Skip to content

chore(deps): update konflux references#781

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/references/main
Open

chore(deps): update konflux references#781
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/references/main

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented May 26, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Notes
quay.io/konflux-ci/tekton-catalog/task-build-image-index (source, changelog) b33bfa870c52e8
quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta (source, changelog) 0.90.10 ⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-clair-scan (source, changelog) 8fad4c29ff424d
quay.io/konflux-ci/tekton-catalog/task-clamav-scan (source, changelog) 567cb6653a0232
quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta (source, changelog) 0.10.2 ⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta (source, changelog) 3dc78af92956e7
quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan (source, changelog) 41720da65370cc
quay.io/konflux-ci/tekton-catalog/task-sast-shell-check (source, changelog) 2cd09c9f0fb21c
quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check (source, changelog) 0.40.5 ⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check (source, changelog) c162d9d633cf55
quay.io/konflux-ci/tekton-catalog/task-show-sbom (source, changelog) a7346ed8fe70a9
quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta (source, changelog) 0917cfc7c5575a
quay.io/konflux-ci/tekton-catalog/task-summary (source, changelog) e1b8e4262c465f

Release Notes

konflux-ci/build-definitions (quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta)

v0.10

Fixed
  • Restores the /cachi2/cachi2.env mount that version 0.10.3 removed.
    Despite being an undocumented implementation detail, some builds use
    the presence of this file as an indicator that the build is hermetic.
    Enable them to do so for the time being.
konflux-ci/build-definitions (quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta)

v0.2


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 04:59 AM (* 0-4 * * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@codecov-commenter

codecov-commenter commented May 26, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.65%. Comparing base (86975a4) to head (c3ebc14).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #781   +/-   ##
=======================================
  Coverage   95.65%   95.65%           
=======================================
  Files          72       72           
  Lines        7118     7118           
=======================================
  Hits         6809     6809           
  Misses        309      309           
Flag Coverage Δ
unit-tests 95.65% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.


Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 86975a4...c3ebc14. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@happybhati

Copy link
Copy Markdown
Contributor

/retest

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch 5 times, most recently from 92e6bcc to 6dd8a60 Compare June 1, 2026 02:35
@happybhati

Copy link
Copy Markdown
Contributor

/retest

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch 3 times, most recently from 7f2955f to 7ce6bc8 Compare June 5, 2026 02:29
@johnbieren

Copy link
Copy Markdown
Collaborator

@happybhati @FilipNikolovski can you guys take a look at this? I don't want to wait for the utils image to fail conforma

@happybhati

Copy link
Copy Markdown
Contributor

/retest

1 similar comment
@happybhati

Copy link
Copy Markdown
Contributor

/retest

@happybhati

Copy link
Copy Markdown
Contributor

/ok-to-test

@happybhati

Copy link
Copy Markdown
Contributor

/retest

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch 5 times, most recently from c59f9ae to 6efcb82 Compare June 18, 2026 02:16
@happybhati

happybhati commented Jun 18, 2026

Copy link
Copy Markdown
Contributor

This MintMaker bump is blocked on arm64 builds failing after the task-buildah-remote-oci-ta 0.9 → 0.10 upgrade (Buildah 1.44 / stricter base-image arch checks via konflux-build-cli).

Failure (arm64 build-images task):

base image registry.redhat.io/rhtas/cosign-rhel9:1.3.3-1773309431 has architecture 'amd64', expected 'arm64'

Our Dockerfile uses multi-stage COPY --from stages that pull vendor images (cosign-rhel9, ec-rhel9, etc.) which are amd64-only manifests — we only copy arch-specific binaries into the final image (same pattern as #789 / conforma-cli). This worked on buildah 0.9; 0.10 rejects the arch mismatch.

Upstream fix: the build team is adding opt-in cross-platform support in konflux-ci/konflux-build-cli#136:

  • --allow-cross-platform-images / env KBC_BUILD_ALLOW_CROSS_PLATFORM_IMAGES=true downgrades mismatch to a warning
  • latest review consensus: the flag alone is sufficient (explicit FROM --platform=… is optional but still fine)
  • still needs to land in konflux-build-cli and be wired through the buildah task/pipeline

Recommendation: hold this PR until #136 merges and we have a utils-side fix (Dockerfile and/or pipeline env). Main is unaffected today on buildah 0.9.

Draft follow-up PR coming that combines the deps bump with the cross-platform build fix, blocked on #136.

@happybhati

Copy link
Copy Markdown
Contributor

Draft follow-up PR: #838 — combines the #781 deps bump with FROM --platform=linux/amd64 on vendor stages, blocked on konflux-build-cli#136.

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch 4 times, most recently from 1041a14 to 2765b1b Compare June 23, 2026 02:17
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch 5 times, most recently from dd4ea2b to 6e2159a Compare June 27, 2026 01:40
happybhati added a commit to happybhati/release-utils that referenced this pull request Jun 29, 2026
Add explicit linux/amd64 platform to vendor COPY stages and bump Konflux
task references (including buildah-remote-oci-ta 0.10) so MintMaker konflux-ci#781
can land once konflux-build-cli cross-platform support is available.

Co-authored-by: Cursor <cursoragent@cursor.com>
happybhati added a commit to happybhati/release-utils that referenced this pull request Jun 29, 2026
…onflux-ci#781

Set ALLOW_CROSS_PLATFORM_IMAGES=true on build-images so arm64 builds tolerate amd64-only vendor stages. Sync all Konflux task digests to MintMaker konflux-ci#781.

Signed-off-by: Happy Bhati <hbhati@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
happybhati added a commit to happybhati/release-utils that referenced this pull request Jun 29, 2026
Add FROM --platform=linux/amd64 on vendor COPY stages and set
ALLOW_CROSS_PLATFORM_IMAGES=true on build-images to tolerate amd64-only
vendor images on arm64. Align Konflux task digests with MintMaker konflux-ci#781
(buildah-remote-oci-ta 0.10, git-clone-oci-ta 0.2, and related bumps).

Signed-off-by: Happy Bhati <hbhati@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch from 6e2159a to fb5676a Compare June 29, 2026 17:43
happybhati added a commit to happybhati/release-utils that referenced this pull request Jun 29, 2026
Add FROM --platform=linux/amd64 on vendor COPY stages and set
ALLOW_CROSS_PLATFORM_IMAGES=true on build-images to tolerate amd64-only
vendor images on arm64. Run dnf update before package install to fix
glibc-devel resolution on amd64 with buildah 0.10 and UBI10. Align
Konflux task digests with MintMaker konflux-ci#781.

Signed-off-by: Happy Bhati <hbhati@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
happybhati added a commit to happybhati/release-utils that referenced this pull request Jun 29, 2026
Add FROM --platform=linux/amd64 on vendor COPY stages and set
ALLOW_CROSS_PLATFORM_IMAGES=true on build-images to tolerate amd64-only
vendor images on arm64. Bump UBI10 base to 10.2-1782277716 and run
dnf --allowerasing update before package install to resolve glibc 124/126
skew exposed by buildah-remote-oci-ta 0.10 on amd64. Align Konflux task
digests with MintMaker konflux-ci#781 (buildah-remote-oci-ta 0.10, git-clone-oci-ta
0.2, and related bumps).

Signed-off-by: Happy Bhati <hbhati@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
happybhati added a commit to happybhati/release-utils that referenced this pull request Jun 29, 2026
Add FROM --platform=linux/amd64 on vendor COPY stages and set
ALLOW_CROSS_PLATFORM_IMAGES=true on build-images to tolerate amd64-only
vendor images on arm64. Bump UBI10 base to 10.2-1782277716 and run
dnf --allowerasing update before package install to resolve glibc 124/126
skew exposed by buildah-remote-oci-ta 0.10 on amd64. Align Konflux task
digests with MintMaker konflux-ci#781 (buildah-remote-oci-ta 0.10, git-clone-oci-ta
0.2, and related bumps).

Signed-off-by: Happy Bhati <hbhati@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Signed-off-by: Happy Bhati <hbhati@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
happybhati added a commit to happybhati/release-utils that referenced this pull request Jun 29, 2026
Add FROM --platform=linux/amd64 on vendor COPY stages and set
ALLOW_CROSS_PLATFORM_IMAGES=true on build-images to tolerate amd64-only
vendor images on arm64. Bump UBI10 base to 10.2-1782277716 and drop
rpm-build from dnf install to avoid glibc 124/126 repo skew on amd64
(buildah-remote-oci-ta 0.10). Align Konflux task digests with MintMaker

Signed-off-by: Happy Bhati <hbhati@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
konflux-ci#781.
happybhati added a commit to happybhati/release-utils that referenced this pull request Jun 29, 2026
Add FROM --platform=linux/amd64 on vendor COPY stages and set
ALLOW_CROSS_PLATFORM_IMAGES=true on build-images to tolerate amd64-only
vendor images on arm64. Pin glibc-devel-2.39-124.el10_2 before dnf install
to work around UBI10 glibc-gconv-extra repo lag on amd64 with buildah 0.10.
Omit rpm-build until glibc-gconv-extra 126 is published. Bump UBI10 base
to 10.2-1782277716. Align Konflux task digests with MintMaker konflux-ci#781.

Signed-off-by: Happy Bhati <hbhati@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
happybhati added a commit to happybhati/release-utils that referenced this pull request Jun 29, 2026
Add FROM --platform=linux/amd64 on vendor COPY stages and set
ALLOW_CROSS_PLATFORM_IMAGES=true on build-images to tolerate amd64-only
vendor images on arm64. Pin glibc-devel-2.39-124.el10_2 before dnf
install to work around UBI10 glibc-gconv-extra repo lag on amd64 with
buildah 0.10. Omit rpm-build until glibc-gconv-extra 126 is published.
Bump UBI10 base to 10.2-1782277716. Align Konflux task digests with
MintMaker konflux-ci#781.

Signed-off-by: Happy Bhati <hbhati@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@seanconroy2021

Copy link
Copy Markdown
Member

/retest

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch 2 times, most recently from 867b6a3 to 54e82d7 Compare July 2, 2026 01:30
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch from 54e82d7 to c3ebc14 Compare July 3, 2026 01:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants