Creates InternalRequests to sign FBC index images via the container-signing pipeline
| Name | Description | Optional | Default value |
|---|---|---|---|
| dataPath | Path to the JSON string of the merged data to use in the data workspace | No | - |
| requester | Name of the user that requested the signing, for auditing purposes | No | - |
| requestTimeout | InternalRequest timeout | Yes | 1800 |
| pipelineRunUid | The uid of the current pipelineRun. Used as a label value when creating internal requests | No | - |
| fbcResultsPath | Path to the JSON file in the data workspace containing fbc results | No | - |
| concurrentLimit | The maximum number of concurrent signing requests | Yes | 8 |
| ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | empty |
| ociArtifactExpiresAfter | Expiration date for the trusted artifacts created in the OCI repository. An empty string means the artifacts do not expire | Yes | 1d |
| trustedArtifactsDebug | Flag to enable debug logging in trusted artifacts. Set to a non-empty string to enable | Yes | "" |
| orasOptions | oras options to pass to Trusted Artifacts calls | Yes | "" |
| sourceDataArtifact | Location of trusted artifacts to be used to populate data directory | Yes | "" |
| dataDir | The location where data will be stored | Yes | /var/workdir/release |
| taskGitUrl | The url to the git repo where the release-service-catalog tasks and stepactions to be used are stored | No | - |
| taskGitRevision | The revision in the taskGitUrl repo to be used | No | - |
| pyxisServer | The server type to use. Options are 'production','production-internal','stage-internal' and 'stage' | Yes | production |
| pyxisSecret | The kubernetes secret to use to authenticate to Pyxis. It needs to contain two keys: key and cert | No | - |
| batchLimit | Maximum size in bytes of each base64-encoded signing_requests batch sent via InternalRequest | Yes | 15000 |
| caTrustConfigMapName | The name of the ConfigMap to read CA bundle data from | Yes | trusted-ca |
| caTrustConfigMapKey | The name of the key in the ConfigMap that contains the CA bundle data | Yes | ca-bundle.crt |
| failOnSignatureLookupError | Fail the task when any Pyxis find_signatures lookup fails; when set to "false", log a warning and submit every planned image row for signing without skipping already-signed references | Yes | true |
| signingRepo | Git repository URL containing the signing tasks | Yes | https://gitlab.cee.redhat.com/signing/signing.git |
| signingRevision | Git revision (branch, tag, or commit) in the signing repository | Yes | main |
| signPipeline | Name of the internal pipeline to use for container signing | Yes | container-signing |
| signPipelineServiceAccount | Service account to use for the signing pipeline | Yes | signing-pipeline-sa |
| pipelineImage | The image to use for the signing pipeline | Yes | quay.io/konflux-ci/signing:latest |