 - name : kind
497506 value : task
498507 resolver : bundles
@@ -511,14 +520,16 @@ spec:
511520 value : $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
512521 - name : CACHI2_ARTIFACT
513522 value : $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
523+ - name : TARGET_DIRS
524+ value : $(params.sast-target-dirs)
514525 runAfter :
515526 - build-image-index
516527 taskRef :
517528 params :
518529 - name : name
519530 value : sast-unicode-check-oci-ta
520531 - name : bundle
521- value : quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.2 @sha256:9613b9037e4199495800c2054c13d0479e3335ec94e0f15f031a5bce844003a9
532+ value : quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4 @sha256:223812001607b07f0e07d56bef7b7d619144e660c0c57f21ddd44ce0c8c4785b
522533 - name : kind
523534 value : task
524535 resolver : bundles
@@ -538,7 +549,7 @@ spec:
538549 - name : name
539550 value : apply-tags
540551 - name : bundle
541- value : quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2 @sha256:0c411c27483849a936c0c420a57e477113e9fafc63077647200d6614d9ebb872
552+ value : quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3 @sha256:a291081de7fb27f832c6fc3c4b078acf7e6162ca4c085db38b118ca87e8b5b66
542553 - name : kind
543554 value : task
544555 resolver : bundles
@@ -561,7 +572,7 @@ spec:
561572 - name : name
562573 value : push-dockerfile-oci-ta
563574 - name : bundle
564- value : quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1 @sha256:d0ee13ab3d9564f7ee806a8ceaced934db493a3a40e11ff6db3a912b8bbace95
575+ value : quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.3 @sha256:7855471abfe87de080b914f2f3ca27c59e64f6448a7c2435e51435b764494c71
565576 - name : kind
566577 value : task
567578 resolver : bundles
@@ -578,7 +589,7 @@ spec:
578589 - name : name
579590 value : rpms-signature-scan
580591 - name : bundle
581- value : quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:ec7f6de651458e4a5842b145e761b0d86b03b52bec1515d6d8a1b8cf107af95c
592+ value : quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:237c54b069d16c3785d1302f19be309aa6c0ae2313d446e30cb74671e07ca676
582593 - name : kind
583594 value : task
584595 resolver : bundles
0 commit comments