From 631b18d8b298abfcbe46d71066eeaadb18babb28 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 12:45:10 +0000 Subject: [PATCH] chore(deps): update build --- .../acs-deploy-check/0.1/acs-deploy-check.yaml | 2 +- task/acs-image-check/0.1/acs-image-check.yaml | 4 ++-- task/acs-image-scan/0.1/acs-image-scan.yaml | 4 ++-- task/apply-tags/0.1/apply-tags.yaml | 4 ++-- .../0.1/build-image-index.yaml | 2 +- task/buildah-oci-ta/0.1/buildah-oci-ta.yaml | 8 ++++---- task/buildah-oci-ta/0.2/buildah-oci-ta.yaml | 4 ++-- .../0.1/buildah-remote-oci-ta.yaml | 8 ++++---- .../0.2/buildah-remote-oci-ta.yaml | 4 ++-- task/buildah-remote/0.1/buildah-remote.yaml | 6 +++--- task/buildah-remote/0.2/buildah-remote.yaml | 2 +- task/buildah-rhtap/0.1/buildah-rhtap.yaml | 4 ++-- task/buildah/0.1/buildah.yaml | 6 +++--- task/buildah/0.2/buildah.yaml | 2 +- task/generate-labels/0.1/generate-labels.yaml | 2 +- .../git-clone-oci-ta/0.1/git-clone-oci-ta.yaml | 2 +- task/init/0.2/init.yaml | 2 +- .../0.1/prefetch-dependencies-oci-ta.yaml | 18 +++++++++--------- .../0.1/recipe.yaml | 2 +- .../0.1/prefetch-dependencies.yaml | 12 ++++++------ .../0.1/push-dockerfile-oci-ta.yaml | 4 ++-- task/push-dockerfile/0.1/push-dockerfile.yaml | 2 +- .../0.1/source-build-oci-ta.yaml | 4 ++-- task/source-build/0.1/source-build.yaml | 2 +- task/summary/0.1/summary.yaml | 2 +- .../0.1/update-infra-deployments.yaml | 2 +- 26 files changed, 57 insertions(+), 57 deletions(-) diff --git a/task/acs-deploy-check/0.1/acs-deploy-check.yaml b/task/acs-deploy-check/0.1/acs-deploy-check.yaml index 868090adde..864ba46e00 100644 --- a/task/acs-deploy-check/0.1/acs-deploy-check.yaml +++ b/task/acs-deploy-check/0.1/acs-deploy-check.yaml @@ -154,7 +154,7 @@ spec: fi - name: report - image: registry.access.redhat.com/ubi8-minimal@sha256:7583ca0ea52001562bd81a961da3f75222209e6192e4e413ee226cff97dbd48c + image: registry.access.redhat.com/ubi8-minimal@sha256:c12e67af6a7e15113d76bc72f10bef2045c026c71ec8b7124c8a075458188a83 volumeMounts: - name: repository mountPath: /workspace/repository diff --git a/task/acs-image-check/0.1/acs-image-check.yaml b/task/acs-image-check/0.1/acs-image-check.yaml index 357ddb7aaf..29bbc59d19 100644 --- a/task/acs-image-check/0.1/acs-image-check.yaml +++ b/task/acs-image-check/0.1/acs-image-check.yaml @@ -53,7 +53,7 @@ spec: oc annotate taskrun $(context.taskRun.name) task.output.location=logs - name: rox-image-check - image: registry.access.redhat.com/ubi8-minimal@sha256:7583ca0ea52001562bd81a961da3f75222209e6192e4e413ee226cff97dbd48c + image: registry.access.redhat.com/ubi8-minimal@sha256:c12e67af6a7e15113d76bc72f10bef2045c026c71ec8b7124c8a075458188a83 volumeMounts: - name: rox-secret mountPath: /rox-secret @@ -121,7 +121,7 @@ spec: cp roxctl_image_check_output.json /steps-shared-folder/acs-image-check.json - name: report - image: registry.access.redhat.com/ubi8-minimal@sha256:7583ca0ea52001562bd81a961da3f75222209e6192e4e413ee226cff97dbd48c + image: registry.access.redhat.com/ubi8-minimal@sha256:c12e67af6a7e15113d76bc72f10bef2045c026c71ec8b7124c8a075458188a83 volumeMounts: - name: shared-folder mountPath: /steps-shared-folder diff --git a/task/acs-image-scan/0.1/acs-image-scan.yaml b/task/acs-image-scan/0.1/acs-image-scan.yaml index c4d6146b80..ed277fb92e 100644 --- a/task/acs-image-scan/0.1/acs-image-scan.yaml +++ b/task/acs-image-scan/0.1/acs-image-scan.yaml @@ -60,7 +60,7 @@ spec: oc annotate taskrun $(context.taskRun.name) task.output.location=logs - name: rox-image-scan - image: registry.access.redhat.com/ubi8-minimal@sha256:7583ca0ea52001562bd81a961da3f75222209e6192e4e413ee226cff97dbd48c + image: registry.access.redhat.com/ubi8-minimal@sha256:c12e67af6a7e15113d76bc72f10bef2045c026c71ec8b7124c8a075458188a83 volumeMounts: - name: rox-secret mountPath: /rox-secret @@ -171,7 +171,7 @@ spec: set_test_output_result SUCCESS "$note" - name: report - image: registry.access.redhat.com/ubi8-minimal@sha256:7583ca0ea52001562bd81a961da3f75222209e6192e4e413ee226cff97dbd48c + image: registry.access.redhat.com/ubi8-minimal@sha256:c12e67af6a7e15113d76bc72f10bef2045c026c71ec8b7124c8a075458188a83 volumeMounts: - name: shared-folder mountPath: /steps-shared-folder diff --git a/task/apply-tags/0.1/apply-tags.yaml b/task/apply-tags/0.1/apply-tags.yaml index eef712f46b..338892dec8 100644 --- a/task/apply-tags/0.1/apply-tags.yaml +++ b/task/apply-tags/0.1/apply-tags.yaml @@ -34,7 +34,7 @@ spec: readOnly: true steps: - name: apply-additional-tags-from-parameter - image: registry.access.redhat.com/ubi9/skopeo:9.4-14.1728984400@sha256:891ee232a9319ed0f675c318f9605422bde7436328e7faec7dc896a206a78e54 + image: registry.access.redhat.com/ubi9/skopeo:9.5-1734513455@sha256:ed14fc6a175289cc72ffb122ebc02db0e7f448a2ed6169472347aaeb0c12c373 args: - $(params.ADDITIONAL_TAGS[*]) env: @@ -54,7 +54,7 @@ spec: fi - name: apply-additional-tags-from-image-label - image: registry.access.redhat.com/ubi9/skopeo:9.4-14.1728984400@sha256:891ee232a9319ed0f675c318f9605422bde7436328e7faec7dc896a206a78e54 + image: registry.access.redhat.com/ubi9/skopeo:9.5-1734513455@sha256:ed14fc6a175289cc72ffb122ebc02db0e7f448a2ed6169472347aaeb0c12c373 env: - name: IMAGE value: $(params.IMAGE) diff --git a/task/build-image-index/0.1/build-image-index.yaml b/task/build-image-index/0.1/build-image-index.yaml index 1c8088c5da..03f174739d 100644 --- a/task/build-image-index/0.1/build-image-index.yaml +++ b/task/build-image-index/0.1/build-image-index.yaml @@ -163,7 +163,7 @@ spec: add: - SETFCAP - - image: quay.io/redhat-appstudio/sbom-utility-scripts-image@sha256:e1347023ef1e83d52813c26384f551e3a03e482539d17a647955603e7ea6b579 + - image: quay.io/redhat-appstudio/sbom-utility-scripts-image@sha256:adbe6c723810099c5cf616b1edb8ab6f276385fd2f97dfd201ab3ccc6402b834 name: create-sbom computeResources: limits: diff --git a/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml index cf47fc5e8a..1b3002aa86 100644 --- a/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.1/buildah-oci-ta.yaml @@ -215,7 +215,7 @@ spec: name: workdir steps: - name: use-trusted-artifact - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:52f1391e6f1c472fd10bb838f64fae2ed3320c636f536014978a5ddbdfc6b3af + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:ff35e09ff5c89e54538b50abae241a765b2b7868f05d62c4835bebf0978f3659 args: - use - $(params.SOURCE_ARTIFACT)=/var/workdir/source @@ -456,7 +456,7 @@ spec: securityContext: runAsUser: 0 - name: merge-syft-sboms - image: registry.access.redhat.com/ubi9/python-39:9.5-1731645406@sha256:84c028923cd3c8554c9b5c1423a553a4cb8f3ee88c17a3d87756c9b08f5e8fe7 + image: registry.access.redhat.com/ubi9/python-39:9.5-1734444862@sha256:daa95bd4459da0314c06a918ead906be049f74f2f19850cf259f06761ddb3979 workingDir: /var/workdir script: | #!/bin/python3 @@ -490,7 +490,7 @@ spec: securityContext: runAsUser: 0 - name: merge-cachi2-sbom - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 workingDir: /var/workdir script: | if [ -f "sbom-cachi2.json" ]; then @@ -503,7 +503,7 @@ spec: securityContext: runAsUser: 0 - name: create-purl-sbom - image: registry.access.redhat.com/ubi9/python-39:9.5-1731645406@sha256:84c028923cd3c8554c9b5c1423a553a4cb8f3ee88c17a3d87756c9b08f5e8fe7 + image: registry.access.redhat.com/ubi9/python-39:9.5-1734444862@sha256:daa95bd4459da0314c06a918ead906be049f74f2f19850cf259f06761ddb3979 workingDir: /var/workdir script: | #!/bin/python3 diff --git a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml index f17a7d0003..47505c94fb 100644 --- a/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml +++ b/task/buildah-oci-ta/0.2/buildah-oci-ta.yaml @@ -221,7 +221,7 @@ spec: name: workdir steps: - name: use-trusted-artifact - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:52f1391e6f1c472fd10bb838f64fae2ed3320c636f536014978a5ddbdfc6b3af + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:ff35e09ff5c89e54538b50abae241a765b2b7868f05d62c4835bebf0978f3659 args: - use - $(params.SOURCE_ARTIFACT)=/var/workdir/source @@ -653,7 +653,7 @@ spec: securityContext: runAsUser: 0 - name: prepare-sboms - image: quay.io/redhat-appstudio/sbom-utility-scripts-image@sha256:e1347023ef1e83d52813c26384f551e3a03e482539d17a647955603e7ea6b579 + image: quay.io/redhat-appstudio/sbom-utility-scripts-image@sha256:adbe6c723810099c5cf616b1edb8ab6f276385fd2f97dfd201ab3ccc6402b834 workingDir: /var/workdir script: | echo "Merging contents of sbom-source.json and sbom-image.json into sbom-cyclonedx.json" diff --git a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml index 0e07f2fddd..dfcc67465a 100644 --- a/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.1/buildah-remote-oci-ta.yaml @@ -197,7 +197,7 @@ spec: - $(params.SOURCE_ARTIFACT)=/var/workdir/source - $(params.CACHI2_ARTIFACT)=/var/workdir/cachi2 computeResources: {} - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:52f1391e6f1c472fd10bb838f64fae2ed3320c636f536014978a5ddbdfc6b3af + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:ff35e09ff5c89e54538b50abae241a765b2b7868f05d62c4835bebf0978f3659 name: use-trusted-artifact - args: - $(params.BUILD_ARGS[*]) @@ -543,7 +543,7 @@ spec: - mountPath: /shared name: shared - computeResources: {} - image: registry.access.redhat.com/ubi9/python-39:9.5-1731645406@sha256:84c028923cd3c8554c9b5c1423a553a4cb8f3ee88c17a3d87756c9b08f5e8fe7 + image: registry.access.redhat.com/ubi9/python-39:9.5-1734444862@sha256:daa95bd4459da0314c06a918ead906be049f74f2f19850cf259f06761ddb3979 name: merge-syft-sboms script: | #!/bin/python3 @@ -578,7 +578,7 @@ spec: runAsUser: 0 workingDir: /var/workdir - computeResources: {} - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 name: merge-cachi2-sbom script: | if [ -f "sbom-cachi2.json" ]; then @@ -592,7 +592,7 @@ spec: runAsUser: 0 workingDir: /var/workdir - computeResources: {} - image: registry.access.redhat.com/ubi9/python-39:9.5-1731645406@sha256:84c028923cd3c8554c9b5c1423a553a4cb8f3ee88c17a3d87756c9b08f5e8fe7 + image: registry.access.redhat.com/ubi9/python-39:9.5-1734444862@sha256:daa95bd4459da0314c06a918ead906be049f74f2f19850cf259f06761ddb3979 name: create-purl-sbom script: | #!/bin/python3 diff --git a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml index b33515659b..97ed4bbf6a 100644 --- a/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml +++ b/task/buildah-remote-oci-ta/0.2/buildah-remote-oci-ta.yaml @@ -211,7 +211,7 @@ spec: - $(params.SOURCE_ARTIFACT)=/var/workdir/source - $(params.CACHI2_ARTIFACT)=/var/workdir/cachi2 computeResources: {} - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:52f1391e6f1c472fd10bb838f64fae2ed3320c636f536014978a5ddbdfc6b3af + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:ff35e09ff5c89e54538b50abae241a765b2b7868f05d62c4835bebf0978f3659 name: use-trusted-artifact - args: - --build-args @@ -771,7 +771,7 @@ spec: requests: cpu: 100m memory: 256Mi - image: quay.io/redhat-appstudio/sbom-utility-scripts-image@sha256:e1347023ef1e83d52813c26384f551e3a03e482539d17a647955603e7ea6b579 + image: quay.io/redhat-appstudio/sbom-utility-scripts-image@sha256:adbe6c723810099c5cf616b1edb8ab6f276385fd2f97dfd201ab3ccc6402b834 name: prepare-sboms script: | #!/bin/bash diff --git a/task/buildah-remote/0.1/buildah-remote.yaml b/task/buildah-remote/0.1/buildah-remote.yaml index 329429f79c..ffbf57d6fe 100644 --- a/task/buildah-remote/0.1/buildah-remote.yaml +++ b/task/buildah-remote/0.1/buildah-remote.yaml @@ -536,7 +536,7 @@ spec: - mountPath: /shared name: shared - computeResources: {} - image: registry.access.redhat.com/ubi9/python-39:9.5-1731645406@sha256:84c028923cd3c8554c9b5c1423a553a4cb8f3ee88c17a3d87756c9b08f5e8fe7 + image: registry.access.redhat.com/ubi9/python-39:9.5-1734444862@sha256:daa95bd4459da0314c06a918ead906be049f74f2f19850cf259f06761ddb3979 name: merge-syft-sboms script: | #!/bin/python3 @@ -571,7 +571,7 @@ spec: runAsUser: 0 workingDir: $(workspaces.source.path) - computeResources: {} - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 name: merge-cachi2-sbom script: | if [ -f "sbom-cachi2.json" ]; then @@ -585,7 +585,7 @@ spec: runAsUser: 0 workingDir: $(workspaces.source.path) - computeResources: {} - image: registry.access.redhat.com/ubi9/python-39:9.5-1731645406@sha256:84c028923cd3c8554c9b5c1423a553a4cb8f3ee88c17a3d87756c9b08f5e8fe7 + image: registry.access.redhat.com/ubi9/python-39:9.5-1734444862@sha256:daa95bd4459da0314c06a918ead906be049f74f2f19850cf259f06761ddb3979 name: create-purl-sbom script: | #!/bin/python3 diff --git a/task/buildah-remote/0.2/buildah-remote.yaml b/task/buildah-remote/0.2/buildah-remote.yaml index 1fac1f5c27..6e7f2ccaf3 100644 --- a/task/buildah-remote/0.2/buildah-remote.yaml +++ b/task/buildah-remote/0.2/buildah-remote.yaml @@ -750,7 +750,7 @@ spec: requests: cpu: 100m memory: 256Mi - image: quay.io/redhat-appstudio/sbom-utility-scripts-image@sha256:e1347023ef1e83d52813c26384f551e3a03e482539d17a647955603e7ea6b579 + image: quay.io/redhat-appstudio/sbom-utility-scripts-image@sha256:adbe6c723810099c5cf616b1edb8ab6f276385fd2f97dfd201ab3ccc6402b834 name: prepare-sboms script: | #!/bin/bash diff --git a/task/buildah-rhtap/0.1/buildah-rhtap.yaml b/task/buildah-rhtap/0.1/buildah-rhtap.yaml index db92791893..fdeb303511 100644 --- a/task/buildah-rhtap/0.1/buildah-rhtap.yaml +++ b/task/buildah-rhtap/0.1/buildah-rhtap.yaml @@ -65,7 +65,7 @@ spec: value: $(params.BUILD_ARGS_FILE) steps: - name: build - image: registry.access.redhat.com/ubi9/buildah@sha256:c62b2318eb4709c216ad25969abae5ff6b56e9879d266b539a46fdfc99e8361e + image: registry.access.redhat.com/ubi9/buildah@sha256:164cb956f431472d2c76cb6d1ba0c5a3f20ebb41e99a2aeb2bf151c6558243bc args: - $(params.BUILD_ARGS[*]) script: | @@ -144,7 +144,7 @@ spec: name: tmpfiles - name: merge-sboms - image: registry.access.redhat.com/ubi8/python-311@sha256:ec2f4c89e18373c75a72f5b47da4d3ee826e8961a9c6a26ba2fd3112f5a41e4a + image: registry.access.redhat.com/ubi8/python-311@sha256:b86b469ad871b3ab297a3c4562961e23a878feebcea605887b6e7298e006ca31 env: - name: RESULT_PATH value: $(results.SBOM_BLOB_URL.path) diff --git a/task/buildah/0.1/buildah.yaml b/task/buildah/0.1/buildah.yaml index e044c51187..e8feceab85 100644 --- a/task/buildah/0.1/buildah.yaml +++ b/task/buildah/0.1/buildah.yaml @@ -415,7 +415,7 @@ spec: runAsUser: 0 - name: merge-syft-sboms - image: registry.access.redhat.com/ubi9/python-39:9.5-1731645406@sha256:84c028923cd3c8554c9b5c1423a553a4cb8f3ee88c17a3d87756c9b08f5e8fe7 + image: registry.access.redhat.com/ubi9/python-39:9.5-1734444862@sha256:daa95bd4459da0314c06a918ead906be049f74f2f19850cf259f06761ddb3979 script: | #!/bin/python3 import json @@ -450,7 +450,7 @@ spec: runAsUser: 0 - name: merge-cachi2-sbom - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 script: | if [ -f "sbom-cachi2.json" ]; then echo "Merging contents of sbom-cachi2.json into sbom-cyclonedx.json" @@ -464,7 +464,7 @@ spec: runAsUser: 0 - name: create-purl-sbom - image: registry.access.redhat.com/ubi9/python-39:9.5-1731645406@sha256:84c028923cd3c8554c9b5c1423a553a4cb8f3ee88c17a3d87756c9b08f5e8fe7 + image: registry.access.redhat.com/ubi9/python-39:9.5-1734444862@sha256:daa95bd4459da0314c06a918ead906be049f74f2f19850cf259f06761ddb3979 script: | #!/bin/python3 import json diff --git a/task/buildah/0.2/buildah.yaml b/task/buildah/0.2/buildah.yaml index ebe4c5d4e0..35af0fde84 100644 --- a/task/buildah/0.2/buildah.yaml +++ b/task/buildah/0.2/buildah.yaml @@ -600,7 +600,7 @@ spec: runAsUser: 0 - name: prepare-sboms - image: quay.io/redhat-appstudio/sbom-utility-scripts-image@sha256:e1347023ef1e83d52813c26384f551e3a03e482539d17a647955603e7ea6b579 + image: quay.io/redhat-appstudio/sbom-utility-scripts-image@sha256:adbe6c723810099c5cf616b1edb8ab6f276385fd2f97dfd201ab3ccc6402b834 computeResources: limits: memory: 512Mi diff --git a/task/generate-labels/0.1/generate-labels.yaml b/task/generate-labels/0.1/generate-labels.yaml index 6cfc24c6e1..cfa8e51f67 100644 --- a/task/generate-labels/0.1/generate-labels.yaml +++ b/task/generate-labels/0.1/generate-labels.yaml @@ -38,7 +38,7 @@ spec: type: array steps: - name: render - image: quay.io/konflux-ci/yq:latest@sha256:343c2ca0a347ae87fe43750ee0873e1fe813f77eff56e9722c840bb75d97fef2 + image: quay.io/konflux-ci/yq:latest@sha256:d2ceeb1d5834f8218200815fffec488caec4a582e6179d16f781df0b8d14efd4 env: - name: SOURCE_DATE_EPOCH value: "$(params.source-date-epoch)" diff --git a/task/git-clone-oci-ta/0.1/git-clone-oci-ta.yaml b/task/git-clone-oci-ta/0.1/git-clone-oci-ta.yaml index 3629da9fd7..a93bd9cdab 100644 --- a/task/git-clone-oci-ta/0.1/git-clone-oci-ta.yaml +++ b/task/git-clone-oci-ta/0.1/git-clone-oci-ta.yaml @@ -298,7 +298,7 @@ spec: check_symlinks fi - name: create-trusted-artifact - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:52f1391e6f1c472fd10bb838f64fae2ed3320c636f536014978a5ddbdfc6b3af + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:ff35e09ff5c89e54538b50abae241a765b2b7868f05d62c4835bebf0978f3659 args: - create - --store diff --git a/task/init/0.2/init.yaml b/task/init/0.2/init.yaml index 93b54ac29c..3d6f229234 100644 --- a/task/init/0.2/init.yaml +++ b/task/init/0.2/init.yaml @@ -25,7 +25,7 @@ spec: steps: - name: init - image: registry.access.redhat.com/ubi9/skopeo:9.4-14.1728984400@sha256:891ee232a9319ed0f675c318f9605422bde7436328e7faec7dc896a206a78e54 + image: registry.access.redhat.com/ubi9/skopeo:9.5-1734513455@sha256:ed14fc6a175289cc72ffb122ebc02db0e7f448a2ed6169472347aaeb0c12c373 env: - name: IMAGE_URL value: $(params.image-url) diff --git a/task/prefetch-dependencies-oci-ta/0.1/prefetch-dependencies-oci-ta.yaml b/task/prefetch-dependencies-oci-ta/0.1/prefetch-dependencies-oci-ta.yaml index 87deeb25b5..fa4e801608 100644 --- a/task/prefetch-dependencies-oci-ta/0.1/prefetch-dependencies-oci-ta.yaml +++ b/task/prefetch-dependencies-oci-ta/0.1/prefetch-dependencies-oci-ta.yaml @@ -128,7 +128,7 @@ spec: name: workdir steps: - name: skip-ta - image: registry.access.redhat.com/ubi9/ubi-minimal:9.4-1227.1726694542@sha256:f5d2c6a1e0c86e4234ea601552dbabb4ced0e013a1efcbfb439f1f6a7a9275b0 + image: registry.access.redhat.com/ubi9/ubi-minimal:9.5-1734497536@sha256:94b434a29a894129301f6ff52dbddb19422fc800a109170c634b056da8cd704f env: - name: INPUT value: $(params.input) @@ -144,12 +144,12 @@ spec: echo -n "" >$(results.CACHI2_ARTIFACT.path) fi - name: use-trusted-artifact - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:52f1391e6f1c472fd10bb838f64fae2ed3320c636f536014978a5ddbdfc6b3af + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:ff35e09ff5c89e54538b50abae241a765b2b7868f05d62c4835bebf0978f3659 args: - use - $(params.SOURCE_ARTIFACT)=/var/workdir/source - name: sanitize-cachi2-config-file-with-yq - image: quay.io/konflux-ci/yq:latest@sha256:343c2ca0a347ae87fe43750ee0873e1fe813f77eff56e9722c840bb75d97fef2 + image: quay.io/konflux-ci/yq:latest@sha256:d2ceeb1d5834f8218200815fffec488caec4a582e6179d16f781df0b8d14efd4 script: | if [ -n "${CONFIG_FILE_CONTENT}" ]; then # we need to drop 'goproxy_url' for safety reasons until cachi2 decides what the SBOM @@ -158,7 +158,7 @@ spec: yq 'del(.goproxy_url)' <<<"${CONFIG_FILE_CONTENT}" >/mnt/config/config.yaml fi - name: check-prefetch-input - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 env: - name: INPUT value: $(params.input) @@ -169,7 +169,7 @@ spec: echo "skip" >/shared/skip fi - name: register-red-hat - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 results: - name: registered type: string @@ -214,7 +214,7 @@ spec: cp /etc/rhsm-host/ca/redhat-uep.pem /shared/rhsm/redhat-uep.pem fi - name: preprocess-input - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 args: - $(params.input) env: @@ -302,7 +302,7 @@ spec: with open('/shared/rhsm/preprocessed_input', 'w') as f: f.write(input) - name: prefetch-dependencies - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 volumeMounts: - mountPath: /mnt/trusted-ca name: trusted-ca @@ -395,7 +395,7 @@ spec: cachi2 --log-level="$LOG_LEVEL" inject-files /var/workdir/cachi2/output \ --for-output-dir=/cachi2/output - name: unregister-rhsm - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 script: | #!/bin/bash if [ -f /shared/skip ]; then @@ -407,7 +407,7 @@ spec: cp /shared/rhsm/entitlement/* /etc/pki/entitlement/ subscription-manager unregister || true - name: create-trusted-artifact - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:52f1391e6f1c472fd10bb838f64fae2ed3320c636f536014978a5ddbdfc6b3af + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:ff35e09ff5c89e54538b50abae241a765b2b7868f05d62c4835bebf0978f3659 args: - create - --store diff --git a/task/prefetch-dependencies-oci-ta/0.1/recipe.yaml b/task/prefetch-dependencies-oci-ta/0.1/recipe.yaml index 6538e5a817..8714e08708 100644 --- a/task/prefetch-dependencies-oci-ta/0.1/recipe.yaml +++ b/task/prefetch-dependencies-oci-ta/0.1/recipe.yaml @@ -7,7 +7,7 @@ add: additionalSteps: - at: 0 name: skip-ta - image: registry.access.redhat.com/ubi9/ubi-minimal:9.4-1227.1726694542@sha256:f5d2c6a1e0c86e4234ea601552dbabb4ced0e013a1efcbfb439f1f6a7a9275b0 + image: registry.access.redhat.com/ubi9/ubi-minimal:9.5-1734497536@sha256:94b434a29a894129301f6ff52dbddb19422fc800a109170c634b056da8cd704f env: - name: INPUT value: $(params.input) diff --git a/task/prefetch-dependencies/0.1/prefetch-dependencies.yaml b/task/prefetch-dependencies/0.1/prefetch-dependencies.yaml index 9a859d42de..b9dedc7056 100644 --- a/task/prefetch-dependencies/0.1/prefetch-dependencies.yaml +++ b/task/prefetch-dependencies/0.1/prefetch-dependencies.yaml @@ -69,7 +69,7 @@ spec: name: shared steps: - name: sanitize-cachi2-config-file-with-yq - image: quay.io/konflux-ci/yq:latest@sha256:343c2ca0a347ae87fe43750ee0873e1fe813f77eff56e9722c840bb75d97fef2 + image: quay.io/konflux-ci/yq:latest@sha256:d2ceeb1d5834f8218200815fffec488caec4a582e6179d16f781df0b8d14efd4 script: | if [ -n "${CONFIG_FILE_CONTENT}" ] then @@ -80,7 +80,7 @@ spec: fi - name: check-prefetch-input - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent env: @@ -95,7 +95,7 @@ spec: fi - name: register-red-hat - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 env: - name: INPUT value: $(params.input) @@ -141,7 +141,7 @@ spec: fi - name: preprocess-input - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent @@ -233,7 +233,7 @@ spec: - name: prefetch-dependencies - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent env: @@ -329,7 +329,7 @@ spec: --for-output-dir=/cachi2/output - name: unregister-rhsm - image: quay.io/redhat-appstudio/cachi2:0.15.0@sha256:b141cb5cf4d98e6c5f668f1fe172e1d68f2a44ac1027403fbcff94ce1e68185d + image: quay.io/redhat-appstudio/cachi2:0.16.0@sha256:55415cd8ded149f5d56d3fca46d93125b86b41e07ae5d3c03caa240b7b93b7d8 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent script: | diff --git a/task/push-dockerfile-oci-ta/0.1/push-dockerfile-oci-ta.yaml b/task/push-dockerfile-oci-ta/0.1/push-dockerfile-oci-ta.yaml index 4ccb25d2d2..51f1ff5951 100644 --- a/task/push-dockerfile-oci-ta/0.1/push-dockerfile-oci-ta.yaml +++ b/task/push-dockerfile-oci-ta/0.1/push-dockerfile-oci-ta.yaml @@ -53,12 +53,12 @@ spec: name: workdir steps: - name: use-trusted-artifact - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:52f1391e6f1c472fd10bb838f64fae2ed3320c636f536014978a5ddbdfc6b3af + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:ff35e09ff5c89e54538b50abae241a765b2b7868f05d62c4835bebf0978f3659 args: - use - $(params.SOURCE_ARTIFACT)=/var/workdir/source - name: push - image: quay.io/konflux-ci/oras:latest@sha256:b7e810730d97fe862826a048773a7539e469453df3681fd22de9754722266c69 + image: quay.io/konflux-ci/oras:latest@sha256:e4a68cfcfe9189d02285b4d4168bd878729fe82b7168851d3951757f8223407f workingDir: /var/workdir env: - name: IMAGE diff --git a/task/push-dockerfile/0.1/push-dockerfile.yaml b/task/push-dockerfile/0.1/push-dockerfile.yaml index ef3ab5e095..6e80cc933f 100644 --- a/task/push-dockerfile/0.1/push-dockerfile.yaml +++ b/task/push-dockerfile/0.1/push-dockerfile.yaml @@ -39,7 +39,7 @@ spec: description: Digest-pinned image reference to the Dockerfile image. steps: - name: push - image: quay.io/konflux-ci/oras:latest@sha256:b7e810730d97fe862826a048773a7539e469453df3681fd22de9754722266c69 + image: quay.io/konflux-ci/oras:latest@sha256:e4a68cfcfe9189d02285b4d4168bd878729fe82b7168851d3951757f8223407f workingDir: $(workspaces.workspace.path) env: - name: IMAGE diff --git a/task/source-build-oci-ta/0.1/source-build-oci-ta.yaml b/task/source-build-oci-ta/0.1/source-build-oci-ta.yaml index 53c4f0389a..a6c120905e 100644 --- a/task/source-build-oci-ta/0.1/source-build-oci-ta.yaml +++ b/task/source-build-oci-ta/0.1/source-build-oci-ta.yaml @@ -55,7 +55,7 @@ spec: name: workdir steps: - name: use-trusted-artifact - image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:52f1391e6f1c472fd10bb838f64fae2ed3320c636f536014978a5ddbdfc6b3af + image: quay.io/redhat-appstudio/build-trusted-artifacts:latest@sha256:ff35e09ff5c89e54538b50abae241a765b2b7868f05d62c4835bebf0978f3659 args: - use - $(params.SOURCE_ARTIFACT)=/var/workdir/source @@ -114,7 +114,7 @@ spec: | .name + "@" + $matched.digest ' <<<"$sbom" | tee "$BASE_IMAGES_FILE" - name: build - image: quay.io/konflux-ci/source-container-build:latest@sha256:4cf62438b1b147e4a8b4e1c2ba792a8c717f561eeb093ae10129e1e07ce20290 + image: quay.io/konflux-ci/source-container-build:latest@sha256:c3bde1e9c7d06ed610032001b12a65682ee86fc9740317a339cdd68e309bdd9a workingDir: /var/workdir env: - name: SOURCE_DIR diff --git a/task/source-build/0.1/source-build.yaml b/task/source-build/0.1/source-build.yaml index ea20634133..cc9f162092 100644 --- a/task/source-build/0.1/source-build.yaml +++ b/task/source-build/0.1/source-build.yaml @@ -102,7 +102,7 @@ spec: ' <<< "$sbom" | tee "$BASE_IMAGES_FILE" - name: build - image: quay.io/konflux-ci/source-container-build:latest@sha256:4cf62438b1b147e4a8b4e1c2ba792a8c717f561eeb093ae10129e1e07ce20290 + image: quay.io/konflux-ci/source-container-build:latest@sha256:c3bde1e9c7d06ed610032001b12a65682ee86fc9740317a339cdd68e309bdd9a # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent computeResources: diff --git a/task/summary/0.1/summary.yaml b/task/summary/0.1/summary.yaml index e0b374961c..d57c06e893 100644 --- a/task/summary/0.1/summary.yaml +++ b/task/summary/0.1/summary.yaml @@ -23,7 +23,7 @@ spec: default: Succeeded steps: - name: appstudio-summary - image: registry.access.redhat.com/ubi9/ubi-minimal:9.4-1227.1726694542@sha256:f5d2c6a1e0c86e4234ea601552dbabb4ced0e013a1efcbfb439f1f6a7a9275b0 + image: registry.access.redhat.com/ubi9/ubi-minimal:9.5-1734497536@sha256:94b434a29a894129301f6ff52dbddb19422fc800a109170c634b056da8cd704f # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent env: diff --git a/task/update-infra-deployments/0.1/update-infra-deployments.yaml b/task/update-infra-deployments/0.1/update-infra-deployments.yaml index dc59281d1f..9b7c1a2585 100644 --- a/task/update-infra-deployments/0.1/update-infra-deployments.yaml +++ b/task/update-infra-deployments/0.1/update-infra-deployments.yaml @@ -109,7 +109,7 @@ spec: # Based on https://github.com/tektoncd/catalog/tree/main/task/github-app-token/0.2/ - name: create-mr - image: registry.access.redhat.com/ubi9/python-39:9.5-1731645406@sha256:84c028923cd3c8554c9b5c1423a553a4cb8f3ee88c17a3d87756c9b08f5e8fe7 + image: registry.access.redhat.com/ubi9/python-39:9.5-1734444862@sha256:daa95bd4459da0314c06a918ead906be049f74f2f19850cf259f06761ddb3979 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent volumeMounts: