diff --git a/.tekton/client-server-cg-pull-request.yaml b/.tekton/client-server-cg-pull-request.yaml index 345f1836be2..b26a983bf97 100644 --- a/.tekton/client-server-cg-pull-request.yaml +++ b/.tekton/client-server-cg-pull-request.yaml @@ -309,6 +309,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: sast-snyk-check runAfter: - build-container diff --git a/.tekton/client-server-cg-push.yaml b/.tekton/client-server-cg-push.yaml index 4c0f86279f1..f8a7644afc3 100644 --- a/.tekton/client-server-cg-push.yaml +++ b/.tekton/client-server-cg-push.yaml @@ -307,6 +307,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: sast-snyk-check runAfter: - build-container diff --git a/.tekton/client-server-f-pull-request.yaml b/.tekton/client-server-f-pull-request.yaml index 21487e5c787..3f00919064f 100644 --- a/.tekton/client-server-f-pull-request.yaml +++ b/.tekton/client-server-f-pull-request.yaml @@ -323,6 +323,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: ecosystem-cert-preflight-checks params: - name: image-url diff --git a/.tekton/client-server-f-push.yaml b/.tekton/client-server-f-push.yaml index 5af120dc045..b915e4fcd6f 100644 --- a/.tekton/client-server-f-push.yaml +++ b/.tekton/client-server-f-push.yaml @@ -320,6 +320,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: ecosystem-cert-preflight-checks params: - name: image-url diff --git a/.tekton/client-server-pull-request.yaml b/.tekton/client-server-pull-request.yaml index af705102458..60b07d53799 100644 --- a/.tekton/client-server-pull-request.yaml +++ b/.tekton/client-server-pull-request.yaml @@ -324,6 +324,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: ecosystem-cert-preflight-checks params: - name: image-url diff --git a/.tekton/client-server-push.yaml b/.tekton/client-server-push.yaml index 365cbd3233c..867995f63bb 100644 --- a/.tekton/client-server-push.yaml +++ b/.tekton/client-server-push.yaml @@ -321,6 +321,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: ecosystem-cert-preflight-checks params: - name: image-url diff --git a/.tekton/client-server-re-pull-request.yaml b/.tekton/client-server-re-pull-request.yaml index edbaacdd4c8..9ab9aa4ddde 100644 --- a/.tekton/client-server-re-pull-request.yaml +++ b/.tekton/client-server-re-pull-request.yaml @@ -309,6 +309,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: sast-snyk-check runAfter: - build-container diff --git a/.tekton/client-server-re-push.yaml b/.tekton/client-server-re-push.yaml index 2c713be659e..71556bf33ab 100644 --- a/.tekton/client-server-re-push.yaml +++ b/.tekton/client-server-re-push.yaml @@ -307,6 +307,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: sast-snyk-check runAfter: - build-container diff --git a/.tekton/cosign-pull-request.yaml b/.tekton/cosign-pull-request.yaml index 0f342bd0b6b..5cb5a2fc94e 100644 --- a/.tekton/cosign-pull-request.yaml +++ b/.tekton/cosign-pull-request.yaml @@ -293,6 +293,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: sast-snyk-check runAfter: - build-container diff --git a/.tekton/cosign-push.yaml b/.tekton/cosign-push.yaml index c86e9e8e243..c928b91eb42 100644 --- a/.tekton/cosign-push.yaml +++ b/.tekton/cosign-push.yaml @@ -292,6 +292,23 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: sast-snyk-check runAfter: - build-container