fix(RELEASE-2158): fix push-to-external-registry for self-hosted Quay

Fix remaining incompatibilities in the push-to-external-registry
pipeline when used with self-hosted Quay instances:

- make-repo-public: detect Quay registries via /api/v1/discovery API
  instead of hardcoding quay.io. Enforce single Quay registry limit
  per release due to how the API token is passed. Add custom CA bundle
  support for self-signed certificates.
- collect-signing-params, collect-tpa-params: mount trusted CA to
  system cert paths, consistent with other tasks in the pipeline.

The mobster augment-component-sboms task is updated with trusted-ca
mounts in a companion PR [1].

Self-hosted Quay e2e test improvements:
- Enable SBOM tasks (TPA and signing) by adding required secrets
  to the vault and configuring the Conforma public key.
- Add verification that released repository is made public.

Other changes:
- Remove duplicated diagnoseFailedPLR function in wait-for-release.sh,
  use shared diagnose_failed_pipelinerun from test-functions.sh.

[1] konflux-ci/mobster#360

Assisted-by: Cursor
Signed-off-by: Lubomir Gallovic <lgallovi@redhat.com>

Author: querti

integration-tests/push-to-external-registry-self-hosted-quay/resources/managed/ec-policy.yaml

@@ -7,7 +7,7 @@ metadata:
     originating-tool: "${originating_tool}"
 spec:
   description: "Red Hat's enterprise requirements"
-  publicKey: "k8s://${managed_namespace}/cosign-public-key"
+  publicKey: "k8s://openshift-pipelines/public-key"
   sources:
     - name: Release Policies
       data:

integration-tests/push-to-external-registry-self-hosted-quay/resources/managed/rpa.yaml

@@ -19,6 +19,12 @@ spec:
         pushSourceContainer: false
         public: true
       registrySecret: quay-api-token
+    tpa:
+      server: stage
+      atlas-sso-secret-name: "atlas-staging-sso-secret-${component_name}"
+      atlas-retry-aws-secret-name: "atlas-retry-s3-staging-secret-${component_name}"
+    sign:
+      cosignSecretName: "konflux-cosign-signing-stage-${component_name}"
   origin: ${tenant_namespace}
   pipeline:
     pipelineRef:

integration-tests/push-to-external-registry-self-hosted-quay/test-kind.sh

@@ -258,6 +258,19 @@ kubectl create secret generic quay-api-token \
 echo "  Created: hacbs-release-tests-token, release-catalog-trusted-artifacts-quay-secret,"
 echo "           quay-api-token"
 
+# --- Step 4b: Update Conforma public key for SBOM attestation verification ---
+echo "=== Updating openshift-pipelines/public-key for Conforma verification ==="
+# ${component_name} is a literal string here, not a shell variable — the secrets
+# file contains this placeholder as-is (envsubst expands it in other contexts).
+PUBLIC_KEY_VALUE=$(yq \
+    'select(.metadata.name == "konflux-cosign-signing-stage-${component_name}") | .data.PUBLIC_KEY' \
+    "${SCRIPT_DIR}/resources/managed/secrets/managed-secrets.yaml" | base64 -d)
+kubectl create secret generic public-key \
+    --namespace=openshift-pipelines \
+    --from-literal=cosign.pub="${PUBLIC_KEY_VALUE}" \
+    --dry-run=client -o yaml | kubectl apply -f -
+echo "  Updated: openshift-pipelines/public-key"
+
 # --- Step 5: Apply kustomize resource templates ---
 echo "=== Applying Kubernetes resources ==="
 
@@ -414,6 +427,18 @@ else
     failures=$((failures+1))
 fi
 
+echo "  Verifying released repository is public..."
+VISIBILITY_RESPONSE=$(curl -4 -sk "https://localhost:8443/api/v1/repository/${RELEASED_REPO}" \
+    -H "Authorization: Bearer ${TOKEN}" 2>/dev/null)
+is_public=$(echo "$VISIBILITY_RESPONSE" | jq -r '.is_public // false' 2>/dev/null)
+if [ "$is_public" = "true" ]; then
+    echo "    Released repository is public"
+else
+    echo "    ERROR: Released repository is not public"
+    echo "    Response: ${VISIBILITY_RESPONSE}"
+    failures=$((failures+1))
+fi
+
 kill "${VERIFY_PF_PID}" 2>/dev/null || true
 VERIFY_PF_PID=""
 

integration-tests/push-to-external-registry-self-hosted-quay/vault/managed-secrets.yaml

@@ -1,26 +1,158 @@
 $ANSIBLE_VAULT;1.1;AES256
-33303665346239386633356466626537356632383364343063643665636564613338653239363439
-3462626630343961303339393265366134323262623962340a313139653036313638333261626362
-35316361396566616135663436656262386638366630333434386364386639316138613337323837
-6534353564623165390a626533346134616336616634373039656437666262636661363165653663
-32323430646438306438333834383835626136326365356239636366303163323365366239623330
-39666161303465316630363830353964393764373139353234653661316334343537313930643834
-65396466643535326337663763333139343136373637313164313432633362646531613734353335
-65626133386462326334303963386466323364343138356135366231396435343961666236633461
-31633131656234653537623530643835303437373363356666616439313263633135613935396335
-34336432336438656234633865333561383934666463343735663038663263353135633138363565
-34643437666335383161343037336434376337313965306131643534363830623739626333323165
-33363233616438383065303238373065393539646566646530353736393430303339353261663138
-30656663326538363861376463663431353239356634356132623337373135343034323234333361
-66633062393839356165303336666664656633306639313033306463396262616532646330636536
-66306564613536643764326161373738373062386663646633323330366137646435376137376133
-65666639373035323430616461336538396263333061313364646566363634646638386632373364
-35336433373036346235373331313537333863343038616330663663373864303730616136336234
-38333965656363643261623433633539396637343137333636393333636334326132373434633632
-37666562373362653539306161393061393337356136636164303033616231386363633866636535
-63353661393838333763633431353138653231396634316336393439373165343865306563303333
-30303866306134353464326636383166373530613733636431376336616365353433666431636338
-65306533313739323631646132353664326232613931326237306138376536343464323433343736
-33663863343262383836376538626330393335353431656666636438336635343138643962623632
-35353334386439333734373135666138316439653961306430663365666537363233333461373135
-33646133663063373631623331393032366630386138663332303163643161643135
+37376566376231663736303562393031363539366364343537613833643438623536333536626135
+6630336365393236656632646632613239613739303130320a623466363539353564303465313134
+39643234663837656639326431363736343031383238313333613966633965383033656639303661
+6237643137346234630a313464396333333764363665323561366361646463343166323665326165
+61393234343936613236646163636338663235656634666438366131653131643634663261636639
+66333236303135393162663336386262613336653433346362643966383361393963653738313030
+65346338383132633339633461633936313739376466316635393332656166343735653335383935
+66643334616564656232313261313061636639616130313236616231303033633735336638353939
+61393533646134353033313335316265393034396664353461373935336363303562333837343235
+35623335356236383965636236636233376333633933396363633637646137353330346130613834
+66613633626439663933636634363431343035633333326563393266656534636335343462333433
+66333461303664373036336465663339396531376463626161613235643231346663656436623634
+32383038303866356432666637306433653265613761393965383734646236646661616237343735
+64386661346539366434316633323465393266373831303838623039666633393638326163393835
+31636265316338663161306462613232313031393265383236343664646163323962383633303364
+63643239656231613362646561626238366262303738323237613732323139353636326430613863
+65336163353033303563366162346466393934386663363761613536643365626437623432353464
+61393239366464386537346565343662343030323562653839353731343031303664643261316131
+65616466623265373832353830306430633866396431376533363935393730336436363366613935
+35363739383130663631303736656262646265376136376265663539656366336465303537303961
+63663534313431613737636237353830363033336431353834353265656364336535353762383730
+30363631643862333432303439643739363238646330366234343265313735323836346233333637
+61633936663964613539656132623138373135316137343866616162656632386133643564326431
+38636430646665663861326637623134313066636663643564353235366433363730363934373436
+66343335313331396432636133343237346332336666363433386530343535633037623265343432
+34336661663863643931653263636134646436616131333335323530366364353637393935393036
+32393530663134623636383265386333623134333630646339616638656661346639663838323038
+31653839653566666433383561316566346238333066306134303331636166623337333039623633
+34656665316333396339333865303230386639623365636335326431666665356165626465656263
+61373137396562376530623535313135393434363734313531633864376366313139613865306132
+32626161613030323035633238396630383930643833633431613263313639363034343032376564
+31366234336361656631666635613437343531646664616564326465653961656264663464376562
+30393861313036323634303632363736373137636431363036383339613564316536346366623333
+63656633626166626438363866393935313934376661353931346535303865373232643733636636
+34653739366164353863666638646266626631303638383033356433333731623261383939383330
+63636330346366313532623036616166616631656234633039623965303035633231343738356364
+37313166383136633034366138643833613730356139393831653239643136396634623130663735
+30353036643263353061346130323733393963393731383730646462646437666637356436343633
+30343932306464316236663133643831613230623136353765636465643336353730636330633731
+63396566303238386630633834353133313230356361616330346335323861636234373633666234
+66346264343661306665633432343032346362363835353563326565323439343637616533356636
+66383637303733366633393562643766373463303536663239306138363031303866623836323932
+31383739623464303538363739306532313332373333636334646362656331366561663336613336
+39623566643538373365366339653963376430373635373763616462336463343936306432343834
+66633163373633333533336530363034666339666237666162303435646464393234613135623265
+31653731656565316439633830623338643733373237396432363666626638326336633866626362
+33383033326365303265636164613137646561633236623766323530313834353562303831316535
+30373163316562616263313934646336336230316532343934336233323963353733333939363766
+61393066333833613332373333383233393163653437323038653632316535306266343837316132
+65343665666563323235343861373833646266343034626561643339303464313434333263663733
+65306366333730636333636461653634636365386163636634383264663736613365636338306464
+32363039363265356666373962653137363334303436653930313936623633663131386262616166
+31316264633136353065356138633135353461323637316236663333373132363136386164346139
+63303931663266646463343235666233326463656236643231616666663061376335336562393763
+62666533353731346238386331653731616665316365383335396631303665353833306264366439
+63346633363330646364356630656639336166623239336533343362376533663139316330376630
+62346436633536623364356363656234636662303765633338326235666535316635396133356361
+34396632396536346164396138623461313539373063376636626134313563613162393164363937
+30613963373565383739373466653061346261613232393462613737376262616230336263653431
+65343532376462663038346339636136663034636234313966353563636537613339356130633064
+30323961353066626230353066363737666165663733356232356132646234346566343134333932
+63633966313662313137353333393165346235373332636463313864616535363964363635373162
+31666662346635613038303530653130343366303830386331626238343631623433663231373662
+38386664333363343935623966303330653434663366656538656130316166613132646361633630
+34616332376365346336656637636363386435306261366366626432376166663365613337386130
+64306630363865383361376630646138306534326365303063663731356339613866306530656533
+65393063396439383438366262633735343331653634336533356264643930653835646332646535
+37323464363362653336326439623839653833396235383930623937373333353733336639346532
+37333065376563303835356430333861376361616332643363343334643934383330643864326231
+33663137353565633738396635343933656634333662643963616137366538646237646233623834
+62363364643562623231636631323636323262333731346566343161656239383534303066376464
+66383436623431643331396565333439326438303162353438613765663665646463613731353839
+33623933656339396632656236353465336638323738346433636438386266396533396339353032
+35383532353364623839643963303837613030616230626437323562396237636137626338376564
+62303731653663653935323263313239303437373935656431346430346664346134663839363865
+34393634313563313135323137376435376261386365313337626161373532376138383764616265
+33376564633033663638373233666532643535306137343831633665316638636565353765613964
+65376435616333353730393761666632663132333937626333663734363362643830646335656633
+64616438306563633265393337643937346239663031393163613362343036373532303561336435
+61333036646565303965333433326338373633613931623232393230333136303531623930383139
+31366133336162663538313732306564613438623862346632646136373239333937313864303538
+32353330333031343066383934656439323833363135653131613963333938346435316364636562
+32653731643134383365663365356231366562663038306132636239653539653239383936373164
+61383730613339343830333134303832616633303331336635623132373834636264343965333034
+62636165633464343739386465663066353530363563653763643664613636653864666233643666
+62633861353834393230373933346239326564326138656165383630346538353261383963643364
+38316139353733356630353465313134386534656537643739663136636337646237636566613933
+37396137316132663161376239356463343833363338313939336366373439393533393365663034
+31643937633732396532613430353461316138373262306266323663346431653437366330633438
+62303430343561653839663265643362383333333437376435393162313130333966323763643862
+32636262643939656462396361633063356261663632366637373838323039393837313938613330
+36613564323361353864656634323263376164663531663865633364393865383735313737633935
+32633732393861646466306535303566623934333461363164343362343131356635663136376262
+37393563613861393037393433616337343732383366363730616336356131333866303936333662
+61346132613231646132323165363761373264313263633430663139303432353030656562636136
+66383533633439326431336537333639346236326164363863346630333433663039356362333138
+37373563636332353332326132386537613064613830336634383534323334343339393436376461
+38666238333839646536333434653337383333616165333366616639636437363535653636346238
+32383363366538313831633663663265646531653934623435316333303232346564383865326232
+30336134343232656164396435666462626461663432623534363165663762393133353031313532
+30303639333936643931396135396666656163616661336466636435616432303735636635626636
+62626366316431373530653230303261633963343830323865636437343666386632316163613637
+31393132373735363465313162303432336362616535363131663965663138376432386631333631
+64376661663832663564303334643835363432666432663534356434383433303038303266363761
+37643364613131383538383137353662333363653133313733313934646435636330363961386661
+62373463623066373433626464333432356161333933363264653938323333376434363336366632
+33353137623161303433633066633132613133666462636463366466663638326431343830333731
+39363336643761383230613663383462393363636133663364313833633866623137373936623661
+65633237356634393638333664303136313634363365653462343536333538636439376238633662
+37663337313837376366633862306136383936383939386565636331316562666164636665343632
+35386363363839396366373131313866383561616166623734303135376461613162653333366635
+37663030316565643537643139383730343338653565373736633838333934633538303864326431
+37336563323737356236343135653361643332373866373161656330333439383532323961336165
+66333862323133383636306362363833663735663561356331613433343634313339346339616132
+65316531336533326563653265666363313033303065343331393066656336323037383661346631
+62316665333763663533653133323539356364666235383230646332643037363832306334393462
+66373733636663656530343633623764363433346535623038616663383134386165623133383866
+31633131666439306132643933613236343438336139343732653366646161613062633066616166
+38396639306235343961623764626636343231653061623763666532303837396462363133396434
+33356366666439633838323431366663356663316633323761393061343062323064356335343733
+66326261643837373863613633653063613134666535643535383439623366373463363935613436
+65353332393462393832663532316439353062336164313565383831623832393266373336613663
+66633232393766633930663437353235333066393131396439363466396366646466326432313535
+36353638666663643362393332653932396363626264653463383334366662353763663231656130
+64306562343730323239353463373262316130313866313837306334643532396239386538643137
+38313963643166366461653562333338303866653835393034306132613835343563663631306536
+63303262353264623264303030393564663338313737656331396165323832343839373164366565
+37366234326636626562616462306165623639663264653430333766363461306639313564633763
+61316638323532366361363238353732323364376533316664613737656137363233626335613031
+63626139633763323739326438626234313231643731643936336661343736616436663265356333
+31343231383730623764336361346337656564363433303565386537656134663131386531383737
+62663234363564636235313037343834303435663434326238663861343134323863666434666337
+37633231383232306139333332636262323464393231386364386461323965363965363431663364
+62346134393839333133316137366635366666646563326637663332313235323931376334303763
+63646562613662363965666131636639373933393665393662326363353131663266393435383830
+39626139393937613534393638303432623530346138343234666162363666366130663939633037
+63383361623564616635323732613730663262653432633234316538633935303062623838316232
+35323239333964353435326162653337383437313663336631346637623738316535303665383734
+35306334383530383536653964663565623332316362393430626534636334393631373833353738
+62626532323730333966636639343862633362393539326338643037643565626239356431656665
+61373135343533666139613063373631633666393964306437363335303333383861383138663465
+31646264376334623865323433303361656666343130376561356239363934303061303932633332
+62653533383037613363613537393866616564626531353531626563663439393738386138626339
+66323236383631353131656663626430396635326531346633613463646464636637393033636333
+63356433363666646434353362646565373332393065376261323234626666373537303536353635
+34396466613235326165323330303133376162646238643833663531666633383639313463616662
+33623330376532323330336364623930663061316235323164326139363365666339613432653161
+34323832373166356639663034333961366663313265353439396134653661346337626565373630
+30636564613063303361343234373735316663656236383333653864636366386435393366313630
+64316665623231346137616238363463343961393334643233643063616266616330356434656234
+30616463653164393439343262333364626332356562313431363261353035663164663634613637
+61313133393563356664653133633361626434626532623931306664346565633936396335346132
+65383936303261653632643130366430646461306330613731313363313331616266363237313738
+37653136646432333065393165306231626262383565313333386433636236343539663434363635
+34333463376433636330353839373563353836323133333032636261656665323330633466613562
+35343333336434353964623336363735323261353535303833393134336436393134386261613231
+3231