pod: gh-test-custom-branch-umtqre-on-pull-request-hxws4-init-pod | init container: prepare 2025/10/24 13:06:06 Entrypoint initialization pod: gh-test-custom-branch-umtqre-on-pull-request-hxws4-init-pod | init container: place-scripts 2025/10/24 13:06:07 Decoded script /tekton/scripts/script-0-57n24 pod: gh-test-custom-branch-umtqre-on-pull-request-hxws4-init-pod | container step-init: Build Initialize: quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:on-pr-fe2b2cd373f031f90c1712e4726bf7804f0e31be Determine if Image Already Exists pod: gh-test-custom-branch-umtqre-on-pull-request-p7hf8-init-pod | init container: prepare 2025/10/24 13:00:53 Entrypoint initialization pod: gh-test-custom-branch-umtqre-on-pull-request-p7hf8-init-pod | init container: place-scripts 2025/10/24 13:00:56 Decoded script /tekton/scripts/script-0-wk2pd pod: gh-test-custom-branch-umtqre-on-pull-request-p7hf8-init-pod | container step-init: Build Initialize: quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:on-pr-37298e65ac6f66a5e8b39ce33c1e3beee99a8b43 Determine if Image Already Exists pod: gh-test-custom-branch-umtqre-on-push-slmh9-apply-tags-pod | init container: prepare 2025/10/24 13:09:26 Entrypoint initialization pod: gh-test-custom-branch-umtqre-on-push-slmh9-apply-tags-pod | init container: place-scripts 2025/10/24 13:09:28 Decoded script /tekton/scripts/script-0-pstxl 2025/10/24 13:09:28 Decoded script /tekton/scripts/script-1-hvn66 pod: gh-test-custom-branch-umtqre-on-push-slmh9-apply-tags-pod | container step-apply-additional-tags-from-parameter: No additional tags parameter specified pod: gh-test-custom-branch-umtqre-on-push-slmh9-apply-tags-pod | container step-apply-additional-tags-from-image-label: Applying tag test-tag1 pod: gh-test-custom-branch-umtqre-on-push-slmh9-build-container-pod | init container: prepare 2025/10/24 13:08:38 Entrypoint initialization pod: gh-test-custom-branch-umtqre-on-push-slmh9-build-container-pod | init container: place-scripts 2025/10/24 13:08:39 Decoded script /tekton/scripts/script-0-v8cl5 2025/10/24 13:08:39 Decoded script /tekton/scripts/script-1-gx6kn 2025/10/24 13:08:39 Decoded script /tekton/scripts/script-2-6l2mf 2025/10/24 13:08:39 Decoded script /tekton/scripts/script-3-kfwcm 2025/10/24 13:08:39 Decoded script /tekton/scripts/script-4-dxvp6 pod: gh-test-custom-branch-umtqre-on-push-slmh9-build-container-pod | init container: working-dir-initializer pod: gh-test-custom-branch-umtqre-on-push-slmh9-build-container-pod | container step-build: [2025-10-24T13:08:43,081095723+00:00] Validate context path [2025-10-24T13:08:43,085851904+00:00] Update CA trust [2025-10-24T13:08:43,087412637+00:00] Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2025-10-24T13:08:46,119212436+00:00] Prepare Dockerfile Checking if /var/workdir/cachi2/output/bom.json exists. Could not find prefetched sbom. No content_sets found for ICM [2025-10-24T13:08:46,129382141+00:00] Prepare system (architecture: x86_64) [2025-10-24T13:08:46,316990440+00:00] Setup prefetched Trying to pull quay.io/jitesoft/nginx:latest... Getting image source signatures Copying blob sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1 Copying blob sha256:91137199d2d3038e3d089f2b3eec98443e7838e63df8c25895d61043489a42f3 Copying blob sha256:cf4ba836528490bb3adbc7bccc51c4f51193fd8d703e408d6285e33242c2cb27 Copying blob sha256:2d35ebdb57d9971fea0cac1582aa78935adf8058b2cc32db163c98822e5dfa1b Copying config sha256:b65a13cb413ade37f56093fb2deb5911f2313f2fc4c3fab25d3ec25957ad7b86 Writing manifest to image destination [2025-10-24T13:08:48,793990646+00:00] Unsetting proxy { "com.jitesoft.app.alpine.version": "3.22.2", "com.jitesoft.app.nginx.version": "1.29.2", "com.jitesoft.build.arch": "amd64", "com.jitesoft.build.platform": "linux/amd64", "com.jitesoft.project.registry.uri": "registry.gitlab.com/jitesoft/dockerfiles/nginx", "com.jitesoft.project.repo.issues": "https://gitlab.com/jitesoft/dockerfiles/nginx/issues", "com.jitesoft.project.repo.type": "git", "com.jitesoft.project.repo.uri": "https://gitlab.com/jitesoft/dockerfiles/nginx", "io.artifacthub.package.alternative-locations": "oci://index.docker.io/jitesoft/nginx,oci://ghcr.io/jitesoft/nginx,oci://registry.gitlab.com/jitesoft/dockerfiles/nginx", "io.artifacthub.package.logo-url": "https://jitesoft.com/favicon-96x96.png", "io.artifacthub.package.readme-url": "https://gitlab.com/jitesoft/dockerfiles/nginx/-/raw/master/README.md", "maintainer": "Johannes Tegnér ", "maintainer.org": "Jitesoft", "maintainer.org.uri": "https://jitesoft.com", "org.opencontainers.image.created": "", "org.opencontainers.image.description": "Nginx on Alpine linux", "org.opencontainers.image.source": "https://github.com/redhat-appstudio-qe/devfile-sample-hello-world", "org.opencontainers.image.vendor": "Jitesoft", "org.opencontainers.image.version": "1.29.2", "architecture": "x86_64", "vcs-type": "git", "vcs-ref": "dc6eb132b467990af755193d1868f31be8ffb724", "org.opencontainers.image.revision": "dc6eb132b467990af755193d1868f31be8ffb724", "build-date": "2025-10-24T13:08:46Z", "io.buildah.version": "1.41.4", "konflux.additional-tags": "test-tag1, test-tag2" } [2025-10-24T13:08:48,850263153+00:00] Register sub-man Adding the entitlement to the build [2025-10-24T13:08:48,854739680+00:00] Add secrets [2025-10-24T13:08:48,873195847+00:00] Run buildah build [2025-10-24T13:08:48,874709286+00:00] buildah build --volume /tmp/entitlement:/etc/pki/entitlement --security-opt=unmask=/proc/interrupts --label architecture=x86_64 --label vcs-type=git --label vcs-ref=dc6eb132b467990af755193d1868f31be8ffb724 --label org.opencontainers.image.revision=dc6eb132b467990af755193d1868f31be8ffb724 --label org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-hello-world --label build-date=2025-10-24T13:08:46Z --annotation org.opencontainers.image.revision=dc6eb132b467990af755193d1868f31be8ffb724 --annotation org.opencontainers.image.source=https://github.com/redhat-appstudio-qe/devfile-sample-hello-world --tls-verify=true --no-cache --ulimit nofile=4096:4096 --http-proxy=false -f /tmp/Dockerfile.8gFbso -t quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724 . STEP 1/5: FROM quay.io/jitesoft/nginx:latest STEP 2/5: ENV PORT="8080" STEP 3/5: LABEL konflux.additional-tags="test-tag1, test-tag2" STEP 4/5: COPY labels.json /root/buildinfo/labels.json STEP 5/5: LABEL "architecture"="x86_64" "vcs-type"="git" "vcs-ref"="dc6eb132b467990af755193d1868f31be8ffb724" "org.opencontainers.image.revision"="dc6eb132b467990af755193d1868f31be8ffb724" "org.opencontainers.image.source"="https://github.com/redhat-appstudio-qe/devfile-sample-hello-world" "build-date"="2025-10-24T13:08:46Z" COMMIT quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724 time="2025-10-24T13:08:49Z" level=warning msg="HEALTHCHECK is not supported for OCI image format and will be ignored. Must use `docker` format" --> a3d8a7d46504 Successfully tagged quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724 a3d8a7d4650451f95ef0c2867516a8bd04ab9333dd0e0555b6f883a91ecbebb6 [2025-10-24T13:08:50,134536176+00:00] Unsetting proxy [2025-10-24T13:08:50,136257164+00:00] Add metadata Recording base image digests used quay.io/jitesoft/nginx:latest quay.io/jitesoft/nginx:latest@sha256:53aaee92d207b6ddfe428c697514714cbef243711a599f408534665f6da0255c Getting image source signatures Copying blob sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef Copying blob sha256:256f393e029fa2063d8c93720da36a74a032bed3355a2bc3e313ad12f8bde9d1 Copying blob sha256:f8e7ccd03afcc9d0564cf87f00b053027fa490a67b32d7088092f33362e5c501 Copying blob sha256:1ea51c3f683f33a7148c84d6900dee0d6b2746aec78d13c0d929b8f0ad53cb02 Copying blob sha256:d786f893f9d08a3571754ba013f496a9289cfdf5bc2d95207ecb19f5f5e2efc0 Copying config sha256:a3d8a7d4650451f95ef0c2867516a8bd04ab9333dd0e0555b6f883a91ecbebb6 Writing manifest to image destination [2025-10-24T13:08:50,770829668+00:00] End build pod: gh-test-custom-branch-umtqre-on-push-slmh9-build-container-pod | container step-push: [2025-10-24T13:08:51,234383176+00:00] Update CA trust INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' [2025-10-24T13:08:53,991255133+00:00] Convert image [2025-10-24T13:08:53,992698253+00:00] Push image with unique tag Pushing to quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:gh-test-custom-branch-umtqre-on-push-slmh9-build-container Executing: buildah push --format=docker --retry 3 --tls-verify=true quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724 docker://quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:gh-test-custom-branch-umtqre-on-push-slmh9-build-container [2025-10-24T13:08:58,978040711+00:00] Push image with git revision Pushing to quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724 Executing: buildah push --format=docker --retry 3 --tls-verify=true --digestfile /workspace/source/image-digest quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724 docker://quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724 sha256:f861987f5ba4c3d6f325f1bdaad0083f6db1688e51193285634647af0f7fd0f3quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724 [2025-10-24T13:09:00,441136888+00:00] End push pod: gh-test-custom-branch-umtqre-on-push-slmh9-build-container-pod | container step-sbom-syft-generate: [2025-10-24T13:09:01,402512969+00:00] Generate SBOM Running syft on the source directory [0000] WARN no explicit name and version provided for directory source, deriving artifact ID from the given path (which is not ideal) Running syft on the image [2025-10-24T13:09:05,208699919+00:00] End sbom-syft-generate pod: gh-test-custom-branch-umtqre-on-push-slmh9-build-container-pod | container step-prepare-sboms: [2025-10-24T13:09:05,569472432+00:00] Prepare SBOM [2025-10-24T13:09:05,574941774+00:00] Generate SBOM with mobster 2025-10-24 13:09:07,150 [INFO] mobster.log: Logging level set to 20 2025-10-24 13:09:07,203 [INFO] mobster.oci: Fetching manifest for quay.io/jitesoft/nginx@sha256:53aaee92d207b6ddfe428c697514714cbef243711a599f408534665f6da0255c 2025-10-24 13:09:10,795 [INFO] mobster.cmd.generate.oci_image.contextual_parent_content: Contextual mechanism won't be used, there is no parent image SBOM. 2025-10-24 13:09:10,810 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-AND. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-AND AND BSD-2-Clause AND LicenseRef-custom', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-aom-libs-ea5260c6dbe8a3e7', element_type=, full_element=AND(LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('BSD-2-Clause', aliases=('BSD-2-Clause-NetBSD', 'BSD-2'), is_exception=False), LicenseSymbol('LicenseRef-custom', is_exception=False)))) 2025-10-24 13:09:10,810 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-custom. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-AND AND BSD-2-Clause AND LicenseRef-custom', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-aom-libs-ea5260c6dbe8a3e7', element_type=, full_element=AND(LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('BSD-2-Clause', aliases=('BSD-2-Clause-NetBSD', 'BSD-2'), is_exception=False), LicenseSymbol('LicenseRef-custom', is_exception=False)))) 2025-10-24 13:09:10,811 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-AND. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-AND AND BSD-2-Clause AND BSD-3-Clause AND Beerware AND LicenseRef-Domain AND ISC AND LicenseRef-Public', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-libmd-0387e6ced1ad6904', element_type=, full_element=AND(LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('BSD-2-Clause', aliases=('BSD-2-Clause-NetBSD', 'BSD-2'), is_exception=False), LicenseSymbol('BSD-3-Clause', aliases=('LicenseRef-scancode-libzip',), is_exception=False), LicenseSymbol('Beerware', is_exception=False), LicenseSymbol('LicenseRef-Domain', is_exception=False), LicenseSymbol('ISC', is_exception=False), LicenseSymbol('LicenseRef-Public', is_exception=False)))) 2025-10-24 13:09:10,811 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-AND AND BSD-2-Clause AND BSD-3-Clause AND Beerware AND LicenseRef-Domain AND ISC AND LicenseRef-Public', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-libmd-0387e6ced1ad6904', element_type=, full_element=AND(LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('BSD-2-Clause', aliases=('BSD-2-Clause-NetBSD', 'BSD-2'), is_exception=False), LicenseSymbol('BSD-3-Clause', aliases=('LicenseRef-scancode-libzip',), is_exception=False), LicenseSymbol('Beerware', is_exception=False), LicenseSymbol('LicenseRef-Domain', is_exception=False), LicenseSymbol('ISC', is_exception=False), LicenseSymbol('LicenseRef-Public', is_exception=False)))) 2025-10-24 13:09:10,811 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public. license_expression must only use IDs from the license list or extracted licensing info, but is: LicenseRef-AND AND BSD-2-Clause AND BSD-3-Clause AND Beerware AND LicenseRef-Domain AND ISC AND LicenseRef-Public', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-libmd-0387e6ced1ad6904', element_type=, full_element=AND(LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('BSD-2-Clause', aliases=('BSD-2-Clause-NetBSD', 'BSD-2'), is_exception=False), LicenseSymbol('BSD-3-Clause', aliases=('LicenseRef-scancode-libzip',), is_exception=False), LicenseSymbol('Beerware', is_exception=False), LicenseSymbol('LicenseRef-Domain', is_exception=False), LicenseSymbol('ISC', is_exception=False), LicenseSymbol('LicenseRef-Public', is_exception=False)))) 2025-10-24 13:09:10,811 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-AND. license_expression must only use IDs from the license list or extracted licensing info, but is: 0BSD AND LicenseRef-AND AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-xz-libs-bd7a047b03297e4b', element_type=, full_element=AND(LicenseSymbol('0BSD', is_exception=False), LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('GPL-2.0-or-later', aliases=('GPL-2.0+', 'GPL 2.0+'), is_exception=False), LicenseSymbol('LGPL-2.1-or-later', aliases=('LGPL-2.1+',), is_exception=False), LicenseSymbol('LicenseRef-Public-Domain', is_exception=False)))) 2025-10-24 13:09:10,811 [WARNING] mobster.cmd.generate.oci_image: ValidationMessage(validation_message='Unrecognized license reference: LicenseRef-Public-Domain. license_expression must only use IDs from the license list or extracted licensing info, but is: 0BSD AND LicenseRef-AND AND GPL-2.0-or-later AND LGPL-2.1-or-later AND LicenseRef-Public-Domain', context=ValidationContext(spdx_id=None, parent_id='SPDXRef-Package-apk-xz-libs-bd7a047b03297e4b', element_type=, full_element=AND(LicenseSymbol('0BSD', is_exception=False), LicenseSymbol('LicenseRef-AND', is_exception=False), LicenseSymbol('GPL-2.0-or-later', aliases=('GPL-2.0+', 'GPL 2.0+'), is_exception=False), LicenseSymbol('LGPL-2.1-or-later', aliases=('LGPL-2.1+',), is_exception=False), LicenseSymbol('LicenseRef-Public-Domain', is_exception=False)))) 2025-10-24 13:09:10,823 [INFO] mobster.main: Exiting with code 0. [2025-10-24T13:09:10,922936714+00:00] End prepare-sboms pod: gh-test-custom-branch-umtqre-on-push-slmh9-build-container-pod | container step-upload-sbom: [2025-10-24T13:09:11,710127066+00:00] Upload SBOM INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' Using token for quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre Pushing sbom to registry Executing: cosign attach sbom --sbom sbom.json --type spdx quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724@sha256:f861987f5ba4c3d6f325f1bdaad0083f6db1688e51193285634647af0f7fd0f3 quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre@sha256:6ae9abd13f090882be296e0f66d0616fa2c47d0284896d9fddd40508199792a1 [2025-10-24T13:09:15,090194684+00:00] End upload-sbom pod: gh-test-custom-branch-umtqre-on-push-slmh9-clair-scan-pod | init container: prepare 2025/10/24 13:09:22 Entrypoint initialization pod: gh-test-custom-branch-umtqre-on-push-slmh9-clair-scan-pod | init container: place-scripts 2025/10/24 13:09:27 Decoded script /tekton/scripts/script-0-xcpbn 2025/10/24 13:09:27 Decoded script /tekton/scripts/script-1-scsmp 2025/10/24 13:09:27 Decoded script /tekton/scripts/script-2-b2hfh 2025/10/24 13:09:27 Decoded script /tekton/scripts/script-3-rwz8q pod: gh-test-custom-branch-umtqre-on-push-slmh9-clair-scan-pod | container step-get-image-manifests: Inspecting raw image manifest quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre@sha256:f861987f5ba4c3d6f325f1bdaad0083f6db1688e51193285634647af0f7fd0f3. pod: gh-test-custom-branch-umtqre-on-push-slmh9-clair-scan-pod | container step-get-vulnerabilities: Running clair-action on amd64 image manifest... 2025-10-24T13:09:34Z INF matchers created component=libvuln/New matchers=[{"docs":"https://pkg.go.dev/github.com/quay/claircore/aws","name":"aws-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/oracle","name":"oracle"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel","name":"rhel"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ruby","name":"ruby-gem"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/ubuntu","name":"ubuntu-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/alpine","name":"alpine-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/python","name":"python"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/rhel/rhcc","name":"rhel-container-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/suse","name":"suse"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/gobin","name":"gobin"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/java","name":"java-maven"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/debian","name":"debian-matcher"},{"docs":"https://pkg.go.dev/github.com/quay/claircore/photon","name":"photon"}] 2025-10-24T13:09:34Z INF libvuln initialized component=libvuln/New pod: gh-test-custom-branch-umtqre-on-push-slmh9-clair-scan-pod | container step-oci-attach-report: pod: gh-test-custom-branch-umtqre-on-push-slmh9-clair-scan-pod | container step-conftest-vulnerabilities: pod: gh-test-custom-branch-umtqre-on-push-slmh9-clamav-scan-pod | init container: prepare 2025/10/24 13:09:42 Entrypoint initialization pod: gh-test-custom-branch-umtqre-on-push-slmh9-clamav-scan-pod | init container: place-scripts 2025/10/24 13:09:42 Decoded script /tekton/scripts/script-0-6rhng 2025/10/24 13:09:42 Decoded script /tekton/scripts/script-1-nx6v8 pod: gh-test-custom-branch-umtqre-on-push-slmh9-clamav-scan-pod | container step-extract-and-scan-image: Starting clamd ... clamd is ready! Extracting image(s). Running "oc image extract" on image of arch amd64 Scanning image for arch amd64. This operation may take a while. ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 3.509 sec (0 m 3 s) Start Date: 2025:10:24 13:10:09 End Date: 2025:10:24 13:10:13 Executed-on: Scan was executed on clamsdcan version - ClamAV 1.4.3/27801/Thu Oct 23 09:45:29 2025 Database version: 27801 [ { "filename": "/work/logs/clamscan-result-log-amd64.json", "namespace": "required_checks", "successes": 2 } ] {"timestamp":"1761311413","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1761311413","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"timestamp":"1761311413","namespace":"required_checks","successes":2,"failures":0,"warnings":0,"result":"SUCCESS","note":"All checks passed successfully"} {"image": {"pullspec": "quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724", "digests": ["sha256:f861987f5ba4c3d6f325f1bdaad0083f6db1688e51193285634647af0f7fd0f3"]}} pod: gh-test-custom-branch-umtqre-on-push-slmh9-clamav-scan-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre Attaching to quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/vnd.clamav quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724@sha256:f861987f5ba4c3d6f325f1bdaad0083f6db1688e51193285634647af0f7fd0f3 clamscan-result-amd64.log:text/vnd.clamav clamscan-ec-test-amd64.json:application/vnd.konflux.test_output+json Preparing clamscan-result-amd64.log Preparing clamscan-ec-test-amd64.json Exists 44136fa355b3 application/vnd.oci.empty.v1+json Uploading 24c676bbb4f9 clamscan-ec-test-amd64.json Uploading 5ace431b7f3e clamscan-result-amd64.log Uploaded 5ace431b7f3e clamscan-result-amd64.log Uploaded 24c676bbb4f9 clamscan-ec-test-amd64.json Uploading 601e18c0100b application/vnd.oci.image.manifest.v1+json Uploaded 601e18c0100b application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724@sha256:f861987f5ba4c3d6f325f1bdaad0083f6db1688e51193285634647af0f7fd0f3 Digest: sha256:601e18c0100bd49a70a8f274d544f29e55b35c0ea5aca8079b0d8bcae711a7b8 pod: gh-test-custom-branch-umtqre-on-push-slmh9-clone-repository-pod | init container: prepare 2025/10/24 13:08:25 Entrypoint initialization pod: gh-test-custom-branch-umtqre-on-push-slmh9-clone-repository-pod | init container: place-scripts 2025/10/24 13:08:25 Decoded script /tekton/scripts/script-0-9h8mw 2025/10/24 13:08:25 Decoded script /tekton/scripts/script-1-vsrww pod: gh-test-custom-branch-umtqre-on-push-slmh9-clone-repository-pod | container step-clone: INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt {"level":"info","ts":1761311307.9656143,"caller":"git/git.go:380","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1761311308.4914346,"caller":"git/git.go:217","msg":"Successfully cloned https://github.com/redhat-appstudio-qe/devfile-sample-hello-world @ dc6eb132b467990af755193d1868f31be8ffb724 (grafted, HEAD) in path /workspace/output/source"} {"level":"info","ts":1761311308.491488,"caller":"git/git.go:380","msg":"Retrying operation (attempt 1)"} {"level":"info","ts":1761311308.524301,"caller":"git/git.go:263","msg":"Successfully initialized and updated submodules in path /workspace/output/source"} Merge option disabled. Using checked-out revision dc6eb132b467990af755193d1868f31be8ffb724 directly. pod: gh-test-custom-branch-umtqre-on-push-slmh9-clone-repository-pod | container step-symlink-check: Running symlink check pod: gh-test-custom-branch-umtqre-on-push-slmh9-init-pod | init container: prepare 2025/10/24 13:08:19 Entrypoint initialization pod: gh-test-custom-branch-umtqre-on-push-slmh9-init-pod | init container: place-scripts 2025/10/24 13:08:19 Decoded script /tekton/scripts/script-0-ll8hb pod: gh-test-custom-branch-umtqre-on-push-slmh9-init-pod | container step-init: Build Initialize: quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724 Determine if Image Already Exists pod: gh-test-custom-branch-umtqre-on-push-slmh9-push-dockerfile-pod | init container: prepare 2025/10/24 13:09:26 Entrypoint initialization pod: gh-test-custom-branch-umtqre-on-push-slmh9-push-dockerfile-pod | init container: place-scripts 2025/10/24 13:09:28 Decoded script /tekton/scripts/script-0-9lz5g pod: gh-test-custom-branch-umtqre-on-push-slmh9-push-dockerfile-pod | init container: working-dir-initializer pod: gh-test-custom-branch-umtqre-on-push-slmh9-push-dockerfile-pod | container step-push: [2025-10-24T13:09:32,559328785+00:00] Validate context path Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724 Using token for quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre Pushing Dockerfile to registry Executing: oras push --no-tty --format json --registry-config /tmp/tmp.papoDijXAL --artifact-type application/vnd.konflux.dockerfile quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:sha256-f861987f5ba4c3d6f325f1bdaad0083f6db1688e51193285634647af0f7fd0f3.dockerfile Dockerfile pod: gh-test-custom-branch-umtqre-on-push-slmh9-sast-shell-check-pod | init container: prepare 2025/10/24 13:09:54 Entrypoint initialization pod: gh-test-custom-branch-umtqre-on-push-slmh9-sast-shell-check-pod | init container: place-scripts 2025/10/24 13:09:55 Decoded script /tekton/scripts/script-0-2h6m5 2025/10/24 13:09:55 Decoded script /tekton/scripts/script-1-bpzxr pod: gh-test-custom-branch-umtqre-on-push-slmh9-sast-shell-check-pod | init container: working-dir-initializer pod: gh-test-custom-branch-umtqre-on-push-slmh9-sast-shell-check-pod | container step-sast-shell-check: + source /utils.sh ++ OPM_RENDER_CACHE=/tmp/konflux-test-opm-cache ++ DEFAULT_INDEX_IMAGE=registry.redhat.io/redhat/redhat-operator-index + trap 'handle_error /tekton/results/TEST_OUTPUT' EXIT + [[ -z '' ]] + PROJECT_NAME=gh-test-custom-branch-umtqre + echo 'INFO: The PROJECT_NAME used is: gh-test-custom-branch-umtqre' + ca_bundle=/mnt/trusted-ca/ca-bundle.crt + '[' -f /mnt/trusted-ca/ca-bundle.crt ']' INFO: The PROJECT_NAME used is: gh-test-custom-branch-umtqre INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt + echo 'INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt' + cp -vf /mnt/trusted-ca/ca-bundle.crt /etc/pki/ca-trust/source/anchors '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' + update-ca-trust ++ rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\n' ShellCheck + PACKAGE_VERSION=ShellCheck-0.10.0-3.el9 + OUTPUT_FILE=shellcheck-results.json + SOURCE_CODE_DIR=/workspace/workspace/source + declare -a ALL_TARGETS + IFS=, + read -ra TARGET_ARRAY + for d in "${TARGET_ARRAY[@]}" + potential_path=/workspace/workspace/source/. ++ realpath -m /workspace/workspace/source/. + resolved_path=/workspace/workspace/source + [[ /workspace/workspace/source == \/\w\o\r\k\s\p\a\c\e\/\w\o\r\k\s\p\a\c\e\/\s\o\u\r\c\e* ]] + ALL_TARGETS+=("$resolved_path") + '[' -z '' ']' + '[' -r /sys/fs/cgroup/cpu.max ']' + read -r quota period + '[' 800000 '!=' max ']' + '[' -n 100000 ']' + '[' 100000 -gt 0 ']' + export SC_JOBS=8 + SC_JOBS=8 + echo 'INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh' + /usr/share/csmock/scripts/run-shellcheck.sh /workspace/workspace/source INFO: Setting SC_JOBS=8 based on cgroups v2 max for run-shellcheck.sh Looking for shell scripts................ done + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/applypatch-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/post-update.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/prepare-commit-msg.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-applypatch.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-merge-commit.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-push.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-rebase.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/pre-receive.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/push-to-checkout.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/sendemail-validate.sample + timeout 30 shellcheck --format=json1 --external-sources --source-path=/workspace/workspace/source /workspace/workspace/source/.git/hooks/update.sample + CSGREP_OPTS=(--mode=json --strip-path-prefix="$SOURCE_CODE_DIR"/ --remove-duplicates --embed-context=3 --set-scan-prop="ShellCheck:${PACKAGE_VERSION}") + [[ true == \t\r\u\e ]] + CSGREP_EVENT_FILTER='\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|' + CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|' + CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\]$' + CSGREP_OPTS+=(--event="$CSGREP_EVENT_FILTER") + csgrep --mode=json --strip-path-prefix=/workspace/workspace/source/ --remove-duplicates --embed-context=3 --set-scan-prop=ShellCheck:ShellCheck-0.10.0-3.el9 '--event=\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|2218|2224|2225|2242|2256|2258|2261)\]$' ./shellcheck-results/empty.json ./shellcheck-results/sc-101.json ./shellcheck-results/sc-121.json ./shellcheck-results/sc-127.json ./shellcheck-results/sc-128.json ./shellcheck-results/sc-140.json ./shellcheck-results/sc-87.json ./shellcheck-results/sc-90.json ./shellcheck-results/sc-91.json ./shellcheck-results/sc-93.json ./shellcheck-results/sc-97.json + [[ SITE_DEFAULT == \S\I\T\E\_\D\E\F\A\U\L\T ]] + KFP_GIT_URL=https://gitlab.cee.redhat.com/osh/known-false-positives.git + PROBE_URL=https://gitlab.cee.redhat.com/osh/known-false-positives + KFP_DIR=known-false-positives + KFP_CLONED=0 + mkdir known-false-positives + [[ -n https://gitlab.cee.redhat.com/osh/known-false-positives.git ]] + echo -n 'INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... ' + curl --fail --head --max-time 60 --no-progress-meter https://gitlab.cee.redhat.com/osh/known-false-positives ++ head -1 curl: (6) Could not resolve host: gitlab.cee.redhat.com + [[ 0 -eq 0 ]] + echo 'WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered' INFO: Probing https://gitlab.cee.redhat.com/osh/known-false-positives... WARN: Failed to clone known-false-positives at https://gitlab.cee.redhat.com/osh/known-false-positives.git, scan results will not be filtered ShellCheck results have been saved to shellcheck-results.json + echo 'ShellCheck results have been saved to shellcheck-results.json' + csgrep --mode=evtstat shellcheck-results.json + csgrep --mode=sarif shellcheck-results.json + note='Task sast-shell-check completed successfully.' ++ make_result_json -r SUCCESS -t 'Task sast-shell-check completed successfully.' ++ local RESULT= ++ local SUCCESSES=0 ++ local FAILURES=0 ++ local WARNINGS=0 ++ local 'NOTE=For details, check Tekton task log.' ++ local NAMESPACE=default ++ local OUTPUT ++ local OPTIND opt ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ RESULT=SUCCESS ++ getopts :r:s:f:w:t:n: opt ++ case "${opt}" in ++ NOTE='Task sast-shell-check completed successfully.' ++ getopts :r:s:f:w:t:n: opt ++ shift 4 ++ '[' -z SUCCESS ']' ++ case "${RESULT}" in ++++ date -u --iso-8601=seconds +++ jq -rce --arg date 2025-10-24T13:10:00+00:00 --arg result SUCCESS --arg note 'Task sast-shell-check completed successfully.' --arg namespace default --arg successes 0 --arg failures 0 --arg warnings 0 --null-input '{ result: $result, timestamp: $date, note: $note, namespace: $namespace, successes: $successes|tonumber, failures: $failures|tonumber, warnings: $warnings|tonumber }' ++ OUTPUT='{"result":"SUCCESS","timestamp":"2025-10-24T13:10:00+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' ++ echo '{"result":"SUCCESS","timestamp":"2025-10-24T13:10:00+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + TEST_OUTPUT='{"result":"SUCCESS","timestamp":"2025-10-24T13:10:00+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + echo '{"result":"SUCCESS","timestamp":"2025-10-24T13:10:00+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0}' + tee /tekton/results/TEST_OUTPUT {"result":"SUCCESS","timestamp":"2025-10-24T13:10:00+00:00","note":"Task sast-shell-check completed successfully.","namespace":"default","successes":0,"failures":0,"warnings":0} + handle_error /tekton/results/TEST_OUTPUT + exit_code=0 + '[' 0 -ne 0 ']' + exit 0 pod: gh-test-custom-branch-umtqre-on-push-slmh9-sast-shell-check-pod | container step-upload: Selecting auth Using token for quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre Attaching to quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724 Executing: oras attach --no-tty --registry-config /home/oras/auth.json --artifact-type application/sarif+json quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724@sha256:f861987f5ba4c3d6f325f1bdaad0083f6db1688e51193285634647af0f7fd0f3 shellcheck-results.sarif:application/sarif+json Preparing shellcheck-results.sarif Exists 44136fa355b3 application/vnd.oci.empty.v1+json Exists 3b606a9dd3a1 shellcheck-results.sarif Uploading 0c613cbca882 application/vnd.oci.image.manifest.v1+json Uploaded 0c613cbca882 application/vnd.oci.image.manifest.v1+json Attached to [registry] quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:dc6eb132b467990af755193d1868f31be8ffb724@sha256:f861987f5ba4c3d6f325f1bdaad0083f6db1688e51193285634647af0f7fd0f3 Digest: sha256:0c613cbca882d955c8d3ce6260ce6280b04d6f4bba3d1254176d2c73ef84b322 No excluded-findings.json exists. Skipping upload. pod: gh-test-custom-branch-umtqre-on-push-slmh9-sast-snyk-check-pod | init container: prepare 2025/10/24 13:09:53 Entrypoint initialization pod: gh-test-custom-branch-umtqre-on-push-slmh9-sast-snyk-check-pod | init container: place-scripts 2025/10/24 13:09:54 Decoded script /tekton/scripts/script-0-284lq 2025/10/24 13:09:54 Decoded script /tekton/scripts/script-1-222tv pod: gh-test-custom-branch-umtqre-on-push-slmh9-sast-snyk-check-pod | init container: working-dir-initializer pod: gh-test-custom-branch-umtqre-on-push-slmh9-sast-snyk-check-pod | container step-sast-snyk-check: INFO: The PROJECT_NAME used is: gh-test-custom-branch-umtqre INFO: Using mounted CA bundle: /mnt/trusted-ca/ca-bundle.crt '/mnt/trusted-ca/ca-bundle.crt' -> '/etc/pki/ca-trust/source/anchors/ca-bundle.crt' {"result":"SKIPPED","timestamp":"2025-10-24T13:09:58+00:00","note":"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)","namespace":"default","successes":0,"failures":0,"warnings":0} pod: gh-test-custom-branch-umtqre-on-push-slmh9-sast-snyk-check-pod | container step-upload: No sast_snyk_check_out.sarif exists. Skipping upload. No excluded-findings.json exists. Skipping upload. pod: gh-test-custom-branch-umtqre56a6ba16d65959f947de0e79bec90d1-pod | init container: prepare 2025/10/24 13:03:12 Entrypoint initialization pod: gh-test-custom-branch-umtqre56a6ba16d65959f947de0e79bec90d1-pod | init container: place-scripts 2025/10/24 13:03:13 Decoded script /tekton/scripts/script-0-7tgqv 2025/10/24 13:03:13 Decoded script /tekton/scripts/script-1-rwwhq 2025/10/24 13:03:13 Decoded script /tekton/scripts/script-2-ltb7t 2025/10/24 13:03:13 Decoded script /tekton/scripts/script-3-vg9c2 2025/10/24 13:03:13 Decoded script /tekton/scripts/script-4-t7xfm 2025/10/24 13:03:13 Decoded script /tekton/scripts/script-5-qvvwb pod: gh-test-custom-branch-umtqre56a6ba16d65959f947de0e79bec90d1-pod | container step-introspect: Artifact type will be determined by introspection. Checking the media type of the OCI artifact... Executing: skopeo inspect --raw --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:on-pr-37298e65ac6f66a5e8b39ce33c1e3beee99a8b43 The media type of the OCI artifact is application/vnd.docker.distribution.manifest.v2+json. Looking for image labels that indicate this might be an operator bundle... Executing: skopeo inspect --retry-times 3 docker://quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:on-pr-37298e65ac6f66a5e8b39ce33c1e3beee99a8b43 Found 0 matching labels. Expecting 3 or more to identify this image as an operator bundle. Introspection concludes that this artifact is of type "application". pod: gh-test-custom-branch-umtqre56a6ba16d65959f947de0e79bec90d1-pod | container step-generate-container-auth: Selecting auth for quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:on-pr-37298e65ac6f66a5e8b39ce33c1e3beee99a8b43 Using token for quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre Auth json written to "/auth/auth.json". pod: gh-test-custom-branch-umtqre56a6ba16d65959f947de0e79bec90d1-pod | container step-set-skip-for-bundles: 2025/10/24 13:05:25 INFO Step was skipped due to when expressions were evaluated to false. pod: gh-test-custom-branch-umtqre56a6ba16d65959f947de0e79bec90d1-pod | container step-app-check: time="2025-10-24T13:05:25Z" level=info msg="certification library version" version="1.14.1 " time="2025-10-24T13:05:26Z" level=info msg="running checks for quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:on-pr-37298e65ac6f66a5e8b39ce33c1e3beee99a8b43 for platform amd64" time="2025-10-24T13:05:26Z" level=info msg="target image" image="quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:on-pr-37298e65ac6f66a5e8b39ce33c1e3beee99a8b43" time="2025-10-24T13:05:29Z" level=error msg="could not get rpm list, continuing without it" error="could not find rpm db/packages: stat /tmp/preflight-504468656/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-504468656/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-504468656/fs/var/lib/rpm/Packages: no such file or directory" time="2025-10-24T13:05:29Z" level=info msg="check completed" check=HasLicense result=FAILED time="2025-10-24T13:05:29Z" level=info msg="check completed" check=HasUniqueTag result=PASSED time="2025-10-24T13:05:29Z" level=info msg="check completed" check=LayerCountAcceptable result=PASSED time="2025-10-24T13:05:29Z" level=info msg="check completed" check=HasNoProhibitedPackages err="unable to get a list of all packages in the image: could not get rpm list: could not find rpm db/packages: stat /tmp/preflight-504468656/fs/usr/lib/sysimage/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-504468656/fs/var/lib/rpm/rpmdb.sqlite: no such file or directory\nstat /tmp/preflight-504468656/fs/var/lib/rpm/Packages: no such file or directory" result=ERROR time="2025-10-24T13:05:29Z" level=info msg="check completed" check=HasRequiredLabel result=FAILED time="2025-10-24T13:05:29Z" level=info msg="detected empty USER. Presumed to be running as root" check=RunAsNonRoot time="2025-10-24T13:05:29Z" level=info msg="USER value must be provided and be a non-root value for this check to pass" check=RunAsNonRoot time="2025-10-24T13:05:29Z" level=info msg="check completed" check=RunAsNonRoot result=FAILED time="2025-10-24T13:05:31Z" level=info msg="check completed" check=HasModifiedFiles result=PASSED time="2025-10-24T13:05:32Z" level=info msg="check completed" check=BasedOnUbi result=PASSED time="2025-10-24T13:05:32Z" level=info msg="This image's tag on-pr-37298e65ac6f66a5e8b39ce33c1e3beee99a8b43 will be paired with digest sha256:4d0b7ecc395a74464b59c0514657e5bdebe7b2234efcc76ec01f8d5312fbd110 once this image has been published in accordance with Red Hat Certification policy. You may then add or remove any supplemental tags through your Red Hat Connect portal as you see fit." { "image": "quay.io/redhat-appstudio-qe/build-e2e-ypdo/gh-test-custom-branch-umtqre:on-pr-37298e65ac6f66a5e8b39ce33c1e3beee99a8b43", "passed": false, "test_library": { "name": "github.com/redhat-openshift-ecosystem/openshift-preflight", time="2025-10-24T13:05:32Z" level=info msg="Preflight result: FAILED" "version": "1.14.1", "commit": "436b6cd740f4144eba59ad1378be00383c7b0269" }, "results": { "passed": [ { "name": "HasUniqueTag", "elapsed_time": 0, "description": "Checking if container has a tag other than 'latest', so that the image can be uniquely identified." }, { "name": "LayerCountAcceptable", "elapsed_time": 0, "description": "Checking if container has less than 40 layers. Too many layers within the container images can degrade container performance." }, { "name": "HasModifiedFiles", "elapsed_time": 2059, "description": "Checks that no files installed via RPM in the base Red Hat layer have been modified" }, { "name": "BasedOnUbi", "elapsed_time": 1077, "description": "Checking if the container's base image is based upon the Red Hat Universal Base Image (UBI)" } ], "failed": [ { "name": "HasLicense", "elapsed_time": 0, "description": "Checking if terms and conditions applicable to the software including open source licensing information are present. The license must be at /licenses", "help": "Check HasLicense encountered an error. Please review the preflight.log file for more information.", "suggestion": "Create a directory named /licenses and include all relevant licensing and/or terms and conditions as text file(s) in that directory.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "HasRequiredLabel", "elapsed_time": 0, "description": "Checking if the required labels (name, vendor, version, release, summary, description, maintainer) are present in the container metadata", "help": "Check HasRequiredLabel encountered an error. Please review the preflight.log file for more information.", "suggestion": "Add the following labels to your Dockerfile or Containerfile: name, vendor, version, release, summary, description, maintainer.", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" }, { "name": "RunAsNonRoot", "elapsed_time": 0, "description": "Checking if container runs as the root user because a container that does not specify a non-root user will fail the automatic certification, and will be subject to a manual review before the container can be approved for publication", "help": "Check RunAsNonRoot encountered an error. Please review the preflight.log file for more information.", "suggestion": "Indicate a specific USER in the dockerfile or containerfile", "knowledgebase_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction", "check_url": "https://access.redhat.com/documentation/en-us/red_hat_software_certification/2024/html-single/red_hat_openshift_software_certification_policy_guide/index#assembly-requirements-for-container-images_openshift-sw-cert-policy-introduction" } ], "errors": [ { "name": "HasNoProhibitedPackages", "elapsed_time": 0, "description": "Checks to ensure that the image in use does not include prohibited packages, such as Red Hat Enterprise Linux (RHEL) kernel packages.", "help": "Check HasNoProhibitedPackages encountered an error. Please review the preflight.log file for more information." } ] } } pod: gh-test-custom-branch-umtqre56a6ba16d65959f947de0e79bec90d1-pod | container step-app-set-outcome: {"result":"ERROR","timestamp":"1761311133","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":4,"failures":3,"warnings":0} pod: gh-test-custom-branch-umtqre56a6ba16d65959f947de0e79bec90d1-pod | container step-final-outcome: + [[ ! -f /mount/konflux.results.json ]] + tee /tekton/steps/step-final-outcome/results/test-output {"result":"ERROR","timestamp":"1761311133","note":"Task preflight is a ERROR: Refer to Tekton task logs for more information","successes":4,"failures":3,"warnings":0}