From 8fa360813efa03472800a88719cecf1b484de61b Mon Sep 17 00:00:00 2001 From: Simon Baird Date: Thu, 4 Jun 2026 17:08:04 -0400 Subject: [PATCH 1/2] feat(EC-1868): use conforma/tekton-catalog for conforma task Switch the git resolver from conforma/cli to conforma/tekton-catalog and hard-code the revision SHA instead of using the verify_ec_task_git_revision param, which is defined in a configmap with its own change workflow in another repo. The param is kept for backwards compatibility but its value is now ignored. The motivation for this change is that we want to have a simple and clear atomic roll-out (and roll-back if needed) workflow for Conforma updates. The current system where the reference is in a configmap and gets passed as a param makes that difficult. Also, the current conforma/cli git resolver reference has the disadvantage of not using a pinned version of the Conforma CLI, hence a change merged to main branch Conforma goes live instantly. The conforma/tekton-catalog definition does not have this problem, since the cli image used by the task is pinned there, updates only go live when the git sha ref we're introducing in this PR gets updated. Also in this PR: Add a todo about the one instance of the task (in the calunga-push-to-pulp pipeline) that might need some more careful testing before updating. Since the version of the task it's currently using is almost a year old, there's a chance the params need to be changed. To reduce the risk of breaking something, and because I don't have a good way to test the calunga-push-to-pulp pipeline, I don't want to do it in this PR, so to be cautious I'm leaving it alone and flagging it as a todo for someone else to fix later. Signed-off-by: Simon Baird Assisted-by: Claude Opus 4.6 --- .github/workflows/lint.yaml | 1 - .../managed/calunga-push-to-pulp/README.md | 2 +- .../calunga-push-to-pulp.yaml | 19 +++++++++++++++++-- pipelines/managed/e2e/README.md | 2 +- pipelines/managed/e2e/e2e.yaml | 7 ++++--- pipelines/managed/fbc-release/README.md | 2 +- .../managed/fbc-release/fbc-release.yaml | 7 ++++--- .../managed/push-artifacts-to-cdn/README.md | 2 +- .../push-artifacts-to-cdn.yaml | 7 ++++--- .../push-artifacts-to-storage/README.md | 2 +- .../push-artifacts-to-storage.yaml | 7 ++++--- .../managed/push-disk-images-to-cdn/README.md | 2 +- .../push-disk-images-to-cdn.yaml | 7 ++++--- .../README.md | 2 +- .../push-disk-images-to-marketplaces.yaml | 7 ++++--- pipelines/managed/push-oot-kmods/README.md | 2 +- .../push-oot-kmods/push-oot-kmods.yaml | 7 ++++--- pipelines/managed/push-rpm-to-koji/README.md | 2 +- .../push-rpm-to-koji/push-rpm-to-koji.yaml | 7 ++++--- pipelines/managed/push-rpms-to-pulp/README.md | 2 +- .../push-rpms-to-pulp/push-rpms-to-pulp.yaml | 7 ++++--- .../README.md | 2 +- ...ton-task-bundles-to-external-registry.yaml | 7 ++++--- .../managed/push-to-addons-registry/README.md | 2 +- .../push-to-addons-registry.yaml | 7 ++++--- .../push-to-external-registry/README.md | 2 +- .../push-to-external-registry.yaml | 7 ++++--- pipelines/managed/release-to-github/README.md | 2 +- .../release-to-github/release-to-github.yaml | 7 ++++--- pipelines/managed/release-to-mrrc/README.md | 2 +- .../release-to-mrrc/release-to-mrrc.yaml | 7 ++++--- pipelines/managed/release-to-nrrc/README.md | 2 +- .../release-to-nrrc/release-to-nrrc.yaml | 7 ++++--- pipelines/managed/rh-advisories/README.md | 2 +- .../managed/rh-advisories/rh-advisories.yaml | 7 ++++--- .../README.md | 2 +- ...push-helm-chart-to-registry-redhat-io.yaml | 7 ++++--- .../rh-push-to-external-registry/README.md | 2 +- .../rh-push-to-external-registry.yaml | 7 ++++--- .../rh-push-to-registry-redhat-io/README.md | 2 +- .../rh-push-to-registry-redhat-io.yaml | 7 ++++--- pipelines/managed/rh-rpm-advisories/README.md | 2 +- .../rh-rpm-advisories/rh-rpm-advisories.yaml | 7 ++++--- .../managed/rhtap-service-push/README.md | 2 +- .../rhtap-service-push.yaml | 7 ++++--- 45 files changed, 123 insertions(+), 88 deletions(-) diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml index 384fbaa68e..76babc08ad 100644 --- a/.github/workflows/lint.yaml +++ b/.github/workflows/lint.yaml @@ -213,7 +213,6 @@ jobs: github.event.pull_request.head.repo.html_url || github.event.merge_group.head_repo.html_url }} - verify_ec_task_git_revision=main mobster_tasks_git_revision=main check-agents-md: name: Check AGENTS.md line count diff --git a/pipelines/managed/calunga-push-to-pulp/README.md b/pipelines/managed/calunga-push-to-pulp/README.md index 64480399df..a84ee528b7 100644 --- a/pipelines/managed/calunga-push-to-pulp/README.md +++ b/pipelines/managed/calunga-push-to-pulp/README.md @@ -15,7 +15,7 @@ Release Components in a Snapshot to a pulp-backed python index. Each image in a | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | | enterpriseContractTimeout | Timeout setting for `ec validate` | Yes | 40m0s | | verify_ec_task_bundle | The location of the bundle containing the verify-enterprise-contract task | No | - | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | Yes | production | | pulpBaseUrl | The base URL of the Pulp server | Yes | https://packages.redhat.com | diff --git a/pipelines/managed/calunga-push-to-pulp/calunga-push-to-pulp.yaml b/pipelines/managed/calunga-push-to-pulp/calunga-push-to-pulp.yaml index e6e23083c2..11c16c9cab 100644 --- a/pipelines/managed/calunga-push-to-pulp/calunga-push-to-pulp.yaml +++ b/pipelines/managed/calunga-push-to-pulp/calunga-push-to-pulp.yaml @@ -42,7 +42,8 @@ spec: description: The location of the bundle containing the verify-enterprise-contract task - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -182,14 +183,28 @@ spec: runAfter: - collect-data + # TODO: This task is using an old git ref from a deprecated location. Migrating to + # the current latest Conforma task might require some param changes, so to avoid + # breaking something I'm leaving it untouched for now. Fix me soon I guess. The git + # sha being referenced is from "Jul 9 08:58:49 2025". It should be updated to the + # git resolver params used in all other pipelines in this repo, currently this: + # + # - name: url + # value: https://github.com/conforma/tekton-catalog + # - name: revision + # value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + # - name: pathInRepo + # value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" + # - name: verify-enterprise-contract taskRef: resolver: "git" params: + # TODO: Should be changed to https://github.com/conforma/tekton-catalog + # and the revision should be updated. See longer explanation above. - name: url value: https://github.com/enterprise-contract/ec-cli - name: revision - # TODO: How to keep this up to date? value: cdfd9188f9352d7269ae1fe8c273a9e67f60ab8a - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" diff --git a/pipelines/managed/e2e/README.md b/pipelines/managed/e2e/README.md index 0b58c2a7e5..260cd88fa4 100644 --- a/pipelines/managed/e2e/README.md +++ b/pipelines/managed/e2e/README.md @@ -15,7 +15,7 @@ affected by RHTAP services or which results could affect the RHTAP workflow. | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | | verify_ec_task_bundle | The location of the bundle containing the verify-enterprise-contract task | No | - | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/e2e/e2e.yaml b/pipelines/managed/e2e/e2e.yaml index a941df3e04..82b767a91c 100644 --- a/pipelines/managed/e2e/e2e.yaml +++ b/pipelines/managed/e2e/e2e.yaml @@ -41,7 +41,8 @@ spec: description: The location of the bundle containing the verify-enterprise-contract task - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -104,9 +105,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/fbc-release/README.md b/pipelines/managed/fbc-release/README.md index fd484bf9d7..70dbdcfa93 100644 --- a/pipelines/managed/fbc-release/README.md +++ b/pipelines/managed/fbc-release/README.md @@ -14,7 +14,7 @@ Tekton release pipeline to interact with FBC Pipeline | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | | verify_ec_task_bundle | The location of the bundle containing the verify-enterprise-contract task | No | - | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/fbc-release/fbc-release.yaml b/pipelines/managed/fbc-release/fbc-release.yaml index 3ba51552bc..3b3d7002f8 100644 --- a/pipelines/managed/fbc-release/fbc-release.yaml +++ b/pipelines/managed/fbc-release/fbc-release.yaml @@ -40,7 +40,8 @@ spec: description: The location of the bundle containing the verify-enterprise-contract task - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -233,9 +234,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-artifacts-to-cdn/README.md b/pipelines/managed/push-artifacts-to-cdn/README.md index c80a4cd3d5..1a3b6ec2a3 100644 --- a/pipelines/managed/push-artifacts-to-cdn/README.md +++ b/pipelines/managed/push-artifacts-to-cdn/README.md @@ -15,7 +15,7 @@ It uses InternalRequests so that it can be run on both public and private cluste | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | | verify_ec_task_bundle | The location of the bundle containing the verify-enterprise-contract task | No | - | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/push-artifacts-to-cdn/push-artifacts-to-cdn.yaml b/pipelines/managed/push-artifacts-to-cdn/push-artifacts-to-cdn.yaml index e02e615057..82e40092d4 100644 --- a/pipelines/managed/push-artifacts-to-cdn/push-artifacts-to-cdn.yaml +++ b/pipelines/managed/push-artifacts-to-cdn/push-artifacts-to-cdn.yaml @@ -41,7 +41,8 @@ spec: description: The location of the bundle containing the verify-enterprise-contract task - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -237,9 +238,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-artifacts-to-storage/README.md b/pipelines/managed/push-artifacts-to-storage/README.md index d37a820eab..eaf9beeeb3 100644 --- a/pipelines/managed/push-artifacts-to-storage/README.md +++ b/pipelines/managed/push-artifacts-to-storage/README.md @@ -15,7 +15,7 @@ Tekton pipeline to push rpms into the artifact storage instance. | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | Yes | brew-rhel-sst-prod | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | | orasOptions | oras options to pass to Trusted Artifacts calls | Yes | "" | | trustedArtifactsDebug | Flag to enable debug logging in trusted artifacts. Set to a non-empty string to enable | Yes | "" | diff --git a/pipelines/managed/push-artifacts-to-storage/push-artifacts-to-storage.yaml b/pipelines/managed/push-artifacts-to-storage/push-artifacts-to-storage.yaml index ae6b35573a..8181fb1b7e 100644 --- a/pipelines/managed/push-artifacts-to-storage/push-artifacts-to-storage.yaml +++ b/pipelines/managed/push-artifacts-to-storage/push-artifacts-to-storage.yaml @@ -45,7 +45,8 @@ spec: default: "pipeline_intention=release" - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: ociStorage type: string description: The OCI repository where the Trusted Artifacts are stored @@ -200,9 +201,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-disk-images-to-cdn/README.md b/pipelines/managed/push-disk-images-to-cdn/README.md index 6531c8dc43..aeaf7e937b 100644 --- a/pipelines/managed/push-disk-images-to-cdn/README.md +++ b/pipelines/managed/push-disk-images-to-cdn/README.md @@ -13,7 +13,7 @@ Tekton Pipeline to push disk images to a cdn using pulp | snapshot | The namespaced name (namespace/name) of the snapshot | No | - | | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/push-disk-images-to-cdn/push-disk-images-to-cdn.yaml b/pipelines/managed/push-disk-images-to-cdn/push-disk-images-to-cdn.yaml index ca0cd01eb1..7a777c15fd 100644 --- a/pipelines/managed/push-disk-images-to-cdn/push-disk-images-to-cdn.yaml +++ b/pipelines/managed/push-disk-images-to-cdn/push-disk-images-to-cdn.yaml @@ -37,7 +37,8 @@ spec: default: "pipeline_intention=release" - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -227,9 +228,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-disk-images-to-marketplaces/README.md b/pipelines/managed/push-disk-images-to-marketplaces/README.md index c2bfd9d1c6..5d26485530 100644 --- a/pipelines/managed/push-disk-images-to-marketplaces/README.md +++ b/pipelines/managed/push-disk-images-to-marketplaces/README.md @@ -13,7 +13,7 @@ Tekton Pipeline to push disk images to various cloud marketplaces | snapshot | The namespaced name (namespace/name) of the snapshot | No | - | | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | postCleanUp | Cleans up workspace after finishing executing the pipeline | Yes | true | diff --git a/pipelines/managed/push-disk-images-to-marketplaces/push-disk-images-to-marketplaces.yaml b/pipelines/managed/push-disk-images-to-marketplaces/push-disk-images-to-marketplaces.yaml index 51a359edcf..16301c4355 100644 --- a/pipelines/managed/push-disk-images-to-marketplaces/push-disk-images-to-marketplaces.yaml +++ b/pipelines/managed/push-disk-images-to-marketplaces/push-disk-images-to-marketplaces.yaml @@ -37,7 +37,8 @@ spec: default: "pipeline_intention=release" - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -233,9 +234,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-oot-kmods/README.md b/pipelines/managed/push-oot-kmods/README.md index 04076bac05..4f7f3998d9 100644 --- a/pipelines/managed/push-oot-kmods/README.md +++ b/pipelines/managed/push-oot-kmods/README.md @@ -13,7 +13,7 @@ Tekton pipeline to sign out-of-tree kernel modules and upload them to their dest | snapshot | The namespaced name (namespace/name) of the snapshot | No | - | | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | | orasOptions | oras options to pass to Trusted Artifacts calls | Yes | "" | | trustedArtifactsDebug | Flag to enable debug logging in trusted artifacts. Set to a non-empty string to enable | Yes | "" | diff --git a/pipelines/managed/push-oot-kmods/push-oot-kmods.yaml b/pipelines/managed/push-oot-kmods/push-oot-kmods.yaml index 32b4902433..17caffe309 100644 --- a/pipelines/managed/push-oot-kmods/push-oot-kmods.yaml +++ b/pipelines/managed/push-oot-kmods/push-oot-kmods.yaml @@ -37,7 +37,8 @@ spec: default: "pipeline_intention=release" - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: ociStorage type: string description: The OCI repository where the Trusted Artifacts are stored @@ -305,9 +306,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-rpm-to-koji/README.md b/pipelines/managed/push-rpm-to-koji/README.md index 2180b932e2..11c34128fb 100644 --- a/pipelines/managed/push-rpm-to-koji/README.md +++ b/pipelines/managed/push-rpm-to-koji/README.md @@ -15,7 +15,7 @@ Tekton pipeline to push rpms into the koji instance. | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | Yes | brew-rhel-sst-prod | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | | orasOptions | oras options to pass to Trusted Artifacts calls | Yes | "" | | trustedArtifactsDebug | Flag to enable debug logging in trusted artifacts. Set to a non-empty string to enable | Yes | "" | diff --git a/pipelines/managed/push-rpm-to-koji/push-rpm-to-koji.yaml b/pipelines/managed/push-rpm-to-koji/push-rpm-to-koji.yaml index ed7c6946d6..2862a190f2 100644 --- a/pipelines/managed/push-rpm-to-koji/push-rpm-to-koji.yaml +++ b/pipelines/managed/push-rpm-to-koji/push-rpm-to-koji.yaml @@ -45,7 +45,8 @@ spec: default: "pipeline_intention=release" - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: ociStorage type: string description: The OCI repository where the Trusted Artifacts are stored @@ -200,9 +201,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-rpms-to-pulp/README.md b/pipelines/managed/push-rpms-to-pulp/README.md index d4c3d6232e..c89cff26bc 100644 --- a/pipelines/managed/push-rpms-to-pulp/README.md +++ b/pipelines/managed/push-rpms-to-pulp/README.md @@ -15,7 +15,7 @@ Release Components in a Snapshot to a Pulp repository. | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | | enterpriseContractTimeout | Timeout setting for `ec validate` | Yes | 40m0s | | verify_ec_task_bundle | The location of the bundle containing the verify-enterprise-contract task | No | - | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | mobster_tasks_git_revision | The git revision to be used when consuming Mobster tasks for SBOM processing | Yes | 53ebdf3b46a10fc4b0e60b32171e8a7b4834ede6 | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | diff --git a/pipelines/managed/push-rpms-to-pulp/push-rpms-to-pulp.yaml b/pipelines/managed/push-rpms-to-pulp/push-rpms-to-pulp.yaml index 318b01b9d4..df51ff70cf 100644 --- a/pipelines/managed/push-rpms-to-pulp/push-rpms-to-pulp.yaml +++ b/pipelines/managed/push-rpms-to-pulp/push-rpms-to-pulp.yaml @@ -41,7 +41,8 @@ spec: description: The location of the bundle containing the verify-enterprise-contract task - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: mobster_tasks_git_revision type: string description: The git revision to be used when consuming Mobster tasks for SBOM processing @@ -326,9 +327,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-tekton-task-bundles-to-external-registry/README.md b/pipelines/managed/push-tekton-task-bundles-to-external-registry/README.md index e3230941de..ae2a3d2adb 100644 --- a/pipelines/managed/push-tekton-task-bundles-to-external-registry/README.md +++ b/pipelines/managed/push-tekton-task-bundles-to-external-registry/README.md @@ -14,7 +14,7 @@ with cosign, and update trusted-tasks list. | snapshot | The namespaced name (namespace/name) of the snapshot | No | - | | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/push-tekton-task-bundles-to-external-registry/push-tekton-task-bundles-to-external-registry.yaml b/pipelines/managed/push-tekton-task-bundles-to-external-registry/push-tekton-task-bundles-to-external-registry.yaml index 62defbad95..dde4b78837 100644 --- a/pipelines/managed/push-tekton-task-bundles-to-external-registry/push-tekton-task-bundles-to-external-registry.yaml +++ b/pipelines/managed/push-tekton-task-bundles-to-external-registry/push-tekton-task-bundles-to-external-registry.yaml @@ -38,7 +38,8 @@ spec: default: "pipeline_intention=release" - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -263,9 +264,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-to-addons-registry/README.md b/pipelines/managed/push-to-addons-registry/README.md index 14f61e6951..fc199e485f 100644 --- a/pipelines/managed/push-to-addons-registry/README.md +++ b/pipelines/managed/push-to-addons-registry/README.md @@ -14,7 +14,7 @@ Tekton pipeline to release a single FBC component to the Addons Registry. | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | | verify_ec_task_bundle | The location of the bundle containing the verify-enterprise-contract task | No | - | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/push-to-addons-registry/push-to-addons-registry.yaml b/pipelines/managed/push-to-addons-registry/push-to-addons-registry.yaml index 23db394473..40238c864e 100644 --- a/pipelines/managed/push-to-addons-registry/push-to-addons-registry.yaml +++ b/pipelines/managed/push-to-addons-registry/push-to-addons-registry.yaml @@ -40,7 +40,8 @@ spec: description: The location of the bundle containing the verify-enterprise-contract task - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -264,9 +265,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-to-external-registry/README.md b/pipelines/managed/push-to-external-registry/README.md index b42e4aa6f6..c5dc3080d6 100644 --- a/pipelines/managed/push-to-external-registry/README.md +++ b/pipelines/managed/push-to-external-registry/README.md @@ -13,7 +13,7 @@ Tekton pipeline to release Snapshots to an external registry. | snapshot | The namespaced name (namespace/name) of the snapshot | No | - | | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/push-to-external-registry/push-to-external-registry.yaml b/pipelines/managed/push-to-external-registry/push-to-external-registry.yaml index 5587599be3..33b0c9e5fe 100644 --- a/pipelines/managed/push-to-external-registry/push-to-external-registry.yaml +++ b/pipelines/managed/push-to-external-registry/push-to-external-registry.yaml @@ -37,7 +37,8 @@ spec: default: "pipeline_intention=release" - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -313,9 +314,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/release-to-github/README.md b/pipelines/managed/release-to-github/README.md index 162225a06f..d25688e553 100644 --- a/pipelines/managed/release-to-github/README.md +++ b/pipelines/managed/release-to-github/README.md @@ -15,7 +15,7 @@ release the binaries and signed file to GitHub. | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | | verify_ec_task_bundle | The location of the bundle containing the verify-enterprise-contract task | No | - | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/release-to-github/release-to-github.yaml b/pipelines/managed/release-to-github/release-to-github.yaml index 8c16f8b742..5f8d3fc023 100644 --- a/pipelines/managed/release-to-github/release-to-github.yaml +++ b/pipelines/managed/release-to-github/release-to-github.yaml @@ -41,7 +41,8 @@ spec: description: The location of the bundle containing the verify-enterprise-contract task - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -224,9 +225,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/release-to-mrrc/README.md b/pipelines/managed/release-to-mrrc/README.md index 9f5e29fe86..03d6fc4f2c 100644 --- a/pipelines/managed/release-to-mrrc/README.md +++ b/pipelines/managed/release-to-mrrc/README.md @@ -21,7 +21,7 @@ Charon itself handles duplicate publications appropriately at the MRRC level. | snapshot | The namespaced name (namespace/name) of the snapshot | No | - | | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | Yes | production | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/release-to-mrrc/release-to-mrrc.yaml b/pipelines/managed/release-to-mrrc/release-to-mrrc.yaml index 1cfc913a50..034d0f7d1a 100644 --- a/pipelines/managed/release-to-mrrc/release-to-mrrc.yaml +++ b/pipelines/managed/release-to-mrrc/release-to-mrrc.yaml @@ -45,7 +45,8 @@ spec: default: "pipeline_intention=release" - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -203,9 +204,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/release-to-nrrc/README.md b/pipelines/managed/release-to-nrrc/README.md index fc6ebf2145..364bfd3555 100644 --- a/pipelines/managed/release-to-nrrc/README.md +++ b/pipelines/managed/release-to-nrrc/README.md @@ -21,7 +21,7 @@ artifacts on every run, but Charon itself handles duplicate publications appropr | snapshot | The namespaced name (namespace/name) of the snapshot | No | - | | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | Yes | production | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/release-to-nrrc/release-to-nrrc.yaml b/pipelines/managed/release-to-nrrc/release-to-nrrc.yaml index 06f4694c34..6507ae1712 100644 --- a/pipelines/managed/release-to-nrrc/release-to-nrrc.yaml +++ b/pipelines/managed/release-to-nrrc/release-to-nrrc.yaml @@ -45,7 +45,8 @@ spec: default: "pipeline_intention=release" - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -203,9 +204,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/rh-advisories/README.md b/pipelines/managed/rh-advisories/README.md index 8e2300bdf7..165891da8d 100644 --- a/pipelines/managed/rh-advisories/README.md +++ b/pipelines/managed/rh-advisories/README.md @@ -30,7 +30,7 @@ the normal update-cr-status task does on the first release. | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | | verify_ec_task_bundle | The location of the bundle containing the verify-enterprise-contract task | No | - | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | mobster_tasks_git_revision | The git revision to be used when consuming Mobster tasks for SBOM processing | Yes | 53ebdf3b46a10fc4b0e60b32171e8a7b4834ede6 | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | diff --git a/pipelines/managed/rh-advisories/rh-advisories.yaml b/pipelines/managed/rh-advisories/rh-advisories.yaml index 605fc05f90..e719461961 100644 --- a/pipelines/managed/rh-advisories/rh-advisories.yaml +++ b/pipelines/managed/rh-advisories/rh-advisories.yaml @@ -56,7 +56,8 @@ spec: description: The location of the bundle containing the verify-enterprise-contract task - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: mobster_tasks_git_revision type: string description: The git revision to be used when consuming Mobster tasks for SBOM processing @@ -377,9 +378,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/rh-push-helm-chart-to-registry-redhat-io/README.md b/pipelines/managed/rh-push-helm-chart-to-registry-redhat-io/README.md index b4aa718645..b37c9dab35 100644 --- a/pipelines/managed/rh-push-helm-chart-to-registry-redhat-io/README.md +++ b/pipelines/managed/rh-push-helm-chart-to-registry-redhat-io/README.md @@ -16,7 +16,7 @@ push-rpm-data-to-pyxis removed (not applicable to Helm charts). | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | | verify_ec_task_bundle | The location of the bundle containing the verify-enterprise-contract task | No | - | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/rh-push-helm-chart-to-registry-redhat-io/rh-push-helm-chart-to-registry-redhat-io.yaml b/pipelines/managed/rh-push-helm-chart-to-registry-redhat-io/rh-push-helm-chart-to-registry-redhat-io.yaml index 7ebda729d3..69229f1db5 100644 --- a/pipelines/managed/rh-push-helm-chart-to-registry-redhat-io/rh-push-helm-chart-to-registry-redhat-io.yaml +++ b/pipelines/managed/rh-push-helm-chart-to-registry-redhat-io/rh-push-helm-chart-to-registry-redhat-io.yaml @@ -42,7 +42,8 @@ spec: description: The location of the bundle containing the verify-enterprise-contract task - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -325,9 +326,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/rh-push-to-external-registry/README.md b/pipelines/managed/rh-push-to-external-registry/README.md index 3dcc4521f1..b7d79d2d13 100644 --- a/pipelines/managed/rh-push-to-external-registry/README.md +++ b/pipelines/managed/rh-push-to-external-registry/README.md @@ -13,7 +13,7 @@ Tekton pipeline to release Red Hat Snapshots to an external registry. This pipel | snapshot | The namespaced name (namespace/name) of the snapshot | No | - | | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/rh-push-to-external-registry/rh-push-to-external-registry.yaml b/pipelines/managed/rh-push-to-external-registry/rh-push-to-external-registry.yaml index 1181c520e7..0a7720925f 100644 --- a/pipelines/managed/rh-push-to-external-registry/rh-push-to-external-registry.yaml +++ b/pipelines/managed/rh-push-to-external-registry/rh-push-to-external-registry.yaml @@ -37,7 +37,8 @@ spec: default: "pipeline_intention=release" - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -330,9 +331,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/rh-push-to-registry-redhat-io/README.md b/pipelines/managed/rh-push-to-registry-redhat-io/README.md index b165e7d559..6215b5ee27 100644 --- a/pipelines/managed/rh-push-to-registry-redhat-io/README.md +++ b/pipelines/managed/rh-push-to-registry-redhat-io/README.md @@ -14,7 +14,7 @@ Tekton pipeline to release content to registry.redhat.io registry. | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | | verify_ec_task_bundle | The location of the bundle containing the verify-enterprise-contract task | No | - | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml b/pipelines/managed/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml index 1c9463fdf7..5127bdd6a0 100644 --- a/pipelines/managed/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml +++ b/pipelines/managed/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml @@ -40,7 +40,8 @@ spec: description: The location of the bundle containing the verify-enterprise-contract task - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -296,9 +297,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/rh-rpm-advisories/README.md b/pipelines/managed/rh-rpm-advisories/README.md index 562f785205..2cb9fcbc72 100644 --- a/pipelines/managed/rh-rpm-advisories/README.md +++ b/pipelines/managed/rh-rpm-advisories/README.md @@ -17,7 +17,7 @@ and mock task of creating advisory. | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | | verify_ec_task_bundle | The location of the bundle containing the verify-enterprise-contract task | No | - | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | mobster_tasks_git_revision | The git revision to be used when consuming Mobster tasks for SBOM processing | Yes | 53ebdf3b46a10fc4b0e60b32171e8a7b4834ede6 | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | diff --git a/pipelines/managed/rh-rpm-advisories/rh-rpm-advisories.yaml b/pipelines/managed/rh-rpm-advisories/rh-rpm-advisories.yaml index d81c505206..a3f79ab897 100644 --- a/pipelines/managed/rh-rpm-advisories/rh-rpm-advisories.yaml +++ b/pipelines/managed/rh-rpm-advisories/rh-rpm-advisories.yaml @@ -43,7 +43,8 @@ spec: description: The location of the bundle containing the verify-enterprise-contract task - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: mobster_tasks_git_revision type: string description: The git revision to be used when consuming Mobster tasks for SBOM processing @@ -220,9 +221,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/rhtap-service-push/README.md b/pipelines/managed/rhtap-service-push/README.md index 6891633d6b..20b8795909 100644 --- a/pipelines/managed/rhtap-service-push/README.md +++ b/pipelines/managed/rhtap-service-push/README.md @@ -16,7 +16,7 @@ | snapshot | The namespaced name (namespace/name) of the snapshot | No | - | | enterpriseContractPolicy | JSON representation of the EnterpriseContractPolicy | No | - | | enterpriseContractExtraRuleData | Extra rule data to be merged into the policy specified in params.enterpriseContractPolicy. Use syntax "key1=value1,key2=value2..." | Yes | pipeline_intention=release | -| verify_ec_task_git_revision | The git revision to be used when consuming the verify-conforma task | No | - | +| verify_ec_task_git_revision | Previously used for the Conforma task git resolver, now deprecated and ignored | Yes | ignored | | taskGitUrl | The url to the git repo where the release-service-catalog tasks to be used are stored | Yes | https://github.com/konflux-ci/release-service-catalog.git | | taskGitRevision | The revision in the taskGitUrl repo to be used | No | - | | ociStorage | The OCI repository where the Trusted Artifacts are stored | Yes | quay.io/konflux-ci/release-service-trusted-artifacts | diff --git a/pipelines/managed/rhtap-service-push/rhtap-service-push.yaml b/pipelines/managed/rhtap-service-push/rhtap-service-push.yaml index ac356b5ba9..95daff1d8a 100644 --- a/pipelines/managed/rhtap-service-push/rhtap-service-push.yaml +++ b/pipelines/managed/rhtap-service-push/rhtap-service-push.yaml @@ -40,7 +40,8 @@ spec: default: "pipeline_intention=release" - name: verify_ec_task_git_revision type: string - description: The git revision to be used when consuming the verify-conforma task + description: Previously used for the Conforma task git resolver, now deprecated and ignored + default: ignored - name: taskGitUrl type: string description: The url to the git repo where the release-service-catalog tasks to be used are stored @@ -272,9 +273,9 @@ spec: resolver: "git" params: - name: url - value: https://github.com/conforma/cli + value: https://github.com/conforma/tekton-catalog - name: revision - value: "$(params.verify_ec_task_git_revision)" + value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: From 4d0a9de13d91cb9a81315f3710b8c8c92987a082 Mon Sep 17 00:00:00 2001 From: Simon Baird Date: Fri, 12 Jun 2026 10:55:25 -0400 Subject: [PATCH 2/2] feat(EC-1868): bump conforma task sha with new script This could be run automatically in future, but right now I'm running it manually. Also in this commit, check in the results of running the script so we bump the actual git sha. Note that it updated it also in the todo comments, which I think is a feature. Signed-off-by: Simon Baird Assisted-by: Claude Opus 4.6 --- .../calunga-push-to-pulp.yaml | 2 +- pipelines/managed/e2e/e2e.yaml | 2 +- .../managed/fbc-release/fbc-release.yaml | 2 +- .../push-artifacts-to-cdn.yaml | 2 +- .../push-artifacts-to-storage.yaml | 2 +- .../push-disk-images-to-cdn.yaml | 2 +- .../push-disk-images-to-marketplaces.yaml | 2 +- .../push-oot-kmods/push-oot-kmods.yaml | 2 +- .../push-rpm-to-koji/push-rpm-to-koji.yaml | 2 +- .../push-rpms-to-pulp/push-rpms-to-pulp.yaml | 2 +- ...ton-task-bundles-to-external-registry.yaml | 2 +- .../push-to-addons-registry.yaml | 2 +- .../push-to-external-registry.yaml | 2 +- .../release-to-github/release-to-github.yaml | 2 +- .../release-to-mrrc/release-to-mrrc.yaml | 2 +- .../release-to-nrrc/release-to-nrrc.yaml | 2 +- .../managed/rh-advisories/rh-advisories.yaml | 2 +- ...push-helm-chart-to-registry-redhat-io.yaml | 2 +- .../rh-push-to-external-registry.yaml | 2 +- .../rh-push-to-registry-redhat-io.yaml | 2 +- .../rh-rpm-advisories/rh-rpm-advisories.yaml | 2 +- .../rhtap-service-push.yaml | 2 +- scripts/bump-conforma-revision.sh | 40 +++++++++++++++++++ 23 files changed, 62 insertions(+), 22 deletions(-) create mode 100755 scripts/bump-conforma-revision.sh diff --git a/pipelines/managed/calunga-push-to-pulp/calunga-push-to-pulp.yaml b/pipelines/managed/calunga-push-to-pulp/calunga-push-to-pulp.yaml index 11c16c9cab..b1d6342d83 100644 --- a/pipelines/managed/calunga-push-to-pulp/calunga-push-to-pulp.yaml +++ b/pipelines/managed/calunga-push-to-pulp/calunga-push-to-pulp.yaml @@ -192,7 +192,7 @@ spec: # - name: url # value: https://github.com/conforma/tekton-catalog # - name: revision - # value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + # value: "1383873048e9bb8626c0e4b37c93da433b12e339" # - name: pathInRepo # value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" # diff --git a/pipelines/managed/e2e/e2e.yaml b/pipelines/managed/e2e/e2e.yaml index 82b767a91c..0608ce6438 100644 --- a/pipelines/managed/e2e/e2e.yaml +++ b/pipelines/managed/e2e/e2e.yaml @@ -107,7 +107,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/fbc-release/fbc-release.yaml b/pipelines/managed/fbc-release/fbc-release.yaml index 3b3d7002f8..824338b871 100644 --- a/pipelines/managed/fbc-release/fbc-release.yaml +++ b/pipelines/managed/fbc-release/fbc-release.yaml @@ -236,7 +236,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-artifacts-to-cdn/push-artifacts-to-cdn.yaml b/pipelines/managed/push-artifacts-to-cdn/push-artifacts-to-cdn.yaml index 82e40092d4..fbb50d2989 100644 --- a/pipelines/managed/push-artifacts-to-cdn/push-artifacts-to-cdn.yaml +++ b/pipelines/managed/push-artifacts-to-cdn/push-artifacts-to-cdn.yaml @@ -240,7 +240,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-artifacts-to-storage/push-artifacts-to-storage.yaml b/pipelines/managed/push-artifacts-to-storage/push-artifacts-to-storage.yaml index 8181fb1b7e..98bbba1886 100644 --- a/pipelines/managed/push-artifacts-to-storage/push-artifacts-to-storage.yaml +++ b/pipelines/managed/push-artifacts-to-storage/push-artifacts-to-storage.yaml @@ -203,7 +203,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-disk-images-to-cdn/push-disk-images-to-cdn.yaml b/pipelines/managed/push-disk-images-to-cdn/push-disk-images-to-cdn.yaml index 7a777c15fd..5454e79283 100644 --- a/pipelines/managed/push-disk-images-to-cdn/push-disk-images-to-cdn.yaml +++ b/pipelines/managed/push-disk-images-to-cdn/push-disk-images-to-cdn.yaml @@ -230,7 +230,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-disk-images-to-marketplaces/push-disk-images-to-marketplaces.yaml b/pipelines/managed/push-disk-images-to-marketplaces/push-disk-images-to-marketplaces.yaml index 16301c4355..7918d4047f 100644 --- a/pipelines/managed/push-disk-images-to-marketplaces/push-disk-images-to-marketplaces.yaml +++ b/pipelines/managed/push-disk-images-to-marketplaces/push-disk-images-to-marketplaces.yaml @@ -236,7 +236,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-oot-kmods/push-oot-kmods.yaml b/pipelines/managed/push-oot-kmods/push-oot-kmods.yaml index 17caffe309..1ec2de8c3b 100644 --- a/pipelines/managed/push-oot-kmods/push-oot-kmods.yaml +++ b/pipelines/managed/push-oot-kmods/push-oot-kmods.yaml @@ -308,7 +308,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-rpm-to-koji/push-rpm-to-koji.yaml b/pipelines/managed/push-rpm-to-koji/push-rpm-to-koji.yaml index 2862a190f2..6b3b0b570e 100644 --- a/pipelines/managed/push-rpm-to-koji/push-rpm-to-koji.yaml +++ b/pipelines/managed/push-rpm-to-koji/push-rpm-to-koji.yaml @@ -203,7 +203,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-rpms-to-pulp/push-rpms-to-pulp.yaml b/pipelines/managed/push-rpms-to-pulp/push-rpms-to-pulp.yaml index df51ff70cf..fed82a1569 100644 --- a/pipelines/managed/push-rpms-to-pulp/push-rpms-to-pulp.yaml +++ b/pipelines/managed/push-rpms-to-pulp/push-rpms-to-pulp.yaml @@ -329,7 +329,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-tekton-task-bundles-to-external-registry/push-tekton-task-bundles-to-external-registry.yaml b/pipelines/managed/push-tekton-task-bundles-to-external-registry/push-tekton-task-bundles-to-external-registry.yaml index dde4b78837..611e296045 100644 --- a/pipelines/managed/push-tekton-task-bundles-to-external-registry/push-tekton-task-bundles-to-external-registry.yaml +++ b/pipelines/managed/push-tekton-task-bundles-to-external-registry/push-tekton-task-bundles-to-external-registry.yaml @@ -266,7 +266,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-to-addons-registry/push-to-addons-registry.yaml b/pipelines/managed/push-to-addons-registry/push-to-addons-registry.yaml index 40238c864e..5bd3136b8f 100644 --- a/pipelines/managed/push-to-addons-registry/push-to-addons-registry.yaml +++ b/pipelines/managed/push-to-addons-registry/push-to-addons-registry.yaml @@ -267,7 +267,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/push-to-external-registry/push-to-external-registry.yaml b/pipelines/managed/push-to-external-registry/push-to-external-registry.yaml index 33b0c9e5fe..4e7c68d62c 100644 --- a/pipelines/managed/push-to-external-registry/push-to-external-registry.yaml +++ b/pipelines/managed/push-to-external-registry/push-to-external-registry.yaml @@ -316,7 +316,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/release-to-github/release-to-github.yaml b/pipelines/managed/release-to-github/release-to-github.yaml index 5f8d3fc023..0224badb0e 100644 --- a/pipelines/managed/release-to-github/release-to-github.yaml +++ b/pipelines/managed/release-to-github/release-to-github.yaml @@ -227,7 +227,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/release-to-mrrc/release-to-mrrc.yaml b/pipelines/managed/release-to-mrrc/release-to-mrrc.yaml index 034d0f7d1a..71e7e4ac81 100644 --- a/pipelines/managed/release-to-mrrc/release-to-mrrc.yaml +++ b/pipelines/managed/release-to-mrrc/release-to-mrrc.yaml @@ -206,7 +206,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/release-to-nrrc/release-to-nrrc.yaml b/pipelines/managed/release-to-nrrc/release-to-nrrc.yaml index 6507ae1712..497ede64fd 100644 --- a/pipelines/managed/release-to-nrrc/release-to-nrrc.yaml +++ b/pipelines/managed/release-to-nrrc/release-to-nrrc.yaml @@ -206,7 +206,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/rh-advisories/rh-advisories.yaml b/pipelines/managed/rh-advisories/rh-advisories.yaml index e719461961..69f1040d46 100644 --- a/pipelines/managed/rh-advisories/rh-advisories.yaml +++ b/pipelines/managed/rh-advisories/rh-advisories.yaml @@ -380,7 +380,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/rh-push-helm-chart-to-registry-redhat-io/rh-push-helm-chart-to-registry-redhat-io.yaml b/pipelines/managed/rh-push-helm-chart-to-registry-redhat-io/rh-push-helm-chart-to-registry-redhat-io.yaml index 69229f1db5..3a11dedc1f 100644 --- a/pipelines/managed/rh-push-helm-chart-to-registry-redhat-io/rh-push-helm-chart-to-registry-redhat-io.yaml +++ b/pipelines/managed/rh-push-helm-chart-to-registry-redhat-io/rh-push-helm-chart-to-registry-redhat-io.yaml @@ -328,7 +328,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/rh-push-to-external-registry/rh-push-to-external-registry.yaml b/pipelines/managed/rh-push-to-external-registry/rh-push-to-external-registry.yaml index 0a7720925f..3db7e6fe8d 100644 --- a/pipelines/managed/rh-push-to-external-registry/rh-push-to-external-registry.yaml +++ b/pipelines/managed/rh-push-to-external-registry/rh-push-to-external-registry.yaml @@ -333,7 +333,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml b/pipelines/managed/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml index 5127bdd6a0..1ea0d8e0f4 100644 --- a/pipelines/managed/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml +++ b/pipelines/managed/rh-push-to-registry-redhat-io/rh-push-to-registry-redhat-io.yaml @@ -299,7 +299,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/rh-rpm-advisories/rh-rpm-advisories.yaml b/pipelines/managed/rh-rpm-advisories/rh-rpm-advisories.yaml index a3f79ab897..2776fe286e 100644 --- a/pipelines/managed/rh-rpm-advisories/rh-rpm-advisories.yaml +++ b/pipelines/managed/rh-rpm-advisories/rh-rpm-advisories.yaml @@ -223,7 +223,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/pipelines/managed/rhtap-service-push/rhtap-service-push.yaml b/pipelines/managed/rhtap-service-push/rhtap-service-push.yaml index 95daff1d8a..4d0327ca03 100644 --- a/pipelines/managed/rhtap-service-push/rhtap-service-push.yaml +++ b/pipelines/managed/rhtap-service-push/rhtap-service-push.yaml @@ -275,7 +275,7 @@ spec: - name: url value: https://github.com/conforma/tekton-catalog - name: revision - value: "515fb114f8cfeb9206ec5ffb90a6f9cf851cc941" + value: "1383873048e9bb8626c0e4b37c93da433b12e339" - name: pathInRepo value: "tasks/verify-conforma-konflux-ta/0.1/verify-conforma-konflux-ta.yaml" params: diff --git a/scripts/bump-conforma-revision.sh b/scripts/bump-conforma-revision.sh new file mode 100755 index 0000000000..d02e65d1bf --- /dev/null +++ b/scripts/bump-conforma-revision.sh @@ -0,0 +1,40 @@ +#!/usr/bin/env bash +set -euo pipefail + +# The Conforma task used in the pipelines in this repo is accessed with a git +# resolver, pinned for stability with a specific git sha. This script is used +# to update the git sha across all the pipelines to the current latest konflux +# branch. +# +# See also this workflow which updates the konflux branch in that repo: +# https://github.com/conforma/infra-deployments-ci/actions/workflows/konflux-policy.yaml +# +# It's likely this will be used in another GitHub workflow to either create a +# PR with this update, or perhaps to push it directly, but at time of writing +# this is not yet implemented. + +REPO_URL="https://github.com/conforma/tekton-catalog" +BRANCH="konflux" + +NEW_REV=$(git ls-remote "${REPO_URL}" "refs/heads/${BRANCH}" | cut -f1) + +if [[ -z "${NEW_REV}" ]]; then + echo "Error: could not resolve HEAD of ${BRANCH} branch in ${REPO_URL}" >&2 + exit 1 +fi + +echo "Updating conforma/tekton-catalog revision to ${NEW_REV}" + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" +REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)" + +count=0 +while IFS= read -r file; do + if sed -i -E \ + "/name: url/{N;/value: https:\/\/github\.com\/conforma\/tekton-catalog/{N;/name: revision/{N;s|(value: \")[a-f0-9]+(\")|\1${NEW_REV}\2|}}}" \ + "${file}"; then + count=$((count + 1)) + fi +done < <(grep -rl "${REPO_URL}" "${REPO_ROOT}/pipelines/") + +echo "Updated ${count} files"