chore(deps): update konflux references (#2265)

red-hat-konflux[bot] · web-flow · commit 370886e7b479 · 2025-09-27T04:37:55.000Z
Signed-off-by: red-hat-konflux &lt;126015336+red-hat-konflux[bot]@users.noreply.github.com&gt;
Co-authored-by: red-hat-konflux[bot] &lt;126015336+red-hat-konflux[bot]@users.noreply.github.com&gt;
diff --git a/.tekton/scanner-component-pipeline.yaml b/.tekton/scanner-component-pipeline.yaml
@@ -2,9 +2,7 @@ apiVersion: tekton.dev/v1
 kind: Pipeline
 metadata:
   name: scanner-component-pipeline
-
 spec:
-
   finally:
   - name: slack-notification
     params:
@@ -13,10 +11,10 @@ spec:
     - name: key-name
       value: 'acs-konflux-notifications'
     when:
-    # Run when any task has Failed
+        # Run when any task has Failed
     - input: $(tasks.status)
       operator: in
-      values: [ "Failed" ]
+      values: ["Failed"]
     taskRef:
       params:
       - name: name
@@ -26,7 +24,6 @@ spec:
       - name: kind
         value: task
       resolver: bundles
-
   - name: show-sbom
     params:
     - name: IMAGE_URL
@@ -40,7 +37,6 @@ spec:
       - name: kind
         value: task
       resolver: bundles
-
   - name: post-metric-end
     params:
     - name: AGGREGATE_TASKS_STATUS
@@ -54,7 +50,6 @@ spec:
       - name: kind
         value: task
       resolver: bundles
-
   params:
   - description: Source Repository URL
     name: git-url
@@ -79,13 +74,11 @@ spec:
     name: output-tag-suffix
     type: string
   - default: .
-    description: Path to the source code of an application's component from where
-      to build image.
+    description: Path to the source code of an application's component from where to build image.
     name: path-context
     type: string
   - default: Dockerfile
-    description: Path to the Dockerfile inside the context specified by parameter
-      path-context
+    description: Path to the Dockerfile inside the context specified by parameter path-context
     name: dockerfile
     type: string
   - default: "false"
@@ -104,8 +97,7 @@ spec:
     description: Build dependencies to be prefetched by Cachi2
     name: prefetch-input
     type: string
-  - description: Image tag expiration time, time values could be something like
-      1h, 2d, 3w for hours, days, and weeks, respectively.
+  - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
     name: image-expires-after
     type: string
   - default: "true"
@@ -116,15 +108,18 @@ spec:
     description: Build stage to target in container build
     name: build-target-stage
     type: string
-  - default: [ ]
+  - default: []
     description: List of scanner-data file names to fetch to include in the container build.
     name: blobs-to-fetch
     type: array
   - default: "1d"
     description: This sets the expiration time for intermediate OCI artifacts produced and used during builds after which they can be garbage collected.
     name: oci-artifact-expires-after
     type: string
-
+  - name: buildah-format
+    default: docker
+    type: string
+    description: The format for the resulting image's mediaType. Valid values are oci or docker.
   results:
   - description: ""
     name: IMAGE_URL
@@ -138,21 +133,17 @@ spec:
   - description: ""
     name: CHAINS-GIT_COMMIT
     value: $(tasks.clone-repository.results.commit)
-
   workspaces:
   - name: git-auth
-
   tasks:
-
   - name: post-metric-start
     taskRef: *post-bigquery-metrics-ref
-
   - name: init
     params:
     - name: image-url
-      # We can't provide a StackRox-style tag because it is not known at this time (requires cloning source, etc.)
-      # As a workaround, we still provide a unique tag that's based on a revision in order for this task to comply with
-      # its expected input. We later actually add this tag on a built image with the apply-index-image-tag task.
+          # We can't provide a StackRox-style tag because it is not known at this time (requires cloning source, etc.)
+          # As a workaround, we still provide a unique tag that's based on a revision in order for this task to comply with
+          # its expected input. We later actually add this tag on a built image with the apply-index-image-tag task.
       value: $(params.output-image-repo):konflux-$(params.revision)
     - name: rebuild
       value: $(params.rebuild)
@@ -163,11 +154,10 @@ spec:
       - name: name
         value: init
       - name: bundle
-        value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:ec962d0be18f36ca7d331c99bf243800f569fc0a2ea6f8c8c3d3a574b71c44dc
+        value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:abf231cfc5a68b56f68a8ac9bb26dca3c3e434c88dd9627c72bdec0b8c335c67
       - name: kind
         value: task
       resolver: bundles
-
   - name: clone-repository
     params:
     - name: url
@@ -194,11 +184,10 @@ spec:
     when:
     - input: $(tasks.init.results.build)
       operator: in
-      values: [ "true" ]
+      values: ["true"]
     workspaces:
     - name: basic-auth
       workspace: git-auth
-
   - name: determine-image-expiration
     params:
     - name: DEFAULT_IMAGE_EXPIRES_AFTER
@@ -214,7 +203,6 @@ spec:
       - name: kind
         value: task
       resolver: bundles
-
   - name: determine-image-tag
     params:
     - name: TAG_SUFFIX
@@ -230,11 +218,10 @@ spec:
       - name: kind
         value: task
       resolver: bundles
-
   - name: fetch-scanner-data
     params:
     - name: BLOBS_TO_FETCH
-      value: [ "$(params.blobs-to-fetch[*])" ]
+      value: ["$(params.blobs-to-fetch[*])"]
     - name: TARGET_DIR
       value: .konflux/scanner-data
     - name: SOURCE_ARTIFACT
@@ -252,7 +239,6 @@ spec:
       - name: kind
         value: task
       resolver: bundles
-
   - name: prefetch-dependencies
     params:
     - name: input
@@ -265,7 +251,7 @@ spec:
       value: $(params.oci-artifact-expires-after)
     - name: ACTIVATION_KEY
       value: subscription-manager-activation-key-prod
-    # Required for RPM prefetching support
+        # Required for RPM prefetching support
     - name: dev-package-managers
       value: "true"
     taskRef:
@@ -280,7 +266,6 @@ spec:
     workspaces:
     - name: git-basic-auth
       workspace: git-auth
-
   - name: build-container-amd64
     params:
     - name: IMAGE
@@ -306,20 +291,21 @@ spec:
       value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
     - name: CACHI2_ARTIFACT
       value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
+    - name: BUILDAH_FORMAT
+      value: $(params.buildah-format)
     taskRef:
       params:
       - name: name
         value: buildah-oci-ta
       - name: bundle
-        value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:fdd3f39c8ea97de0d77bcde160704dbd33fdcb9cd235836927bbb170aaefb80f
+        value: quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta:0.5@sha256:6ec006242975a17388bfe813e2afd0ae721dd013247580c0d988e3c4a9c7f867
       - name: kind
         value: task
       resolver: bundles
     when:
     - input: $(tasks.init.results.build)
       operator: in
-      values: [ "true" ]
-
+      values: ["true"]
   - name: build-container-s390x
     params:
     - name: IMAGE
@@ -352,15 +338,14 @@ spec:
       - name: name
         value: buildah-remote-oci-ta
       - name: bundle
-        value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:a60e433e02bfda6811719690edbf1e924820d107ad658c8a9690498d4c7e9c7b
+        value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:650b0bca57c626c1e82f35cdfadf44a7792230b2b992aaa9c369d615aae6590d
       - name: kind
         value: task
       resolver: bundles
     when:
     - input: $(tasks.init.results.build)
       operator: in
-      values: [ "true" ]
-
+      values: ["true"]
   - name: build-container-ppc64le
     params:
     - name: IMAGE
@@ -393,15 +378,14 @@ spec:
       - name: name
         value: buildah-remote-oci-ta
       - name: bundle
-        value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:a60e433e02bfda6811719690edbf1e924820d107ad658c8a9690498d4c7e9c7b
+        value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:650b0bca57c626c1e82f35cdfadf44a7792230b2b992aaa9c369d615aae6590d
       - name: kind
         value: task
       resolver: bundles
     when:
     - input: $(tasks.init.results.build)
       operator: in
-      values: [ "true" ]
-
+      values: ["true"]
   - name: build-container-arm64
     params:
     - name: IMAGE
@@ -434,15 +418,14 @@ spec:
       - name: name
         value: buildah-remote-oci-ta
       - name: bundle
-        value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:a60e433e02bfda6811719690edbf1e924820d107ad658c8a9690498d4c7e9c7b
+        value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:650b0bca57c626c1e82f35cdfadf44a7792230b2b992aaa9c369d615aae6590d
       - name: kind
         value: task
       resolver: bundles
     when:
     - input: $(tasks.init.results.build)
       operator: in
-      values: [ "true" ]
-
+      values: ["true"]
   - name: build-image-index
     params:
     - name: IMAGE
@@ -457,6 +440,8 @@ spec:
       - $(tasks.build-container-arm64.results.IMAGE_REF)
     - name: IMAGE_EXPIRES_AFTER
       value: $(tasks.determine-image-expiration.results.IMAGE_EXPIRES_AFTER)
+    - name: BUILDAH_FORMAT
+      value: $(params.buildah-format)
     taskRef:
       params:
       - name: name
@@ -469,8 +454,7 @@ spec:
     when:
     - input: $(tasks.init.results.build)
       operator: in
-      values: [ "true" ]
-
+      values: ["true"]
   - name: apply-index-image-tag
     params:
     - name: IMAGE_URL
@@ -492,8 +476,7 @@ spec:
     when:
     - input: $(tasks.init.results.build)
       operator: in
-      values: [ "true" ]
-
+      values: ["true"]
   - name: build-source-image
     params:
     - name: BINARY_IMAGE
@@ -516,11 +499,10 @@ spec:
     when:
     - input: $(tasks.init.results.build)
       operator: in
-      values: [ "true" ]
+      values: ["true"]
     - input: $(params.build-source-image)
       operator: in
-      values: [ "true" ]
-
+      values: ["true"]
   - name: deprecated-base-image-check
     params:
     - name: IMAGE_URL
@@ -539,8 +521,7 @@ spec:
     when:
     - input: $(params.skip-checks)
       operator: in
-      values: [ "false" ]
-
+      values: ["false"]
   - name: clair-scan
     params:
     - name: image-digest
@@ -559,8 +540,7 @@ spec:
     when:
     - input: $(params.skip-checks)
       operator: in
-      values: [ "false" ]
-
+      values: ["false"]
   - name: ecosystem-cert-preflight-checks
     params:
     - name: image-url
@@ -577,8 +557,7 @@ spec:
     when:
     - input: $(params.skip-checks)
       operator: in
-      values: [ "false" ]
-
+      values: ["false"]
   - name: sast-shell-check
     params:
     - name: image-digest
@@ -601,8 +580,7 @@ spec:
     when:
     - input: $(params.skip-checks)
       operator: in
-      values: [ "false" ]
-
+      values: ["false"]
   - name: sast-unicode-check
     params:
     - name: image-digest
@@ -625,8 +603,7 @@ spec:
     when:
     - input: $(params.skip-checks)
       operator: in
-      values: [ "false" ]
-
+      values: ["false"]
   - name: sast-snyk-check
     params:
     - name: SOURCE_ARTIFACT
@@ -649,8 +626,7 @@ spec:
     when:
     - input: $(params.skip-checks)
       operator: in
-      values: [ "false" ]
-
+      values: ["false"]
   - name: clamav-scan
     params:
     - name: image-digest
@@ -669,8 +645,7 @@ spec:
     when:
     - input: $(params.skip-checks)
       operator: in
-      values: [ "false" ]
-
+      values: ["false"]
   - name: rpms-signature-scan
     params:
     - name: image-digest
@@ -689,8 +664,7 @@ spec:
     when:
     - input: $(params.skip-checks)
       operator: in
-      values: [ "false" ]
-
+      values: ["false"]
   - name: push-dockerfile
     params:
     - name: IMAGE
