diff --git a/task/acs-deploy-check/0.1/acs-deploy-check.yaml b/task/acs-deploy-check/0.1/acs-deploy-check.yaml index 239d1270ae..47879bc4cc 100644 --- a/task/acs-deploy-check/0.1/acs-deploy-check.yaml +++ b/task/acs-deploy-check/0.1/acs-deploy-check.yaml @@ -124,7 +124,7 @@ spec: fi - name: report - image: registry.access.redhat.com/ubi8-minimal@sha256:d8b81a38b5ad9694742ea03159d3217cd2dde3997b1ee53bbb53c33dd67be7b7 + image: registry.access.redhat.com/ubi8-minimal@sha256:f30dbf77b075215f6c827c269c073b5e0973e5cea8dacdf7ecb6a19c868f37f2 volumeMounts: - name: repository mountPath: /workspace/repository diff --git a/task/acs-image-check/0.1/acs-image-check.yaml b/task/acs-image-check/0.1/acs-image-check.yaml index 6d7a6d87e8..25dfb531fa 100644 --- a/task/acs-image-check/0.1/acs-image-check.yaml +++ b/task/acs-image-check/0.1/acs-image-check.yaml @@ -53,7 +53,7 @@ spec: oc annotate taskrun $(context.taskRun.name) task.output.location=logs - name: rox-image-check - image: registry.access.redhat.com/ubi8-minimal@sha256:d8b81a38b5ad9694742ea03159d3217cd2dde3997b1ee53bbb53c33dd67be7b7 + image: registry.access.redhat.com/ubi8-minimal@sha256:f30dbf77b075215f6c827c269c073b5e0973e5cea8dacdf7ecb6a19c868f37f2 volumeMounts: - name: rox-secret mountPath: /rox-secret @@ -121,7 +121,7 @@ spec: cp roxctl_image_check_output.json /steps-shared-folder/acs-image-check.json - name: report - image: registry.access.redhat.com/ubi8-minimal@sha256:d8b81a38b5ad9694742ea03159d3217cd2dde3997b1ee53bbb53c33dd67be7b7 + image: registry.access.redhat.com/ubi8-minimal@sha256:f30dbf77b075215f6c827c269c073b5e0973e5cea8dacdf7ecb6a19c868f37f2 volumeMounts: - name: shared-folder mountPath: /steps-shared-folder diff --git a/task/acs-image-scan/0.1/acs-image-scan.yaml b/task/acs-image-scan/0.1/acs-image-scan.yaml index 02d3a4d8a3..2062b21088 100644 --- a/task/acs-image-scan/0.1/acs-image-scan.yaml +++ b/task/acs-image-scan/0.1/acs-image-scan.yaml @@ -60,7 +60,7 @@ spec: oc annotate taskrun $(context.taskRun.name) task.output.location=logs - name: rox-image-scan - image: registry.access.redhat.com/ubi8-minimal@sha256:d8b81a38b5ad9694742ea03159d3217cd2dde3997b1ee53bbb53c33dd67be7b7 + image: registry.access.redhat.com/ubi8-minimal@sha256:f30dbf77b075215f6c827c269c073b5e0973e5cea8dacdf7ecb6a19c868f37f2 volumeMounts: - name: rox-secret mountPath: /rox-secret @@ -160,7 +160,7 @@ spec: set_test_output_result SUCCESS "$note" - name: report - image: registry.access.redhat.com/ubi8-minimal@sha256:d8b81a38b5ad9694742ea03159d3217cd2dde3997b1ee53bbb53c33dd67be7b7 + image: registry.access.redhat.com/ubi8-minimal@sha256:f30dbf77b075215f6c827c269c073b5e0973e5cea8dacdf7ecb6a19c868f37f2 volumeMounts: - name: shared-folder mountPath: /steps-shared-folder diff --git a/task/buildah-remote/0.1/buildah-remote.yaml b/task/buildah-remote/0.1/buildah-remote.yaml index b8be56b09c..dad7da20d2 100644 --- a/task/buildah-remote/0.1/buildah-remote.yaml +++ b/task/buildah-remote/0.1/buildah-remote.yaml @@ -371,7 +371,7 @@ spec: - mountPath: /var/lib/containers name: varlibcontainers - computeResources: {} - image: registry.access.redhat.com/ubi9/python-39:1-165@sha256:4da8ddb12096a31d8d50e58ea479ba2fe2f252f215fbaf5bf90923a1827463ba + image: registry.access.redhat.com/ubi9/python-39:1-172@sha256:195c51368e83a798b6f79c6a5d877685fdf5297a81e5211cfca747a7fca725aa name: merge-syft-sboms script: | #!/bin/python3 @@ -420,7 +420,7 @@ spec: runAsUser: 0 workingDir: $(workspaces.source.path) - computeResources: {} - image: registry.access.redhat.com/ubi9/python-39:1-165@sha256:4da8ddb12096a31d8d50e58ea479ba2fe2f252f215fbaf5bf90923a1827463ba + image: registry.access.redhat.com/ubi9/python-39:1-172@sha256:195c51368e83a798b6f79c6a5d877685fdf5297a81e5211cfca747a7fca725aa name: create-purl-sbom script: | #!/bin/python3 diff --git a/task/buildah-rhtap/0.1/buildah-rhtap.yaml b/task/buildah-rhtap/0.1/buildah-rhtap.yaml index 231cb93462..93917d7a9a 100644 --- a/task/buildah-rhtap/0.1/buildah-rhtap.yaml +++ b/task/buildah-rhtap/0.1/buildah-rhtap.yaml @@ -51,7 +51,7 @@ spec: value: $(params.TLSVERIFY) steps: - name: build - image: registry.access.redhat.com/ubi9/buildah@sha256:d28590e6ff9933a50be664e95a99ed9c85e0d50101ddc7f8f7cfc9ceea57fe30 + image: registry.access.redhat.com/ubi9/buildah@sha256:3b11aae36f6c762e01731952ee6fb8e89c41660ce410e4c30d0bfc6496bca93c script: | # Check if the Dockerfile exists SOURCE_CODE_DIR=source @@ -111,7 +111,7 @@ spec: name: tmpfiles - name: merge-sboms - image: registry.access.redhat.com/ubi8/python-311@sha256:8ded4b6d8087706b6819ddda5d31f22b80e5aa4efa772e94d750699ccfbf98eb + image: registry.access.redhat.com/ubi8/python-311@sha256:4e2d2a761f416afe67740816fadc688567461b5cb5fa9144b1d0f650afc29c70 env: - name: RESULT_PATH value: $(results.SBOM_BLOB_URL.path) diff --git a/task/buildah/0.1/buildah.yaml b/task/buildah/0.1/buildah.yaml index 9387fb5661..b3fd658eea 100644 --- a/task/buildah/0.1/buildah.yaml +++ b/task/buildah/0.1/buildah.yaml @@ -287,7 +287,7 @@ spec: runAsUser: 0 - name: merge-syft-sboms - image: registry.access.redhat.com/ubi9/python-39:1-165@sha256:4da8ddb12096a31d8d50e58ea479ba2fe2f252f215fbaf5bf90923a1827463ba + image: registry.access.redhat.com/ubi9/python-39:1-172@sha256:195c51368e83a798b6f79c6a5d877685fdf5297a81e5211cfca747a7fca725aa script: | #!/bin/python3 import json @@ -336,7 +336,7 @@ spec: runAsUser: 0 - name: create-purl-sbom - image: registry.access.redhat.com/ubi9/python-39:1-165@sha256:4da8ddb12096a31d8d50e58ea479ba2fe2f252f215fbaf5bf90923a1827463ba + image: registry.access.redhat.com/ubi9/python-39:1-172@sha256:195c51368e83a798b6f79c6a5d877685fdf5297a81e5211cfca747a7fca725aa script: | #!/bin/python3 import json diff --git a/task/rpm-ostree/0.1/rpm-ostree.yaml b/task/rpm-ostree/0.1/rpm-ostree.yaml index bb7dcdbd1a..e3a6e8de76 100644 --- a/task/rpm-ostree/0.1/rpm-ostree.yaml +++ b/task/rpm-ostree/0.1/rpm-ostree.yaml @@ -166,7 +166,7 @@ spec: volumeMounts: - mountPath: /var/lib/containers name: varlibcontainers - - image: registry.access.redhat.com/ubi9/python-39:1-165@sha256:4da8ddb12096a31d8d50e58ea479ba2fe2f252f215fbaf5bf90923a1827463ba + - image: registry.access.redhat.com/ubi9/python-39:1-172@sha256:195c51368e83a798b6f79c6a5d877685fdf5297a81e5211cfca747a7fca725aa # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. diff --git a/task/s2i-java/0.1/s2i-java.yaml b/task/s2i-java/0.1/s2i-java.yaml index 202adfa752..0abb4dfe62 100644 --- a/task/s2i-java/0.1/s2i-java.yaml +++ b/task/s2i-java/0.1/s2i-java.yaml @@ -128,7 +128,7 @@ spec: container=$(buildah from --pull-never $IMAGE) buildah mount $container | tee /workspace/container_path echo $container > /workspace/container_name - image: registry.access.redhat.com/ubi9/buildah:9.1.0-5@sha256:30eac1803d669d58c033838076a946156e49018e0d4f066d94896f0cc32030af + image: registry.access.redhat.com/ubi9/buildah:9.3-12@sha256:3b11aae36f6c762e01731952ee6fb8e89c41660ce410e4c30d0bfc6496bca93c name: build env: - name: COMMIT_SHA @@ -180,7 +180,7 @@ spec: name: varlibcontainers securityContext: runAsUser: 0 - - image: registry.access.redhat.com/ubi9/python-39:1-165@sha256:4da8ddb12096a31d8d50e58ea479ba2fe2f252f215fbaf5bf90923a1827463ba + - image: registry.access.redhat.com/ubi9/python-39:1-172@sha256:195c51368e83a798b6f79c6a5d877685fdf5297a81e5211cfca747a7fca725aa # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. @@ -227,7 +227,7 @@ spec: securityContext: runAsUser: 0 - - image: registry.access.redhat.com/ubi9/buildah:9.1.0-5@sha256:30eac1803d669d58c033838076a946156e49018e0d4f066d94896f0cc32030af + - image: registry.access.redhat.com/ubi9/buildah:9.3-12@sha256:3b11aae36f6c762e01731952ee6fb8e89c41660ce410e4c30d0bfc6496bca93c # default above is image digest specific name: inject-sbom-and-push computeResources: {} diff --git a/task/s2i-nodejs/0.1/s2i-nodejs.yaml b/task/s2i-nodejs/0.1/s2i-nodejs.yaml index 5f61dc8ed5..e0094724d3 100644 --- a/task/s2i-nodejs/0.1/s2i-nodejs.yaml +++ b/task/s2i-nodejs/0.1/s2i-nodejs.yaml @@ -113,7 +113,7 @@ spec: container=$(buildah from --pull-never $IMAGE) buildah mount $container | tee /workspace/container_path echo $container > /workspace/container_name - image: registry.access.redhat.com/ubi9/buildah:9.1.0-5@sha256:30eac1803d669d58c033838076a946156e49018e0d4f066d94896f0cc32030af + image: registry.access.redhat.com/ubi9/buildah:9.3-12@sha256:3b11aae36f6c762e01731952ee6fb8e89c41660ce410e4c30d0bfc6496bca93c name: build env: - name: COMMIT_SHA @@ -150,7 +150,7 @@ spec: volumeMounts: - mountPath: /var/lib/containers name: varlibcontainers - - image: registry.access.redhat.com/ubi9/python-39:1-165@sha256:4da8ddb12096a31d8d50e58ea479ba2fe2f252f215fbaf5bf90923a1827463ba + - image: registry.access.redhat.com/ubi9/python-39:1-172@sha256:195c51368e83a798b6f79c6a5d877685fdf5297a81e5211cfca747a7fca725aa # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. @@ -197,7 +197,7 @@ spec: securityContext: runAsUser: 0 - - image: registry.access.redhat.com/ubi9/buildah:9.1.0-5@sha256:30eac1803d669d58c033838076a946156e49018e0d4f066d94896f0cc32030af + - image: registry.access.redhat.com/ubi9/buildah:9.3-12@sha256:3b11aae36f6c762e01731952ee6fb8e89c41660ce410e4c30d0bfc6496bca93c name: inject-sbom-and-push computeResources: {} script: | diff --git a/task/slack-webhook-notification/0.1/slack-webhook-notification.yaml b/task/slack-webhook-notification/0.1/slack-webhook-notification.yaml index 7f9bf99cbf..2b4f865345 100644 --- a/task/slack-webhook-notification/0.1/slack-webhook-notification.yaml +++ b/task/slack-webhook-notification/0.1/slack-webhook-notification.yaml @@ -27,7 +27,7 @@ spec: optional: true steps: - name: send-message - image: registry.access.redhat.com/ubi9/ubi-minimal:9.3-1552@sha256:06d06f15f7b641a78f2512c8817cbecaa1bf549488e273f5ac27ff1654ed33f0 + image: registry.access.redhat.com/ubi9/ubi-minimal:9.3-1612@sha256:119ac25920c8bb50c8b5fd75dcbca369bf7d1f702b82f3d39663307890f0bf26 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released. diff --git a/task/summary/0.1/summary.yaml b/task/summary/0.1/summary.yaml index 7093d1dde3..40b8ab3cd4 100644 --- a/task/summary/0.1/summary.yaml +++ b/task/summary/0.1/summary.yaml @@ -23,7 +23,7 @@ spec: default: Succeeded steps: - name: appstudio-summary - image: registry.access.redhat.com/ubi9/ubi-minimal:9.3-1552@sha256:06d06f15f7b641a78f2512c8817cbecaa1bf549488e273f5ac27ff1654ed33f0 + image: registry.access.redhat.com/ubi9/ubi-minimal:9.3-1612@sha256:119ac25920c8bb50c8b5fd75dcbca369bf7d1f702b82f3d39663307890f0bf26 # per https://kubernetes.io/docs/concepts/containers/images/#imagepullpolicy-defaulting # the cluster will set imagePullPolicy to IfNotPresent # also per direction from Ralph Bean, we want to use image digest based tags to use a cue to automation like dependabot or renovatebot to periodially submit pull requests that update the digest as new images are released.