apiVersion: tekton.dev/v1 kind: PipelineRun metadata: annotations: build.appstudio.openshift.io/repo: https://gitlab.com/konflux-qe/build-nudge-parent/-/tree/033fd7a28047da5a2b3c9ddbf45a1becc3c9c03d build.appstudio.redhat.com/commit_sha: 033fd7a28047da5a2b3c9ddbf45a1becc3c9c03d build.appstudio.redhat.com/pull_request_number: "5819" build.appstudio.redhat.com/target_branch: multi-component-parent-base-okfn chains.tekton.dev/signed: "true" pipelinesascode.tekton.dev/branch: multi-component-parent-base-okfn pipelinesascode.tekton.dev/cancel-in-progress: "true" pipelinesascode.tekton.dev/controller-info: '{"name":"default","configmap":"pipelines-as-code","secret":"pipelines-as-code-secret", "gRepo": "pipelines-as-code"}' pipelinesascode.tekton.dev/event-type: Merge Request pipelinesascode.tekton.dev/git-auth-secret: pac-gitauth-wjyyfw pipelinesascode.tekton.dev/git-provider: gitlab pipelinesascode.tekton.dev/log-url: https://44.253.5.163:9443/ns/build-e2e-hjmh/pipelinerun/gl-multi-component-parent-okfn-on-pull-request-6sg6c pipelinesascode.tekton.dev/max-keep-runs: "3" pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "multi-component-parent-base-okfn" pipelinesascode.tekton.dev/original-prname: gl-multi-component-parent-okfn-on-pull-request pipelinesascode.tekton.dev/pull-request: "5819" pipelinesascode.tekton.dev/repo-url: https://gitlab.com/konflux-qe/build-nudge-parent pipelinesascode.tekton.dev/repository: gl-multi-component-parent-okfn pipelinesascode.tekton.dev/scm-reporting-plr-started: "true" pipelinesascode.tekton.dev/sender: konflux-ci-qe-bot pipelinesascode.tekton.dev/sha: 033fd7a28047da5a2b3c9ddbf45a1becc3c9c03d pipelinesascode.tekton.dev/sha-title: Konflux update gl-multi-component-parent-okfn pipelinesascode.tekton.dev/sha-url: https://gitlab.com/konflux-qe/build-nudge-parent/-/commit/033fd7a28047da5a2b3c9ddbf45a1becc3c9c03d pipelinesascode.tekton.dev/source-branch: konflux-gl-multi-component-parent-okfn pipelinesascode.tekton.dev/source-project-id: "62134305" pipelinesascode.tekton.dev/source-repo-url: https://gitlab.com/konflux-qe/build-nudge-parent pipelinesascode.tekton.dev/state: completed pipelinesascode.tekton.dev/target-project-id: "62134305" pipelinesascode.tekton.dev/url-org: konflux-qe pipelinesascode.tekton.dev/url-repository: build-nudge-parent results.tekton.dev/record: build-e2e-hjmh/results/9dd05f2b-22ba-4dd2-8808-7650f8e8685c/records/9dd05f2b-22ba-4dd2-8808-7650f8e8685c results.tekton.dev/recordSummaryAnnotations: '{"repo":"build-nudge-parent","commit":"033fd7a28047da5a2b3c9ddbf45a1becc3c9c03d","eventType":"Merge Request","pull_request-id":5819}' results.tekton.dev/result: build-e2e-hjmh/results/9dd05f2b-22ba-4dd2-8808-7650f8e8685c results.tekton.dev/stored: "true" test.appstudio.openshift.io/pr-group: konflux-gl-multi-component-parent-okfn test.appstudio.openshift.io/snapshot-creation-report: BuildPLRFailed creationTimestamp: "2025-10-16T22:28:35Z" finalizers: - chains.tekton.dev/pipelinerun - pipelinesascode.tekton.dev/finalizer - results.tekton.dev/pipelinerun generateName: gl-multi-component-parent-okfn-on-pull-request- generation: 2 labels: app.kubernetes.io/managed-by: pipelinesascode.tekton.dev app.kubernetes.io/version: v0.38.0 appstudio.openshift.io/application: build-suite-component-update-gxai appstudio.openshift.io/component: gl-multi-component-parent-okfn pipelines.appstudio.openshift.io/type: build pipelinesascode.tekton.dev/cancel-in-progress: "true" pipelinesascode.tekton.dev/event-type: Merge_Request pipelinesascode.tekton.dev/original-prname: gl-multi-component-parent-okfn-on-pull-request pipelinesascode.tekton.dev/pull-request: "5819" pipelinesascode.tekton.dev/repository: gl-multi-component-parent-okfn pipelinesascode.tekton.dev/sha: 033fd7a28047da5a2b3c9ddbf45a1becc3c9c03d pipelinesascode.tekton.dev/state: completed pipelinesascode.tekton.dev/url-org: konflux-qe pipelinesascode.tekton.dev/url-repository: build-nudge-parent tekton.dev/pipeline: gl-multi-component-parent-okfn-on-pull-request-6sg6c test.appstudio.openshift.io/pr-group-sha: 5ff7b05bafbaf2352dedee331c3c04283a68566a62679a627c28c878c01105 managedFields: - apiVersion: tekton.dev/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: .: {} f:build.appstudio.openshift.io/repo: {} f:build.appstudio.redhat.com/commit_sha: {} f:build.appstudio.redhat.com/pull_request_number: {} f:build.appstudio.redhat.com/target_branch: {} f:pipelinesascode.tekton.dev/branch: {} f:pipelinesascode.tekton.dev/cancel-in-progress: {} f:pipelinesascode.tekton.dev/controller-info: {} f:pipelinesascode.tekton.dev/event-type: {} f:pipelinesascode.tekton.dev/git-auth-secret: {} f:pipelinesascode.tekton.dev/git-provider: {} f:pipelinesascode.tekton.dev/log-url: {} f:pipelinesascode.tekton.dev/max-keep-runs: {} f:pipelinesascode.tekton.dev/on-cel-expression: {} f:pipelinesascode.tekton.dev/original-prname: {} f:pipelinesascode.tekton.dev/pull-request: {} f:pipelinesascode.tekton.dev/repo-url: {} f:pipelinesascode.tekton.dev/repository: {} f:pipelinesascode.tekton.dev/scm-reporting-plr-started: {} f:pipelinesascode.tekton.dev/sender: {} f:pipelinesascode.tekton.dev/sha: {} f:pipelinesascode.tekton.dev/sha-title: {} f:pipelinesascode.tekton.dev/sha-url: {} f:pipelinesascode.tekton.dev/source-branch: {} f:pipelinesascode.tekton.dev/source-project-id: {} f:pipelinesascode.tekton.dev/source-repo-url: {} f:pipelinesascode.tekton.dev/target-project-id: {} f:pipelinesascode.tekton.dev/url-org: {} f:pipelinesascode.tekton.dev/url-repository: {} f:results.tekton.dev/recordSummaryAnnotations: {} f:generateName: {} f:labels: .: {} f:app.kubernetes.io/managed-by: {} f:app.kubernetes.io/version: {} f:appstudio.openshift.io/application: {} f:appstudio.openshift.io/component: {} f:pipelines.appstudio.openshift.io/type: {} f:pipelinesascode.tekton.dev/cancel-in-progress: {} f:pipelinesascode.tekton.dev/event-type: {} f:pipelinesascode.tekton.dev/original-prname: {} f:pipelinesascode.tekton.dev/pull-request: {} f:pipelinesascode.tekton.dev/repository: {} f:pipelinesascode.tekton.dev/sha: {} f:pipelinesascode.tekton.dev/url-org: {} f:pipelinesascode.tekton.dev/url-repository: {} f:spec: .: {} f:params: {} f:pipelineSpec: .: {} f:description: {} f:params: {} f:results: {} f:tasks: {} f:workspaces: {} f:status: {} f:taskRunTemplate: .: {} f:serviceAccountName: {} f:workspaces: {} manager: pipelines-as-code-controller operation: Update time: "2025-10-16T22:28:39Z" - apiVersion: tekton.dev/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:chains.tekton.dev/signed: {} f:finalizers: .: {} v:"chains.tekton.dev/pipelinerun": {} f:labels: f:tekton.dev/pipeline: {} manager: controller operation: Update time: "2025-10-16T22:29:08Z" - apiVersion: tekton.dev/v1 fieldsType: FieldsV1 fieldsV1: f:status: .: {} f:completionTime: {} f:conditions: {} f:pipelineSpec: .: {} f:description: {} f:params: {} f:results: {} f:tasks: {} f:workspaces: {} f:provenance: .: {} f:featureFlags: .: {} f:awaitSidecarReadiness: {} f:coschedule: {} f:enableAPIFields: {} f:enableProvenanceInStatus: {} f:enforceNonfalsifiability: {} f:maxResultSize: {} f:resultExtractionMethod: {} f:runningInEnvWithInjectedSidecars: {} f:verificationNoMatchPolicy: {} f:skippedTasks: {} f:startTime: {} manager: controller operation: Update subresource: status time: "2025-10-16T22:29:08Z" - apiVersion: tekton.dev/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:test.appstudio.openshift.io/pr-group: {} f:test.appstudio.openshift.io/snapshot-creation-report: {} f:labels: f:test.appstudio.openshift.io/pr-group-sha: {} manager: manager operation: Update time: "2025-10-16T22:29:08Z" - apiVersion: tekton.dev/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:pipelinesascode.tekton.dev/state: {} f:finalizers: v:"pipelinesascode.tekton.dev/finalizer": {} f:labels: f:pipelinesascode.tekton.dev/state: {} manager: pipelines-as-code-watcher operation: Update time: "2025-10-16T22:29:09Z" - apiVersion: tekton.dev/v1 fieldsType: FieldsV1 fieldsV1: f:metadata: f:annotations: f:results.tekton.dev/record: {} f:results.tekton.dev/result: {} f:results.tekton.dev/stored: {} f:finalizers: v:"results.tekton.dev/pipelinerun": {} manager: watcher operation: Update time: "2025-10-16T22:29:13Z" name: gl-multi-component-parent-okfn-on-pull-request-6sg6c namespace: build-e2e-hjmh resourceVersion: "42033" uid: 9dd05f2b-22ba-4dd2-8808-7650f8e8685c spec: params: - name: git-url value: https://gitlab.com/konflux-qe/build-nudge-parent - name: revision value: 033fd7a28047da5a2b3c9ddbf45a1becc3c9c03d - name: output-image value: quay.io/redhat-appstudio-qe/build-e2e-hjmh/gl-multi-component-parent-okfn:on-pr-033fd7a28047da5a2b3c9ddbf45a1becc3c9c03d - name: image-expires-after value: 5d - name: dockerfile value: Dockerfile pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) if any tasks are added to the pipeline. This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ params: - description: Source Repository URL name: git-url type: string - default: "" description: Revision of the Source Repository name: revision type: string - description: Fully Qualified Output Image name: output-image type: string - default: . description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" description: Force rebuild image name: rebuild type: string - default: "false" description: Skip checks against built image name: skip-checks type: string - default: "false" description: Execute the build with network isolation name: hermetic type: string - default: "" description: Build dependencies to be prefetched name: prefetch-input type: string - default: "" description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after type: string - default: "false" description: Build a source image. name: build-source-image type: string - default: "false" description: Add built image into an OCI image index name: build-image-index type: string - default: docker description: The format for the resulting image's mediaType. Valid values are oci or docker. name: buildah-format type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args type: array - default: "" description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file name: build-args-file type: string - default: "false" description: Whether to enable privileged mode, should be used only with remote VMs name: privileged-nested type: string results: - description: "" name: IMAGE_URL value: $(tasks.build-image-index.results.IMAGE_URL) - description: "" name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) - description: "" name: CHAINS-GIT_URL value: $(tasks.clone-repository.results.url) - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) tasks: - name: init params: - name: image-url value: $(params.output-image) - name: rebuild value: $(params.rebuild) - name: skip-checks value: $(params.skip-checks) taskRef: params: - name: name value: init - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:bbf313b09740fb39b3343bc69ee94b2a2c21d16a9304f9b7c111c305558fc346 - name: kind value: task resolver: bundles - name: clone-repository params: - name: url value: $(params.git-url) - name: revision value: $(params.revision) runAfter: - init taskRef: params: - name: name value: git-clone - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:90d2d42d17e6276ef45505cbb5a78598e5f5186257d0ee2260b3d4835f1c2d6b - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: $(params.prefetch-input) runAfter: - clone-repository taskRef: params: - name: name value: prefetch-dependencies - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:846a3b883ee729c45a6714ab3a3688f6044a4d352655546d057e43e34b10149e - name: kind value: task resolver: bundles workspaces: - name: source workspace: workspace - name: git-basic-auth workspace: git-auth - name: netrc workspace: netrc - name: build-container params: - name: IMAGE value: $(params.output-image) - name: DOCKERFILE value: $(params.dockerfile) - name: CONTEXT value: $(params.path-context) - name: HERMETIC value: $(params.hermetic) - name: PREFETCH_INPUT value: $(params.prefetch-input) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: BUILD_ARGS value: - $(params.build-args[*]) - name: BUILD_ARGS_FILE value: $(params.build-args-file) - name: PRIVILEGED_NESTED value: $(params.privileged-nested) - name: SOURCE_URL value: $(tasks.clone-repository.results.url) - name: BUILDAH_FORMAT value: $(params.buildah-format) runAfter: - prefetch-dependencies taskRef: params: - name: name value: buildah-min - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-buildah-min:0.6 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace - name: build-image-index params: - name: IMAGE value: $(params.output-image) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: ALWAYS_BUILD_INDEX value: $(params.build-image-index) - name: IMAGES value: - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) - name: BUILDAH_FORMAT value: $(params.buildah-format) runAfter: - build-container taskRef: params: - name: name value: build-image-index - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:d94cad7f41be61074dd21c7dff26dab9217c3435a16f62813c1cb8382dd9aae6 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" - name: build-source-image params: - name: BINARY_IMAGE value: $(tasks.build-image-index.results.IMAGE_URL) - name: BINARY_IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: params: - name: name value: source-build - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.3@sha256:268bf4dba7455ef3871d84bc26de1800b8221a0d1809c9f5101616bccfa84d33 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" - input: $(params.build-source-image) operator: in values: - "true" workspaces: - name: workspace workspace: workspace - name: deprecated-base-image-check params: - name: IMAGE_URL value: $(tasks.build-image-index.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: params: - name: name value: deprecated-image-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:f59175d9a0a60411738228dfe568af4684af4aa5e7e05c832927cb917801d489 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: clair-scan params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - build-image-index taskRef: params: - name: name value: clair-scan - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: ecosystem-cert-preflight-checks params: - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - build-image-index taskRef: params: - name: name value: ecosystem-cert-preflight-checks - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9568c51a5158d534248908b9b561cf67d2826ed4ea164ffd95628bb42380e6ec - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: sast-snyk-check params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - build-image-index taskRef: params: - name: name value: sast-snyk-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:b487b08bd617d28adb47ee7c217b148b26b22bf906775b9f0ae7055acd042416 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: workspace workspace: workspace - name: clamav-scan params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - build-image-index taskRef: params: - name: name value: clamav-scan - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b0bd59748cda4a7abf311e4f448e6c1d00c6b6d8c0ecc1c2eb33e08dc0e0b802 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: sast-coverity-check params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) - name: IMAGE value: $(params.output-image) - name: DOCKERFILE value: $(params.dockerfile) - name: CONTEXT value: $(params.path-context) - name: HERMETIC value: $(params.hermetic) - name: PREFETCH_INPUT value: $(params.prefetch-input) - name: IMAGE_EXPIRES_AFTER value: $(params.image-expires-after) - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: BUILD_ARGS value: - $(params.build-args[*]) - name: BUILD_ARGS_FILE value: $(params.build-args-file) runAfter: - coverity-availability-check taskRef: params: - name: name value: sast-coverity-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.3@sha256:9d572d7f7486224318d59de1b166efa68e59e17bac0785e2ecdcd014fe8e44d5 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - input: $(tasks.coverity-availability-check.results.STATUS) operator: in values: - success workspaces: - name: source workspace: workspace - name: coverity-availability-check runAfter: - build-image-index taskRef: params: - name: name value: coverity-availability-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:db2b267dc15e4ed17f704ee91b8e9b38068e1a35b1018a328fdca621819d74c6 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" - name: sast-shell-check params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - build-image-index taskRef: params: - name: name value: sast-shell-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:cdfb0f552b30e7bb38a87c6b10ea3cd7f8dbf2e3b913fe27319cd9588c6d49e6 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: workspace workspace: workspace - name: sast-unicode-check params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - build-image-index taskRef: params: - name: name value: sast-unicode-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.3@sha256:23c7a716cf5596d5b09e57a13ad20572de2a13d47bf708b13141f5e341845133 - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: workspace workspace: workspace - name: apply-tags params: - name: IMAGE_URL value: $(tasks.build-image-index.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: params: - name: name value: apply-tags - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:f44be1bf0262471f2f503f5e19da5f0628dcaf968c86272a2ad6b4871e708448 - name: kind value: task resolver: bundles - name: push-dockerfile params: - name: IMAGE value: $(tasks.build-image-index.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: DOCKERFILE value: $(params.dockerfile) - name: CONTEXT value: $(params.path-context) runAfter: - build-image-index taskRef: params: - name: name value: push-dockerfile - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:74e982c07a808eaa5b1d8c126cafcbf3cc6ce94c883cf0845b55ce8064674b45 - name: kind value: task resolver: bundles workspaces: - name: workspace workspace: workspace - name: rpms-signature-scan params: - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: params: - name: name value: rpms-signature-scan - name: bundle value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:06977232e67509e5540528ff6c3b081b23fc5bf3e40fb3e2d09a086d5c3243fc - name: kind value: task resolver: bundles when: - input: $(params.skip-checks) operator: in values: - "false" workspaces: - name: workspace - name: git-auth optional: true - name: netrc optional: true status: CancelledRunFinally taskRunTemplate: serviceAccountName: build-pipeline-gl-multi-component-parent-okfn timeouts: pipeline: 1h0m0s workspaces: - name: workspace volumeClaimTemplate: metadata: creationTimestamp: null spec: accessModes: - ReadWriteOnce resources: requests: storage: 1Gi status: {} - name: git-auth secret: secretName: pac-gitauth-wjyyfw status: completionTime: "2025-10-16T22:29:08Z" conditions: - lastTransitionTime: "2025-10-16T22:29:08Z" message: PipelineRun "gl-multi-component-parent-okfn-on-pull-request-6sg6c" was cancelled reason: Cancelled status: "False" type: Succeeded pipelineSpec: description: | This pipeline is ideal for building container images from a Containerfile while reducing network traffic. _Uses `buildah` to create a container image. It also optionally creates a source image and runs some build-time tests. EC will flag a violation for [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) if any tasks are added to the pipeline. This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build?tab=tags)_ params: - description: Source Repository URL name: git-url type: string - default: "" description: Revision of the Source Repository name: revision type: string - description: Fully Qualified Output Image name: output-image type: string - default: . description: Path to the source code of an application's component from where to build image. name: path-context type: string - default: Dockerfile description: Path to the Dockerfile inside the context specified by parameter path-context name: dockerfile type: string - default: "false" description: Force rebuild image name: rebuild type: string - default: "false" description: Skip checks against built image name: skip-checks type: string - default: "false" description: Execute the build with network isolation name: hermetic type: string - default: "" description: Build dependencies to be prefetched name: prefetch-input type: string - default: "" description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after type: string - default: "false" description: Build a source image. name: build-source-image type: string - default: "false" description: Add built image into an OCI image index name: build-image-index type: string - default: docker description: The format for the resulting image's mediaType. Valid values are oci or docker. name: buildah-format type: string - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args type: array - default: "" description: Path to a file with build arguments for buildah, see https://www.mankier.com/1/buildah-build#--build-arg-file name: build-args-file type: string - default: "false" description: Whether to enable privileged mode, should be used only with remote VMs name: privileged-nested type: string results: - description: "" name: IMAGE_URL value: $(tasks.build-image-index.results.IMAGE_URL) - description: "" name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) - description: "" name: CHAINS-GIT_URL value: $(tasks.clone-repository.results.url) - description: "" name: CHAINS-GIT_COMMIT value: $(tasks.clone-repository.results.commit) tasks: - name: init params: - name: image-url value: quay.io/redhat-appstudio-qe/build-e2e-hjmh/gl-multi-component-parent-okfn:on-pr-033fd7a28047da5a2b3c9ddbf45a1becc3c9c03d - name: rebuild value: "false" - name: skip-checks value: "false" taskRef: params: - name: name value: init - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-init:0.2@sha256:bbf313b09740fb39b3343bc69ee94b2a2c21d16a9304f9b7c111c305558fc346 - name: kind value: task resolver: bundles - name: clone-repository params: - name: url value: https://gitlab.com/konflux-qe/build-nudge-parent - name: revision value: 033fd7a28047da5a2b3c9ddbf45a1becc3c9c03d runAfter: - init taskRef: params: - name: name value: git-clone - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:90d2d42d17e6276ef45505cbb5a78598e5f5186257d0ee2260b3d4835f1c2d6b - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: output workspace: workspace - name: basic-auth workspace: git-auth - name: prefetch-dependencies params: - name: input value: "" runAfter: - clone-repository taskRef: params: - name: name value: prefetch-dependencies - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.2@sha256:846a3b883ee729c45a6714ab3a3688f6044a4d352655546d057e43e34b10149e - name: kind value: task resolver: bundles workspaces: - name: source workspace: workspace - name: git-basic-auth workspace: git-auth - name: netrc workspace: netrc - name: build-container params: - name: IMAGE value: quay.io/redhat-appstudio-qe/build-e2e-hjmh/gl-multi-component-parent-okfn:on-pr-033fd7a28047da5a2b3c9ddbf45a1becc3c9c03d - name: DOCKERFILE value: Dockerfile - name: CONTEXT value: . - name: HERMETIC value: "false" - name: PREFETCH_INPUT value: "" - name: IMAGE_EXPIRES_AFTER value: 5d - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: BUILD_ARGS value: [] - name: BUILD_ARGS_FILE value: "" - name: PRIVILEGED_NESTED value: "false" - name: SOURCE_URL value: $(tasks.clone-repository.results.url) - name: BUILDAH_FORMAT value: docker runAfter: - prefetch-dependencies taskRef: params: - name: name value: buildah-min - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-buildah-min:0.6 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" workspaces: - name: source workspace: workspace - name: build-image-index params: - name: IMAGE value: quay.io/redhat-appstudio-qe/build-e2e-hjmh/gl-multi-component-parent-okfn:on-pr-033fd7a28047da5a2b3c9ddbf45a1becc3c9c03d - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: IMAGE_EXPIRES_AFTER value: 5d - name: ALWAYS_BUILD_INDEX value: "false" - name: IMAGES value: - $(tasks.build-container.results.IMAGE_URL)@$(tasks.build-container.results.IMAGE_DIGEST) - name: BUILDAH_FORMAT value: docker runAfter: - build-container taskRef: params: - name: name value: build-image-index - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.1@sha256:d94cad7f41be61074dd21c7dff26dab9217c3435a16f62813c1cb8382dd9aae6 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" - name: build-source-image params: - name: BINARY_IMAGE value: $(tasks.build-image-index.results.IMAGE_URL) - name: BINARY_IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: params: - name: name value: source-build - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-source-build:0.3@sha256:268bf4dba7455ef3871d84bc26de1800b8221a0d1809c9f5101616bccfa84d33 - name: kind value: task resolver: bundles when: - input: $(tasks.init.results.build) operator: in values: - "true" - input: "false" operator: in values: - "true" workspaces: - name: workspace workspace: workspace - name: deprecated-base-image-check params: - name: IMAGE_URL value: $(tasks.build-image-index.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: params: - name: name value: deprecated-image-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:f59175d9a0a60411738228dfe568af4684af4aa5e7e05c832927cb917801d489 - name: kind value: task resolver: bundles when: - input: "false" operator: in values: - "false" - name: clair-scan params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - build-image-index taskRef: params: - name: name value: clair-scan - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:a7cc183967f89c4ac100d04ab8f81e54733beee60a0528208107c9a22d3c43af - name: kind value: task resolver: bundles when: - input: "false" operator: in values: - "false" - name: ecosystem-cert-preflight-checks params: - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - build-image-index taskRef: params: - name: name value: ecosystem-cert-preflight-checks - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9568c51a5158d534248908b9b561cf67d2826ed4ea164ffd95628bb42380e6ec - name: kind value: task resolver: bundles when: - input: "false" operator: in values: - "false" - name: sast-snyk-check params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - build-image-index taskRef: params: - name: name value: sast-snyk-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:b487b08bd617d28adb47ee7c217b148b26b22bf906775b9f0ae7055acd042416 - name: kind value: task resolver: bundles when: - input: "false" operator: in values: - "false" workspaces: - name: workspace workspace: workspace - name: clamav-scan params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - build-image-index taskRef: params: - name: name value: clamav-scan - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:b0bd59748cda4a7abf311e4f448e6c1d00c6b6d8c0ecc1c2eb33e08dc0e0b802 - name: kind value: task resolver: bundles when: - input: "false" operator: in values: - "false" - name: sast-coverity-check params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) - name: IMAGE value: quay.io/redhat-appstudio-qe/build-e2e-hjmh/gl-multi-component-parent-okfn:on-pr-033fd7a28047da5a2b3c9ddbf45a1becc3c9c03d - name: DOCKERFILE value: Dockerfile - name: CONTEXT value: . - name: HERMETIC value: "false" - name: PREFETCH_INPUT value: "" - name: IMAGE_EXPIRES_AFTER value: 5d - name: COMMIT_SHA value: $(tasks.clone-repository.results.commit) - name: BUILD_ARGS value: [] - name: BUILD_ARGS_FILE value: "" runAfter: - coverity-availability-check taskRef: params: - name: name value: sast-coverity-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check:0.3@sha256:9d572d7f7486224318d59de1b166efa68e59e17bac0785e2ecdcd014fe8e44d5 - name: kind value: task resolver: bundles when: - input: "false" operator: in values: - "false" - input: $(tasks.coverity-availability-check.results.STATUS) operator: in values: - success workspaces: - name: source workspace: workspace - name: coverity-availability-check runAfter: - build-image-index taskRef: params: - name: name value: coverity-availability-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:db2b267dc15e4ed17f704ee91b8e9b38068e1a35b1018a328fdca621819d74c6 - name: kind value: task resolver: bundles when: - input: "false" operator: in values: - "false" - name: sast-shell-check params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - build-image-index taskRef: params: - name: name value: sast-shell-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:cdfb0f552b30e7bb38a87c6b10ea3cd7f8dbf2e3b913fe27319cd9588c6d49e6 - name: kind value: task resolver: bundles when: - input: "false" operator: in values: - "false" workspaces: - name: workspace workspace: workspace - name: sast-unicode-check params: - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) runAfter: - build-image-index taskRef: params: - name: name value: sast-unicode-check - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.3@sha256:23c7a716cf5596d5b09e57a13ad20572de2a13d47bf708b13141f5e341845133 - name: kind value: task resolver: bundles when: - input: "false" operator: in values: - "false" workspaces: - name: workspace workspace: workspace - name: apply-tags params: - name: IMAGE_URL value: $(tasks.build-image-index.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: params: - name: name value: apply-tags - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.2@sha256:f44be1bf0262471f2f503f5e19da5f0628dcaf968c86272a2ad6b4871e708448 - name: kind value: task resolver: bundles - name: push-dockerfile params: - name: IMAGE value: $(tasks.build-image-index.results.IMAGE_URL) - name: IMAGE_DIGEST value: $(tasks.build-image-index.results.IMAGE_DIGEST) - name: DOCKERFILE value: Dockerfile - name: CONTEXT value: . runAfter: - build-image-index taskRef: params: - name: name value: push-dockerfile - name: bundle value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.1@sha256:74e982c07a808eaa5b1d8c126cafcbf3cc6ce94c883cf0845b55ce8064674b45 - name: kind value: task resolver: bundles workspaces: - name: workspace workspace: workspace - name: rpms-signature-scan params: - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) - name: image-digest value: $(tasks.build-image-index.results.IMAGE_DIGEST) runAfter: - build-image-index taskRef: params: - name: name value: rpms-signature-scan - name: bundle value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:06977232e67509e5540528ff6c3b081b23fc5bf3e40fb3e2d09a086d5c3243fc - name: kind value: task resolver: bundles when: - input: "false" operator: in values: - "false" workspaces: - name: workspace - name: git-auth optional: true - name: netrc optional: true provenance: featureFlags: AwaitSidecarReadiness: false Coschedule: "" DisableAffinityAssistant: false DisableCredsInit: false DisableInlineSpec: "" EnableAPIFields: "" EnableArtifacts: false EnableCELInWhenExpression: false EnableConciseResolverSyntax: false EnableKeepPodOnCancel: false EnableKubernetesSidecar: false EnableParamEnum: false EnableProvenanceInStatus: false EnableStepActions: false EnforceNonfalsifiability: "" MaxResultSize: 0 RequireGitSSHSecretKnownHosts: false ResultExtractionMethod: "" RunningInEnvWithInjectedSidecars: false SendCloudEventsForRuns: false SetSecurityContext: false VerificationNoMatchPolicy: "" skippedTasks: - name: init reason: PipelineRun was gracefully cancelled - name: clone-repository reason: PipelineRun was gracefully cancelled whenExpressions: - input: $(tasks.init.results.build) operator: in values: - "true" - name: prefetch-dependencies reason: PipelineRun was gracefully cancelled - name: build-container reason: PipelineRun was gracefully cancelled whenExpressions: - input: $(tasks.init.results.build) operator: in values: - "true" - name: build-image-index reason: PipelineRun was gracefully cancelled whenExpressions: - input: $(tasks.init.results.build) operator: in values: - "true" - name: build-source-image reason: PipelineRun was gracefully cancelled whenExpressions: - input: $(tasks.init.results.build) operator: in values: - "true" - input: "false" operator: in values: - "true" - name: deprecated-base-image-check reason: PipelineRun was gracefully cancelled whenExpressions: - input: "false" operator: in values: - "false" - name: clair-scan reason: PipelineRun was gracefully cancelled whenExpressions: - input: "false" operator: in values: - "false" - name: ecosystem-cert-preflight-checks reason: PipelineRun was gracefully cancelled whenExpressions: - input: "false" operator: in values: - "false" - name: sast-snyk-check reason: PipelineRun was gracefully cancelled whenExpressions: - input: "false" operator: in values: - "false" - name: clamav-scan reason: PipelineRun was gracefully cancelled whenExpressions: - input: "false" operator: in values: - "false" - name: sast-coverity-check reason: PipelineRun was gracefully cancelled whenExpressions: - input: "false" operator: in values: - "false" - input: $(tasks.coverity-availability-check.results.STATUS) operator: in values: - success - name: coverity-availability-check reason: PipelineRun was gracefully cancelled whenExpressions: - input: "false" operator: in values: - "false" - name: sast-shell-check reason: PipelineRun was gracefully cancelled whenExpressions: - input: "false" operator: in values: - "false" - name: sast-unicode-check reason: PipelineRun was gracefully cancelled whenExpressions: - input: "false" operator: in values: - "false" - name: apply-tags reason: PipelineRun was gracefully cancelled - name: push-dockerfile reason: PipelineRun was gracefully cancelled - name: rpms-signature-scan reason: PipelineRun was gracefully cancelled whenExpressions: - input: "false" operator: in values: - "false" startTime: "2025-10-16T22:28:36Z"