Skip to content

🤖 [RHTAS-build-bot] [main] Update Component images #421

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
JasonPowr wants to merge 1 commit into
base: main
Choose a base branch
from
Open

🤖 [RHTAS-build-bot] [main] Update Component images #421

JasonPowr wants to merge 1 commit into from

Conversation

@JasonPowr
Copy link
Member

@JasonPowr JasonPowr commented Nov 20, 2025
edited
Loading

This PR contains the following changes

Image Old SHA New SHA
registry.redhat.io/rhtas/rekor-search-ui-rhel9 2d5b39c 0ef67e1
registry.redhat.io/rhtas/fulcio-rhel9 2417087 c6f70c1
registry.redhat.io/rhtas/certificate-transparency-rhel9 c7c6f0f ad9e4ff
registry.redhat.io/rhtas/createtree-rhel9 7132133 487f9df
registry.redhat.io/rhtas/client-server-rhel9 c81aaa8 b7a3348
registry.redhat.io/rhtas/timestamp-authority-rhel9 71a3899 7b3eb91
registry.redhat.io/rhtas/rekor-server-rhel9 405b309 da6bffd
registry.redhat.io/rhtas/trillian-logserver-rhel9 d5000a4 c600cd5
registry.redhat.io/rhtas/trillian-database-rhel9 0c9bb35 accd79b
registry.redhat.io/rhtas/rekor-backfill-redis-rhel9 aa83559 5bbf533
registry.redhat.io/rhtas/trillian-logsigner-rhel9 c95a757 57d81a3
registry.redhat.io/rhtas/tuffer-rhel9 0c30481 775909d
registry.redhat.io/rhtas/trillian-redis-rhel9 880b92a d8bfcfb

@JasonPowr JasonPowr requested a review from a team as a code owner November 20, 2025 16:20
@sourcery-ai
Copy link

sourcery-ai bot commented Nov 20, 2025
edited
Loading

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

This PR refreshes the default SHA256 digests for all RHTAS component images in the tas_single_node role to align with the latest builds.

File-Level Changes

Change Details Files
Bump SHA256 digests for tas_single_node component images
  • Update fulcio-server image digest
  • Update trillian-logserver image digest
  • Update trillian-logsigner image digest
  • Update rekor-server image digest
  • Update certificate-transparency (CT log) image digest
  • Update trillian-redis image digest
  • Update rekor-backfill-redis image digest
  • Update trillian-database image digest
  • Update tuffer (TUF) image digest
  • Update timestamp-authority image digest
  • Update rekor-search-ui image digest
  • Update createtree image digest
  • Update client-server image digest
 roles/tas_single_node/defaults/main.yml
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai bot reviewed Nov 20, 2025
View reviewed changes
Copy link

@sourcery-ai sourcery-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey there - I've reviewed your changes and they look great!

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@qodo-code-review
Copy link

qodo-code-review bot commented Nov 20, 2025
edited
Loading

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢
No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
🎫 No ticket provided
  • Create ticket/issue
Codebase Duplication Compliance
Codebase context is not defined

Follow the guide to enable codebase context checks.

Custom Compliance
🟢
Generic: Comprehensive Audit Trails

Objective: To create a detailed and reliable record of critical system actions for security analysis
and compliance.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Meaningful Naming and Self-Documenting Code

Objective: Ensure all identifiers clearly express their purpose and intent, making code
self-documenting

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Robust Error Handling and Edge Case Management

Objective: Ensure comprehensive error handling that provides meaningful context and graceful
degradation

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Error Handling

Objective: To prevent the leakage of sensitive system information through error messages while
providing sufficient detail for internal debugging.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Secure Logging Practices

Objective: To ensure logs are useful for debugging and auditing without exposing sensitive
information like PII, PHI, or cardholder data.

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

Generic: Security-First Input Validation and Data Handling

Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent
vulnerabilities

Status: Passed

Learn more about managing compliance generic rules or creating your own custom rules

  • Update
Compliance status legend 🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

@qodo-code-review
Copy link

qodo-code-review bot commented Nov 20, 2025
edited
Loading

PR Code Suggestions ✨

No code suggestions found for the PR.

@JasonPowr JasonPowr force-pushed the RHTAS-build-bot-update-component-images-main branch 12 times, most recently from 081275c to 9aabbf4 Compare November 27, 2025 15:23
fghanmi
fghanmi reviewed Nov 27, 2025
View reviewed changes
roles/tas_single_node/defaults/main.yml Outdated
"registry.redhat.io/rhtas/rekor-server-rhel9@sha256:799b0b86f83f0fdf450ecbd2726419570b15f6ec5ba5b814750d45b8269e4dac"
tas_single_node_rekor_monitor_image:
"registry.redhat.io/rhtas/rekor-monitor-rhel9@sha256:da3aa5c441653f00c4b558ef6ebf21fef518731e70f152a1fd3a750b1145d901"
"registry.redhat.io/rhtas/rekor-monitor-rhel9@sha256:2840122d748454c25a08d153431ed4585f8edfc83caf3a06565b274709874741"
Copy link
Member

@fghanmi fghanmi Nov 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@JasonPowr can we please avoid updating rekor-monitor until #399 is merged ?

Copy link
Member Author

@JasonPowr JasonPowr Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @fghanmi, sure you can avoid updating rekor-monitor, you will need to remove the image from https://github.com/securesign/releases/blob/main/.github/workflows/update-component-images.yaml#L71, that will stop it getting updated, then revert this change, please also do this for the operator

@JasonPowr JasonPowr force-pushed the RHTAS-build-bot-update-component-images-main branch 11 times, most recently from 183d293 to 44f0035 Compare November 28, 2025 16:11
@JasonPowr JasonPowr force-pushed the RHTAS-build-bot-update-component-images-main branch 28 times, most recently from 927ad48 to 6996be2 Compare January 9, 2026 17:53
@JasonPowr JasonPowr force-pushed the RHTAS-build-bot-update-component-images-main branch from 6996be2 to 9e874a3 Compare January 9, 2026 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

@fghanmi fghanmi fghanmi left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Review effort 1/5

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@JasonPowr @fghanmi