pod: gh-test-custom-branch-extshd-on-pull-request-48v26-init-pod | init container: prepare 2025/10/21 21:09:04 Entrypoint initialization pod: gh-test-custom-branch-extshd-on-pull-request-48v26-init-pod | init container: place-scripts 2025/10/21 21:09:05 Decoded script /tekton/scripts/script-0-vt7xt pod: gh-test-custom-branch-extshd-on-pull-request-48v26-init-pod | container step-init: Build Initialize: quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:on-pr-c7bcc60bf746eabafa4694edeaf29ee2f9ed253a Determine if Image Already Exists pod: gh-test-custom-branch-extshd-on-pull-request-fzn47-init-pod | init container: prepare 2025/10/21 21:04:58 Entrypoint initialization pod: gh-test-custom-branch-extshd-on-pull-request-fzn47-init-pod | init container: place-scripts 2025/10/21 21:04:59 Decoded script /tekton/scripts/script-0-p4jgt pod: gh-test-custom-branch-extshd-on-pull-request-fzn47-init-pod | container step-init: Build Initialize: quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:on-pr-09f08282511e784cc0e1719d0ee9246b83458f7c Determine if Image Already Exists pod: gh-test-custom-branch-extshd-on-push-s77fn-apply-tags-pod | init container: prepare 2025/10/21 21:12:12 Entrypoint initialization pod: gh-test-custom-branch-extshd-on-push-s77fn-apply-tags-pod | init container: place-scripts 2025/10/21 21:12:14 Decoded script /tekton/scripts/script-0-5nxq6 2025/10/21 21:12:14 Decoded script /tekton/scripts/script-1-z5hj9 pod: gh-test-custom-branch-extshd-on-push-s77fn-apply-tags-pod | container step-apply-additional-tags-from-parameter: No additional tags parameter specified pod: gh-test-custom-branch-extshd-on-push-s77fn-apply-tags-pod | container step-apply-additional-tags-from-image-label: Applying tag test-tag1 pod: gh-test-custom-branch-extshd-on-push-s77fn-build-container-pod | init container: prepare 2025/10/21 21:11:27 Entrypoint initialization pod: gh-test-custom-branch-extshd-on-push-s77fn-build-container-pod | init container: place-scripts 2025/10/21 21:11:28 Decoded script /tekton/scripts/script-0-rwvd8 2025/10/21 21:11:28 Decoded script /tekton/scripts/script-1-4g4vm 2025/10/21 21:11:28 Decoded script /tekton/scripts/script-2-bfx8x 2025/10/21 21:11:28 Decoded script /tekton/scripts/script-3-r29zn 2025/10/21 21:11:28 Decoded script /tekton/scripts/script-4-j56q9 pod: gh-test-custom-branch-extshd-on-push-s77fn-build-container-pod | init container: working-dir-initializer pod: gh-test-custom-branch-extshd-on-push-s77fn-build-container-pod | container step-build: [2025-10-21T21:11:33,204278164+00:00] Validate context path [2025-10-21T21:11:33,208041958+00:00] Update CA trust [2025-10-21T21:11:33,209213730+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2025-10-21T21:11:35,525192762+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2025-10-21T21:11:35,533544239+00:00] Prepare system (architecture: x86_64) [2025-10-21T21:11:35,649561701+00:00] Setup prefetched Trying to pull quay.io/jitesoft/nginx:latest... Getting image source signatures Copying blob sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 Copying blob sha256:91137199d2d3038e3d089f2b3eec98443e7838e63df8c25895d61043489a42f3 Copying blob sha256:cf4ba836528490bb3adbc7bccc51c4f51193fd8d703e408d6285e33242c2cb27 Copying blob sha256:2d35ebdb57d9971fea0cac1582aa78935adf8058b2cc32db163c98822e5dfa1b Copying config sha256:b65a13cb413ade37f56093fb2deb5911f2313f2fc4c3fab25d3ec25957ad7b86 Writing manifest to image destination [2025-10-21T21:11:37,864819261+00:00] Unsetting proxy { "com.jitesoft.app.alpine.version": "3.22.2", "com.jitesoft.app.nginx.version": "1.29.2", "com.jitesoft.build.arch": "amd64", "com.jitesoft.build.platform": "linux/amd64", "com.jitesoft.project.registry.uri": "registry.gitlab.com/jitesoft/dockerfiles/nginx", "com.jitesoft.project.repo.issues": "https://gitlab.com/jitesoft/dockerfiles/nginx/issues", "com.jitesoft.project.repo.type": "git", "com.jitesoft.project.repo.uri": "https://gitlab.com/jitesoft/dockerfiles/nginx", "io.artifacthub.package.alternative-locations": "oci://index.docker.io/jitesoft/nginx,oci://ghcr.io/jitesoft/nginx,oci://registry.gitlab.com/jitesoft/dockerfiles/nginx", "io.artifacthub.package.logo-url": "https://jitesoft.com/favicon-96x96.png", "io.artifacthub.package.readme-url": "https://gitlab.com/jitesoft/dockerfiles/nginx/-/raw/master/README.md", "maintainer": "Johannes Tegnér ", "maintainer.org": "Jitesoft", "maintainer.org.uri": "https://jitesoft.com", "org.opencontainers.image.created": "", "org.opencontainers.image.description": "Nginx on Alpine linux", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/devfile-sample-hello-world", "org.opencontainers.image.vendor": "Jitesoft", "org.opencontainers.image.version": "1.29.2", "architecture": "x86_64", "vcs-type": "git", "vcs-ref": "1cc9bf35c60f7d3112b8785a35444e3148821da9", "org.opencontainers.image.revision": "1cc9bf35c60f7d3112b8785a35444e3148821da9", "build-date": "2025-10-21T21:11:35Z", "io.buildah.version": "1.41.4", "konflux.additional-tags": "test-tag1, test-tag2" } [2025-10-21T21:11:37,909542871+00:00] Register sub-man Adding the entitlement to the build [2025-10-21T21:11:37,913019250+00:00] Add secrets [2025-10-21T21:11:37,929282238+00:00] Run buildah build [2025-10-21T21:11:37,930480170+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=1cc9bf35c60f7d3112b8785a35444e3148821da9 --label org.opencontainers.image.revision=1cc9bf35c60f7d3112b8785a35444e3148821da9 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-hello-world --label build-date=2025-10-21T21:11:35Z --annotation org.opencontainers.image.revision=1cc9bf35c60f7d3112b8785a35444e3148821da9 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-hello-world --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.miVCN7 -t quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9 . STEP 1/5: FROM quay.io/jitesoft/nginx:latest STEP 2/5: ENV PORT="8080" STEP 3/5: LABEL konflux.additional-tags="test-tag1, test-tag2" STEP 4/5: COPY labels.json /root/buildinfo/labels.json STEP 5/5: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="1cc9bf35c60f7d3112b8785a35444e3148821da9" "org.opencontainers.image.revision"="1cc9bf35c60f7d3112b8785a35444e3148821da9" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/devfile-sample-hello-world" "build-date"="2025-10-21T21:11:35Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9 time="2025-10-21T21:11:38Z" level=warning msg="HEALTHCHECK is not supported for OCI image format and will be ignored. Must use `docker` format" --> 907b33756733 Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9 907b337567337737db0b01ab4a0ad965edf59862135104e1a080ad77f9680472 [2025-10-21T21:11:39,122057596+00:00] Unsetting proxy [2025-10-21T21:11:39,123382730+00:00] Add metadata Recording base image digests used quay.io/jitesoft/nginx:latest quay.io/jitesoft/nginx:latest@sha256:53aaee92d207b6ddfe428c697514714cbef243711a599f408534665f6da0255c Getting image source signatures Copying blob sha256:5301b9f48a86c85df0a2738a6ce7833d9db0a64ff2616c3c6258e74bf708ae1b Copying blob sha256:256f393e029fa2063d8c93720da36a74a032bed3355a2bc3e313ad12f8bde9d1 Copying blob sha256:1ea51c3f683f33a7148c84d6900dee0d6b2746aec78d13c0d929b8f0ad53cb02 Copying blob sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef Copying blob sha256:f8e7ccd03afcc9d0564cf87f00b053027fa490a67b32d7088092f33362e5c501 Copying config sha256:907b337567337737db0b01ab4a0ad965edf59862135104e1a080ad77f9680472 Writing manifest to image destination [2025-10-21T21:11:39,561609055+00:00] End build pod: gh-test-custom-branch-extshd-on-push-s77fn-build-container-pod | container step-push: [2025-10-21T21:11:40,333136517+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2025-10-21T21:11:42,448343387+00:00] Convert image [2025-10-21T21:11:42,449519240+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:gh-test-custom-branch-extshd-on-push-s77fn-build-container Executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9 docker://quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:gh-test-custom-branch-extshd-on-push-s77fn-build-container [2025-10-21T21:11:47,171425216+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9 Executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9 docker://quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9 sha256:4ca1ebf1c62cf452fbbc7ef13fd573bbf2b0cc4df3bd44c6ba414ff82d7aa30bquay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9 [2025-10-21T21:11:48,693409525+00:00] End push pod: gh-test-custom-branch-extshd-on-push-s77fn-build-container-pod | container step-sbom-syft-generate: [2025-10-21T21:11:49,490107338+00:00] Generate SBOM Running syft on the source directory [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) Running syft on the image [2025-10-21T21:11:52,411478542+00:00] End sbom-syft-generate pod: gh-test-custom-branch-extshd-on-push-s77fn-build-container-pod | container step-prepare-sboms: [2025-10-21T21:11:52,644601727+00:00] Prepare SBOM [2025-10-21T21:11:52,648727768+00:00] Generate SBOM with mobster 2025-10-21 21:11:53,970 [INFO] mobster.log: Logging level set to 20 2025-10-21 21:11:54,010 [INFO] mobster.oci: Fetching manifest for quay.io/jitesoft/nginx@sha256:53aaee92d207b6ddfe428c697514714cbef243711a599f408534665f6da0255c 2025-10-21 21:11:57,636 [INFO] mobster.cmd.generate.oci_image.contextual_parent_content: Contextual mechanism won't be used, there is no parent image SBOM. 2025-10-21 21:11:57,649 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-AND. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-AND AND BSD-2-Clause AND LicenseRef-custom', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-aom-libs-ea5260c6dbe8a3e7', element_type=, full_element=AND(LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('BSD-2-Clause', aliases=('BSD-2-Clause-NetBSD', 'BSD-2'), is_exception=False), LicenseSymbol('LicenseRef-custom', is_exception=False)))) 2025-10-21 21:11:57,649 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-custom. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-AND AND BSD-2-Clause AND LicenseRef-custom', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-aom-libs-ea5260c6dbe8a3e7', element_type=, full_element=AND(LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('BSD-2-Clause', aliases=('BSD-2-Clause-NetBSD', 'BSD-2'), is_exception=False), LicenseSymbol('LicenseRef-custom', is_exception=False)))) 2025-10-21 21:11:57,649 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-AND. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-AND AND BSD-2-Clause AND BSD-3-Clause AND Beerware AND LicenseRef-Domain AND ISC AND LicenseRef-Public', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-libmd-0387e6ced1ad6904', element_type=, full_element=AND(LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('BSD-2-Clause', aliases=('BSD-2-Clause-NetBSD', 'BSD-2'), is_exception=False), LicenseSymbol('BSD-3-Clause', aliases=('LicenseRef-scancode-libzip',), is_exception=False), LicenseSymbol('Beerware', is_exception=False), LicenseSymbol('LicenseRef-Domain', is_exception=False), LicenseSymbol('ISC', is_exception=False), LicenseSymbol('LicenseRef-Public', is_exception=False)))) 2025-10-21 21:11:57,649 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-AND AND BSD-2-Clause AND BSD-3-Clause AND Beerware AND LicenseRef-Domain AND ISC AND LicenseRef-Public', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-libmd-0387e6ced1ad6904', element_type=, full_element=AND(LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('BSD-2-Clause', aliases=('BSD-2-Clause-NetBSD', 'BSD-2'), is_exception=False), LicenseSymbol('BSD-3-Clause', aliases=('LicenseRef-scancode-libzip',), is_exception=False), LicenseSymbol('Beerware', is_exception=False), LicenseSymbol('LicenseRef-Domain', is_exception=False), LicenseSymbol('ISC', is_exception=False), LicenseSymbol('LicenseRef-Public', is_exception=False)))) 2025-10-21 21:11:57,649 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-AND AND BSD-2-Clause AND BSD-3-Clause AND Beerware AND LicenseRef-Domain AND ISC AND LicenseRef-Public', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-libmd-0387e6ced1ad6904', element_type=, full_element=AND(LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('BSD-2-Clause', aliases=('BSD-2-Clause-NetBSD', 'BSD-2'), is_exception=False), LicenseSymbol('BSD-3-Clause', aliases=('LicenseRef-scancode-libzip',), is_exception=False), LicenseSymbol('Beerware', is_exception=False), LicenseSymbol('LicenseRef-Domain', is_exception=False), LicenseSymbol('ISC', is_exception=False), LicenseSymbol('LicenseRef-Public', is_exception=False)))) 2025-10-21 21:11:57,649 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-AND. license_expression must only use IDs from the license list or extracted licensing info, but is: 0BSD AND LicenseRef-AND AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-xz-libs-bd7a047b03297e4b', element_type=, full_element=AND(LicenseSymbol('0BSD', is_exception=False), LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('GPL-2.0-or-later', aliases=('GPL-2.0+', 'GPL 2.0+'), is_exception=False), LicenseSymbol('LGPL-2.1-or-later', aliases=('LGPL-2.1+',), is_exception=False), LicenseSymbol('LicenseRef-Public-Domain', is_exception=False)))) 2025-10-21 21:11:57,649 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: 0BSD AND LicenseRef-AND AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-xz-libs-bd7a047b03297e4b', element_type=, full_element=AND(LicenseSymbol('0BSD', is_exception=False), LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('GPL-2.0-or-later', aliases=('GPL-2.0+', 'GPL 2.0+'), is_exception=False), LicenseSymbol('LGPL-2.1-or-later', aliases=('LGPL-2.1+',), is_exception=False), LicenseSymbol('LicenseRef-Public-Domain', is_exception=False)))) 2025-10-21 21:11:57,659 [INFO] mobster.main: Exiting with code 0. [2025-10-21T21:11:57,718872083+00:00] End prepare-sboms pod: gh-test-custom-branch-extshd-on-push-s77fn-build-container-pod | container step-upload-sbom: [2025-10-21T21:11:57,768588260+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9@sha256:4ca1ebf1c62cf452fbbc7ef13fd573bbf2b0cc4df3bd44c6ba414ff82d7aa30b quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd@sha256:1b7cf85c718629e5598947c14eebdd9a5d1ee306a68e6715f69b9f0e9759cd4f [2025-10-21T21:12:00,973925094+00:00] End upload-sbom pod: gh-test-custom-branch-extshd-on-push-s77fn-clair-scan-pod | init container: prepare 2025/10/21 21:12:13 Entrypoint initialization pod: gh-test-custom-branch-extshd-on-push-s77fn-clair-scan-pod | init container: place-scripts 2025/10/21 21:12:15 Decoded script /tekton/scripts/script-0-k9l6c 2025/10/21 21:12:15 Decoded script /tekton/scripts/script-1-hjnxr 2025/10/21 21:12:15 Decoded script /tekton/scripts/script-2-dm2cr 2025/10/21 21:12:15 Decoded script /tekton/scripts/script-3-dn69g pod: gh-test-custom-branch-extshd-on-push-s77fn-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd@sha256:4ca1ebf1c62cf452fbbc7ef13fd573bbf2b0cc4df3bd44c6ba414ff82d7aa30b. pod: gh-test-custom-branch-extshd-on-push-s77fn-clair-scan-pod | container step-get-vulnerabilities: pod: gh-test-custom-branch-extshd-on-push-s77fn-clair-scan-pod | container step-oci-attach-report: Selecting auth Attaching clair-report-amd64.json to quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd@sha256:4ca1ebf1c62cf452fbbc7ef13fd573bbf2b0cc4df3bd44c6ba414ff82d7aa30b Using token for quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd Executing: oras attach --no-tty --format go-template={{.digest}} --registry-config /home/oras/auth.json --artifact-type application/vnd.redhat.clair-report+json quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd@sha256:4ca1ebf1c62cf452fbbc7ef13fd573bbf2b0cc4df3bd44c6ba414ff82d7aa30b clair-report-amd64.json:application/vnd.redhat.clair-report+json pod: gh-test-custom-branch-extshd-on-push-s77fn-clair-scan-pod | container step-conftest-vulnerabilities: [ { "filename": "/tekton/home/clair-result-amd64.json", "namespace": "required_checks", "successes": 10 } ] {"vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0},"unpatched_vulnerabilities":{"critical":0,"high":0,"medium":0,"low":0,"unknown":0}} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9", "digests": ["sha256:4ca1ebf1c62cf452fbbc7ef13fd573bbf2b0cc4df3bd44c6ba414ff82d7aa30b"]}} {"result":"SUCCESS","timestamp":"2025-10-21T21:12:28+00:00","note":"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.","namespace":"default","successes":0,"failures":0,"warnings":0} pod: gh-test-custom-branch-extshd-on-push-s77fn-clamav-scan-pod | init container: prepare 2025/10/21 21:12:11 Entrypoint initialization pod: gh-test-custom-branch-extshd-on-push-s77fn-clamav-scan-pod | init container: place-scripts 2025/10/21 21:12:12 Decoded script /tekton/scripts/script-0-z6g87 2025/10/21 21:12:12 Decoded script /tekton/scripts/script-1-qjdjc pod: gh-test-custom-branch-extshd-on-push-s77fn-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Extracting image(s). Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 2.699 sec (0 m 2 s) Start Date: 2025:10:21 21:12:35 End Date: 2025:10:21 21:12:38 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27798/Mon Oct 20 09:37:28 2025 Database version: 27798 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1761081158","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1761081158","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1761081158","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9", "digests": ["sha256:4ca1ebf1c62cf452fbbc7ef13fd573bbf2b0cc4df3bd44c6ba414ff82d7aa30b"]}} pod: gh-test-custom-branch-extshd-on-push-s77fn-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd Attaching to quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9@sha256:4ca1ebf1c62cf452fbbc7ef13fd573bbf2b0cc4df3bd44c6ba414ff82d7aa30b clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading db22e11720d0 clamscan-result-amd64.log Uploading c2ffa8fc227b clamscan-ec-test-amd64.json Uploaded c2ffa8fc227b clamscan-ec-test-amd64.json Uploaded db22e11720d0 clamscan-result-amd64.log Uploading eda673bd0f84 application/vnd.oci.image.manifest.v1+json Uploaded eda673bd0f84 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9@sha256:4ca1ebf1c62cf452fbbc7ef13fd573bbf2b0cc4df3bd44c6ba414ff82d7aa30b Digest: sha256:eda673bd0f8470e2446a037a989a8989e984d605033cd45dec6230bdf1d5248a pod: gh-test-custom-branch-extshd-on-push-s77fn-clone-repository-pod | init container: prepare 2025/10/21 21:11:14 Entrypoint initialization pod: gh-test-custom-branch-extshd-on-push-s77fn-clone-repository-pod | init container: place-scripts 2025/10/21 21:11:15 Decoded script /tekton/scripts/script-0-ptkg6 2025/10/21 21:11:15 Decoded script /tekton/scripts/script-1-gsnqj pod: gh-test-custom-branch-extshd-on-push-s77fn-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1761081078.1292746,"caller":"git/git.go:380","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1761081078.6842704,"caller":"git/git.go:217","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/devfile-sample-hello-world @ 1cc9bf35c60f7d3112b8785a35444e3148821da9 (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1761081078.6843135,"caller":"git/git.go:380","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1761081078.7097757,"caller":"git/git.go:263","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision 1cc9bf35c60f7d3112b8785a35444e3148821da9 directly. pod: gh-test-custom-branch-extshd-on-push-s77fn-clone-repository-pod | container step-symlink-check: Running symlink check pod: gh-test-custom-branch-extshd-on-push-s77fn-init-pod | init container: prepare 2025/10/21 21:11:08 Entrypoint initialization pod: gh-test-custom-branch-extshd-on-push-s77fn-init-pod | init container: place-scripts 2025/10/21 21:11:09 Decoded script /tekton/scripts/script-0-d2s4n pod: gh-test-custom-branch-extshd-on-push-s77fn-init-pod | container step-init: Build Initialize: quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9 Determine if Image Already Exists pod: gh-test-custom-branch-extshd-on-push-s77fn-push-dockerfile-pod | init container: prepare 2025/10/21 21:12:14 Entrypoint initialization pod: gh-test-custom-branch-extshd-on-push-s77fn-push-dockerfile-pod | init container: place-scripts 2025/10/21 21:12:15 Decoded script /tekton/scripts/script-0-d8484 pod: gh-test-custom-branch-extshd-on-push-s77fn-push-dockerfile-pod | init container: working-dir-initializer pod: gh-test-custom-branch-extshd-on-push-s77fn-push-dockerfile-pod | container step-push: [2025-10-21T21:12:19,183357338+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9 Using token for quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.ZHjXGNn0cU --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:sha256-4ca1ebf1c62cf452fbbc7ef13fd573bbf2b0cc4df3bd44c6ba414ff82d7aa30b.dockerfile Dockerfile pod: gh-test-custom-branch-extshd-on-push-s77fn-sast-shell-check-pod | init container: prepare 2025/10/21 21:12:11 Entrypoint initialization pod: gh-test-custom-branch-extshd-on-push-s77fn-sast-shell-check-pod | init container: place-scripts 2025/10/21 21:12:13 Decoded script /tekton/scripts/script-0-kh48w 2025/10/21 21:12:13 Decoded script /tekton/scripts/script-1-7tjmc pod: gh-test-custom-branch-extshd-on-push-s77fn-sast-shell-check-pod | init container: working-dir-initializer pod: gh-test-custom-branch-extshd-on-push-s77fn-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=gh-test-custom-branch-extshd + echo 'INFO: The PROJECT_NAME used is: gh-test-custom-branch-extshd' + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: The PROJECT_NAME used is: gh-test-custom-branch-extshd INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/workspace/workspace/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/workspace/workspace/source/. ++ realpath -m /workspace/workspace/source/. + resolved_path=/workspace/workspace/source + [[ /workspace/workspace/source == \/\w\o\r\k\s\p\a\c\e\/\w\o\r\k\s\p\a\c\e\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /workspace/workspace/source Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/workspace/workspace/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-130.json ./shellcheck-results/sc-131.json ./shellcheck-results/sc-132.json ./shellcheck-results/sc-134.json ./shellcheck-results/sc-88.json ./shellcheck-results/sc-91.json ./shellcheck-results/sc-92.json ./shellcheck-results/sc-94.json ./shellcheck-results/sc-96.json ./shellcheck-results/sc-99.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered + [[ 0 -eq 0 ]] ShellCheck results have been saved to shellcheck-results.json + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2025-10-21T21:12:19+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2025-10-21T21:12:19+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2025-10-21T21:12:19+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2025-10-21T21:12:19+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2025-10-21T21:12:19+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2025-10-21T21:12:19+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: gh-test-custom-branch-extshd-on-push-s77fn-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd Attaching to quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-zvyl/gh-test-custom-branch-extshd:1cc9bf35c60f7d3112b8785a35444e3148821da9@sha256:4ca1ebf1c62cf452fbbc7ef13fd573bbf2b0cc4df3bd44c6ba414ff82d7aa30b shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 3b606a9dd3a1 shellcheck-results.sarif Uploading 377fb9f2ba32 application/vnd.oci.image.manifest.v1+json pod: gh-test-custom-branch-extshd-on-push-s77fn-sast-snyk-check-pod | init container: prepare 2025/10/21 21:12:28 Entrypoint initialization pod: gh-test-custom-branch-extshd-on-push-s77fn-sast-snyk-check-pod | init container: place-scripts 2025/10/21 21:12:29 Decoded script /tekton/scripts/script-0-xvhnm 2025/10/21 21:12:29 Decoded script /tekton/scripts/script-1-dnqqj pod: gh-test-custom-branch-extshd-on-push-s77fn-sast-snyk-check-pod | init container: working-dir-initializer pod: gh-test-custom-branch-extshd-on-push-s77fn-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: gh-test-custom-branch-extshd INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2025-10-21T21:12:34+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: gh-test-custom-branch-extshd-on-push-s77fn-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload.