chore(deps): update konflux references#1577
Conversation
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #1577 +/- ##
==========================================
+ Coverage 72.91% 73.04% +0.13%
==========================================
Files 63 63
Lines 8423 8423
==========================================
+ Hits 6142 6153 +11
+ Misses 1660 1653 -7
+ Partials 621 617 -4
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
0a504c1 to
82c50d4
Compare
ReviewFindingsNo findings. Previous runReviewFindingsNo findings. Previous run (2)ReviewFindingsNo findings. |
82c50d4 to
24e5b6f
Compare
|
/retest |
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
24e5b6f to
b59d3a4
Compare
|
/retest |
|
PR #1577 was an automated dependency update from Review quality: Good. The agent correctly identified this as a trivial dependency bump with no code changes requiring review findings. Rework rate: Zero — no changes requested, no fix cycles needed. Token cost: The review agent ran 3 times on an unchanged diff, producing identical "No findings" results each run. This is a known inefficiency already tracked by multiple open issues (see below). Time to resolution: The 16-day merge latency was driven by human review cadence and CI retests ( No new proposals filed. All identified improvement opportunities are already covered by existing open issues in
|
This PR contains the following updates:
550afde→b33bfa80.9→0.100.9→0.1013d49df→d30f13da2efbcd→0e6324ecfdb76c→237c54bc4ef47e→f960cc98f3ecbe→1d6cdb090efa58→324291c0917cfc→8567bb7Release Notes
konflux-ci/build-definitions (quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta)
v0.10This version introduces konflux-build-cli. The
buildstep replaces most of the Bash withkonflux-build-cli image build. Other steps still use Bash, this will change soon.We expect version 0.10 to behave the same as version 0.9 for the vast majority
of use cases. All known (minor) differences documented below.
Added
vcs-urllabel. Previously, the task would inject the following vcs-related labels:org.opencontainers.image.revisionand its legacy counterpart,vcs-reforg.opencontainers.image.sourceand nothing elsevcs-urlChanged
ANNOTATIONS_FILE<ANNOTATIONS< default annotationsANNOTATIONS_FILE<ANNOTATIONSYUM_REPOS_D_SRCandYUM_REPOS_D_FETCHEDdirectories,injects only regular files into
/etc/yum.repos.d. Previously, the task wouldinject the directories as a whole.
/etc/yum.repos.dis a flat structure, sothe task now injects only regular files to avoid injecting unexpected content.
prefetch.envandcachi2.envin the prefetch dir (in this order).Version 0.3.1 of the prefetch task added
prefetch.envand a future versionwill remove
cachi2.env.cachi2.repofiles to enable RPM integration,just needs any
*.repofile at the expected path.YUM_REPOS_D_SRCorYUM_REPOS_D_FETCHEDdirectories containa repo file with the same name as the repo file from Hermeto, the Hermeto
repo takes precedence. Previously,
YUM_REPOS_*would take precedence./tmp, instead copies them to a directoryon the same filesystem as the original files. This uses copy-on-write and avoids
duplicating the underlying data.
ACTIVATION_KEYand the containerfile doesn't includesubscription-manager register(same as before)ENTITLEMENT_SECRET(not done before and should have been)/etc/rhsm/cadirectoryinstead of mounting a specific file. This closes #1621.
Fixed
/usr/share/buildinfoand/root/buildinfo:injects the files using a separate build-context.
TARGETparam is set andSKIP_INJECTIONS=false(using
TARGETdisables metadata injection anyway). Metadata injection neverworked with a non-default target, version 0.10 just adds the warning.
labels.json:io.buildah.versionlabel whenSOURCE_DATE_EPOCHis non-empty.Previously,
labels.jsonwould always includeio.buildah.version.COPY --from=$imageandRUN --mount=from=$image.Previously, would only pull images referenced as
FROM $image.SKIP_UNUSED_STAGES=false).represent pullable images. Specifically, will only pull transport-less references
and
docker://references. Previously, the task would skipoci-archive:referencesbut fail on any other kind of non-standard reference.
No longer mangles RUN instructions that use the exec form or a bare here-doc.
Instead skips the instruction and logs a warning.
doesn't become broken. The unsupported instructions don't automatically get
the variables that may be required to make the hermetic build work though.
Fixes dozens of small bugs that most users never would have hit. For example,
version 0.10:
RUNinstructionskonflux-ci/build-definitions (quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta)
v0.10This version introduces konflux-build-cli. The
buildstep replaces most of the Bash withkonflux-build-cli image build. Other steps still use Bash, this will change soon.We expect version 0.10 to behave the same as version 0.9 for the vast majority
of use cases. All known (minor) differences documented below.
Added
vcs-urllabel. Previously, the task would inject the following vcs-related labels:org.opencontainers.image.revisionand its legacy counterpart,vcs-reforg.opencontainers.image.sourceand nothing elsevcs-urlChanged
ANNOTATIONS_FILE<ANNOTATIONS< default annotationsANNOTATIONS_FILE<ANNOTATIONSYUM_REPOS_D_SRCandYUM_REPOS_D_FETCHEDdirectories,injects only regular files into
/etc/yum.repos.d. Previously, the task wouldinject the directories as a whole.
/etc/yum.repos.dis a flat structure, sothe task now injects only regular files to avoid injecting unexpected content.
prefetch.envandcachi2.envin the prefetch dir (in this order).Version 0.3.1 of the prefetch task added
prefetch.envand a future versionwill remove
cachi2.env.cachi2.repofiles to enable RPM integration,just needs any
*.repofile at the expected path.YUM_REPOS_D_SRCorYUM_REPOS_D_FETCHEDdirectories containa repo file with the same name as the repo file from Hermeto, the Hermeto
repo takes precedence. Previously,
YUM_REPOS_*would take precedence./tmp, instead copies them to a directoryon the same filesystem as the original files. This uses copy-on-write and avoids
duplicating the underlying data.
ACTIVATION_KEYand the containerfile doesn't includesubscription-manager register(same as before)ENTITLEMENT_SECRET(not done before and should have been)/etc/rhsm/cadirectoryinstead of mounting a specific file. This closes #1621.
Fixed
/usr/share/buildinfoand/root/buildinfo:injects the files using a separate build-context.
TARGETparam is set andSKIP_INJECTIONS=false(using
TARGETdisables metadata injection anyway). Metadata injection neverworked with a non-default target, version 0.10 just adds the warning.
labels.json:io.buildah.versionlabel whenSOURCE_DATE_EPOCHis non-empty.Previously,
labels.jsonwould always includeio.buildah.version.COPY --from=$imageandRUN --mount=from=$image.Previously, would only pull images referenced as
FROM $image.SKIP_UNUSED_STAGES=false).represent pullable images. Specifically, will only pull transport-less references
and
docker://references. Previously, the task would skipoci-archive:referencesbut fail on any other kind of non-standard reference.
No longer mangles RUN instructions that use the exec form or a bare here-doc.
Instead skips the instruction and logs a warning.
doesn't become broken. The unsupported instructions don't automatically get
the variables that may be required to make the hermetic build work though.
Fixes dozens of small bugs that most users never would have hit. For example,
version 0.10:
RUNinstructionsConfiguration
📅 Schedule: Branch creation - Between 05:00 AM and 11:59 PM, only on Saturday ( * 5-23 * * 6 ) (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.