Skip to content

Commit 8848a9e

Browse files
fix: enable cross-platform vendor stages for buildah 0.10 arm64 builds
Add FROM --platform=linux/amd64 on vendor COPY stages and set ALLOW_CROSS_PLATFORM_IMAGES=true on build-images to tolerate amd64-only vendor images on arm64. Run dnf update excluding epel-release. Install glibc-devel before the main package install. Pin epel-release via a fixed noarch RPM URL for EC unique_version across arches. Switch SAST tasks to oci-ta variants with SOURCE_ARTIFACT for Trusted Artifacts pipelines. Bump UBI10 base and align Konflux task digests. Signed-off-by: Happy Bhati <hbhati@redhat.com> Co-authored-by: Cursor <cursoragent@cursor.com>
1 parent 586cbe7 commit 8848a9e

3 files changed

Lines changed: 70 additions & 55 deletions

File tree

.tekton/release-service-utils-standalone-pull-request.yaml

Lines changed: 31 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -63,7 +63,7 @@ spec:
6363
- name: name
6464
value: summary
6565
- name: bundle
66-
value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:e1b8e42962b0c6d9ebe95f3709c34ae5e1569b73941a79654248e0af55eb3ff9
66+
value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:a009e5892e0ef23f8c45fe98a96d6c56aff3bdc0343d994f30661e56ff901253
6767
- name: kind
6868
value: task
6969
resolver: bundles
@@ -171,7 +171,7 @@ spec:
171171
- name: name
172172
value: git-clone-oci-ta
173173
- name: bundle
174-
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:d30f13dd15daf89dd6dc645243b3444d35570d13f7840c3fd65e366022515205
174+
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.2@sha256:e46c6578476caa8814ffd3322deeb9533c5b57396aedc758e554a663ba984eee
175175
- name: kind
176176
value: task
177177
resolver: bundles
@@ -197,7 +197,7 @@ spec:
197197
- name: name
198198
value: prefetch-dependencies-oci-ta
199199
- name: bundle
200-
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:3dc78afbf3a441e0280067433cb28ea3d2d0088ec214c73bf063f145b4f273ef
200+
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:92956e75cd4714286f9c0c043f5301d1c0df1d750884edeceee87e0a91cc1975
201201
- name: kind
202202
value: task
203203
resolver: bundles
@@ -231,14 +231,16 @@ spec:
231231
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
232232
- name: BUILDAH_FORMAT
233233
value: $(params.buildah-format)
234+
- name: ALLOW_CROSS_PLATFORM_IMAGES
235+
value: "true"
234236
runAfter:
235237
- prefetch-dependencies
236238
taskRef:
237239
params:
238240
- name: name
239241
value: buildah-remote-oci-ta
240242
- name: bundle
241-
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f
243+
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.10@sha256:ae1b7a3010b37c55b7702de7a9d3ab61410f7931d1a77f15b3809395d31a9346
242244
- name: kind
243245
value: task
244246
resolver: bundles
@@ -260,7 +262,7 @@ spec:
260262
- name: name
261263
value: build-image-index
262264
- name: bundle
263-
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b33bfa8dc27dbf459f0779598ba45dcaa490bcc9f8efe1652bcf360ec8cb5582
265+
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:0b4251ea0fab38be2b1441bea2788220d4cf2963ffb854a0ed90992fbabbe122
264266
- name: kind
265267
value: task
266268
resolver: bundles
@@ -281,7 +283,7 @@ spec:
281283
- name: name
282284
value: source-build-oci-ta
283285
- name: bundle
284-
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0917cfc7772e82cb8e74743c2104f43bcf2596aceafe87eec6fce69a8cac5f06
286+
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:d8115c74aed42fe9b1b3df149c534ced09f33c7bc6e51449bcaf8ec50699b8a0
285287
- name: kind
286288
value: task
287289
resolver: bundles
@@ -330,7 +332,7 @@ spec:
330332
- name: name
331333
value: clair-scan
332334
- name: bundle
333-
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8fad4c2e2f470f82ee43d6b2ac72327b4d9c6e9cb514a678911c1c9359c29894
335+
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9ff424d913dd7681031a93d8bdbed622cd5536633f8ed0dbb4a9021055cf9d21
334336
- name: kind
335337
value: task
336338
resolver: bundles
@@ -345,16 +347,20 @@ spec:
345347
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
346348
- name: image-url
347349
value: $(tasks.build-image-index.results.IMAGE_URL)
350+
- name: SOURCE_ARTIFACT
351+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
352+
- name: CACHI2_ARTIFACT
353+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
348354
- name: TARGET_DIRS
349355
value: $(params.sast-target-dirs)
350356
runAfter:
351357
- build-image-index
352358
taskRef:
353359
params:
354360
- name: name
355-
value: sast-snyk-check
361+
value: sast-snyk-check-oci-ta
356362
- name: bundle
357-
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:566753ca880764361b11f2c67d8e62dda94f829b11cb48e4716f27568216a481
363+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.5@sha256:91980bb3d6ba0b200a2030f2be0722da0fbc9338c0c6ff897d0005a2f1259a9b
358364
- name: kind
359365
value: task
360366
resolver: bundles
@@ -363,25 +369,26 @@ spec:
363369
operator: in
364370
values:
365371
- "false"
366-
workspaces:
367-
- name: workspace
368-
workspace: workspace
369372
- name: sast-shell-check
370373
params:
371374
- name: image-digest
372375
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
373376
- name: image-url
374377
value: $(tasks.build-image-index.results.IMAGE_URL)
378+
- name: SOURCE_ARTIFACT
379+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
380+
- name: CACHI2_ARTIFACT
381+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
375382
- name: TARGET_DIRS
376383
value: $(params.sast-target-dirs)
377384
runAfter:
378385
- build-image-index
379386
taskRef:
380387
params:
381388
- name: name
382-
value: sast-shell-check
389+
value: sast-shell-check-oci-ta
383390
- name: bundle
384-
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:2cd09c97b9f0fae9c7bcd26d956f77221fb7137ee8b2ef17e7351b5e6f1eb89e
391+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:fc685d6f7dfb7c9ab2f2db38bbe2c8d383407847350ccd8b96352322c487b13c
385392
- name: kind
386393
value: task
387394
resolver: bundles
@@ -390,25 +397,27 @@ spec:
390397
operator: in
391398
values:
392399
- "false"
393-
workspaces:
394-
- name: workspace
395-
workspace: workspace
400+
workspaces: []
396401
- name: sast-unicode-check
397402
params:
398403
- name: image-digest
399404
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
400405
- name: image-url
401406
value: $(tasks.build-image-index.results.IMAGE_URL)
407+
- name: SOURCE_ARTIFACT
408+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
409+
- name: CACHI2_ARTIFACT
410+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
402411
- name: TARGET_DIRS
403412
value: $(params.sast-target-dirs)
404413
runAfter:
405414
- build-image-index
406415
taskRef:
407416
params:
408417
- name: name
409-
value: sast-unicode-check
418+
value: sast-unicode-check-oci-ta
410419
- name: bundle
411-
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.4@sha256:c162d9d0cd1e4c64dfc340577ba8e6bf55ebd1bb859fe3157217de9b4473c640
420+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:5807ffe3a0cca5cf970076bbc7a404642cc6e3eebe64e9e5e6a4f20da740bf73
412421
- name: kind
413422
value: task
414423
resolver: bundles
@@ -417,9 +426,7 @@ spec:
417426
operator: in
418427
values:
419428
- "false"
420-
workspaces:
421-
- name: workspace
422-
workspace: workspace
429+
workspaces: []
423430
- name: clamav-scan
424431
params:
425432
- name: image-digest
@@ -433,7 +440,7 @@ spec:
433440
- name: name
434441
value: clamav-scan
435442
- name: bundle
436-
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:567cb66bd2e1f4b58b9d4d756f3317fc62479e0b40aa0de66094b1f12d296cfc
443+
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:53a02326bfb930ca5ef6bfa7a33acca833d57752f34f3cb79255fe2e25e7d217
437444
- name: kind
438445
value: task
439446
resolver: bundles
@@ -460,7 +467,7 @@ spec:
460467
- name: name
461468
value: rpms-signature-scan
462469
- name: bundle
463-
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:41720da9dfe26f33b0bdc46bbf8667a27dae4790d8e5c5f4412224658de7b213
470+
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:65370ccb44ff82e4ce128addd913f3c96b298607b3760ee1339ed10011a4bd6b
464471
- name: kind
465472
value: task
466473
resolver: bundles

.tekton/release-service-utils-standalone-push.yaml

Lines changed: 31 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -56,7 +56,7 @@ spec:
5656
- name: name
5757
value: summary
5858
- name: bundle
59-
value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:e1b8e42962b0c6d9ebe95f3709c34ae5e1569b73941a79654248e0af55eb3ff9
59+
value: quay.io/konflux-ci/tekton-catalog/task-summary:0.2@sha256:a009e5892e0ef23f8c45fe98a96d6c56aff3bdc0343d994f30661e56ff901253
6060
- name: kind
6161
value: task
6262
resolver: bundles
@@ -164,7 +164,7 @@ spec:
164164
- name: name
165165
value: git-clone-oci-ta
166166
- name: bundle
167-
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:d30f13dd15daf89dd6dc645243b3444d35570d13f7840c3fd65e366022515205
167+
value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.2@sha256:e46c6578476caa8814ffd3322deeb9533c5b57396aedc758e554a663ba984eee
168168
- name: kind
169169
value: task
170170
resolver: bundles
@@ -190,7 +190,7 @@ spec:
190190
- name: name
191191
value: prefetch-dependencies-oci-ta
192192
- name: bundle
193-
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:3dc78afbf3a441e0280067433cb28ea3d2d0088ec214c73bf063f145b4f273ef
193+
value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.3@sha256:92956e75cd4714286f9c0c043f5301d1c0df1d750884edeceee87e0a91cc1975
194194
- name: kind
195195
value: task
196196
resolver: bundles
@@ -224,14 +224,16 @@ spec:
224224
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
225225
- name: BUILDAH_FORMAT
226226
value: $(params.buildah-format)
227+
- name: ALLOW_CROSS_PLATFORM_IMAGES
228+
value: "true"
227229
runAfter:
228230
- prefetch-dependencies
229231
taskRef:
230232
params:
231233
- name: name
232234
value: buildah-remote-oci-ta
233235
- name: bundle
234-
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.9@sha256:f667d1146533b1d49829c08097e31faf27db24563da576434a707353de62099f
236+
value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.10@sha256:ae1b7a3010b37c55b7702de7a9d3ab61410f7931d1a77f15b3809395d31a9346
235237
- name: kind
236238
value: task
237239
resolver: bundles
@@ -253,7 +255,7 @@ spec:
253255
- name: name
254256
value: build-image-index
255257
- name: bundle
256-
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:b33bfa8dc27dbf459f0779598ba45dcaa490bcc9f8efe1652bcf360ec8cb5582
258+
value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.3@sha256:0b4251ea0fab38be2b1441bea2788220d4cf2963ffb854a0ed90992fbabbe122
257259
- name: kind
258260
value: task
259261
resolver: bundles
@@ -274,7 +276,7 @@ spec:
274276
- name: name
275277
value: source-build-oci-ta
276278
- name: bundle
277-
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:0917cfc7772e82cb8e74743c2104f43bcf2596aceafe87eec6fce69a8cac5f06
279+
value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:d8115c74aed42fe9b1b3df149c534ced09f33c7bc6e51449bcaf8ec50699b8a0
278280
- name: kind
279281
value: task
280282
resolver: bundles
@@ -323,7 +325,7 @@ spec:
323325
- name: name
324326
value: clair-scan
325327
- name: bundle
326-
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:8fad4c2e2f470f82ee43d6b2ac72327b4d9c6e9cb514a678911c1c9359c29894
328+
value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9ff424d913dd7681031a93d8bdbed622cd5536633f8ed0dbb4a9021055cf9d21
327329
- name: kind
328330
value: task
329331
resolver: bundles
@@ -338,16 +340,20 @@ spec:
338340
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
339341
- name: image-url
340342
value: $(tasks.build-image-index.results.IMAGE_URL)
343+
- name: SOURCE_ARTIFACT
344+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
345+
- name: CACHI2_ARTIFACT
346+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
341347
- name: TARGET_DIRS
342348
value: $(params.sast-target-dirs)
343349
runAfter:
344350
- build-image-index
345351
taskRef:
346352
params:
347353
- name: name
348-
value: sast-snyk-check
354+
value: sast-snyk-check-oci-ta
349355
- name: bundle
350-
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:566753ca880764361b11f2c67d8e62dda94f829b11cb48e4716f27568216a481
356+
value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta:0.5@sha256:91980bb3d6ba0b200a2030f2be0722da0fbc9338c0c6ff897d0005a2f1259a9b
351357
- name: kind
352358
value: task
353359
resolver: bundles
@@ -356,25 +362,26 @@ spec:
356362
operator: in
357363
values:
358364
- "false"
359-
workspaces:
360-
- name: workspace
361-
workspace: workspace
362365
- name: sast-shell-check
363366
params:
364367
- name: image-digest
365368
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
366369
- name: image-url
367370
value: $(tasks.build-image-index.results.IMAGE_URL)
371+
- name: SOURCE_ARTIFACT
372+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
373+
- name: CACHI2_ARTIFACT
374+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
368375
- name: TARGET_DIRS
369376
value: $(params.sast-target-dirs)
370377
runAfter:
371378
- build-image-index
372379
taskRef:
373380
params:
374381
- name: name
375-
value: sast-shell-check
382+
value: sast-shell-check-oci-ta
376383
- name: bundle
377-
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:2cd09c97b9f0fae9c7bcd26d956f77221fb7137ee8b2ef17e7351b5e6f1eb89e
384+
value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta:0.1@sha256:fc685d6f7dfb7c9ab2f2db38bbe2c8d383407847350ccd8b96352322c487b13c
378385
- name: kind
379386
value: task
380387
resolver: bundles
@@ -383,25 +390,27 @@ spec:
383390
operator: in
384391
values:
385392
- "false"
386-
workspaces:
387-
- name: workspace
388-
workspace: workspace
393+
workspaces: []
389394
- name: sast-unicode-check
390395
params:
391396
- name: image-digest
392397
value: $(tasks.build-image-index.results.IMAGE_DIGEST)
393398
- name: image-url
394399
value: $(tasks.build-image-index.results.IMAGE_URL)
400+
- name: SOURCE_ARTIFACT
401+
value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
402+
- name: CACHI2_ARTIFACT
403+
value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
395404
- name: TARGET_DIRS
396405
value: $(params.sast-target-dirs)
397406
runAfter:
398407
- build-image-index
399408
taskRef:
400409
params:
401410
- name: name
402-
value: sast-unicode-check
411+
value: sast-unicode-check-oci-ta
403412
- name: bundle
404-
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.4@sha256:c162d9d0cd1e4c64dfc340577ba8e6bf55ebd1bb859fe3157217de9b4473c640
413+
value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta:0.4@sha256:5807ffe3a0cca5cf970076bbc7a404642cc6e3eebe64e9e5e6a4f20da740bf73
405414
- name: kind
406415
value: task
407416
resolver: bundles
@@ -410,9 +419,7 @@ spec:
410419
operator: in
411420
values:
412421
- "false"
413-
workspaces:
414-
- name: workspace
415-
workspace: workspace
422+
workspaces: []
416423
- name: clamav-scan
417424
params:
418425
- name: image-digest
@@ -426,7 +433,7 @@ spec:
426433
- name: name
427434
value: clamav-scan
428435
- name: bundle
429-
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:567cb66bd2e1f4b58b9d4d756f3317fc62479e0b40aa0de66094b1f12d296cfc
436+
value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:53a02326bfb930ca5ef6bfa7a33acca833d57752f34f3cb79255fe2e25e7d217
430437
- name: kind
431438
value: task
432439
resolver: bundles
@@ -453,7 +460,7 @@ spec:
453460
- name: name
454461
value: rpms-signature-scan
455462
- name: bundle
456-
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:41720da9dfe26f33b0bdc46bbf8667a27dae4790d8e5c5f4412224658de7b213
463+
value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:65370ccb44ff82e4ce128addd913f3c96b298607b3760ee1339ed10011a4bd6b
457464
- name: kind
458465
value: task
459466
resolver: bundles

0 commit comments

Comments
 (0)