{
    "apiVersion": "v1",
    "items": [
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/15c29ff3-113d-45b5-8f38-5350bc56eee9",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:06:09Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "coverity-availability-check",
                    "tekton.dev/task": "coverity-availability-check",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "kon8fa3206a5d329de43c1482b7d03ba7aa-coverity-availability-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "25850",
                "uid": "15c29ff3-113d-45b5-8f38-5350bc56eee9"
            },
            "spec": {
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "coverity-availability-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:22Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:22Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "kon8fa3206a5d329de43c1482b7413612e95ab56870312272fdea5c7a4e-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        "entryPoint": "coverity-availability-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check"
                    }
                },
                "results": [
                    {
                        "name": "STATUS",
                        "type": "string",
                        "value": "failed"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"2026-07-01T16:06:20+00:00\",\"note\":\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\",\"namespace\":\"default\",\"successes\":0,\"failures\":1,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:10Z",
                "steps": [
                    {
                        "container": "step-coverity-availability-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "coverity-availability-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://6b8d411c224c12fc6849d4974bac4ed74af14b8ca44237bac60a7be1a747e902",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:20Z",
                            "message": "[{\"key\":\"STATUS\",\"value\":\"failed\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:20+00:00\\\",\\\"note\\\":\\\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":1,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:20Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This task performs needed checks in order to use Coverity image in the pipeline. It will check for a Coverity license secret and an authentication secret for pulling the image.",
                    "params": [
                        {
                            "default": "cov-license",
                            "description": "Name of secret which contains the Coverity license",
                            "name": "COV_LICENSE",
                            "type": "string"
                        },
                        {
                            "default": "auth-token-coverity-image",
                            "description": "Name of secret which contains the authentication token for pulling the Coverity image.",
                            "name": "AUTH_TOKEN_COVERITY_IMAGE",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task result output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Tekton task simple status to be later checked",
                            "name": "STATUS",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "COV_LICENSE",
                                    "value": "cov-license"
                                },
                                {
                                    "name": "AUTH_TOKEN_COVERITY_IMAGE",
                                    "value": "auth-token-coverity-image"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "coverity-availability-check",
                            "script": "#!/usr/bin/env bash\nset -eo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Checking Coverity license\nCOV_LICENSE_PATH=/etc/secrets/cov/cov-license\nif [ -f \"${COV_LICENSE_PATH}\" ] \u0026\u0026 [ -s \"${COV_LICENSE_PATH}\" ]; then\n  echo \"Coverity license detected!\"\nelse\n  echo 'No license file for Coverity was detected. Coverity scan will not be executed...'\n  echo 'Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license'\n  note=\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# Checking authentication token for downloading coverity image\nAUTH_TOKEN_COVERITY_IMAGE_PATH=/etc/secrets/auth/config.json\nif [ -f \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ] \u0026\u0026 [ -s \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ]; then\n  echo \"Authentication token detected!\"\nelse\n  echo 'No authentication token for downloading Coverity image detected. Coverity scan will not be executed...'\n  echo 'Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image'\n  note=\"Task coverity-availability-check failed: No authentication token for downloading Coverity image detected. Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nnote=\"Task coverity-availability-check completed: Coverity availability checks finished succesfully.\"\n# shellcheck disable=SC2034\nTEST_OUTPUT=$(make_result_json -r SUCCESS -s 1 -t \"$note\")\necho -n \"success\" | tee \"/tekton/results/STATUS\"\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets/cov",
                                    "name": "cov-license",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/etc/secrets/auth/config.json",
                                    "name": "auth-token-coverity-image",
                                    "subPath": ".dockerconfigjson"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "cov-license",
                            "secret": {
                                "optional": true,
                                "secretName": "cov-license"
                            }
                        },
                        {
                            "name": "auth-token-coverity-image",
                            "secret": {
                                "optional": true,
                                "secretName": "auth-token-coverity-image"
                            }
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/d9b0c13b-56d5-46e2-a3d7-67697db1b249",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:06:09Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "deprecated-base-image-check",
                    "tekton.dev/task": "deprecated-image-check",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "kon8fa3206a5d329de43c1482b7d03ba7aa-deprecated-base-image-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "25848",
                "uid": "d9b0c13b-56d5-46e2-a3d7-67697db1b249"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "deprecated-image-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:27Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:27Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "kon8fa3206a5d329de43c1482b768cbb1a842ecade271787f9b10b5ece6-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        "entryPoint": "deprecated-image-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\", \"digests\": [\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:06:26+00:00\",\"note\":\"Task deprecated-image-check completed: Check result for task result.\",\"namespace\":\"required_checks\",\"successes\":2,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:09Z",
                "steps": [
                    {
                        "container": "step-check-images",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "check-images",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://191fafb4065ca966e77c30fdf4c86732ad40e9f0cebf58aa8a619337bfe94d99",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:26Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\\\", \\\"digests\\\": [\\\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:26+00:00\\\",\\\"note\\\":\\\"Task deprecated-image-check completed: Check result for task result.\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:17Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Identifies the unmaintained and potentially insecure deprecated base images. Pyxis API collects metadata from image repository, and Conftest applies supplied policy to identify the deprecated images using that metadata.",
                    "params": [
                        {
                            "default": "/project/repository/",
                            "description": "Path to directory containing Conftest policies.",
                            "name": "POLICY_DIR",
                            "type": "string"
                        },
                        {
                            "default": "required_checks",
                            "description": "Namespace for Conftest policy.",
                            "name": "POLICY_NAMESPACE",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Digests of base build images.",
                            "name": "BASE_IMAGES_DIGESTS",
                            "type": "string"
                        },
                        {
                            "description": "Fully qualified image name.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "POLICY_DIR",
                                    "value": "/project/repository/"
                                },
                                {
                                    "name": "POLICY_NAMESPACE",
                                    "value": "required_checks"
                                },
                                {
                                    "name": "BASE_IMAGES_DIGESTS"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "check-images",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nIMAGES_TO_BE_PROCESSED_PATH=\"/tmp/images_to_be_processed.txt\"\ntouch /tmp/images_to_be_processed.txt\n\nsuccess_counter=0\nfailure_counter=0\nerror_counter=0\nwarnings_counter=0\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo -n $imagewithouttag@$IMAGE_DIGEST)\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  while read -r arch arch_sha; do\n    SBOM_FILE_PATH=$(echo \"/tmp/sbom-$arch.json\")\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    # Get base images from SBOM\n    cosign download sbom $arch_imageanddigest \u003e ${SBOM_FILE_PATH}\n    if [ $? -ne 0 ]; then\n      echo \"Unable to download sbom for arch $arch.\"\n      continue\n    fi\n\n    \u003c \"${SBOM_FILE_PATH}\" jq -r '\n        if .bomFormat == \"CycloneDX\" then\n            .formulation[]?\n            | .components[]?\n            | select(any(.properties[]?; .name | test(\"^konflux:container:is_(base|builder)_image\")))\n            | (\n                .purl\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        else\n            .packages[]\n            | select(any(.annotations[]?.comment; (fromjson?).name? | test(\"^konflux:container:is_(base|builder)_image\")?))\n            | [.externalRefs[]? | select(.referenceType == \"purl\").referenceLocator] as $purls\n            | (\n                $purls | first\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        end\n    ' \u003e\u003e \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"Detected base images from $arch SBOM:\"\n    cat \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"\"\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task deprecated-image-check failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nif [ -n \"${BASE_IMAGES_DIGESTS}\" ];\nthen\n  echo \"Base images passed by param BASE_IMAGES_DIGESTS: $BASE_IMAGES_DIGESTS\"\n  # Get images from the parameter\n  for IMAGE_WITH_TAG in $(echo -n \"$BASE_IMAGES_DIGESTS\" | sed 's/\\\\n/\\'$'\\n''/g' );\n  do\n    echo $IMAGE_WITH_TAG | cut -d \":\" -f1 \u003e\u003e ${IMAGES_TO_BE_PROCESSED_PATH}\n  done\nfi\n\n# we want to remove duplicated entries\nBASE_IMAGES=$(sort -u \"${IMAGES_TO_BE_PROCESSED_PATH}\")\n\necho \"Images to be checked:\"\necho \"$BASE_IMAGES\"\necho \"\"\n\nfor BASE_IMAGE in ${BASE_IMAGES};\ndo\n  IFS=:'/' read -r IMAGE_REGISTRY IMAGE_REPOSITORY\u003c\u003c\u003c $BASE_IMAGE\n\n  # Red Hat Catalog hack: registry.redhat.io must be queried as registry.access.redhat.com in Red Hat catalog\n  IMAGE_REGISTRY_CATALOG=$(echo \"${IMAGE_REGISTRY}\" | sed 's/^registry.redhat.io$/registry.access.redhat.com/')\n\n  export IMAGE_REPO_PATH=/tmp/${IMAGE_REPOSITORY}\n  mkdir -p ${IMAGE_REPO_PATH}\n  echo \"Querying Red Hat Catalog for $BASE_IMAGE.\"\n  http_code=$(curl -s -o ${IMAGE_REPO_PATH}/repository_data.json -w '%{http_code}' \"https://catalog.redhat.com/api/containers/v1/repositories/registry/${IMAGE_REGISTRY_CATALOG}/repository/${IMAGE_REPOSITORY}\")\n\n  if [ \"$http_code\" == \"200\" ];\n  then\n    echo \"Running conftest using $POLICY_DIR policy, $POLICY_NAMESPACE namespace.\"\n    /usr/bin/conftest test --no-fail ${IMAGE_REPO_PATH}/repository_data.json \\\n    --policy $POLICY_DIR --namespace $POLICY_NAMESPACE \\\n    --output=json | tee ${IMAGE_REPO_PATH}/deprecated_image_check_output.json\n\n    failures_num=$(jq -r '.[].failures|length' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${failures_num}\" -gt 0 ]]; then\n      echo \"[FAILURE] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} has been deprecated\"\n    fi\n    failure_counter=$((failure_counter+failures_num))\n\n    successes_num=$(jq -r '.[].successes' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${successes_num}\" -gt 0 ]]; then\n      echo \"[SUCCESS] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} is valid\"\n    fi\n    success_counter=$((success_counter+successes_num))\n\n  elif [ \"$http_code\" == \"404\" ];\n  then\n    echo \"[WARNING] Registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} not found in Red Hat Catalog. Task cannot provide results if image is deprecated.\"\n    warnings_counter=$((warnings_counter+1))\n  else\n    echo \"[ERROR] Unexpected error (HTTP code: ${http_code}) occurred for registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY}.\"\n    error_counter=$((error_counter+1))\n  fi\ndone\n\nnote=\"Task deprecated-image-check failed: Command conftest failed. For details, check Tekton task log.\"\nERROR_OUTPUT=$(make_result_json -r ERROR -n \"$POLICY_NAMESPACE\" -t \"$note\")\n\nnote=\"Task deprecated-image-check completed: Check result for task result.\"\nif [[ \"$error_counter\" == 0 ]];\nthen\n  if [[ \"${failure_counter}\" -gt 0 ]]; then\n    RES=\"FAILURE\"\n  elif [[ \"${warnings_counter}\" -gt 0 ]]; then\n    RES=\"WARNING\"\n  elif [[ \"${success_counter}\" -eq 0 ]]; then\n    # when all counters are 0, there are no base images to check\n    note=\"Task deprecated-image-check success: No base images to check.\"\n    RES=\"SUCCESS\"\n  else\n    RES=\"SUCCESS\"\n  fi\n  TEST_OUTPUT=$(make_result_json \\\n    -r \"${RES}\" -n \"$POLICY_NAMESPACE\" \\\n    -s \"${success_counter}\" -f \"${failure_counter}\" -w \"${warnings_counter}\" -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee /tekton/results/TEST_OUTPUT\n\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/296b97f6-4a8c-458c-81e2-736ef269979a",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:11:58Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "coverity-availability-check",
                    "tekton.dev/task": "coverity-availability-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "koncb41c92e238803de427bde3c966a36ad-coverity-availability-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "31819",
                "uid": "296b97f6-4a8c-458c-81e2-736ef269979a"
            },
            "spec": {
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "coverity-availability-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:12:13Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:12:13Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "koncb41c92e238803de427bde3c16f19cb90a2e60263a619d4dec771f21-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        "entryPoint": "coverity-availability-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check"
                    }
                },
                "results": [
                    {
                        "name": "STATUS",
                        "type": "string",
                        "value": "failed"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"2026-07-01T16:12:12+00:00\",\"note\":\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\",\"namespace\":\"default\",\"successes\":0,\"failures\":1,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:11:59Z",
                "steps": [
                    {
                        "container": "step-coverity-availability-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "coverity-availability-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://8f70318895f49c7bcd541e12c0398322ea82ba16f8507cb64815d1cea4fd0515",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:12Z",
                            "message": "[{\"key\":\"STATUS\",\"value\":\"failed\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"2026-07-01T16:12:12+00:00\\\",\\\"note\\\":\\\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":1,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:12Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This task performs needed checks in order to use Coverity image in the pipeline. It will check for a Coverity license secret and an authentication secret for pulling the image.",
                    "params": [
                        {
                            "default": "cov-license",
                            "description": "Name of secret which contains the Coverity license",
                            "name": "COV_LICENSE",
                            "type": "string"
                        },
                        {
                            "default": "auth-token-coverity-image",
                            "description": "Name of secret which contains the authentication token for pulling the Coverity image.",
                            "name": "AUTH_TOKEN_COVERITY_IMAGE",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task result output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Tekton task simple status to be later checked",
                            "name": "STATUS",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "COV_LICENSE",
                                    "value": "cov-license"
                                },
                                {
                                    "name": "AUTH_TOKEN_COVERITY_IMAGE",
                                    "value": "auth-token-coverity-image"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "coverity-availability-check",
                            "script": "#!/usr/bin/env bash\nset -eo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Checking Coverity license\nCOV_LICENSE_PATH=/etc/secrets/cov/cov-license\nif [ -f \"${COV_LICENSE_PATH}\" ] \u0026\u0026 [ -s \"${COV_LICENSE_PATH}\" ]; then\n  echo \"Coverity license detected!\"\nelse\n  echo 'No license file for Coverity was detected. Coverity scan will not be executed...'\n  echo 'Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license'\n  note=\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# Checking authentication token for downloading coverity image\nAUTH_TOKEN_COVERITY_IMAGE_PATH=/etc/secrets/auth/config.json\nif [ -f \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ] \u0026\u0026 [ -s \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ]; then\n  echo \"Authentication token detected!\"\nelse\n  echo 'No authentication token for downloading Coverity image detected. Coverity scan will not be executed...'\n  echo 'Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image'\n  note=\"Task coverity-availability-check failed: No authentication token for downloading Coverity image detected. Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nnote=\"Task coverity-availability-check completed: Coverity availability checks finished succesfully.\"\n# shellcheck disable=SC2034\nTEST_OUTPUT=$(make_result_json -r SUCCESS -s 1 -t \"$note\")\necho -n \"success\" | tee \"/tekton/results/STATUS\"\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets/cov",
                                    "name": "cov-license",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/etc/secrets/auth/config.json",
                                    "name": "auth-token-coverity-image",
                                    "subPath": ".dockerconfigjson"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "cov-license",
                            "secret": {
                                "optional": true,
                                "secretName": "cov-license"
                            }
                        },
                        {
                            "name": "auth-token-coverity-image",
                            "secret": {
                                "optional": true,
                                "secretName": "auth-token-coverity-image"
                            }
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/25a13ccc-35cf-478d-8188-f6526ca362f8",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:11:57Z",
                "finalizers": [
                    "results.tekton.dev/taskrun",
                    "chains.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "deprecated-base-image-check",
                    "tekton.dev/task": "deprecated-image-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "koncb41c92e238803de427bde3c966a36ad-deprecated-base-image-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "32226",
                "uid": "25a13ccc-35cf-478d-8188-f6526ca362f8"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "deprecated-image-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:12:16Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:12:16Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "koncb41c92e238803de427bde3c1820347044eeb1cede93865ae2da17c3-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        "entryPoint": "deprecated-image-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\", \"digests\": [\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:12:14+00:00\",\"note\":\"Task deprecated-image-check completed: Check result for task result.\",\"namespace\":\"required_checks\",\"successes\":2,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:11:57Z",
                "steps": [
                    {
                        "container": "step-check-images",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "check-images",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://76ef2430bd7faf9dec72d9ca0641073b49c0790102f5768b10d158a66965a841",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:14Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\\\", \\\"digests\\\": [\\\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:12:14+00:00\\\",\\\"note\\\":\\\"Task deprecated-image-check completed: Check result for task result.\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:05Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Identifies the unmaintained and potentially insecure deprecated base images. Pyxis API collects metadata from image repository, and Conftest applies supplied policy to identify the deprecated images using that metadata.",
                    "params": [
                        {
                            "default": "/project/repository/",
                            "description": "Path to directory containing Conftest policies.",
                            "name": "POLICY_DIR",
                            "type": "string"
                        },
                        {
                            "default": "required_checks",
                            "description": "Namespace for Conftest policy.",
                            "name": "POLICY_NAMESPACE",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Digests of base build images.",
                            "name": "BASE_IMAGES_DIGESTS",
                            "type": "string"
                        },
                        {
                            "description": "Fully qualified image name.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "POLICY_DIR",
                                    "value": "/project/repository/"
                                },
                                {
                                    "name": "POLICY_NAMESPACE",
                                    "value": "required_checks"
                                },
                                {
                                    "name": "BASE_IMAGES_DIGESTS"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "check-images",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nIMAGES_TO_BE_PROCESSED_PATH=\"/tmp/images_to_be_processed.txt\"\ntouch /tmp/images_to_be_processed.txt\n\nsuccess_counter=0\nfailure_counter=0\nerror_counter=0\nwarnings_counter=0\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo -n $imagewithouttag@$IMAGE_DIGEST)\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  while read -r arch arch_sha; do\n    SBOM_FILE_PATH=$(echo \"/tmp/sbom-$arch.json\")\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    # Get base images from SBOM\n    cosign download sbom $arch_imageanddigest \u003e ${SBOM_FILE_PATH}\n    if [ $? -ne 0 ]; then\n      echo \"Unable to download sbom for arch $arch.\"\n      continue\n    fi\n\n    \u003c \"${SBOM_FILE_PATH}\" jq -r '\n        if .bomFormat == \"CycloneDX\" then\n            .formulation[]?\n            | .components[]?\n            | select(any(.properties[]?; .name | test(\"^konflux:container:is_(base|builder)_image\")))\n            | (\n                .purl\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        else\n            .packages[]\n            | select(any(.annotations[]?.comment; (fromjson?).name? | test(\"^konflux:container:is_(base|builder)_image\")?))\n            | [.externalRefs[]? | select(.referenceType == \"purl\").referenceLocator] as $purls\n            | (\n                $purls | first\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        end\n    ' \u003e\u003e \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"Detected base images from $arch SBOM:\"\n    cat \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"\"\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task deprecated-image-check failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nif [ -n \"${BASE_IMAGES_DIGESTS}\" ];\nthen\n  echo \"Base images passed by param BASE_IMAGES_DIGESTS: $BASE_IMAGES_DIGESTS\"\n  # Get images from the parameter\n  for IMAGE_WITH_TAG in $(echo -n \"$BASE_IMAGES_DIGESTS\" | sed 's/\\\\n/\\'$'\\n''/g' );\n  do\n    echo $IMAGE_WITH_TAG | cut -d \":\" -f1 \u003e\u003e ${IMAGES_TO_BE_PROCESSED_PATH}\n  done\nfi\n\n# we want to remove duplicated entries\nBASE_IMAGES=$(sort -u \"${IMAGES_TO_BE_PROCESSED_PATH}\")\n\necho \"Images to be checked:\"\necho \"$BASE_IMAGES\"\necho \"\"\n\nfor BASE_IMAGE in ${BASE_IMAGES};\ndo\n  IFS=:'/' read -r IMAGE_REGISTRY IMAGE_REPOSITORY\u003c\u003c\u003c $BASE_IMAGE\n\n  # Red Hat Catalog hack: registry.redhat.io must be queried as registry.access.redhat.com in Red Hat catalog\n  IMAGE_REGISTRY_CATALOG=$(echo \"${IMAGE_REGISTRY}\" | sed 's/^registry.redhat.io$/registry.access.redhat.com/')\n\n  export IMAGE_REPO_PATH=/tmp/${IMAGE_REPOSITORY}\n  mkdir -p ${IMAGE_REPO_PATH}\n  echo \"Querying Red Hat Catalog for $BASE_IMAGE.\"\n  http_code=$(curl -s -o ${IMAGE_REPO_PATH}/repository_data.json -w '%{http_code}' \"https://catalog.redhat.com/api/containers/v1/repositories/registry/${IMAGE_REGISTRY_CATALOG}/repository/${IMAGE_REPOSITORY}\")\n\n  if [ \"$http_code\" == \"200\" ];\n  then\n    echo \"Running conftest using $POLICY_DIR policy, $POLICY_NAMESPACE namespace.\"\n    /usr/bin/conftest test --no-fail ${IMAGE_REPO_PATH}/repository_data.json \\\n    --policy $POLICY_DIR --namespace $POLICY_NAMESPACE \\\n    --output=json | tee ${IMAGE_REPO_PATH}/deprecated_image_check_output.json\n\n    failures_num=$(jq -r '.[].failures|length' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${failures_num}\" -gt 0 ]]; then\n      echo \"[FAILURE] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} has been deprecated\"\n    fi\n    failure_counter=$((failure_counter+failures_num))\n\n    successes_num=$(jq -r '.[].successes' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${successes_num}\" -gt 0 ]]; then\n      echo \"[SUCCESS] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} is valid\"\n    fi\n    success_counter=$((success_counter+successes_num))\n\n  elif [ \"$http_code\" == \"404\" ];\n  then\n    echo \"[WARNING] Registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} not found in Red Hat Catalog. Task cannot provide results if image is deprecated.\"\n    warnings_counter=$((warnings_counter+1))\n  else\n    echo \"[ERROR] Unexpected error (HTTP code: ${http_code}) occurred for registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY}.\"\n    error_counter=$((error_counter+1))\n  fi\ndone\n\nnote=\"Task deprecated-image-check failed: Command conftest failed. For details, check Tekton task log.\"\nERROR_OUTPUT=$(make_result_json -r ERROR -n \"$POLICY_NAMESPACE\" -t \"$note\")\n\nnote=\"Task deprecated-image-check completed: Check result for task result.\"\nif [[ \"$error_counter\" == 0 ]];\nthen\n  if [[ \"${failure_counter}\" -gt 0 ]]; then\n    RES=\"FAILURE\"\n  elif [[ \"${warnings_counter}\" -gt 0 ]]; then\n    RES=\"WARNING\"\n  elif [[ \"${success_counter}\" -eq 0 ]]; then\n    # when all counters are 0, there are no base images to check\n    note=\"Task deprecated-image-check success: No base images to check.\"\n    RES=\"SUCCESS\"\n  else\n    RES=\"SUCCESS\"\n  fi\n  TEST_OUTPUT=$(make_result_json \\\n    -r \"${RES}\" -n \"$POLICY_NAMESPACE\" \\\n    -s \"${success_counter}\" -f \"${failure_counter}\" -w \"${warnings_counter}\" -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee /tekton/results/TEST_OUTPUT\n\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-be96994577",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/17777764-bc0a-4615-a986-e52ffb2ee047",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:03:05Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "prefetch-dependencies",
                    "tekton.dev/task": "prefetch-dependencies",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-t8fa3206a5d329de43c1482b7d03ba7aa-prefetch-dependencies",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "23558",
                "uid": "17777764-bc0a-4615-a986-e52ffb2ee047"
            },
            "spec": {
                "params": [
                    {
                        "name": "input",
                        "value": ""
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "prefetch-dependencies"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.3@sha256:45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "source",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-129b97e6ab"
                        }
                    },
                    {
                        "name": "git-basic-auth",
                        "secret": {
                            "secretName": "pac-gitauth-hdtybp"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:03:17Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:03:17Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-t8fa3206a5d329de43cde99c7bff22cfcfde96ee930a3ceac33-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        "entryPoint": "prefetch-dependencies",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies"
                    }
                },
                "startTime": "2026-07-01T16:03:05Z",
                "steps": [
                    {
                        "container": "step-prefetch-dependencies",
                        "imageID": "quay.io/konflux-ci/hermeto@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                        "name": "prefetch-dependencies",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://111f4c61ef05662ae59b119958de062b4ba64af071ce2279ff2b41fbb26ffb29",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:03:16Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:03:10Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Task that prefetches project dependencies for hermetic build.",
                    "params": [
                        {
                            "description": "Configures project packages that will have their dependencies prefetched.",
                            "name": "input",
                            "type": "string"
                        },
                        {
                            "default": "debug",
                            "description": "Set the logging level (debug, info, warn, error, fatal).",
                            "name": "log-level",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Pass configuration to the prefetch tool.\nNote this needs to be passed as a YAML-formatted config dump, not as a file path!\n",
                            "name": "config-file-content",
                            "type": "string"
                        },
                        {
                            "default": "spdx",
                            "description": "Select the SBOM format to generate. Valid values: spdx, cyclonedx.",
                            "name": "sbom-type",
                            "type": "string"
                        },
                        {
                            "default": "strict",
                            "description": "Control how input requirement violations are handled: strict (errors) or permissive (warnings).",
                            "name": "mode",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "activation-key",
                            "description": "Name of secret which contains subscription activation key",
                            "name": "ACTIVATION_KEY",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "debug"
                                },
                                {
                                    "name": "KBC_PD_INPUT"
                                },
                                {
                                    "name": "KBC_PD_SOURCE_DIR",
                                    "value": "/workspace/source/source"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR",
                                    "value": "/workspace/source/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_SBOM_FORMAT",
                                    "value": "spdx"
                                },
                                {
                                    "name": "KBC_PD_MODE",
                                    "value": "strict"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR_MOUNT_POINT",
                                    "value": "/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_ENV_FILE",
                                    "value": "/workspace/source/cachi2/cachi2.env"
                                },
                                {
                                    "name": "KBC_PD_GIT_AUTH_DIRECTORY",
                                    "value": "/workspace/git-basic-auth"
                                },
                                {
                                    "name": "WORKSPACE_NETRC_PATH"
                                },
                                {
                                    "name": "CONFIG_FILE_CONTENT"
                                }
                            ],
                            "image": "quay.io/konflux-ci/hermeto:0.48.0@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                            "name": "prefetch-dependencies",
                            "script": "#!/bin/bash\n\nif [ -n \"${WORKSPACE_NETRC_PATH}\" ]; then\n  export NETRC=\"${WORKSPACE_NETRC_PATH}/.netrc\"\nfi\n\nCA_BUNDLE_PATH=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$CA_BUNDLE_PATH\" ]; then\n  cp -vf \"$CA_BUNDLE_PATH\" /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [ -e /activation-key/org ] \u0026\u0026 [ -e /activation-key/activationkey ]; then\n  export KBC_PD_RHSM_ORG=/activation-key/org\n  export KBC_PD_RHSM_ACTIVATION_KEY=/activation-key/activationkey\nfi\n\nif [ -n \"${CONFIG_FILE_CONTENT}\" ]; then\n  echo \"${CONFIG_FILE_CONTENT}\" \u003e /mnt/config/config.yaml\n  export KBC_PD_CONFIG_FILE=/mnt/config/config.yaml\nfi\n\nkonflux-build-cli prefetch-dependencies\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/activation-key",
                                    "name": "activation-key"
                                },
                                {
                                    "mountPath": "/mnt/config",
                                    "name": "config"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "activation-key",
                            "secret": {
                                "optional": true,
                                "secretName": "activation-key"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "config"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace with the source code, prefetch artifacts will be stored on the workspace as well",
                            "name": "source"
                        },
                        {
                            "description": "A Workspace containing a .gitconfig and .git-credentials file or username and password.\nThese will be copied to the user's home before prefetch is run. Any\nother files in this Workspace are ignored. It is strongly recommended\nto bind a Secret to this Workspace over other volume types.\n",
                            "name": "git-basic-auth",
                            "optional": true
                        },
                        {
                            "description": "Workspace containing a .netrc file. Prefetch will use the credentials in this file when\nperforming http(s) requests.\n",
                            "name": "netrc",
                            "optional": true
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-66308ef01b",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/6c1f45cf-0651-418a-90b3-bd72bf9ddc1f",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:08:44Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "prefetch-dependencies",
                    "tekton.dev/task": "prefetch-dependencies",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-tcb41c92e238803de427bde3c966a36ad-prefetch-dependencies",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "29514",
                "uid": "6c1f45cf-0651-418a-90b3-bd72bf9ddc1f"
            },
            "spec": {
                "params": [
                    {
                        "name": "input",
                        "value": ""
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "prefetch-dependencies"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.3@sha256:45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "source",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-7ebc9832aa"
                        }
                    },
                    {
                        "name": "git-basic-auth",
                        "secret": {
                            "secretName": "pac-gitauth-nubdop"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:08:55Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:08:55Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-tcb41c92e238803de42bd330cc243bdb401df5f88c01abc5520-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        "entryPoint": "prefetch-dependencies",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies"
                    }
                },
                "startTime": "2026-07-01T16:08:44Z",
                "steps": [
                    {
                        "container": "step-prefetch-dependencies",
                        "imageID": "quay.io/konflux-ci/hermeto@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                        "name": "prefetch-dependencies",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://caa54d7588d254b81c846eb995f52a15d26d865557c43e12cce5fbfb5dc56ce3",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:55Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:08:49Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Task that prefetches project dependencies for hermetic build.",
                    "params": [
                        {
                            "description": "Configures project packages that will have their dependencies prefetched.",
                            "name": "input",
                            "type": "string"
                        },
                        {
                            "default": "debug",
                            "description": "Set the logging level (debug, info, warn, error, fatal).",
                            "name": "log-level",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Pass configuration to the prefetch tool.\nNote this needs to be passed as a YAML-formatted config dump, not as a file path!\n",
                            "name": "config-file-content",
                            "type": "string"
                        },
                        {
                            "default": "spdx",
                            "description": "Select the SBOM format to generate. Valid values: spdx, cyclonedx.",
                            "name": "sbom-type",
                            "type": "string"
                        },
                        {
                            "default": "strict",
                            "description": "Control how input requirement violations are handled: strict (errors) or permissive (warnings).",
                            "name": "mode",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "activation-key",
                            "description": "Name of secret which contains subscription activation key",
                            "name": "ACTIVATION_KEY",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "debug"
                                },
                                {
                                    "name": "KBC_PD_INPUT"
                                },
                                {
                                    "name": "KBC_PD_SOURCE_DIR",
                                    "value": "/workspace/source/source"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR",
                                    "value": "/workspace/source/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_SBOM_FORMAT",
                                    "value": "spdx"
                                },
                                {
                                    "name": "KBC_PD_MODE",
                                    "value": "strict"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR_MOUNT_POINT",
                                    "value": "/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_ENV_FILE",
                                    "value": "/workspace/source/cachi2/cachi2.env"
                                },
                                {
                                    "name": "KBC_PD_GIT_AUTH_DIRECTORY",
                                    "value": "/workspace/git-basic-auth"
                                },
                                {
                                    "name": "WORKSPACE_NETRC_PATH"
                                },
                                {
                                    "name": "CONFIG_FILE_CONTENT"
                                }
                            ],
                            "image": "quay.io/konflux-ci/hermeto:0.48.0@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                            "name": "prefetch-dependencies",
                            "script": "#!/bin/bash\n\nif [ -n \"${WORKSPACE_NETRC_PATH}\" ]; then\n  export NETRC=\"${WORKSPACE_NETRC_PATH}/.netrc\"\nfi\n\nCA_BUNDLE_PATH=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$CA_BUNDLE_PATH\" ]; then\n  cp -vf \"$CA_BUNDLE_PATH\" /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [ -e /activation-key/org ] \u0026\u0026 [ -e /activation-key/activationkey ]; then\n  export KBC_PD_RHSM_ORG=/activation-key/org\n  export KBC_PD_RHSM_ACTIVATION_KEY=/activation-key/activationkey\nfi\n\nif [ -n \"${CONFIG_FILE_CONTENT}\" ]; then\n  echo \"${CONFIG_FILE_CONTENT}\" \u003e /mnt/config/config.yaml\n  export KBC_PD_CONFIG_FILE=/mnt/config/config.yaml\nfi\n\nkonflux-build-cli prefetch-dependencies\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/activation-key",
                                    "name": "activation-key"
                                },
                                {
                                    "mountPath": "/mnt/config",
                                    "name": "config"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "activation-key",
                            "secret": {
                                "optional": true,
                                "secretName": "activation-key"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "config"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace with the source code, prefetch artifacts will be stored on the workspace as well",
                            "name": "source"
                        },
                        {
                            "description": "A Workspace containing a .gitconfig and .git-credentials file or username and password.\nThese will be copied to the user's home before prefetch is run. Any\nother files in this Workspace are ignored. It is strongly recommended\nto bind a Secret to this Workspace over other volume types.\n",
                            "name": "git-basic-auth",
                            "optional": true
                        },
                        {
                            "description": "Workspace containing a .netrc file. Prefetch will use the credentials in this file when\nperforming http(s) requests.\n",
                            "name": "netrc",
                            "optional": true
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/4b3fd127-07b7-4b5d-85f0-e1ced82c449b",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:06:09Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "rpms-signature-scan",
                    "tekton.dev/task": "rpms-signature-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-tes8fa3206a5d329de43c1482b7d03ba7aa-rpms-signature-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "27163",
                "uid": "4b3fd127-07b7-4b5d-85f0-e1ced82c449b"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    },
                    {
                        "name": "image-digest",
                        "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "rpms-signature-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:50Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:50Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-tes8fa3206a5d329de4c2b56b7e2ff27cb2defd5aae10a4dee2-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        "entryPoint": "rpms-signature-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\", \"digests\": [\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\"]}}\n"
                    },
                    {
                        "name": "RPMS_DATA",
                        "type": "string",
                        "value": "{\"keys\": {\"199e2f91fd431d51\": 132, \"unsigned\": 0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:06:48+00:00\",\"note\":\"Task rpms-signature-scan completed successfully\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:12Z",
                "steps": [
                    {
                        "container": "step-rpms-signature-scan",
                        "imageID": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                        "name": "rpms-signature-scan",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://5c5fefd6bcae7cd9b0758fd45fa9f8eb0facdab60669ed92bd67f37b3f63f944",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:47Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:25Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-output-results",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                        "name": "output-results",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://cc1b29317572457b65bdcf68af269783d047d40dc6058987243de0efcd7ba4f9",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:49Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\\\", \\\"digests\\\": [\\\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\\\"]}}\\n\",\"type\":1},{\"key\":\"RPMS_DATA\",\"value\":\"{\\\"keys\\\": {\\\"199e2f91fd431d51\\\": 132, \\\"unsigned\\\": 0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:48+00:00\\\",\\\"note\\\":\\\"Task rpms-signature-scan completed successfully\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:48Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans RPMs in an image and provide information about RPMs signatures.",
                    "params": [
                        {
                            "description": "Image URL",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Image digest to scan",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "/tmp",
                            "description": "Directory that will be used for storing temporary\nfiles produced by this task.\n",
                            "name": "workdir",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Information about signed and unsigned RPMs",
                            "name": "RPMS_DATA",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                                },
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                            "name": "rpms-signature-scan",
                            "script": "#!/bin/bash\nset -ex\nset -o pipefail\n\nrpm_verifier \\\n  --image-url \"${IMAGE_URL}\" \\\n  --image-digest \"${IMAGE_DIGEST}\" \\\n  --workdir \"${WORKDIR}\" \\\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                },
                                "requests": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.46@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                            "name": "output-results",
                            "script": "#!/bin/bash\nset -ex\n\nsource /utils.sh\nstatus=$(cat \"${WORKDIR}\"/status)\nrpms_data=$(cat \"${WORKDIR}\"/results)\nimages_processed=$(cat \"${WORKDIR}\"/images_processed)\n\nif [ \"$status\" == \"ERROR\" ]; then\n  note=\"Task rpms-signature-scan failed to scan images. Refer to Tekton task output for details\"\nelse\n  note=\"Task rpms-signature-scan completed successfully\"\nfi\n\nTEST_OUTPUT=$(make_result_json -r \"$status\" -t \"$note\")\n\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\necho \"${rpms_data}\" | tee \"/tekton/results/RPMS_DATA\"\necho \"${images_processed}\" | tee \"/tekton/results/IMAGES_PROCESSED\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "workdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/33ab318c-a0b1-45b5-af4b-163fe801eab9",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:11:58Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "rpms-signature-scan",
                    "tekton.dev/task": "rpms-signature-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-tescb41c92e238803de427bde3c966a36ad-rpms-signature-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "33591",
                "uid": "33ab318c-a0b1-45b5-af4b-163fe801eab9"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    },
                    {
                        "name": "image-digest",
                        "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "rpms-signature-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:12:37Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:12:37Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-tescb41c92e238803dec7468d311f4e2f6498c0d06cc8e15895-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        "entryPoint": "rpms-signature-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\", \"digests\": [\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\"]}}\n"
                    },
                    {
                        "name": "RPMS_DATA",
                        "type": "string",
                        "value": "{\"keys\": {\"199e2f91fd431d51\": 132, \"unsigned\": 0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:12:36+00:00\",\"note\":\"Task rpms-signature-scan completed successfully\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:12:01Z",
                "steps": [
                    {
                        "container": "step-rpms-signature-scan",
                        "imageID": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                        "name": "rpms-signature-scan",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://179d4f302ac5e08b8fab8e44e3c4d2fb2a976823e2ab506e579274391c2c8a04",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:36Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:14Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-output-results",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                        "name": "output-results",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f2ace41f7a332aa6955fba4caa2bcb8e92009888a66441fe6f3da7ed3423950e",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:37Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\\\", \\\"digests\\\": [\\\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\\\"]}}\\n\",\"type\":1},{\"key\":\"RPMS_DATA\",\"value\":\"{\\\"keys\\\": {\\\"199e2f91fd431d51\\\": 132, \\\"unsigned\\\": 0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:12:36+00:00\\\",\\\"note\\\":\\\"Task rpms-signature-scan completed successfully\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:36Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans RPMs in an image and provide information about RPMs signatures.",
                    "params": [
                        {
                            "description": "Image URL",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Image digest to scan",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "/tmp",
                            "description": "Directory that will be used for storing temporary\nfiles produced by this task.\n",
                            "name": "workdir",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Information about signed and unsigned RPMs",
                            "name": "RPMS_DATA",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                                },
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                            "name": "rpms-signature-scan",
                            "script": "#!/bin/bash\nset -ex\nset -o pipefail\n\nrpm_verifier \\\n  --image-url \"${IMAGE_URL}\" \\\n  --image-digest \"${IMAGE_DIGEST}\" \\\n  --workdir \"${WORKDIR}\" \\\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                },
                                "requests": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.46@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                            "name": "output-results",
                            "script": "#!/bin/bash\nset -ex\n\nsource /utils.sh\nstatus=$(cat \"${WORKDIR}\"/status)\nrpms_data=$(cat \"${WORKDIR}\"/results)\nimages_processed=$(cat \"${WORKDIR}\"/images_processed)\n\nif [ \"$status\" == \"ERROR\" ]; then\n  note=\"Task rpms-signature-scan failed to scan images. Refer to Tekton task output for details\"\nelse\n  note=\"Task rpms-signature-scan completed successfully\"\nfi\n\nTEST_OUTPUT=$(make_result_json -r \"$status\" -t \"$note\")\n\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\necho \"${rpms_data}\" | tee \"/tekton/results/RPMS_DATA\"\necho \"${images_processed}\" | tee \"/tekton/results/IMAGES_PROCESSED\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "workdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/465e1fc8-f810-4525-b579-d2374a77b547",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:05:56Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "build-image-index",
                    "tekton.dev/task": "build-image-index",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-test-8fa3206a5d329de43c1482b7d03ba7aa-build-image-index",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "25297",
                "uid": "465e1fc8-f810-4525-b579-d2374a77b547"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    },
                    {
                        "name": "COMMIT_SHA",
                        "value": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    },
                    {
                        "name": "IMAGE_EXPIRES_AFTER",
                        "value": "5d"
                    },
                    {
                        "name": "ALWAYS_BUILD_INDEX",
                        "value": "false"
                    },
                    {
                        "name": "IMAGES",
                        "value": [
                            "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776@sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                        ]
                    },
                    {
                        "name": "BUILDAH_FORMAT",
                        "value": "docker"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "build-image-index"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:09Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:09Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-8fa3206a5d329d662de861101afdd89e7199414da7a9b4-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        "entryPoint": "build-image-index",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-build-image-index"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "type": "string",
                        "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                    },
                    {
                        "name": "IMAGE_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    }
                ],
                "startTime": "2026-07-01T16:05:56Z",
                "steps": [
                    {
                        "container": "step-build",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "build",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://6ed798f9456e47c4e251135ea464f723f7345632a26157870948862ce0852aae",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:04Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:01Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-create-sbom",
                        "imageID": "quay.io/konflux-ci/mobster@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                        "name": "create-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://011df61b61d784027db17df2802256356eadedc823988d2a709c30dbf37902c0",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:05Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:05Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload-sbom",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "upload-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://b57cf22d234d8f0bee1a275b0e0cb52dcd11357e224816fee1d419d19d3cc415",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:08Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:05Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This takes existing Image Manifests and combines them in an Image Index.",
                    "params": [
                        {
                            "description": "The target image and tag where the image will be pushed to.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)",
                            "name": "TLSVERIFY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The commit the image is built from.",
                            "name": "COMMIT_SHA",
                            "type": "string"
                        },
                        {
                            "description": "List of Image Manifests to be referenced by the Image Index",
                            "name": "IMAGES",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Delete image tag after specified time resulting in garbage collection of the digest. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.",
                            "name": "IMAGE_EXPIRES_AFTER",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Build an image index even if IMAGES is of length 1. Default true. If the image index generation is skipped, the task will forward values for params.IMAGES[0] to results.IMAGE_*. In order to properly set all results, use the repository:tag@sha256:digest format for the IMAGES parameter.",
                            "name": "ALWAYS_BUILD_INDEX",
                            "type": "string"
                        },
                        {
                            "default": "vfs",
                            "description": "Storage driver to configure for buildah",
                            "name": "STORAGE_DRIVER",
                            "type": "string"
                        },
                        {
                            "default": "oci",
                            "description": "The format for the resulting image's mediaType. Valid values are oci (default) or docker.",
                            "name": "BUILDAH_FORMAT",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Flag to enable or disable SBOM validation before save. Validation is optional - use this if you are experiencing performance issues.",
                            "name": "SBOM_SKIP_VALIDATION",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest of the image just built",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "description": "Image repository and tag where the built image was pushed",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "List of all referenced image manifests",
                            "name": "IMAGES",
                            "type": "string"
                        },
                        {
                            "description": "Image reference of the built image containing both the repository and the digest",
                            "name": "IMAGE_REF",
                            "type": "string"
                        },
                        {
                            "description": "Reference of SBOM blob digest to enable digest-based verification from provenance",
                            "name": "SBOM_BLOB_URL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "env": [
                            {
                                "name": "BUILDAH_FORMAT",
                                "value": "docker"
                            },
                            {
                                "name": "COMMIT_SHA",
                                "value": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                            },
                            {
                                "name": "IMAGE",
                                "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                            },
                            {
                                "name": "TLSVERIFY",
                                "value": "true"
                            },
                            {
                                "name": "ALWAYS_BUILD_INDEX",
                                "value": "false"
                            },
                            {
                                "name": "STORAGE_DRIVER",
                                "value": "vfs"
                            }
                        ],
                        "volumeMounts": [
                            {
                                "mountPath": "/index-build-data",
                                "name": "shared-dir"
                            },
                            {
                                "mountPath": "/mnt/trusted-ca",
                                "name": "trusted-ca",
                                "readOnly": true
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776@sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "250m",
                                    "memory": "4Gi"
                                }
                            },
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "build",
                            "script": "#!/bin/bash\n# Fixing group permission on /var/lib/containers\nset -eu\nset -o pipefail\nchown root:root /var/lib/containers\n\nsed -i 's/^\\s*short-name-mode\\s*=\\s*.*/short-name-mode = \"disabled\"/' /etc/containers/registries.conf\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [[ $# -ne 1 \u0026\u0026 \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n  echo \"Skipping image index generation while supplying multiple image inputs is unsupported.\"\n  exit 2\nfi\n\nbuildah manifest create \"$IMAGE\"\nfor i in $@\ndo\n  TOADD=\"$i\"\n  TOADD_URL=\"$(echo \"$i\" | cut -d@ -f1)\"\n  TOADD_DIGEST=\"$(echo \"$i\" | cut -d@ -f2)\"\n  if [[ $(echo \"$i\" | tr -cd \":\" | wc -c) == 2 ]]; then\n    #format is repository:tag@sha256:digest\n    #we need to remove the tag, and just reference the digest\n    #as tag + digest is not supported\n    TOADD_REPOSITORY=\"$(echo \"$i\" | cut -d: -f1)\"\n    TOADD=\"${TOADD_REPOSITORY}@${TOADD_DIGEST}\"\n  fi\n  if [[ \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n    echo \"Skipping image index generation. Returning results for $TOADD.\"\n    echo -n \"${TOADD_URL}\" \u003e \"/tekton/results/IMAGE_URL\"\n    echo -n \"${TOADD_DIGEST}\" \u003e \"/tekton/results/IMAGE_DIGEST\"\n    echo -n \"${TOADD}\" \u003e \"/tekton/results/IMAGES\"\n    exit 0\n  fi\n\n  echo \"Adding $TOADD\"\n  buildah manifest add $IMAGE \"docker://$TOADD\" --all\ndone\n\necho \"Validating format consistency\"\nINCOMPATIBLE_STRING=\"vnd.oci.image.manifest\"\nINCOMPATIBLE_NAME=\"oci\"\nif [ \"$BUILDAH_FORMAT\" == \"oci\" ]; then\n  INCOMPATIBLE_STRING=\"vnd.docker.distribution.manifest\"\n  INCOMPATIBLE_NAME=\"docker\"\nfi\n\n# If mismatched formats (e.g., Docker manifests within an OCI index) exist locally, 'buildah push'\n# converts the inner manifests to match the target BUILDAH_FORMAT.\n# This alters the digests and breaks the link to the attached SBOMs.\nMANIFEST_MEDIA_TYPES=$(buildah manifest inspect \"$IMAGE\" | jq -er '.manifests[].mediaType')\nif echo \"$MANIFEST_MEDIA_TYPES\" | grep -q \"$INCOMPATIBLE_STRING\"; then\n  echo \"ERROR: Platform image contains $INCOMPATIBLE_NAME format, but index will be $BUILDAH_FORMAT\"\n  echo \"This will cause digest changes and break SBOM accessibility.\"\n  echo \"Ensure all platform images are built with buildah-format: $BUILDAH_FORMAT\"\n  exit 1\nfi\n\n# While the BUILDAH_FORMAT environment variable can define the push\n# format, lets be explicit about the format that we want when we push.\npush_format=oci\nif [ \"${BUILDAH_FORMAT}\" == \"docker\" ]; then\n  push_format=docker\nfi\n\nbuildah_retries=3\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://$IMAGE\"\nthen\n    echo \"Failed to push image ${IMAGE} to registry\"\n    exit 1\nfi\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:konflux-test-8fa3206a5d329de43c1482b7d03ba7aa-build-image-index\"\nthen\n    echo \"Failed to push image ${IMAGE%:*}:konflux-test-8fa3206a5d329de43c1482b7d03ba7aa-build-image-index to registry\"\n    exit 1\nfi\n\nINDEX_REPOSITORY=\"$(echo \"$IMAGE\" | cut -d@ -f1 | cut -d: -f1)\"\nMANIFEST_DIGESTS=$(buildah manifest inspect \"$IMAGE\" | jq -er \".manifests[].digest\")\nimage_manifests=\"\"\nfor i in $MANIFEST_DIGESTS\ndo\n  image_manifests=\"${image_manifests} ${INDEX_REPOSITORY}@${i},\"\ndone\n\ntee \"/tekton/results/IMAGE_DIGEST\" \u003c image-digest\necho -n \"$IMAGE\" | tee \"/tekton/results/IMAGE_URL\"\n{\n  echo -n \"${IMAGE}@\"\n  cat \"image-digest\"\n} \u003e \"/tekton/results/IMAGE_REF\"\necho -n \"${image_manifests:1:-1}\" \u003e \"/tekton/results/IMAGES\"\n\n# buildah manifest inspect will always give precedence to the local image.\n# Since we built this image in the same place as we are inspecting it, we can\n# just inspect it instead of finding the digest and inspecting the remote image.\nbuildah manifest inspect \"$IMAGE\" \u003e /index-build-data/manifest_data.json\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/mobster:1.1.0-1770046049@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                            "name": "create-sbom",
                            "script": "#!/bin/bash\nset -e\n\nMANIFEST_DATA_FILE=\"/index-build-data/manifest_data.json\"\nif [ ! -f \"$MANIFEST_DATA_FILE\" ]; then\n  echo \"The manifest_data.json file does not exist. Skipping the SBOM creation...\"\n  exit 0\nfi\n\nIMAGE_URL=\"$(cat \"/tekton/results/IMAGE_URL\")\"\nIMAGE_DIGEST=\"$(cat \"/tekton/results/IMAGE_DIGEST\")\"\necho \"Creating SBOM result file...\"\nmobster_args=(generate --output /index-build-data/index.spdx.json)\n\nif [ \"${SBOM_SKIP_VALIDATION}\" == \"true\" ]; then\n  echo \"Skipping SBOM validation\"\n  mobster_args+=(--skip-validation)\nfi\n\nmobster_args+=(\n  oci-index\n  --index-image-pullspec \"$IMAGE_URL\"\n  --index-image-digest \"$IMAGE_DIGEST\"\n  --index-manifest-path \"$MANIFEST_DATA_FILE\"\n)\nmobster \"${mobster_args[@]}\"\n"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "upload-sbom",
                            "script": "#!/bin/bash\nset -e\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSBOM_RESULT_FILE=\"/index-build-data/index.spdx.json\"\nif [ ! -f \"$SBOM_RESULT_FILE\" ]; then\n  echo \"The index.spdx.json file does not exists. Skipping the SBOM upload...\"\n  exit 0\nfi\n\n# Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\nmkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"$(cat \"/tekton/results/IMAGE_REF\")\" \u003e /tmp/auth/config.json\nexport DOCKER_CONFIG=/tmp/auth\n\necho \"Pushing sbom to registry\"\nif ! retry cosign attach sbom --sbom \"$SBOM_RESULT_FILE\" --type spdx \"$(cat \"/tekton/results/IMAGE_REF\")\"\nthen\n    echo \"Failed to push sbom to registry\"\n    exit 1\nfi\n\n# Remove tag from IMAGE while allowing registry to contain a port number.\nsbom_repo=\"${IMAGE%:*}\"\nsbom_digest=\"$(sha256sum \"$SBOM_RESULT_FILE\" | cut -d' ' -f1)\"\n# The SBOM_BLOB_URL is created by `cosign attach sbom`.\necho -n \"${sbom_repo}@sha256:${sbom_digest}\" | tee \"/tekton/results/SBOM_BLOB_URL\"\n",
                            "securityContext": {
                                "runAsNonRoot": false,
                                "runAsUser": 0
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "shared-dir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/9263fc6b-8af3-41af-a84f-98a96302c9b2",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:11:45Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "build-image-index",
                    "tekton.dev/task": "build-image-index",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-test-cb41c92e238803de427bde3c966a36ad-build-image-index",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "31116",
                "uid": "9263fc6b-8af3-41af-a84f-98a96302c9b2"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    },
                    {
                        "name": "COMMIT_SHA",
                        "value": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    },
                    {
                        "name": "IMAGE_EXPIRES_AFTER",
                        "value": "5d"
                    },
                    {
                        "name": "ALWAYS_BUILD_INDEX",
                        "value": "false"
                    },
                    {
                        "name": "IMAGES",
                        "value": [
                            "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8@sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                        ]
                    },
                    {
                        "name": "BUILDAH_FORMAT",
                        "value": "docker"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "build-image-index"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:11:57Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:11:57Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-cb41c92e238803f2ef89b089baf8ca597edb4ff2781dc1-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        "entryPoint": "build-image-index",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-build-image-index"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "type": "string",
                        "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                    },
                    {
                        "name": "IMAGE_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    }
                ],
                "startTime": "2026-07-01T16:11:45Z",
                "steps": [
                    {
                        "container": "step-build",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "build",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://45d15d406332167e897e1ee029c137d2a7ee0f4722f5d740ed80c9663e927e68",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:11:53Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:11:49Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-create-sbom",
                        "imageID": "quay.io/konflux-ci/mobster@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                        "name": "create-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://ba93848070cbea17e4b933e2a4bd1e38fcada7530506ff05a99ffbb19c4b4fa9",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:11:53Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:11:53Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload-sbom",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "upload-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://9217a16ea70fe2803c7a72b13af8bbd614a4acd3cf19b0fa9880782c9571355c",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:11:57Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:11:54Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This takes existing Image Manifests and combines them in an Image Index.",
                    "params": [
                        {
                            "description": "The target image and tag where the image will be pushed to.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)",
                            "name": "TLSVERIFY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The commit the image is built from.",
                            "name": "COMMIT_SHA",
                            "type": "string"
                        },
                        {
                            "description": "List of Image Manifests to be referenced by the Image Index",
                            "name": "IMAGES",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Delete image tag after specified time resulting in garbage collection of the digest. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.",
                            "name": "IMAGE_EXPIRES_AFTER",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Build an image index even if IMAGES is of length 1. Default true. If the image index generation is skipped, the task will forward values for params.IMAGES[0] to results.IMAGE_*. In order to properly set all results, use the repository:tag@sha256:digest format for the IMAGES parameter.",
                            "name": "ALWAYS_BUILD_INDEX",
                            "type": "string"
                        },
                        {
                            "default": "vfs",
                            "description": "Storage driver to configure for buildah",
                            "name": "STORAGE_DRIVER",
                            "type": "string"
                        },
                        {
                            "default": "oci",
                            "description": "The format for the resulting image's mediaType. Valid values are oci (default) or docker.",
                            "name": "BUILDAH_FORMAT",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Flag to enable or disable SBOM validation before save. Validation is optional - use this if you are experiencing performance issues.",
                            "name": "SBOM_SKIP_VALIDATION",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest of the image just built",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "description": "Image repository and tag where the built image was pushed",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "List of all referenced image manifests",
                            "name": "IMAGES",
                            "type": "string"
                        },
                        {
                            "description": "Image reference of the built image containing both the repository and the digest",
                            "name": "IMAGE_REF",
                            "type": "string"
                        },
                        {
                            "description": "Reference of SBOM blob digest to enable digest-based verification from provenance",
                            "name": "SBOM_BLOB_URL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "env": [
                            {
                                "name": "BUILDAH_FORMAT",
                                "value": "docker"
                            },
                            {
                                "name": "COMMIT_SHA",
                                "value": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                            },
                            {
                                "name": "IMAGE",
                                "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                            },
                            {
                                "name": "TLSVERIFY",
                                "value": "true"
                            },
                            {
                                "name": "ALWAYS_BUILD_INDEX",
                                "value": "false"
                            },
                            {
                                "name": "STORAGE_DRIVER",
                                "value": "vfs"
                            }
                        ],
                        "volumeMounts": [
                            {
                                "mountPath": "/index-build-data",
                                "name": "shared-dir"
                            },
                            {
                                "mountPath": "/mnt/trusted-ca",
                                "name": "trusted-ca",
                                "readOnly": true
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8@sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "250m",
                                    "memory": "4Gi"
                                }
                            },
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "build",
                            "script": "#!/bin/bash\n# Fixing group permission on /var/lib/containers\nset -eu\nset -o pipefail\nchown root:root /var/lib/containers\n\nsed -i 's/^\\s*short-name-mode\\s*=\\s*.*/short-name-mode = \"disabled\"/' /etc/containers/registries.conf\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [[ $# -ne 1 \u0026\u0026 \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n  echo \"Skipping image index generation while supplying multiple image inputs is unsupported.\"\n  exit 2\nfi\n\nbuildah manifest create \"$IMAGE\"\nfor i in $@\ndo\n  TOADD=\"$i\"\n  TOADD_URL=\"$(echo \"$i\" | cut -d@ -f1)\"\n  TOADD_DIGEST=\"$(echo \"$i\" | cut -d@ -f2)\"\n  if [[ $(echo \"$i\" | tr -cd \":\" | wc -c) == 2 ]]; then\n    #format is repository:tag@sha256:digest\n    #we need to remove the tag, and just reference the digest\n    #as tag + digest is not supported\n    TOADD_REPOSITORY=\"$(echo \"$i\" | cut -d: -f1)\"\n    TOADD=\"${TOADD_REPOSITORY}@${TOADD_DIGEST}\"\n  fi\n  if [[ \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n    echo \"Skipping image index generation. Returning results for $TOADD.\"\n    echo -n \"${TOADD_URL}\" \u003e \"/tekton/results/IMAGE_URL\"\n    echo -n \"${TOADD_DIGEST}\" \u003e \"/tekton/results/IMAGE_DIGEST\"\n    echo -n \"${TOADD}\" \u003e \"/tekton/results/IMAGES\"\n    exit 0\n  fi\n\n  echo \"Adding $TOADD\"\n  buildah manifest add $IMAGE \"docker://$TOADD\" --all\ndone\n\necho \"Validating format consistency\"\nINCOMPATIBLE_STRING=\"vnd.oci.image.manifest\"\nINCOMPATIBLE_NAME=\"oci\"\nif [ \"$BUILDAH_FORMAT\" == \"oci\" ]; then\n  INCOMPATIBLE_STRING=\"vnd.docker.distribution.manifest\"\n  INCOMPATIBLE_NAME=\"docker\"\nfi\n\n# If mismatched formats (e.g., Docker manifests within an OCI index) exist locally, 'buildah push'\n# converts the inner manifests to match the target BUILDAH_FORMAT.\n# This alters the digests and breaks the link to the attached SBOMs.\nMANIFEST_MEDIA_TYPES=$(buildah manifest inspect \"$IMAGE\" | jq -er '.manifests[].mediaType')\nif echo \"$MANIFEST_MEDIA_TYPES\" | grep -q \"$INCOMPATIBLE_STRING\"; then\n  echo \"ERROR: Platform image contains $INCOMPATIBLE_NAME format, but index will be $BUILDAH_FORMAT\"\n  echo \"This will cause digest changes and break SBOM accessibility.\"\n  echo \"Ensure all platform images are built with buildah-format: $BUILDAH_FORMAT\"\n  exit 1\nfi\n\n# While the BUILDAH_FORMAT environment variable can define the push\n# format, lets be explicit about the format that we want when we push.\npush_format=oci\nif [ \"${BUILDAH_FORMAT}\" == \"docker\" ]; then\n  push_format=docker\nfi\n\nbuildah_retries=3\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://$IMAGE\"\nthen\n    echo \"Failed to push image ${IMAGE} to registry\"\n    exit 1\nfi\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:konflux-test-cb41c92e238803de427bde3c966a36ad-build-image-index\"\nthen\n    echo \"Failed to push image ${IMAGE%:*}:konflux-test-cb41c92e238803de427bde3c966a36ad-build-image-index to registry\"\n    exit 1\nfi\n\nINDEX_REPOSITORY=\"$(echo \"$IMAGE\" | cut -d@ -f1 | cut -d: -f1)\"\nMANIFEST_DIGESTS=$(buildah manifest inspect \"$IMAGE\" | jq -er \".manifests[].digest\")\nimage_manifests=\"\"\nfor i in $MANIFEST_DIGESTS\ndo\n  image_manifests=\"${image_manifests} ${INDEX_REPOSITORY}@${i},\"\ndone\n\ntee \"/tekton/results/IMAGE_DIGEST\" \u003c image-digest\necho -n \"$IMAGE\" | tee \"/tekton/results/IMAGE_URL\"\n{\n  echo -n \"${IMAGE}@\"\n  cat \"image-digest\"\n} \u003e \"/tekton/results/IMAGE_REF\"\necho -n \"${image_manifests:1:-1}\" \u003e \"/tekton/results/IMAGES\"\n\n# buildah manifest inspect will always give precedence to the local image.\n# Since we built this image in the same place as we are inspecting it, we can\n# just inspect it instead of finding the digest and inspecting the remote image.\nbuildah manifest inspect \"$IMAGE\" \u003e /index-build-data/manifest_data.json\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/mobster:1.1.0-1770046049@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                            "name": "create-sbom",
                            "script": "#!/bin/bash\nset -e\n\nMANIFEST_DATA_FILE=\"/index-build-data/manifest_data.json\"\nif [ ! -f \"$MANIFEST_DATA_FILE\" ]; then\n  echo \"The manifest_data.json file does not exist. Skipping the SBOM creation...\"\n  exit 0\nfi\n\nIMAGE_URL=\"$(cat \"/tekton/results/IMAGE_URL\")\"\nIMAGE_DIGEST=\"$(cat \"/tekton/results/IMAGE_DIGEST\")\"\necho \"Creating SBOM result file...\"\nmobster_args=(generate --output /index-build-data/index.spdx.json)\n\nif [ \"${SBOM_SKIP_VALIDATION}\" == \"true\" ]; then\n  echo \"Skipping SBOM validation\"\n  mobster_args+=(--skip-validation)\nfi\n\nmobster_args+=(\n  oci-index\n  --index-image-pullspec \"$IMAGE_URL\"\n  --index-image-digest \"$IMAGE_DIGEST\"\n  --index-manifest-path \"$MANIFEST_DATA_FILE\"\n)\nmobster \"${mobster_args[@]}\"\n"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "upload-sbom",
                            "script": "#!/bin/bash\nset -e\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSBOM_RESULT_FILE=\"/index-build-data/index.spdx.json\"\nif [ ! -f \"$SBOM_RESULT_FILE\" ]; then\n  echo \"The index.spdx.json file does not exists. Skipping the SBOM upload...\"\n  exit 0\nfi\n\n# Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\nmkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"$(cat \"/tekton/results/IMAGE_REF\")\" \u003e /tmp/auth/config.json\nexport DOCKER_CONFIG=/tmp/auth\n\necho \"Pushing sbom to registry\"\nif ! retry cosign attach sbom --sbom \"$SBOM_RESULT_FILE\" --type spdx \"$(cat \"/tekton/results/IMAGE_REF\")\"\nthen\n    echo \"Failed to push sbom to registry\"\n    exit 1\nfi\n\n# Remove tag from IMAGE while allowing registry to contain a port number.\nsbom_repo=\"${IMAGE%:*}\"\nsbom_digest=\"$(sha256sum \"$SBOM_RESULT_FILE\" | cut -d' ' -f1)\"\n# The SBOM_BLOB_URL is created by `cosign attach sbom`.\necho -n \"${sbom_repo}@sha256:${sbom_digest}\" | tee \"/tekton/results/SBOM_BLOB_URL\"\n",
                            "securityContext": {
                                "runAsNonRoot": false,
                                "runAsUser": 0
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "shared-dir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-be96994577",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/ca00fc92-bc3c-45a3-90d1-b21795788c07",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/categories": "Git",
                    "tekton.dev/displayName": "git clone",
                    "tekton.dev/pipelines.minVersion": "0.21.0",
                    "tekton.dev/platforms": "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64",
                    "tekton.dev/tags": "git",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:02:55Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "clone-repository",
                    "tekton.dev/task": "git-clone",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-test-i8fa3206a5d329de43c1482b7d03ba7aa-clone-repository",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "23339",
                "uid": "ca00fc92-bc3c-45a3-90d1-b21795788c07"
            },
            "spec": {
                "params": [
                    {
                        "name": "url",
                        "value": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone"
                    },
                    {
                        "name": "revision",
                        "value": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "git-clone"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:7db7ad9653dccc771407cb0294487cf4be9064fa782ffad7e983db1a8ba57e21"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "output",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-129b97e6ab"
                        }
                    },
                    {
                        "name": "basic-auth",
                        "secret": {
                            "secretName": "pac-gitauth-hdtybp"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:03:02Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:03:02Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-i8fa3206a5d3298c0abf99a6ac4101038fbb44ee290fc4-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "7db7ad9653dccc771407cb0294487cf4be9064fa782ffad7e983db1a8ba57e21"
                        },
                        "entryPoint": "git-clone",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-git-clone"
                    }
                },
                "results": [
                    {
                        "name": "CHAINS-GIT_COMMIT",
                        "type": "string",
                        "value": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    },
                    {
                        "name": "CHAINS-GIT_URL",
                        "type": "string",
                        "value": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone"
                    },
                    {
                        "name": "commit",
                        "type": "string",
                        "value": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    },
                    {
                        "name": "commit-timestamp",
                        "type": "string",
                        "value": "1782921739"
                    },
                    {
                        "name": "short-commit",
                        "type": "string",
                        "value": "dd629d1"
                    },
                    {
                        "name": "url",
                        "type": "string",
                        "value": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone"
                    }
                ],
                "startTime": "2026-07-01T16:02:56Z",
                "steps": [
                    {
                        "container": "step-clone",
                        "imageID": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                        "name": "clone",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://91964d5b4c92c0b79b4710d46010ee9104761b949d5e8d82873b5b120f44e49a",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:03:00Z",
                            "message": "[{\"key\":\"CHAINS-GIT_COMMIT\",\"value\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"type\":1},{\"key\":\"CHAINS-GIT_URL\",\"value\":\"https://github.com/redhat-appstudio-qe/konflux-test-integration-clone\",\"type\":1},{\"key\":\"commit\",\"value\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"type\":1},{\"key\":\"commit-timestamp\",\"value\":\"1782921739\",\"type\":1},{\"key\":\"short-commit\",\"value\":\"dd629d1\",\"type\":1},{\"key\":\"url\",\"value\":\"https://github.com/redhat-appstudio-qe/konflux-test-integration-clone\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:03:00Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-symlink-check",
                        "imageID": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                        "name": "symlink-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://4d06f9acca1103d8fd7f6f201d9dfd339ee5a217d3eda3281d301877a0fecd74",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:03:01Z",
                            "message": "[{\"key\":\"CHAINS-GIT_COMMIT\",\"value\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"type\":1},{\"key\":\"CHAINS-GIT_URL\",\"value\":\"https://github.com/redhat-appstudio-qe/konflux-test-integration-clone\",\"type\":1},{\"key\":\"commit\",\"value\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"type\":1},{\"key\":\"commit-timestamp\",\"value\":\"1782921739\",\"type\":1},{\"key\":\"short-commit\",\"value\":\"dd629d1\",\"type\":1},{\"key\":\"url\",\"value\":\"https://github.com/redhat-appstudio-qe/konflux-test-integration-clone\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:03:01Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "The git-clone Task will clone a repo from the provided url into the output Workspace. By default the repo will be cloned into the root of your Workspace.",
                    "params": [
                        {
                            "description": "Repository URL to clone from.",
                            "name": "url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Revision to checkout. (branch, tag, sha, ref, etc...)",
                            "name": "revision",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Refspec to fetch before checking out revision.",
                            "name": "refspec",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Initialize and fetch git submodules.",
                            "name": "submodules",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma-separated list of specific submodule paths to initialize and fetch. Only submodules in the specified directories and their subdirectories will be fetched.\nEmpty string fetches all submodules. Parameter \"submodules\" must be set to \"true\" to make this parameter applicable.\n",
                            "name": "submodulePaths",
                            "type": "string"
                        },
                        {
                            "default": "1",
                            "description": "Perform a shallow clone, fetching only the most recent N commits.",
                            "name": "depth",
                            "type": "string"
                        },
                        {
                            "default": "7",
                            "description": "Length of short commit SHA",
                            "name": "shortCommitLength",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.",
                            "name": "sslVerify",
                            "type": "string"
                        },
                        {
                            "default": "source",
                            "description": "Subdirectory inside the `output` Workspace to clone the repo into.",
                            "name": "subdirectory",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Define the directory patterns to match or exclude when performing a sparse checkout.",
                            "name": "sparseCheckoutDirectories",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Clean out the contents of the destination directory if it already exists before cloning.",
                            "name": "deleteExisting",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTP proxy server for non-SSL requests.",
                            "name": "httpProxy",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTPS proxy server for SSL requests.",
                            "name": "httpsProxy",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Opt out of proxying HTTP/HTTPS requests.",
                            "name": "noProxy",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Log the commands that are executed during `git-clone`'s operation.",
                            "name": "verbose",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Deprecated. Has no effect. Will be removed in the future.",
                            "name": "gitInitImage",
                            "type": "string"
                        },
                        {
                            "default": "/tekton/home",
                            "description": "Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user.\n",
                            "name": "userHome",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Check symlinks in the repo. If they're pointing outside of the repo, the build will fail.\n",
                            "name": "enableSymlinkCheck",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Fetch all tags for the repo.",
                            "name": "fetchTags",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Set to \"true\" to merge the targetBranch into the checked-out revision.",
                            "name": "mergeTargetBranch",
                            "type": "string"
                        },
                        {
                            "default": "main",
                            "description": "The target branch to merge into the revision (if mergeTargetBranch is true).",
                            "name": "targetBranch",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "URL of the repository to fetch the target branch from when mergeTargetBranch is true.\nIf empty, uses the same repository (origin). This allows merging a branch from a different repository.\n",
                            "name": "mergeSourceRepoUrl",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Perform a shallow fetch of the target branch, fetching only the most recent N commits.\nIf empty, fetches the full history of the target branch.\n",
                            "name": "mergeSourceDepth",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "The precise commit SHA that was fetched by this Task.",
                            "name": "commit",
                            "type": "string"
                        },
                        {
                            "description": "The commit SHA that was fetched by this Task limited to params.shortCommitLength number of characters",
                            "name": "short-commit",
                            "type": "string"
                        },
                        {
                            "description": "The precise URL that was fetched by this Task.",
                            "name": "url",
                            "type": "string"
                        },
                        {
                            "description": "The commit timestamp of the checkout",
                            "name": "commit-timestamp",
                            "type": "string"
                        },
                        {
                            "description": "The precise URL that was fetched by this Task. This result uses Chains type hinting to include in the provenance.",
                            "name": "CHAINS-GIT_URL",
                            "type": "string"
                        },
                        {
                            "description": "The precise commit SHA that was fetched by this Task. This result uses Chains type hinting to include in the provenance.",
                            "name": "CHAINS-GIT_COMMIT",
                            "type": "string"
                        },
                        {
                            "description": "The SHA of the commit after merging the target branch (if the param mergeTargetBranch is true).",
                            "name": "merged_sha",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/tekton/home"
                                },
                                {
                                    "name": "PARAM_URL",
                                    "value": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone"
                                },
                                {
                                    "name": "PARAM_REVISION",
                                    "value": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                },
                                {
                                    "name": "PARAM_REFSPEC"
                                },
                                {
                                    "name": "PARAM_SUBMODULES",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBMODULE_PATHS"
                                },
                                {
                                    "name": "PARAM_DEPTH",
                                    "value": "1"
                                },
                                {
                                    "name": "PARAM_SHORT_COMMIT_LENGTH",
                                    "value": "7"
                                },
                                {
                                    "name": "PARAM_SSL_VERIFY",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBDIRECTORY",
                                    "value": "source"
                                },
                                {
                                    "name": "PARAM_DELETE_EXISTING",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_HTTP_PROXY"
                                },
                                {
                                    "name": "PARAM_HTTPS_PROXY"
                                },
                                {
                                    "name": "PARAM_NO_PROXY"
                                },
                                {
                                    "name": "PARAM_VERBOSE",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_SPARSE_CHECKOUT_DIRECTORIES"
                                },
                                {
                                    "name": "PARAM_USER_HOME",
                                    "value": "/tekton/home"
                                },
                                {
                                    "name": "PARAM_FETCH_TAGS",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_GIT_INIT_IMAGE"
                                },
                                {
                                    "name": "PARAM_MERGE_TARGET_BRANCH",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_TARGET_BRANCH",
                                    "value": "main"
                                },
                                {
                                    "name": "PARAM_MERGE_SOURCE_REPO_URL"
                                },
                                {
                                    "name": "PARAM_MERGE_SOURCE_DEPTH"
                                },
                                {
                                    "name": "WORKSPACE_OUTPUT_PATH",
                                    "value": "/workspace/output"
                                },
                                {
                                    "name": "WORKSPACE_SSH_DIRECTORY_BOUND",
                                    "value": "false"
                                },
                                {
                                    "name": "WORKSPACE_SSH_DIRECTORY_PATH"
                                },
                                {
                                    "name": "WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND",
                                    "value": "true"
                                },
                                {
                                    "name": "WORKSPACE_BASIC_AUTH_DIRECTORY_PATH",
                                    "value": "/workspace/basic-auth"
                                }
                            ],
                            "image": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                            "name": "clone",
                            "script": "#!/usr/bin/env sh\nset -eu\n\nif [ \"${PARAM_VERBOSE}\" = \"true\" ] ; then\n  set -x\nfi\n\nif [ -n \"${PARAM_GIT_INIT_IMAGE}\" ]; then\n  echo \"WARNING: provided deprecated gitInitImage parameter has no effect.\"\nfi\n\nif [ \"${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}\" = \"true\" ] ; then\n  if [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials\" ] \u0026\u0026 [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig\" ]; then\n    cp \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials\" \"${PARAM_USER_HOME}/.git-credentials\"\n    cp \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig\" \"${PARAM_USER_HOME}/.gitconfig\"\n  # Compatibility with kubernetes.io/basic-auth secrets\n  elif [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/username\" ] \u0026\u0026 [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/password\" ]; then\n    HOSTNAME=$(echo $PARAM_URL | awk -F/ '{print $3}')\n    echo \"https://$(cat ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/username):$(cat ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/password)@$HOSTNAME\" \u003e \"${PARAM_USER_HOME}/.git-credentials\"\n    echo -e \"[credential \\\"https://$HOSTNAME\\\"]\\n  helper = store\" \u003e \"${PARAM_USER_HOME}/.gitconfig\"\n  else\n    echo \"Unknown basic-auth workspace format\"\n    exit 1\n  fi\n  chmod 400 \"${PARAM_USER_HOME}/.git-credentials\"\n  chmod 400 \"${PARAM_USER_HOME}/.gitconfig\"\nfi\n\n# Should be called after the gitconfig is copied from the repository secret\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  git config --global http.sslCAInfo \"$ca_bundle\"\nfi\n\nif [ \"${WORKSPACE_SSH_DIRECTORY_BOUND}\" = \"true\" ] ; then\n  cp -R \"${WORKSPACE_SSH_DIRECTORY_PATH}\" \"${PARAM_USER_HOME}\"/.ssh\n  chmod 700 \"${PARAM_USER_HOME}\"/.ssh\n  chmod -R 400 \"${PARAM_USER_HOME}\"/.ssh/*\nfi\n\nCHECKOUT_DIR=\"${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}\"\n\ncleandir() {\n  # Delete any existing contents of the repo directory if it exists.\n  #\n  # We don't just \"rm -rf ${CHECKOUT_DIR}\" because ${CHECKOUT_DIR} might be \"/\"\n  # or the root of a mounted volume.\n  if [ -d \"${CHECKOUT_DIR}\" ] ; then\n    # Delete non-hidden files and directories\n    rm -rf \"${CHECKOUT_DIR:?}\"/*\n    # Delete files and directories starting with . but excluding ..\n    rm -rf \"${CHECKOUT_DIR}\"/.[!.]*\n    # Delete files and directories starting with .. plus any other character\n    rm -rf \"${CHECKOUT_DIR}\"/..?*\n  fi\n}\n\nif [ \"${PARAM_DELETE_EXISTING}\" = \"true\" ] ; then\n  cleandir\nfi\n\ntest -z \"${PARAM_HTTP_PROXY}\" || export HTTP_PROXY=\"${PARAM_HTTP_PROXY}\"\ntest -z \"${PARAM_HTTPS_PROXY}\" || export HTTPS_PROXY=\"${PARAM_HTTPS_PROXY}\"\ntest -z \"${PARAM_NO_PROXY}\" || export NO_PROXY=\"${PARAM_NO_PROXY}\"\n\n/ko-app/git-init \\\n  -url=\"${PARAM_URL}\" \\\n  -revision=\"${PARAM_REVISION}\" \\\n  -refspec=\"${PARAM_REFSPEC}\" \\\n  -path=\"${CHECKOUT_DIR}\" \\\n  -sslVerify=\"${PARAM_SSL_VERIFY}\" \\\n  -submodules=\"${PARAM_SUBMODULES}\" \\\n  -submodulePaths=\"${PARAM_SUBMODULE_PATHS}\" \\\n  -depth=\"${PARAM_DEPTH}\" \\\n  -sparseCheckoutDirectories=\"${PARAM_SPARSE_CHECKOUT_DIRECTORIES}\" \\\n  -retryMaxAttempts=10\ncd \"${CHECKOUT_DIR}\"\nRESULT_SHA=\"$(git rev-parse HEAD)\"\nRESULT_SHA_SHORT=\"$(git rev-parse --short=\"${PARAM_SHORT_COMMIT_LENGTH}\" HEAD)\"\n\nif [ \"${PARAM_MERGE_TARGET_BRANCH}\" = \"true\" ]; then\n  echo \"Merge option enabled. Attempting to merge target branch '${PARAM_TARGET_BRANCH}' into HEAD (${RESULT_SHA}).\"\n\n  if [ \"${PARAM_DEPTH}\" = \"1\" ]; then\n    echo \"WARNING: Shallow clone with depth=1 may cause merge conflicts due to insufficient commit history.\" \u003e\u00262\n  fi\n\n  if [ \"${PARAM_MERGE_SOURCE_DEPTH}\" = \"1\" ]; then\n    echo \"WARNING: Shallow fetch with mergeSourceDepth=1 may cause merge conflicts due to insufficient commit history.\" \u003e\u00262\n  fi\n\n  # Determine if merging from a different repository or the same one\n  if [ -n \"${PARAM_MERGE_SOURCE_REPO_URL}\" ]; then\n    # Normalize URLs for comparison (remove trailing slashes and .git suffix)\n    normalize_url() {\n      echo \"$1\" | sed -e 's#/$##' -e 's#\\.git$##'\n    }\n\n    NORMALIZED_ORIGIN_URL=$(normalize_url \"${PARAM_URL}\")\n    NORMALIZED_MERGE_URL=$(normalize_url \"${PARAM_MERGE_SOURCE_REPO_URL}\")\n\n    if [ \"${NORMALIZED_ORIGIN_URL}\" = \"${NORMALIZED_MERGE_URL}\" ]; then\n      echo \"Merge source URL is the same as origin. Using existing 'origin' remote.\"\n      MERGE_REMOTE=\"origin\"\n    else\n      echo \"Merging from different repository: ${PARAM_MERGE_SOURCE_REPO_URL}\"\n      echo \"Adding remote 'merge-source'...\"\n      git remote add merge-source \"${PARAM_MERGE_SOURCE_REPO_URL}\"\n      MERGE_REMOTE=\"merge-source\"\n    fi\n  else\n    echo \"Merging from the same repository (origin)\"\n    MERGE_REMOTE=\"origin\"\n  fi\n\n  echo \"Fetching target branch '${PARAM_TARGET_BRANCH}' from ${MERGE_REMOTE}...\"\n  if [ -n \"${PARAM_MERGE_SOURCE_DEPTH}\" ]; then\n    retry git fetch --depth=\"${PARAM_MERGE_SOURCE_DEPTH}\" ${MERGE_REMOTE} \"${PARAM_TARGET_BRANCH}\"\n  else\n    retry git fetch ${MERGE_REMOTE} \"${PARAM_TARGET_BRANCH}\"\n  fi\n\n\n  echo \"Merging ${MERGE_REMOTE}/${PARAM_TARGET_BRANCH} into current HEAD...\"\n  git config --global user.email \"tekton-git-clone@tekton.dev\"\n  git config --global user.name \"Tekton Git Clone Task\"\n\nif ! git merge FETCH_HEAD --no-commit --no-ff --allow-unrelated-histories; then\n  echo \"ERROR: Merge conflict detected or merge failed before commit.\" \u003e\u00262\n  echo \"--- Git Status ---\"\n  git status\n  echo \"------------------\"\n  exit 1\nfi\n\n# Check if there are changes staged for commit\nif git diff --staged --quiet; then\n  echo \"No diff was found, skipping merge...\" \u003e\u00262\nelse\n  echo \"Merge successful (no conflicts found), committing...\"\nif ! git commit -m \"Merge branch '${PARAM_TARGET_BRANCH}' from ${MERGE_REMOTE} into ${RESULT_SHA}\"; then\n  echo \"ERROR: Failed to commit merge.\" \u003e\u00262\n  exit 1\nfi\n  MERGED_SHA=$(git rev-parse HEAD)\n  echo \"New HEAD after merge: ${MERGED_SHA}\"\n  echo \"${MERGED_SHA}\" \u003e \"/tekton/results/merged_sha\"\nfi\n\nelse\n  echo \"Merge option disabled. Using checked-out revision ${RESULT_SHA} directly.\"\nfi\nprintf \"%s\" \"${RESULT_SHA}\" \u003e \"/tekton/results/commit\"\nprintf \"%s\" \"${RESULT_SHA}\" \u003e \"/tekton/results/CHAINS-GIT_COMMIT\"\nprintf \"%s\" \"${RESULT_SHA_SHORT}\" \u003e \"/tekton/results/short-commit\"\nprintf \"%s\" \"${PARAM_URL}\" \u003e \"/tekton/results/url\"\nprintf \"%s\" \"${PARAM_URL}\" \u003e \"/tekton/results/CHAINS-GIT_URL\"\nprintf \"%s\" \"$(git log -1 --pretty=%ct)\" \u003e \"/tekton/results/commit-timestamp\"\n\nif [ \"${PARAM_FETCH_TAGS}\" = \"true\" ] ; then\n  echo \"Fetching tags\"\n  retry git fetch --tags\nfi\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ]
                        },
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "PARAM_ENABLE_SYMLINK_CHECK",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBDIRECTORY",
                                    "value": "source"
                                },
                                {
                                    "name": "WORKSPACE_OUTPUT_PATH",
                                    "value": "/workspace/output"
                                }
                            ],
                            "image": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                            "name": "symlink-check",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n\nCHECKOUT_DIR=\"${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}\"\ncheck_symlinks() {\n  FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO=false\n  while read -r symlink\n  do\n    target=$(readlink -m \"$symlink\")\n    if ! [[ \"$target\" =~ ^$CHECKOUT_DIR ]]; then\n      echo \"The cloned repository contains symlink pointing outside of the cloned repository: $symlink\"\n      FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO=true\n    fi\n  done \u003c \u003c(find $CHECKOUT_DIR -type l -print)\n  if [ \"$FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO\" = true ] ; then\n    return 1\n  fi\n}\n\nif [ \"${PARAM_ENABLE_SYMLINK_CHECK}\" = \"true\" ] ; then\n  echo \"Running symlink check\"\n  check_symlinks\nfi\n"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "The git repo will be cloned onto the volume backing this Workspace.",
                            "name": "output"
                        },
                        {
                            "description": "A .ssh directory with private key, known_hosts, config, etc. Copied to\nthe user's home before git commands are executed. Used to authenticate\nwith the git remote when performing the clone. Binding a Secret to this\nWorkspace is strongly recommended over other volume types.\n",
                            "name": "ssh-directory",
                            "optional": true
                        },
                        {
                            "description": "A Workspace containing a .gitconfig and .git-credentials file or username and password.\nThese will be copied to the user's home before any git commands are run. Any\nother files in this Workspace are ignored. It is strongly recommended\nto use ssh-directory over basic-auth whenever possible and to bind a\nSecret to this Workspace over other volume types.\n",
                            "name": "basic-auth",
                            "optional": true
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-be96994577",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/f2c39a39-44bc-410f-a480-3eb56822d9a9",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:06:09Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "sast-shell-check",
                    "tekton.dev/task": "sast-shell-check",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-test-i8fa3206a5d329de43c1482b7d03ba7aa-sast-shell-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "25885",
                "uid": "f2c39a39-44bc-410f-a480-3eb56822d9a9"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-shell-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-129b97e6ab"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:27Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:27Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-i8fa3206a5d32951348b3fa209f0910a26193e3b23a6fb-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        "entryPoint": "sast-shell-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:06:24+00:00\",\"note\":\"For details, check Tekton task log.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:11Z",
                "steps": [
                    {
                        "container": "step-sast-shell-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-shell-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://b61d64aa532a552aa366ca434cd6e046b632c223f6f802e0345683ee2d006a44",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:24Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:24+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:23Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://ea11a8a848d1cc4425276bb927075e74bcb13a4dc1ffb9f008e5816438358f8c",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:27Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:24+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:25Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "The sast-shell-check task uses [shellcheck](https://www.shellcheck.net/) tool to perform Static Application Security Testing (SAST), a popular cloud-native application security platform. This task leverages the shellcheck wrapper (csmock-plugin-shellcheck-core) to run shellcheck on a directory tree.\nShellCheck is a static analysis tool, gives warnings and suggestions for bash/sh shell scripts. This task can run on x86 and arm.",
                    "params": [
                        {
                            "default": "",
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image digest to report findings for.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (default to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to include important findings only",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "8",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-shell-check",
                            "script": "#!/usr/bin/env bash\nset -x\n# shellcheck source=/dev/null\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nPACKAGE_VERSION=$(rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\\n' ShellCheck)\n\nOUTPUT_FILE=\"shellcheck-results.json\"\nSOURCE_CODE_DIR=/workspace/workspace/source\n\n# generate full path for each dirname separated by comma\ndeclare -a ALL_TARGETS\nIFS=\",\" read -ra TARGET_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGET_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    ALL_TARGETS+=(\"$resolved_path\")\n  else\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\ndone\n\n# determine number of available CPU cores for shellcheck based on container cgroup v2 CPU limits\n# this calculates the ceiling, so if the cpu limit is 0.5, the number of jobs will be 1.\nif [ -z \"$SC_JOBS\" ] \u0026\u0026 [ -r \"/sys/fs/cgroup/cpu.max\" ]; then\n    read -r quota period \u003c /sys/fs/cgroup/cpu.max\n    if [ \"$quota\" != \"max\" ] \u0026\u0026 [ -n \"$period\" ] \u0026\u0026 [ \"$period\" -gt 0 ]; then\n        export SC_JOBS=$(((quota + period - 1) / period))\n        echo \"INFO: Setting SC_JOBS=${SC_JOBS} based on cgroups v2 max for run-shellcheck.sh\"\n    fi\nfi\n\n# generate all shellcheck result JSON files to $SC_RESULTS_DIR, which defaults to ./shellcheck-results/\n/usr/share/csmock/scripts/run-shellcheck.sh \"${ALL_TARGETS[@]}\"\n\nCSGREP_OPTS=(\n    --mode=json\n    --strip-path-prefix=\"$SOURCE_CODE_DIR\"/\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"ShellCheck:${PACKAGE_VERSION}\"\n)\nif [[ \"$IMP_FINDINGS_ONLY\" == \"true\" ]]; then\n    # predefined list of shellcheck important findings\n    CSGREP_EVENT_FILTER='\\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|'\n    CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|'\n    CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\\]$'\n    CSGREP_OPTS+=(\n        --event=\"$CSGREP_EVENT_FILTER\"\n    )\nelse\n    CSGREP_OPTS+=(\n        --event=\"error|warning\"\n    )\nfi\n\nif ! csgrep \"${CSGREP_OPTS[@]}\" ./shellcheck-results/*.json \u003e \"$OUTPUT_FILE\"; then\n    echo \"Error occurred while running 'run-shellcheck.sh'\"\n    note=\"Task sast-shell-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" \"${OUTPUT_FILE}\" \u003e \"${OUTPUT_FILE}.filtered\" 2\u003e \"${OUTPUT_FILE}.error\"\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n        mv \"${OUTPUT_FILE}.filtered\" \"$OUTPUT_FILE\"\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\necho \"ShellCheck results have been saved to $OUTPUT_FILE\"\n\ncsgrep --mode=evtstat \"$OUTPUT_FILE\"\ncsgrep --mode=sarif \"$OUTPUT_FILE\" \u003e shellcheck-results.sarif\n\nTEST_OUTPUT=\nparse_test_output \"sast-shell-check\" sarif shellcheck-results.sarif || true\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\nif [ -z \"${IMAGE_URL}\" ] || [ -z \"${IMAGE_DIGEST}\" ]; then\n    echo 'No image-url or image-digest param provided. Skipping upload.'\n    exit 0\nfi\n\nUPLOAD_FILES=\"shellcheck-results.sarif excluded-findings.json\"\n\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n        echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n        continue\n    fi\n\n    # Determine the media type based on the file extension\n    if [[ \"${UPLOAD_FILE}\" == *.json ]]; then\n        MEDIA_TYPE=\"application/json\"\n    else\n        MEDIA_TYPE=\"application/sarif+json\"\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach ${UPLOAD_FILE} to ${IMAGE_URL}\"\n      exit 1\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-66308ef01b",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/a8711b40-17b8-4906-bab7-25f5ef7cc92c",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/categories": "Git",
                    "tekton.dev/displayName": "git clone",
                    "tekton.dev/pipelines.minVersion": "0.21.0",
                    "tekton.dev/platforms": "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64",
                    "tekton.dev/tags": "git",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:08:33Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "clone-repository",
                    "tekton.dev/task": "git-clone",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-test-icb41c92e238803de427bde3c966a36ad-clone-repository",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "29402",
                "uid": "a8711b40-17b8-4906-bab7-25f5ef7cc92c"
            },
            "spec": {
                "params": [
                    {
                        "name": "url",
                        "value": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone"
                    },
                    {
                        "name": "revision",
                        "value": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "git-clone"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:7db7ad9653dccc771407cb0294487cf4be9064fa782ffad7e983db1a8ba57e21"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "output",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-7ebc9832aa"
                        }
                    },
                    {
                        "name": "basic-auth",
                        "secret": {
                            "secretName": "pac-gitauth-nubdop"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:08:40Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:08:40Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-icb41c92e238800518fb7d96dbe85b87ec3432c97bb141-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "7db7ad9653dccc771407cb0294487cf4be9064fa782ffad7e983db1a8ba57e21"
                        },
                        "entryPoint": "git-clone",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-git-clone"
                    }
                },
                "results": [
                    {
                        "name": "CHAINS-GIT_COMMIT",
                        "type": "string",
                        "value": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    },
                    {
                        "name": "CHAINS-GIT_URL",
                        "type": "string",
                        "value": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone"
                    },
                    {
                        "name": "commit",
                        "type": "string",
                        "value": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    },
                    {
                        "name": "commit-timestamp",
                        "type": "string",
                        "value": "1782922069"
                    },
                    {
                        "name": "short-commit",
                        "type": "string",
                        "value": "9ebf211"
                    },
                    {
                        "name": "url",
                        "type": "string",
                        "value": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone"
                    }
                ],
                "startTime": "2026-07-01T16:08:33Z",
                "steps": [
                    {
                        "container": "step-clone",
                        "imageID": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                        "name": "clone",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://bc26f16acaea34c9d06c994072ed4e717367d9eed1d0fa816294919150f9f142",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:39Z",
                            "message": "[{\"key\":\"CHAINS-GIT_COMMIT\",\"value\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"type\":1},{\"key\":\"CHAINS-GIT_URL\",\"value\":\"https://github.com/redhat-appstudio-qe/konflux-test-integration-clone\",\"type\":1},{\"key\":\"commit\",\"value\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"type\":1},{\"key\":\"commit-timestamp\",\"value\":\"1782922069\",\"type\":1},{\"key\":\"short-commit\",\"value\":\"9ebf211\",\"type\":1},{\"key\":\"url\",\"value\":\"https://github.com/redhat-appstudio-qe/konflux-test-integration-clone\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:08:38Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-symlink-check",
                        "imageID": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                        "name": "symlink-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://17da99385dfbcfcaebfa1b5c1eaec255484c41dea9fd0fcfbe325fa7c3c08fee",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:39Z",
                            "message": "[{\"key\":\"CHAINS-GIT_COMMIT\",\"value\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"type\":1},{\"key\":\"CHAINS-GIT_URL\",\"value\":\"https://github.com/redhat-appstudio-qe/konflux-test-integration-clone\",\"type\":1},{\"key\":\"commit\",\"value\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"type\":1},{\"key\":\"commit-timestamp\",\"value\":\"1782922069\",\"type\":1},{\"key\":\"short-commit\",\"value\":\"9ebf211\",\"type\":1},{\"key\":\"url\",\"value\":\"https://github.com/redhat-appstudio-qe/konflux-test-integration-clone\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:08:39Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "The git-clone Task will clone a repo from the provided url into the output Workspace. By default the repo will be cloned into the root of your Workspace.",
                    "params": [
                        {
                            "description": "Repository URL to clone from.",
                            "name": "url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Revision to checkout. (branch, tag, sha, ref, etc...)",
                            "name": "revision",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Refspec to fetch before checking out revision.",
                            "name": "refspec",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Initialize and fetch git submodules.",
                            "name": "submodules",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma-separated list of specific submodule paths to initialize and fetch. Only submodules in the specified directories and their subdirectories will be fetched.\nEmpty string fetches all submodules. Parameter \"submodules\" must be set to \"true\" to make this parameter applicable.\n",
                            "name": "submodulePaths",
                            "type": "string"
                        },
                        {
                            "default": "1",
                            "description": "Perform a shallow clone, fetching only the most recent N commits.",
                            "name": "depth",
                            "type": "string"
                        },
                        {
                            "default": "7",
                            "description": "Length of short commit SHA",
                            "name": "shortCommitLength",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.",
                            "name": "sslVerify",
                            "type": "string"
                        },
                        {
                            "default": "source",
                            "description": "Subdirectory inside the `output` Workspace to clone the repo into.",
                            "name": "subdirectory",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Define the directory patterns to match or exclude when performing a sparse checkout.",
                            "name": "sparseCheckoutDirectories",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Clean out the contents of the destination directory if it already exists before cloning.",
                            "name": "deleteExisting",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTP proxy server for non-SSL requests.",
                            "name": "httpProxy",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTPS proxy server for SSL requests.",
                            "name": "httpsProxy",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Opt out of proxying HTTP/HTTPS requests.",
                            "name": "noProxy",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Log the commands that are executed during `git-clone`'s operation.",
                            "name": "verbose",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Deprecated. Has no effect. Will be removed in the future.",
                            "name": "gitInitImage",
                            "type": "string"
                        },
                        {
                            "default": "/tekton/home",
                            "description": "Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user.\n",
                            "name": "userHome",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Check symlinks in the repo. If they're pointing outside of the repo, the build will fail.\n",
                            "name": "enableSymlinkCheck",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Fetch all tags for the repo.",
                            "name": "fetchTags",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Set to \"true\" to merge the targetBranch into the checked-out revision.",
                            "name": "mergeTargetBranch",
                            "type": "string"
                        },
                        {
                            "default": "main",
                            "description": "The target branch to merge into the revision (if mergeTargetBranch is true).",
                            "name": "targetBranch",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "URL of the repository to fetch the target branch from when mergeTargetBranch is true.\nIf empty, uses the same repository (origin). This allows merging a branch from a different repository.\n",
                            "name": "mergeSourceRepoUrl",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Perform a shallow fetch of the target branch, fetching only the most recent N commits.\nIf empty, fetches the full history of the target branch.\n",
                            "name": "mergeSourceDepth",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "The precise commit SHA that was fetched by this Task.",
                            "name": "commit",
                            "type": "string"
                        },
                        {
                            "description": "The commit SHA that was fetched by this Task limited to params.shortCommitLength number of characters",
                            "name": "short-commit",
                            "type": "string"
                        },
                        {
                            "description": "The precise URL that was fetched by this Task.",
                            "name": "url",
                            "type": "string"
                        },
                        {
                            "description": "The commit timestamp of the checkout",
                            "name": "commit-timestamp",
                            "type": "string"
                        },
                        {
                            "description": "The precise URL that was fetched by this Task. This result uses Chains type hinting to include in the provenance.",
                            "name": "CHAINS-GIT_URL",
                            "type": "string"
                        },
                        {
                            "description": "The precise commit SHA that was fetched by this Task. This result uses Chains type hinting to include in the provenance.",
                            "name": "CHAINS-GIT_COMMIT",
                            "type": "string"
                        },
                        {
                            "description": "The SHA of the commit after merging the target branch (if the param mergeTargetBranch is true).",
                            "name": "merged_sha",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/tekton/home"
                                },
                                {
                                    "name": "PARAM_URL",
                                    "value": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone"
                                },
                                {
                                    "name": "PARAM_REVISION",
                                    "value": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                },
                                {
                                    "name": "PARAM_REFSPEC"
                                },
                                {
                                    "name": "PARAM_SUBMODULES",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBMODULE_PATHS"
                                },
                                {
                                    "name": "PARAM_DEPTH",
                                    "value": "1"
                                },
                                {
                                    "name": "PARAM_SHORT_COMMIT_LENGTH",
                                    "value": "7"
                                },
                                {
                                    "name": "PARAM_SSL_VERIFY",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBDIRECTORY",
                                    "value": "source"
                                },
                                {
                                    "name": "PARAM_DELETE_EXISTING",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_HTTP_PROXY"
                                },
                                {
                                    "name": "PARAM_HTTPS_PROXY"
                                },
                                {
                                    "name": "PARAM_NO_PROXY"
                                },
                                {
                                    "name": "PARAM_VERBOSE",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_SPARSE_CHECKOUT_DIRECTORIES"
                                },
                                {
                                    "name": "PARAM_USER_HOME",
                                    "value": "/tekton/home"
                                },
                                {
                                    "name": "PARAM_FETCH_TAGS",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_GIT_INIT_IMAGE"
                                },
                                {
                                    "name": "PARAM_MERGE_TARGET_BRANCH",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_TARGET_BRANCH",
                                    "value": "main"
                                },
                                {
                                    "name": "PARAM_MERGE_SOURCE_REPO_URL"
                                },
                                {
                                    "name": "PARAM_MERGE_SOURCE_DEPTH"
                                },
                                {
                                    "name": "WORKSPACE_OUTPUT_PATH",
                                    "value": "/workspace/output"
                                },
                                {
                                    "name": "WORKSPACE_SSH_DIRECTORY_BOUND",
                                    "value": "false"
                                },
                                {
                                    "name": "WORKSPACE_SSH_DIRECTORY_PATH"
                                },
                                {
                                    "name": "WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND",
                                    "value": "true"
                                },
                                {
                                    "name": "WORKSPACE_BASIC_AUTH_DIRECTORY_PATH",
                                    "value": "/workspace/basic-auth"
                                }
                            ],
                            "image": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                            "name": "clone",
                            "script": "#!/usr/bin/env sh\nset -eu\n\nif [ \"${PARAM_VERBOSE}\" = \"true\" ] ; then\n  set -x\nfi\n\nif [ -n \"${PARAM_GIT_INIT_IMAGE}\" ]; then\n  echo \"WARNING: provided deprecated gitInitImage parameter has no effect.\"\nfi\n\nif [ \"${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}\" = \"true\" ] ; then\n  if [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials\" ] \u0026\u0026 [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig\" ]; then\n    cp \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials\" \"${PARAM_USER_HOME}/.git-credentials\"\n    cp \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig\" \"${PARAM_USER_HOME}/.gitconfig\"\n  # Compatibility with kubernetes.io/basic-auth secrets\n  elif [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/username\" ] \u0026\u0026 [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/password\" ]; then\n    HOSTNAME=$(echo $PARAM_URL | awk -F/ '{print $3}')\n    echo \"https://$(cat ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/username):$(cat ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/password)@$HOSTNAME\" \u003e \"${PARAM_USER_HOME}/.git-credentials\"\n    echo -e \"[credential \\\"https://$HOSTNAME\\\"]\\n  helper = store\" \u003e \"${PARAM_USER_HOME}/.gitconfig\"\n  else\n    echo \"Unknown basic-auth workspace format\"\n    exit 1\n  fi\n  chmod 400 \"${PARAM_USER_HOME}/.git-credentials\"\n  chmod 400 \"${PARAM_USER_HOME}/.gitconfig\"\nfi\n\n# Should be called after the gitconfig is copied from the repository secret\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  git config --global http.sslCAInfo \"$ca_bundle\"\nfi\n\nif [ \"${WORKSPACE_SSH_DIRECTORY_BOUND}\" = \"true\" ] ; then\n  cp -R \"${WORKSPACE_SSH_DIRECTORY_PATH}\" \"${PARAM_USER_HOME}\"/.ssh\n  chmod 700 \"${PARAM_USER_HOME}\"/.ssh\n  chmod -R 400 \"${PARAM_USER_HOME}\"/.ssh/*\nfi\n\nCHECKOUT_DIR=\"${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}\"\n\ncleandir() {\n  # Delete any existing contents of the repo directory if it exists.\n  #\n  # We don't just \"rm -rf ${CHECKOUT_DIR}\" because ${CHECKOUT_DIR} might be \"/\"\n  # or the root of a mounted volume.\n  if [ -d \"${CHECKOUT_DIR}\" ] ; then\n    # Delete non-hidden files and directories\n    rm -rf \"${CHECKOUT_DIR:?}\"/*\n    # Delete files and directories starting with . but excluding ..\n    rm -rf \"${CHECKOUT_DIR}\"/.[!.]*\n    # Delete files and directories starting with .. plus any other character\n    rm -rf \"${CHECKOUT_DIR}\"/..?*\n  fi\n}\n\nif [ \"${PARAM_DELETE_EXISTING}\" = \"true\" ] ; then\n  cleandir\nfi\n\ntest -z \"${PARAM_HTTP_PROXY}\" || export HTTP_PROXY=\"${PARAM_HTTP_PROXY}\"\ntest -z \"${PARAM_HTTPS_PROXY}\" || export HTTPS_PROXY=\"${PARAM_HTTPS_PROXY}\"\ntest -z \"${PARAM_NO_PROXY}\" || export NO_PROXY=\"${PARAM_NO_PROXY}\"\n\n/ko-app/git-init \\\n  -url=\"${PARAM_URL}\" \\\n  -revision=\"${PARAM_REVISION}\" \\\n  -refspec=\"${PARAM_REFSPEC}\" \\\n  -path=\"${CHECKOUT_DIR}\" \\\n  -sslVerify=\"${PARAM_SSL_VERIFY}\" \\\n  -submodules=\"${PARAM_SUBMODULES}\" \\\n  -submodulePaths=\"${PARAM_SUBMODULE_PATHS}\" \\\n  -depth=\"${PARAM_DEPTH}\" \\\n  -sparseCheckoutDirectories=\"${PARAM_SPARSE_CHECKOUT_DIRECTORIES}\" \\\n  -retryMaxAttempts=10\ncd \"${CHECKOUT_DIR}\"\nRESULT_SHA=\"$(git rev-parse HEAD)\"\nRESULT_SHA_SHORT=\"$(git rev-parse --short=\"${PARAM_SHORT_COMMIT_LENGTH}\" HEAD)\"\n\nif [ \"${PARAM_MERGE_TARGET_BRANCH}\" = \"true\" ]; then\n  echo \"Merge option enabled. Attempting to merge target branch '${PARAM_TARGET_BRANCH}' into HEAD (${RESULT_SHA}).\"\n\n  if [ \"${PARAM_DEPTH}\" = \"1\" ]; then\n    echo \"WARNING: Shallow clone with depth=1 may cause merge conflicts due to insufficient commit history.\" \u003e\u00262\n  fi\n\n  if [ \"${PARAM_MERGE_SOURCE_DEPTH}\" = \"1\" ]; then\n    echo \"WARNING: Shallow fetch with mergeSourceDepth=1 may cause merge conflicts due to insufficient commit history.\" \u003e\u00262\n  fi\n\n  # Determine if merging from a different repository or the same one\n  if [ -n \"${PARAM_MERGE_SOURCE_REPO_URL}\" ]; then\n    # Normalize URLs for comparison (remove trailing slashes and .git suffix)\n    normalize_url() {\n      echo \"$1\" | sed -e 's#/$##' -e 's#\\.git$##'\n    }\n\n    NORMALIZED_ORIGIN_URL=$(normalize_url \"${PARAM_URL}\")\n    NORMALIZED_MERGE_URL=$(normalize_url \"${PARAM_MERGE_SOURCE_REPO_URL}\")\n\n    if [ \"${NORMALIZED_ORIGIN_URL}\" = \"${NORMALIZED_MERGE_URL}\" ]; then\n      echo \"Merge source URL is the same as origin. Using existing 'origin' remote.\"\n      MERGE_REMOTE=\"origin\"\n    else\n      echo \"Merging from different repository: ${PARAM_MERGE_SOURCE_REPO_URL}\"\n      echo \"Adding remote 'merge-source'...\"\n      git remote add merge-source \"${PARAM_MERGE_SOURCE_REPO_URL}\"\n      MERGE_REMOTE=\"merge-source\"\n    fi\n  else\n    echo \"Merging from the same repository (origin)\"\n    MERGE_REMOTE=\"origin\"\n  fi\n\n  echo \"Fetching target branch '${PARAM_TARGET_BRANCH}' from ${MERGE_REMOTE}...\"\n  if [ -n \"${PARAM_MERGE_SOURCE_DEPTH}\" ]; then\n    retry git fetch --depth=\"${PARAM_MERGE_SOURCE_DEPTH}\" ${MERGE_REMOTE} \"${PARAM_TARGET_BRANCH}\"\n  else\n    retry git fetch ${MERGE_REMOTE} \"${PARAM_TARGET_BRANCH}\"\n  fi\n\n\n  echo \"Merging ${MERGE_REMOTE}/${PARAM_TARGET_BRANCH} into current HEAD...\"\n  git config --global user.email \"tekton-git-clone@tekton.dev\"\n  git config --global user.name \"Tekton Git Clone Task\"\n\nif ! git merge FETCH_HEAD --no-commit --no-ff --allow-unrelated-histories; then\n  echo \"ERROR: Merge conflict detected or merge failed before commit.\" \u003e\u00262\n  echo \"--- Git Status ---\"\n  git status\n  echo \"------------------\"\n  exit 1\nfi\n\n# Check if there are changes staged for commit\nif git diff --staged --quiet; then\n  echo \"No diff was found, skipping merge...\" \u003e\u00262\nelse\n  echo \"Merge successful (no conflicts found), committing...\"\nif ! git commit -m \"Merge branch '${PARAM_TARGET_BRANCH}' from ${MERGE_REMOTE} into ${RESULT_SHA}\"; then\n  echo \"ERROR: Failed to commit merge.\" \u003e\u00262\n  exit 1\nfi\n  MERGED_SHA=$(git rev-parse HEAD)\n  echo \"New HEAD after merge: ${MERGED_SHA}\"\n  echo \"${MERGED_SHA}\" \u003e \"/tekton/results/merged_sha\"\nfi\n\nelse\n  echo \"Merge option disabled. Using checked-out revision ${RESULT_SHA} directly.\"\nfi\nprintf \"%s\" \"${RESULT_SHA}\" \u003e \"/tekton/results/commit\"\nprintf \"%s\" \"${RESULT_SHA}\" \u003e \"/tekton/results/CHAINS-GIT_COMMIT\"\nprintf \"%s\" \"${RESULT_SHA_SHORT}\" \u003e \"/tekton/results/short-commit\"\nprintf \"%s\" \"${PARAM_URL}\" \u003e \"/tekton/results/url\"\nprintf \"%s\" \"${PARAM_URL}\" \u003e \"/tekton/results/CHAINS-GIT_URL\"\nprintf \"%s\" \"$(git log -1 --pretty=%ct)\" \u003e \"/tekton/results/commit-timestamp\"\n\nif [ \"${PARAM_FETCH_TAGS}\" = \"true\" ] ; then\n  echo \"Fetching tags\"\n  retry git fetch --tags\nfi\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ]
                        },
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "PARAM_ENABLE_SYMLINK_CHECK",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBDIRECTORY",
                                    "value": "source"
                                },
                                {
                                    "name": "WORKSPACE_OUTPUT_PATH",
                                    "value": "/workspace/output"
                                }
                            ],
                            "image": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                            "name": "symlink-check",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n\nCHECKOUT_DIR=\"${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}\"\ncheck_symlinks() {\n  FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO=false\n  while read -r symlink\n  do\n    target=$(readlink -m \"$symlink\")\n    if ! [[ \"$target\" =~ ^$CHECKOUT_DIR ]]; then\n      echo \"The cloned repository contains symlink pointing outside of the cloned repository: $symlink\"\n      FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO=true\n    fi\n  done \u003c \u003c(find $CHECKOUT_DIR -type l -print)\n  if [ \"$FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO\" = true ] ; then\n    return 1\n  fi\n}\n\nif [ \"${PARAM_ENABLE_SYMLINK_CHECK}\" = \"true\" ] ; then\n  echo \"Running symlink check\"\n  check_symlinks\nfi\n"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "The git repo will be cloned onto the volume backing this Workspace.",
                            "name": "output"
                        },
                        {
                            "description": "A .ssh directory with private key, known_hosts, config, etc. Copied to\nthe user's home before git commands are executed. Used to authenticate\nwith the git remote when performing the clone. Binding a Secret to this\nWorkspace is strongly recommended over other volume types.\n",
                            "name": "ssh-directory",
                            "optional": true
                        },
                        {
                            "description": "A Workspace containing a .gitconfig and .git-credentials file or username and password.\nThese will be copied to the user's home before any git commands are run. Any\nother files in this Workspace are ignored. It is strongly recommended\nto use ssh-directory over basic-auth whenever possible and to bind a\nSecret to this Workspace over other volume types.\n",
                            "name": "basic-auth",
                            "optional": true
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-66308ef01b",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/df4a9858-cdc4-478d-8d9e-1a902347824b",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:11:58Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "sast-shell-check",
                    "tekton.dev/task": "sast-shell-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-test-icb41c92e238803de427bde3c966a36ad-sast-shell-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "31877",
                "uid": "df4a9858-cdc4-478d-8d9e-1a902347824b"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-shell-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-7ebc9832aa"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:12:16Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:12:16Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-icb41c92e23880224c4ffffe4d30ea18db2ab397bbfddb-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        "entryPoint": "sast-shell-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:12:14+00:00\",\"note\":\"For details, check Tekton task log.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:11:59Z",
                "steps": [
                    {
                        "container": "step-sast-shell-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-shell-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f0b154ba3acf17fe0799a5a49cd99d3ca8e2a5a8841e8d87eb4c055ee097c9a4",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:14Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:12:14+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:12Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://3ed954ca4481d832ad1336f7d59cd4f14804116875a07d4a2097c5dc5d5cbf55",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:15Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:12:14+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:14Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "The sast-shell-check task uses [shellcheck](https://www.shellcheck.net/) tool to perform Static Application Security Testing (SAST), a popular cloud-native application security platform. This task leverages the shellcheck wrapper (csmock-plugin-shellcheck-core) to run shellcheck on a directory tree.\nShellCheck is a static analysis tool, gives warnings and suggestions for bash/sh shell scripts. This task can run on x86 and arm.",
                    "params": [
                        {
                            "default": "",
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image digest to report findings for.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (default to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to include important findings only",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "8",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-shell-check",
                            "script": "#!/usr/bin/env bash\nset -x\n# shellcheck source=/dev/null\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nPACKAGE_VERSION=$(rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\\n' ShellCheck)\n\nOUTPUT_FILE=\"shellcheck-results.json\"\nSOURCE_CODE_DIR=/workspace/workspace/source\n\n# generate full path for each dirname separated by comma\ndeclare -a ALL_TARGETS\nIFS=\",\" read -ra TARGET_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGET_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    ALL_TARGETS+=(\"$resolved_path\")\n  else\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\ndone\n\n# determine number of available CPU cores for shellcheck based on container cgroup v2 CPU limits\n# this calculates the ceiling, so if the cpu limit is 0.5, the number of jobs will be 1.\nif [ -z \"$SC_JOBS\" ] \u0026\u0026 [ -r \"/sys/fs/cgroup/cpu.max\" ]; then\n    read -r quota period \u003c /sys/fs/cgroup/cpu.max\n    if [ \"$quota\" != \"max\" ] \u0026\u0026 [ -n \"$period\" ] \u0026\u0026 [ \"$period\" -gt 0 ]; then\n        export SC_JOBS=$(((quota + period - 1) / period))\n        echo \"INFO: Setting SC_JOBS=${SC_JOBS} based on cgroups v2 max for run-shellcheck.sh\"\n    fi\nfi\n\n# generate all shellcheck result JSON files to $SC_RESULTS_DIR, which defaults to ./shellcheck-results/\n/usr/share/csmock/scripts/run-shellcheck.sh \"${ALL_TARGETS[@]}\"\n\nCSGREP_OPTS=(\n    --mode=json\n    --strip-path-prefix=\"$SOURCE_CODE_DIR\"/\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"ShellCheck:${PACKAGE_VERSION}\"\n)\nif [[ \"$IMP_FINDINGS_ONLY\" == \"true\" ]]; then\n    # predefined list of shellcheck important findings\n    CSGREP_EVENT_FILTER='\\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|'\n    CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|'\n    CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\\]$'\n    CSGREP_OPTS+=(\n        --event=\"$CSGREP_EVENT_FILTER\"\n    )\nelse\n    CSGREP_OPTS+=(\n        --event=\"error|warning\"\n    )\nfi\n\nif ! csgrep \"${CSGREP_OPTS[@]}\" ./shellcheck-results/*.json \u003e \"$OUTPUT_FILE\"; then\n    echo \"Error occurred while running 'run-shellcheck.sh'\"\n    note=\"Task sast-shell-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" \"${OUTPUT_FILE}\" \u003e \"${OUTPUT_FILE}.filtered\" 2\u003e \"${OUTPUT_FILE}.error\"\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n        mv \"${OUTPUT_FILE}.filtered\" \"$OUTPUT_FILE\"\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\necho \"ShellCheck results have been saved to $OUTPUT_FILE\"\n\ncsgrep --mode=evtstat \"$OUTPUT_FILE\"\ncsgrep --mode=sarif \"$OUTPUT_FILE\" \u003e shellcheck-results.sarif\n\nTEST_OUTPUT=\nparse_test_output \"sast-shell-check\" sarif shellcheck-results.sarif || true\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\nif [ -z \"${IMAGE_URL}\" ] || [ -z \"${IMAGE_DIGEST}\" ]; then\n    echo 'No image-url or image-digest param provided. Skipping upload.'\n    exit 0\nfi\n\nUPLOAD_FILES=\"shellcheck-results.sarif excluded-findings.json\"\n\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n        echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n        continue\n    fi\n\n    # Determine the media type based on the file extension\n    if [[ \"${UPLOAD_FILE}\" == *.json ]]; then\n        MEDIA_TYPE=\"application/json\"\n    else\n        MEDIA_TYPE=\"application/sarif+json\"\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach ${UPLOAD_FILE} to ${IMAGE_URL}\"\n      exit 1\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-be96994577",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/7c162f63-4ecf-432a-8ff6-9299f9e4e042",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:03:18Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "build-container",
                    "tekton.dev/task": "buildah",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-test-in8fa3206a5d329de43c1482b7d03ba7aa-build-container",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "24909",
                "uid": "7c162f63-4ecf-432a-8ff6-9299f9e4e042"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    },
                    {
                        "name": "DOCKERFILE",
                        "value": "Dockerfile"
                    },
                    {
                        "name": "CONTEXT",
                        "value": "."
                    },
                    {
                        "name": "HERMETIC",
                        "value": "false"
                    },
                    {
                        "name": "PREFETCH_INPUT",
                        "value": ""
                    },
                    {
                        "name": "IMAGE_EXPIRES_AFTER",
                        "value": "5d"
                    },
                    {
                        "name": "COMMIT_SHA",
                        "value": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    },
                    {
                        "name": "BUILD_ARGS",
                        "value": []
                    },
                    {
                        "name": "BUILD_ARGS_FILE",
                        "value": ""
                    },
                    {
                        "name": "PRIVILEGED_NESTED",
                        "value": "false"
                    },
                    {
                        "name": "SOURCE_URL",
                        "value": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone"
                    },
                    {
                        "name": "BUILDAH_FORMAT",
                        "value": "docker"
                    },
                    {
                        "name": "HTTP_PROXY",
                        "value": ""
                    },
                    {
                        "name": "NO_PROXY",
                        "value": ""
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "buildah"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:b68244eb0d68eff71861384ae73f5e93b11fd3da77a0381f14fb52604310d8c5"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "source",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-129b97e6ab"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:05:55Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:05:55Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-in8fa3206a5d32c27c5d75fd2e7392d9000dd5b00f71d1-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "b68244eb0d68eff71861384ae73f5e93b11fd3da77a0381f14fb52604310d8c5"
                        },
                        "entryPoint": "buildah",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-buildah"
                    }
                },
                "results": [
                    {
                        "name": "IMAGE_DIGEST",
                        "type": "string",
                        "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                    },
                    {
                        "name": "IMAGE_REF",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776@sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                    },
                    {
                        "name": "IMAGE_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    },
                    {
                        "name": "SBOM_BLOB_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:afaf1011208274cfde01717f3c455eddb82e986830b7616683f3bc5a43b7e248"
                    }
                ],
                "startTime": "2026-07-01T16:03:19Z",
                "steps": [
                    {
                        "container": "step-build",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "build",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://277256e043a3d85cc4214838728acd2598b688224266e0845c9afe72509f231e",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:04:11Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:03:25Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-push",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "push",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://a00325d2442173788715868207e0ac5977b9f9324e347adb1bcdd93def018689",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:04:38Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776@sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:04:11Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-sbom-syft-generate",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "sbom-syft-generate",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://fe4f7c5ee278370983246c4c0687e008101dea5ac961850ac36c1f656beda685",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:04:51Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776@sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:04:38Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-prepare-sboms",
                        "imageID": "quay.io/konflux-ci/mobster@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                        "name": "prepare-sboms",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://b82d14e8a2e83a15ade3fbc2b1d7ee57e319a38c9e8c445cf9a09bd358429f89",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:05:14Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776@sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:04:51Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload-sbom",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "upload-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d6fd757365f25ef575a1c483a702d3f38bb95de4e75c50d69e83b0833ed6e3b9",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:05:55Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776@sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"type\":1},{\"key\":\"SBOM_BLOB_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:afaf1011208274cfde01717f3c455eddb82e986830b7616683f3bc5a43b7e248\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:05:14Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Buildah task builds source code into a container image and pushes the image into container registry using buildah tool.\nIn addition, it generates a SBOM file, injects the SBOM file into final container image and pushes the SBOM file as separate image using cosign tool.\nWhen prefetch-dependencies task is activated it is using its artifacts to run build in hermetic environment.",
                    "params": [
                        {
                            "description": "Reference of the image buildah will produce.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "default": "./Dockerfile",
                            "description": "Path to the Dockerfile to build.",
                            "name": "DOCKERFILE",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Path to the directory to use as context.",
                            "name": "CONTEXT",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)",
                            "name": "TLSVERIFY",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Determines if build will be executed without network access.",
                            "name": "HERMETIC",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "In case it is not empty, the prefetched content should be made available to the build.",
                            "name": "PREFETCH_INPUT",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Delete image tag after specified time. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.",
                            "name": "IMAGE_EXPIRES_AFTER",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The image is built from this commit.",
                            "name": "COMMIT_SHA",
                            "type": "string"
                        },
                        {
                            "default": "repos.d",
                            "description": "Path in the git repository in which yum repository files are stored",
                            "name": "YUM_REPOS_D_SRC",
                            "type": "string"
                        },
                        {
                            "default": "fetched.repos.d",
                            "description": "Path in source workspace where dynamically-fetched repos are present",
                            "name": "YUM_REPOS_D_FETCHED",
                            "type": "string"
                        },
                        {
                            "default": "/etc/yum.repos.d",
                            "description": "Target path on the container in which yum repository files should be made available",
                            "name": "YUM_REPOS_D_TARGET",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Target stage in Dockerfile to build. If not specified, the Dockerfile is processed entirely to (and including) its last stage.",
                            "name": "TARGET_STAGE",
                            "type": "string"
                        },
                        {
                            "default": "etc-pki-entitlement",
                            "description": "Name of secret which contains the entitlement certificates",
                            "name": "ENTITLEMENT_SECRET",
                            "type": "string"
                        },
                        {
                            "default": "activation-key",
                            "description": "Name of secret which contains subscription activation key",
                            "name": "ACTIVATION_KEY",
                            "type": "string"
                        },
                        {
                            "default": "does-not-exist",
                            "description": "Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET",
                            "name": "ADDITIONAL_SECRET",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Array of --build-arg values (\"arg=value\" strings)",
                            "name": "BUILD_ARGS",
                            "type": "array"
                        },
                        {
                            "default": [],
                            "description": "Array of --env values (\"env=value\" strings)",
                            "name": "ENV_VARS",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file",
                            "name": "BUILD_ARGS_FILE",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to keep compatibility location at /root/buildinfo/ for ICM injection",
                            "name": "ICM_KEEP_COMPAT_LOCATION",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma separated list of extra capabilities to add when running 'buildah build'",
                            "name": "ADD_CAPABILITIES",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Squash all new and previous layers added as a part of this build, as per --squash",
                            "name": "SQUASH",
                            "type": "string"
                        },
                        {
                            "default": "overlay",
                            "description": "Storage driver to configure for buildah",
                            "name": "STORAGE_DRIVER",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to skip stages in Containerfile that seem unused by subsequent stages",
                            "name": "SKIP_UNUSED_STAGES",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional key=value labels that should be applied to the image",
                            "name": "LABELS",
                            "type": "array"
                        },
                        {
                            "default": [],
                            "description": "Additional key=value annotations that should be applied to the image",
                            "name": "ANNOTATIONS",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Path to a file with additional key=value annotations that should be applied to the image",
                            "name": "ANNOTATIONS_FILE",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to enable privileged mode, should be used only with remote VMs",
                            "name": "PRIVILEGED_NESTED",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Skip SBOM-related operations. This will likely cause EC policies to fail if enabled",
                            "name": "SKIP_SBOM_GENERATION",
                            "type": "string"
                        },
                        {
                            "default": "spdx",
                            "description": "Select the SBOM format to generate. Valid values: spdx, cyclonedx. Note: the SBOM from the prefetch task - if there is one - must be in the same format.",
                            "name": "SBOM_TYPE",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Extra option to customize Syft's default catalogers when generating SBOMs. The value corresponds to Syft's CLI flag --select-catalogers. The details about available catalogers can be found here: https://github.com/anchore/syft/wiki/Package-Cataloger-Selection",
                            "name": "SBOM_SYFT_SELECT_CATALOGERS",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Flag to enable or disable SBOM generation from source code. The scanner of the source code is enabled only for non-hermetic builds and can be disabled if the SBOM_SYFT_SELECT_CATALOGERS can't turn off catalogers that cause false positives on source code scanning.",
                            "name": "SBOM_SOURCE_SCAN_ENABLED",
                            "type": "string"
                        },
                        {
                            "default": "oci",
                            "description": "The format for the resulting image's mediaType. Valid values are oci (default) or docker.",
                            "name": "BUILDAH_FORMAT",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional base image references to include to the SBOM. Array of image_reference_with_digest strings",
                            "name": "ADDITIONAL_BASE_IMAGES",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Mount the current working directory into the build using --volume $PWD:/$WORKINGDIR_MOUNT. Note that the $PWD will be the context directory for the build (see the CONTEXT param).",
                            "name": "WORKINGDIR_MOUNT",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Determines if the image inherits the base image labels.",
                            "name": "INHERIT_BASE_IMAGE_LABELS",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTP/HTTPS proxy to use for the buildah pull and build operations. Will not be passed through to the container during the build process.",
                            "name": "HTTP_PROXY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma separated list of hosts or domains which should bypass the HTTP/HTTPS proxy.",
                            "name": "NO_PROXY",
                            "type": "string"
                        },
                        {
                            "default": "caching-ca-bundle",
                            "description": "The name of the ConfigMap to read proxy CA bundle data from.",
                            "name": "PROXY_CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the proxy CA bundle data.",
                            "name": "PROXY_CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Defines the single build time for all buildah builds in seconds since UNIX epoch. Conflicts with SOURCE_DATE_EPOCH.",
                            "name": "BUILD_TIMESTAMP",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The image is built from this URL.",
                            "name": "SOURCE_URL",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Determines if SBOM will be contextualized.",
                            "name": "CONTEXTUALIZE_SBOM",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Flag to enable or disable SBOM validation before save. Validation is optional - use this if you are experiencing performance issues.",
                            "name": "SBOM_SKIP_VALIDATION",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Omit build history information from the resulting image. Improves reproducibility by excluding timestamps and layer metadata.",
                            "name": "OMIT_HISTORY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Timestamp in seconds since Unix epoch for reproducible builds. Sets image created time and SOURCE_DATE_EPOCH build arg. Conflicts with BUILD_TIMESTAMP.",
                            "name": "SOURCE_DATE_EPOCH",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Clamp mtime of all files to at most SOURCE_DATE_EPOCH. Does nothing if SOURCE_DATE_EPOCH is not defined.",
                            "name": "REWRITE_TIMESTAMP",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Don't inject a content-sets.json or a labels.json file. This requires that the canonical Containerfile takes care of this itself.",
                            "name": "SKIP_INJECTIONS",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest of the image just built",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "description": "Image repository and tag where the built image was pushed",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image reference of the built image",
                            "name": "IMAGE_REF",
                            "type": "string"
                        },
                        {
                            "description": "Reference of SBOM blob digest to enable digest-based verification from provenance",
                            "name": "SBOM_BLOB_URL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {
                            "limits": {
                                "memory": "4Gi"
                            },
                            "requests": {
                                "cpu": "1",
                                "memory": "4Gi"
                            }
                        },
                        "env": [
                            {
                                "name": "STORAGE_DRIVER",
                                "value": "overlay"
                            },
                            {
                                "name": "HERMETIC",
                                "value": "false"
                            },
                            {
                                "name": "SOURCE_CODE_DIR",
                                "value": "source"
                            },
                            {
                                "name": "CONTEXT",
                                "value": "."
                            },
                            {
                                "name": "IMAGE",
                                "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                            },
                            {
                                "name": "TLSVERIFY",
                                "value": "true"
                            },
                            {
                                "name": "IMAGE_EXPIRES_AFTER",
                                "value": "5d"
                            },
                            {
                                "name": "YUM_REPOS_D_SRC",
                                "value": "repos.d"
                            },
                            {
                                "name": "YUM_REPOS_D_FETCHED",
                                "value": "fetched.repos.d"
                            },
                            {
                                "name": "YUM_REPOS_D_TARGET",
                                "value": "/etc/yum.repos.d"
                            },
                            {
                                "name": "TARGET_STAGE"
                            },
                            {
                                "name": "ENTITLEMENT_SECRET",
                                "value": "etc-pki-entitlement"
                            },
                            {
                                "name": "ACTIVATION_KEY",
                                "value": "activation-key"
                            },
                            {
                                "name": "ADDITIONAL_SECRET",
                                "value": "does-not-exist"
                            },
                            {
                                "name": "BUILD_ARGS_FILE"
                            },
                            {
                                "name": "ADD_CAPABILITIES"
                            },
                            {
                                "name": "SQUASH",
                                "value": "false"
                            },
                            {
                                "name": "SKIP_UNUSED_STAGES",
                                "value": "true"
                            },
                            {
                                "name": "PRIVILEGED_NESTED",
                                "value": "false"
                            },
                            {
                                "name": "SKIP_SBOM_GENERATION",
                                "value": "false"
                            },
                            {
                                "name": "SBOM_TYPE",
                                "value": "spdx"
                            },
                            {
                                "name": "SBOM_SYFT_SELECT_CATALOGERS"
                            },
                            {
                                "name": "SBOM_SOURCE_SCAN_ENABLED",
                                "value": "true"
                            },
                            {
                                "name": "ANNOTATIONS_FILE"
                            },
                            {
                                "name": "WORKINGDIR_MOUNT"
                            },
                            {
                                "name": "INHERIT_BASE_IMAGE_LABELS",
                                "value": "true"
                            },
                            {
                                "name": "BUILD_TIMESTAMP"
                            },
                            {
                                "name": "CONTEXTUALIZE_SBOM",
                                "value": "true"
                            },
                            {
                                "name": "SBOM_SKIP_VALIDATION",
                                "value": "true"
                            },
                            {
                                "name": "SKIP_INJECTIONS",
                                "value": "false"
                            }
                        ],
                        "imagePullPolicy": "IfNotPresent",
                        "volumeMounts": [
                            {
                                "mountPath": "/shared",
                                "name": "shared"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--build-args",
                                "--env",
                                "--labels",
                                "--annotations"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "4600m",
                                    "memory": "8Gi"
                                },
                                "requests": {
                                    "cpu": "4600m",
                                    "memory": "8Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/root"
                                },
                                {
                                    "name": "COMMIT_SHA",
                                    "value": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                },
                                {
                                    "name": "SOURCE_URL",
                                    "value": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone"
                                },
                                {
                                    "name": "DOCKERFILE",
                                    "value": "Dockerfile"
                                },
                                {
                                    "name": "BUILDAH_HTTP_PROXY"
                                },
                                {
                                    "name": "BUILDAH_NO_PROXY"
                                },
                                {
                                    "name": "ICM_KEEP_COMPAT_LOCATION",
                                    "value": "true"
                                },
                                {
                                    "name": "BUILDAH_OMIT_HISTORY",
                                    "value": "false"
                                },
                                {
                                    "name": "BUILDAH_SOURCE_DATE_EPOCH"
                                },
                                {
                                    "name": "BUILDAH_REWRITE_TIMESTAMP",
                                    "value": "false"
                                }
                            ],
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "build",
                            "script": "#!/bin/bash\nset -euo pipefail\n\nfunction set_proxy {\n  if [ -n \"${BUILDAH_HTTP_PROXY}\" ]; then\n    echo \"[$(date --utc -Ins)] Setting proxy to ${BUILDAH_HTTP_PROXY}\"\n    export HTTP_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    export HTTPS_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    export ALL_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    if [ -n \"${BUILDAH_NO_PROXY}\" ]; then\n      echo \"[$(date --utc -Ins)] Bypassing proxy for ${BUILDAH_NO_PROXY}\"\n      export NO_PROXY=\"${BUILDAH_NO_PROXY}\"\n    fi\n  fi\n}\n\nfunction unset_proxy {\n  echo \"[$(date --utc -Ins)] Unsetting proxy\"\n  unset HTTP_PROXY HTTPS_PROXY ALL_PROXY NO_PROXY\n}\n\necho \"[$(date --utc -Ins)] Validate context path\"\n\nif [ -z \"$CONTEXT\" ]; then\n  echo \"WARNING: CONTEXT is empty. Defaulting to '.' (the source directory).\" \u003e\u00262\n  CONTEXT=\".\"\nfi\n\nsource_dir_path=$(realpath \"$SOURCE_CODE_DIR\")\ncontext_dir_path=$(realpath \"$SOURCE_CODE_DIR/$CONTEXT\")\n\ncase \"$context_dir_path\" in\n  \"$source_dir_path\" | \"$source_dir_path/\"*)\n    # path is valid, do nothing\n    ;;\n  *)\n    echo \"ERROR: The CONTEXT parameter ('$CONTEXT') is invalid because it escapes the source directory.\" \u003e\u00262\n    echo \"Source path: $source_dir_path\" \u003e\u00262\n    echo \"Resolved path: $context_dir_path\" \u003e\u00262\n    exit 1\n    ;;\nesac\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nproxy_ca_bundle=/mnt/proxy-ca-bundle/ca-bundle.crt\nupdate_ca_trust=false\n\nif [ -f \"$ca_bundle\" ]; then\n  echo \"[$(date --utc -Ins)] Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors/ca-bundle.crt\n  update_ca_trust=true\nfi\n\nif [ -f \"$proxy_ca_bundle\" ] \u0026\u0026 [ -n \"${BUILDAH_HTTP_PROXY}\" ]; then\n  echo \"[$(date --utc -Ins)] Using mounted proxy CA bundle: $proxy_ca_bundle\"\n  cp -vf $proxy_ca_bundle /etc/pki/ca-trust/source/anchors/proxy-ca-bundle.crt\n  update_ca_trust=true\nfi\n\nif [ \"$update_ca_trust\" = \"true\" ]; then\n  update-ca-trust\nfi\n\necho \"[$(date --utc -Ins)] Prepare Dockerfile\"\n\nif [ -e \"$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE\" ]; then\n  dockerfile_path=\"$(pwd)/$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE\"\nelif [ -e \"$SOURCE_CODE_DIR/$DOCKERFILE\" ]; then\n  dockerfile_path=\"$(pwd)/$SOURCE_CODE_DIR/$DOCKERFILE\"\nelif [ -e \"$DOCKERFILE\" ]; then\n  # Instrumented builds (SAST) use this custom dockerfile step as their base\n  dockerfile_path=\"$DOCKERFILE\"\nelse\n  echo \"Cannot find Dockerfile $DOCKERFILE\"\n  exit 1\nfi\n\ndockerfile_copy=$(mktemp --tmpdir \"$(basename \"$dockerfile_path\").XXXXXX\")\ncp \"$dockerfile_path\" \"$dockerfile_copy\"\n\n# Inject the image content manifest into the container we are producing.\n# This will generate the content-sets.json file and copy it by appending a COPY\n# instruction to the Containerfile.\nicm_opts=()\nif [ \"${ICM_KEEP_COMPAT_LOCATION}\" = \"true\" ]; then\n  icm_opts+=(-c)\nfi\nif [ \"${SKIP_INJECTIONS}\" = \"false\" ]; then\n  inject-icm-to-containerfile \"${icm_opts[@]}\" \"$dockerfile_copy\" \"/var/workdir/cachi2/output/bom.json\" \"$SOURCE_CODE_DIR/$CONTEXT\"\nfi\n\necho \"[$(date --utc -Ins)] Prepare system (architecture: $(uname -m))\"\n\n# Fixing group permission on /var/lib/containers\nchown root:root /var/lib/containers\n\nsed -i 's/^\\s*short-name-mode\\s*=\\s*.*/short-name-mode = \"disabled\"/' /etc/containers/registries.conf\n\n# Setting new namespace to run buildah - 2^32-2\necho 'root:1:4294967294' | tee -a /etc/subuid \u003e\u003e /etc/subgid\n\nbuild_args=()\nenv_vars=()\n\nLABELS=()\nANNOTATIONS=()\n# Append any annotations from the specified file\nif [ -n \"${ANNOTATIONS_FILE}\" ] \u0026\u0026 [ -f \"${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\" ]; then\n  echo \"Reading annotations from file: ${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\"\n  while IFS= read -r line || [[ -n \"$line\" ]]; do\n    # Skip empty lines and comments\n    if [[ -n \"$line\" \u0026\u0026 ! \"$line\" =~ ^[[:space:]]*# ]]; then\n      ANNOTATIONS+=(\"--annotation\" \"$line\")\n    fi\n  done \u003c \"${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\"\nfi\n\n# Split `args` into two sets of arguments.\nwhile [[ $# -gt 0 ]]; do\n    case $1 in\n        --build-args)\n            shift\n            # Note: this may result in multiple --build-arg=KEY=value flags with the same KEY being\n            # passed to buildah. In that case, the *last* occurrence takes precedence. This is why\n            # we append BUILD_ARGS after the content of the BUILD_ARGS_FILE\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do build_args+=(\"$1\"); shift; done\n            ;;\n        --env)\n            shift\n            # Collect env entries of the form KEY=value\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do env_vars+=(\"$1\"); shift; done\n            ;;\n        --labels)\n            shift\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do LABELS+=(\"--label\" \"$1\"); shift; done\n            ;;\n        --annotations)\n            shift\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do ANNOTATIONS+=(\"--annotation\" \"$1\"); shift; done\n            ;;\n        *)\n            echo \"unexpected argument: $1\" \u003e\u00262\n            exit 2\n            ;;\n    esac\ndone\n\nBUILD_ARG_FLAGS=()\nfor build_arg in \"${build_args[@]}\"; do\n  BUILD_ARG_FLAGS+=(\"--build-arg=$build_arg\")\ndone\n\nENV_FLAGS=()\nfor env_var in \"${env_vars[@]}\"; do\n  ENV_FLAGS+=(\"--env=$env_var\")\ndone\n\nDOCKERFILE_ARG_FLAGS=()\nDOCKERFILE_ARG_FLAGS+=(\"${BUILD_ARG_FLAGS[@]}\")\nDOCKERFILE_ARG_FLAGS+=(\"${ENV_FLAGS[@]}\")\n\nif [ -n \"${BUILD_ARGS_FILE}\" ]; then\n  DOCKERFILE_ARG_FLAGS+=(\"--build-arg-file=${SOURCE_CODE_DIR}/${BUILD_ARGS_FILE}\")\nfi\n\ndockerfile-json \"${DOCKERFILE_ARG_FLAGS[@]}\" \"$dockerfile_copy\" \u003e /shared/parsed_dockerfile.json\nBASE_IMAGES=$(\n    jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName | select(test(\"^oci-archive:\") | not)' /shared/parsed_dockerfile.json |\n      tr -d '\"' |\n      tr -d \"'\"\n)\n\nBUILDAH_ARGS=()\nUNSHARE_ARGS=()\n\nif [ \"${HERMETIC}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--pull=never\")\n  UNSHARE_ARGS+=(\"--net\")\n  buildah_retries=3\n\n  set_proxy\n\n  for image in $BASE_IMAGES; do\n    if ! retry unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 --mount -- buildah pull --retry \"$buildah_retries\" \"$image\"\n    then\n      echo \"Failed to pull base image ${image}\"\n      exit 1\n    fi\n  done\n\n  unset_proxy\n\n  echo \"Build will be executed with network isolation\"\nfi\n\nif [ -n \"${TARGET_STAGE}\" ]; then\n  BUILDAH_ARGS+=(\"--target=${TARGET_STAGE}\")\nfi\n\nBUILDAH_ARGS+=(\"${BUILD_ARG_FLAGS[@]}\")\nBUILDAH_ARGS+=(\"${ENV_FLAGS[@]}\")\n\nif [ -n \"${BUILD_ARGS_FILE}\" ]; then\n  BUILDAH_ARGS+=(\"--build-arg-file=$(realpath \"${SOURCE_CODE_DIR}/${BUILD_ARGS_FILE}\")\")\nfi\n\n# Necessary for newer version of buildah if the host system does not contain up to date version of container-selinux\n# TODO remove the option once all hosts were updated\nBUILDAH_ARGS+=(\"--security-opt=unmask=/proc/interrupts\")\n\nif [ \"${PRIVILEGED_NESTED}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--security-opt=label=disable\")\n  BUILDAH_ARGS+=(\"--cap-add=all\")\n  BUILDAH_ARGS+=(\"--device=/dev/fuse\")\nfi\n\nif [ -n \"${ADD_CAPABILITIES}\" ]; then\n  BUILDAH_ARGS+=(\"--cap-add=${ADD_CAPABILITIES}\")\nfi\n\nif [ \"${SQUASH}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--squash\")\nfi\n\nif [ \"${SKIP_UNUSED_STAGES}\" != \"true\" ] ; then\n  BUILDAH_ARGS+=(\"--skip-unused-stages=false\")\nfi\n\nif [ \"${INHERIT_BASE_IMAGE_LABELS}\" != \"true\" ] ; then\n  BUILDAH_ARGS+=(\"--inherit-labels=false\")\nfi\n\nif [ -n \"${BUILDAH_SOURCE_DATE_EPOCH}\" ]; then\n  BUILDAH_ARGS+=(\"--source-date-epoch=${BUILDAH_SOURCE_DATE_EPOCH}\")\n  if [ \"${BUILDAH_REWRITE_TIMESTAMP}\" = \"true\" ]; then\n    BUILDAH_ARGS+=(\"--rewrite-timestamp\")\n  fi\n  if [ -n \"$BUILD_TIMESTAMP\" ]; then\n    echo \"ERROR: cannot use both BUILD_TIMESTAMP and SOURCE_DATE_EPOCH\"\n    exit 1\n  fi\n  # but do set it so that we get all the labels/annotations associated with it\n  BUILD_TIMESTAMP=\"$BUILDAH_SOURCE_DATE_EPOCH\"\nfi\n\nif [ \"${BUILDAH_OMIT_HISTORY}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--omit-history\")\nfi\n\nVOLUME_MOUNTS=()\n\necho \"[$(date --utc -Ins)] Setup prefetched\"\n\nif [ -f \"/workspace/source/cachi2/cachi2.env\" ]; then\n  # Identify the current arch to filter the prefetched content\n  PREFETCH_ARCH=\"$(uname -m)\"\n  echo \"$PREFETCH_ARCH\" \u003e /shared/prefetch-arch\n\n  echo \"Prefetched content will be made available\"\n\n  cp -r \"/workspace/source/cachi2\" /tmp/\n  chmod -R go+rwX /tmp/cachi2\n\n  # In case RPMs were prefetched and this is a multi-arch build,\n  # clean up the packages that do not match the architecture being built\n  RPM_PREFETCH_DIR=\"/tmp/cachi2/output/deps/rpm\"\n  if [ -d \"$RPM_PREFETCH_DIR\" ] \u0026\u0026 [ \"$(find $RPM_PREFETCH_DIR | wc -l)\" -gt 1 ]; then\n    echo \"Removing prefetched RPMs from non-matching architectures\"\n    PREFETCH_ARCH=\"$(uname -m)\"\n    for path in \"$RPM_PREFETCH_DIR\"/*; do\n      if [ \"$(basename \"$path\")\" != \"$PREFETCH_ARCH\" ]; then\n        echo \"Removing: $path\"\n        rm -rf \"$path\"\n      else\n        echo \"Keeping: $path\"\n      fi\n    done\n  fi\n\n  VOLUME_MOUNTS+=(--volume /tmp/cachi2:/cachi2)\n  # Read in the whole file (https://unix.stackexchange.com/questions/533277), then\n  # for each RUN ... line insert the cachi2.env command *after* any options like --mount\n  sed -E -i \\\n      -e 'H;1h;$!d;x' \\\n      -e 's@^\\s*(run((\\s|\\\\\\n)+-\\S+)*(\\s|\\\\\\n)+)@\\1. /cachi2/cachi2.env \\\u0026\\\u0026 \\\\\\n    @igM' \\\n      \"$dockerfile_copy\"\n\n  prefetched_repo_for_my_arch=\"/tmp/cachi2/output/deps/rpm/$(uname -m)/repos.d/cachi2.repo\"\n  if [ -f \"$prefetched_repo_for_my_arch\" ]; then\n    echo \"Adding $prefetched_repo_for_my_arch to $YUM_REPOS_D_FETCHED\"\n    mkdir -p \"$YUM_REPOS_D_FETCHED\"\n    if [ ! -f \"${YUM_REPOS_D_FETCHED}/cachi2.repo\" ]; then\n      cp \"$prefetched_repo_for_my_arch\" \"$YUM_REPOS_D_FETCHED\"\n    fi\n  fi\nfi\n\n# if yum repofiles stored in git, copy them to mount point outside the source dir\nif [ -d \"${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}\" ]; then\n  mkdir -p \"${YUM_REPOS_D_FETCHED}\"\n  cp -r \"${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}\"/* \"${YUM_REPOS_D_FETCHED}\"\nfi\n\n# if anything in the repofiles mount point (either fetched or from git), mount it\nif [ -d \"${YUM_REPOS_D_FETCHED}\" ]; then\n  chmod -R go+rwX \"${YUM_REPOS_D_FETCHED}\"\n  mount_point=$(realpath \"${YUM_REPOS_D_FETCHED}\")\n  VOLUME_MOUNTS+=(--volume \"${mount_point}:${YUM_REPOS_D_TARGET}\")\nfi\n\nDEFAULT_LABELS=(\n  \"--label\" \"architecture=$(uname -m)\"\n  \"--label\" \"vcs-type=git\"\n)\nif [ -n \"$COMMIT_SHA\" ]; then\n  DEFAULT_LABELS+=(\"--label\" \"vcs-ref=${COMMIT_SHA}\" \"--label\" \"org.opencontainers.image.revision=${COMMIT_SHA}\")\n  ANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.revision=${COMMIT_SHA}\")\nfi\nif [ -n \"$SOURCE_URL\" ]; then\n  DEFAULT_LABELS+=(\"--label\" \"org.opencontainers.image.source=${SOURCE_URL}\")\n  ANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.source=${SOURCE_URL}\")\nfi\n[ -n \"$IMAGE_EXPIRES_AFTER\" ] \u0026\u0026 DEFAULT_LABELS+=(\"--label\" \"quay.expires-after=$IMAGE_EXPIRES_AFTER\")\n\nBUILD_TIMESTAMP_RFC3339=\"\"\nif [ -n \"$BUILD_TIMESTAMP\" ]; then\n  BUILD_TIMESTAMP_RFC3339=$(date -u -d \"@$BUILD_TIMESTAMP\" +'%Y-%m-%dT%H:%M:%SZ')\nelse\n  BUILD_TIMESTAMP_RFC3339=$(date -u +'%Y-%m-%dT%H:%M:%SZ')\nfi\n\nDEFAULT_LABELS+=(\"--label\" \"build-date=${BUILD_TIMESTAMP_RFC3339}\")\nDEFAULT_LABELS+=(\"--label\" \"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\nANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\n\nlabel_pairs=()\n# If INHERIT_BASE_IMAGE_LABELS is true, get the labels from the final base image only\ntouch base_images_labels.json\nif [[ \"$INHERIT_BASE_IMAGE_LABELS\" == \"true\" ]] \u0026\u0026 [[ -n \"$BASE_IMAGES\" ]]; then\n  FINAL_BASE_IMAGE=$(\n    # Get the base image of the final stage\n    # The final stage can refer to a previous `FROM xxx AS yyy` stage, for example 'FROM bar AS foo; ... ; FROM foo; ...'\n    # Define a function that keeps nesting recursively into the parent stages until it finds the original base image\n    # Run the find_root_stage() function on the final stage\n    # If the final stage is scratch or oci-archive, return empty\n    jq -r '.Stages as $all_stages |\n      def find_root_stage($stage):\n        if $stage.From.Stage then\n          find_root_stage($all_stages[$stage.From.Stage.Index])\n        else\n          $stage\n        end;\n\n        find_root_stage(.Stages[-1]) |\n        if .From.Scratch or (.BaseName | test(\"^oci-archive:\")) then\n          empty\n        else\n          .BaseName\n        end' /shared/parsed_dockerfile.json |\n      tr -d '\"' |\n      tr -d \"'\"\n  )\n  if [[ -n \"$FINAL_BASE_IMAGE\" ]]; then\n    set_proxy\n    buildah pull \"$FINAL_BASE_IMAGE\" \u003e/dev/null` `\n    unset_proxy\n    buildah inspect \"$FINAL_BASE_IMAGE\" | jq '.OCIv1.config.Labels' \u003e\"base_images_labels.json\"\n  fi\nfi\n\n# Concatenate defaults and explicit labels. If a label appears twice, the last one wins.\nLABELS=(\"${DEFAULT_LABELS[@]}\" \"${LABELS[@]}\")\n\n# Get all the default and explicit labels so that they can be written into labels.json\nfor label in \"${LABELS[@]}\"; do\n  if [[ \"$label\" != \"--label\" ]]; then\n    label_pairs+=(\"$label\")\n  fi\ndone\n\n# Labels that we explicitly add to the image\nlabel_pairs+=(\"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\nlabel_pairs+=(\"io.buildah.version=$(buildah version --json | jq -r '.version')\")\n\nwhile IFS= read -r label; do\n  label_pairs+=(\"$label\")\ndone \u003c \u003c(jq -r '.Stages[].Commands[] | select(.Name == \"LABEL\") | .Labels[] | \"\\(.Key)=\\(.Value)\"' /shared/parsed_dockerfile.json | sed 's/\"//g')\n\nprintf '%s\\n' \"${label_pairs[@]}\" | jq -Rn '\n  [ inputs | select(length\u003e0) ]\n| map( split(\"=\") | {(.[0]): (.[1] // \"\")} )\n  | add' \u003e\"image_labels.json\"\n\njq -s '(.[0] // {}) * (.[1] // {})' \"base_images_labels.json\" \"image_labels.json\" \u003e\"$SOURCE_CODE_DIR/$CONTEXT/labels.json\"\n\njq '.' \"$SOURCE_CODE_DIR/$CONTEXT/labels.json\"\n\nif [ \"${SKIP_INJECTIONS}\" = \"false\" ]; then\n  echo \"\" \u003e\u003e\"$dockerfile_copy\"\n  # Always write labels.json to the new standard location\n  echo 'COPY labels.json /usr/share/buildinfo/labels.json' \u003e\u003e\"$dockerfile_copy\"\n  # Conditionally write to the old location for backward compatibility\n  if [ \"${ICM_KEEP_COMPAT_LOCATION}\" = \"true\" ]; then\n    echo 'COPY labels.json /root/buildinfo/labels.json' \u003e\u003e\"$dockerfile_copy\"\n  fi\nfi\n\n# Make sure our labels.json file isn't filtered out\ncontainerignore=\"\"\nif [ -f \"$SOURCE_CODE_DIR/$CONTEXT/.containerignore\" ]; then\n  containerignore=\"$SOURCE_CODE_DIR/$CONTEXT/.containerignore\"\nelif [ -f \"$SOURCE_CODE_DIR/$CONTEXT/.dockerignore\" ]; then\n  containerignore=\"$SOURCE_CODE_DIR/$CONTEXT/.dockerignore\"\nfi\n\nif [ -n \"$containerignore\" ]; then\n  ignorefile_copy=$(mktemp --tmpdir \"$(basename \"$containerignore\").XXXXXX\")\n  cp \"$containerignore\" \"$ignorefile_copy\"\n  {\n    echo \"\"\n    echo \"!/labels.json\"\n    echo \"!/content-sets.json\"\n  } \u003e\u003e \"$ignorefile_copy\"\n  BUILDAH_ARGS+=(--ignorefile \"$ignorefile_copy\")\nfi\n\necho \"[$(date --utc -Ins)] Register sub-man\"\n\nACTIVATION_KEY_PATH=\"/activation-key\"\nENTITLEMENT_PATH=\"/entitlement\"\n\n# 0. if hermetic=true, skip all subscription related stuff\n# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.\n# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.\n# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.\n# 3. If the Dockerfile contains the string \"subcription-manager register\", add the activation-keys volume\n#    to buildah but don't pre-register for backwards compatibility. Mount an empty directory on\n#    shared emptydir volume to \"/etc/pki/entitlement\" to prevent certificates from being included\n\nif [ \"${HERMETIC}\" != \"true\" ] \u0026\u0026 [ -e /activation-key/org ]; then\n  cp -r --preserve=mode \"$ACTIVATION_KEY_PATH\" /tmp/activation-key\n  mkdir -p /shared/rhsm/etc/pki/entitlement\n  mkdir -p /shared/rhsm/etc/pki/consumer\n\n  VOLUME_MOUNTS+=(-v /tmp/activation-key:/activation-key \\\n                  -v /shared/rhsm/etc/pki/entitlement:/etc/pki/entitlement:Z \\\n                  -v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z)\n  echo \"Adding activation key to the build\"\n\n  if ! grep -E \"^[^#]*subscription-manager.[^#]*register\" \"$dockerfile_path\"; then\n    # user is not running registration in the Containerfile: pre-register.\n    echo \"Pre-registering with subscription manager.\"\n    export RETRY_MAX_TRIES=6\n    if ! retry subscription-manager register --org \"$(cat /tmp/activation-key/org)\" --activationkey \"$(cat /tmp/activation-key/activationkey)\"\n    then\n      echo \"Subscription-manager register failed\"\n      exit 1\n    fi\n    unset RETRY_MAX_TRIES\n    trap 'subscription-manager unregister || true' EXIT\n\n    # copy generated certificates to /shared volume\n    cp /etc/pki/entitlement/*.pem /shared/rhsm/etc/pki/entitlement\n    cp /etc/pki/consumer/*.pem /shared/rhsm/etc/pki/consumer\n\n    # and then mount get /etc/rhsm/ca/redhat-uep.pem into /run/secrets/rhsm/ca\n    VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)\n  fi\n\nelif [ \"${HERMETIC}\" != \"true\" ] \u0026\u0026 find /entitlement -name \"*.pem\" \u003e /dev/null; then\n  cp -r --preserve=mode \"$ENTITLEMENT_PATH\" /tmp/entitlement\n  VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)\n  echo \"Adding the entitlement to the build\"\nfi\n\nif [ -n \"$WORKINGDIR_MOUNT\" ]; then\n  if [[ \"$WORKINGDIR_MOUNT\" == *:* ]]; then\n    echo \"WORKINGDIR_MOUNT contains ':'\" \u003e\u00262\n    echo \"Refusing to proceed in case this is an attempt to set unexpected mount options.\" \u003e\u00262\n    exit 1\n  fi\n  # ${SOURCE_CODE_DIR}/${CONTEXT} will be the $PWD when we call 'buildah build'\n  # (we set the workdir using 'unshare -w')\n  context_dir=$(realpath \"${SOURCE_CODE_DIR}/${CONTEXT}\")\n  VOLUME_MOUNTS+=(--volume \"$context_dir:${WORKINGDIR_MOUNT}\")\nfi\n\nif [ -n \"${ADDITIONAL_VOLUME_MOUNTS-}\" ]; then\n  # ADDITIONAL_VOLUME_MOUNTS allows to specify more volumes for the build.\n  # Instrumented builds (SAST) use this step as their base and add some other tools.\n  while read -r volume_mount; do\n    VOLUME_MOUNTS+=(\"--volume=$volume_mount\")\n  done \u003c\u003c\u003c \"$ADDITIONAL_VOLUME_MOUNTS\"\nfi\n\necho \"[$(date --utc -Ins)] Add secrets\"\n\nADDITIONAL_SECRET_PATH=\"/additional-secret\"\nADDITIONAL_SECRET_TMP=\"/tmp/additional-secret\"\nif [ -d \"$ADDITIONAL_SECRET_PATH\" ]; then\n  cp -r --preserve=mode -L \"$ADDITIONAL_SECRET_PATH\" $ADDITIONAL_SECRET_TMP\n  while read -r filename; do\n    echo \"Adding the secret ${ADDITIONAL_SECRET}/${filename} to the build, available at /run/secrets/${ADDITIONAL_SECRET}/${filename}\"\n    BUILDAH_ARGS+=(\"--secret=id=${ADDITIONAL_SECRET}/${filename},src=$ADDITIONAL_SECRET_TMP/${filename}\")\n  done \u003c \u003c(find $ADDITIONAL_SECRET_TMP -maxdepth 1 -type f -exec basename {} \\;)\nfi\n\n# Prevent ShellCheck from giving a warning because 'image' is defined and 'IMAGE' is not.\ndeclare IMAGE\n\nbuildah_cmd_array=(\n    buildah build\n    \"${VOLUME_MOUNTS[@]}\"\n    \"${BUILDAH_ARGS[@]}\"\n    \"${LABELS[@]}\"\n    \"${ANNOTATIONS[@]}\"\n    --tls-verify=\"$TLSVERIFY\" --no-cache\n    --ulimit nofile=4096:4096\n    --http-proxy=false\n    -f \"$dockerfile_copy\" -t \"$IMAGE\" .\n)\nbuildah_cmd=$(printf \"%q \" \"${buildah_cmd_array[@]}\")\n\nif [ \"${HERMETIC}\" == \"true\" ]; then\n  # enabling loopback adapter enables Bazel builds to work in hermetic mode.\n  command=\"ip link set lo up \u0026\u0026 $buildah_cmd\"\nelse\n  command=\"$buildah_cmd\"\nfi\n\n# disable host subcription manager integration\nfind /usr/share/rhel/secrets -type l -exec unlink {} \\;\n\nset_proxy\n\necho \"[$(date --utc -Ins)] Run buildah build\"\necho \"[$(date --utc -Ins)] ${command}\"\n\nunshare -Uf \"${UNSHARE_ARGS[@]}\" --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w \"${SOURCE_CODE_DIR}/$CONTEXT\" --mount -- sh -c \"$command\"\n\nunset_proxy\n\necho \"[$(date --utc -Ins)] Add metadata\"\n\n# Save the SBOM produced in prefetch so it can be merged into the final SBOM later\nif [ -f \"/tmp/cachi2/output/bom.json\" ]; then\n  echo \"Making copy of sbom-prefetch.json\"\n  cp /tmp/cachi2/output/bom.json ./sbom-prefetch.json\nfi\n\ntouch /shared/base_images_digests\necho \"Recording base image digests used\"\nfor image in $BASE_IMAGES; do\n  # Get the image pullspec and filter out a tag if it is not set\n  # Use head -n 1 to ensure we only get one result even if multiple images match the filter\n  base_image_digest=$(buildah images --format '{{ .Name }}{{ if ne .Tag \"\u003cnone\u003e\" }}:{{ .Tag }}{{ end }}@{{ .Digest }}' --filter reference=\"$image\" | head -n 1)\n  # In some cases, there might be BASE_IMAGES, but not any associated digest. This happens\n  # if buildah did not use that particular image during build because it was skipped\n  if [ -n \"$base_image_digest\" ]; then\n    echo \"$image $base_image_digest\" | tee -a /shared/base_images_digests\n  fi\ndone\n\nimage_name=$(echo \"${IMAGE##*/}\" | tr ':' '-')\nbuildah push \"$IMAGE\" oci:\"/shared/$image_name.oci\"\necho \"/shared/$image_name.oci\" \u003e /shared/container_path\n\necho \"[$(date --utc -Ins)] End build\"\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/entitlement",
                                    "name": "etc-pki-entitlement"
                                },
                                {
                                    "mountPath": "/activation-key",
                                    "name": "activation-key"
                                },
                                {
                                    "mountPath": "/additional-secret",
                                    "name": "additional-secret"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/mnt/proxy-ca-bundle",
                                    "name": "proxy-ca-bundle",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "600m",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "600m",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/root"
                                },
                                {
                                    "name": "BUILDAH_FORMAT",
                                    "value": "docker"
                                },
                                {
                                    "name": "TASKRUN_NAME",
                                    "value": "konflux-test-in8fa3206a5d329de43c1482b7d03ba7aa-build-container"
                                }
                            ],
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "push",
                            "script": "#!/bin/bash\nset -e\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\necho \"[$(date --utc -Ins)] Convert image\"\n\n# While we can build images with the desired format, we will simplify any local\n# and remote build differences by just performing any necessary conversions at\n# push time.\npush_format=oci\nif [ \"${BUILDAH_FORMAT}\" == \"docker\" ]; then\n  push_format=docker\nfi\n\necho \"[$(date --utc -Ins)] Push image with unique tag\"\n\nbuildah_retries=3\n\n# Push to a unique tag based on the TaskRun name to avoid race conditions\necho \"Pushing to ${IMAGE%:*}:${TASKRUN_NAME}\"\nif ! retry buildah push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:${TASKRUN_NAME}\"\nthen\n  echo \"Failed to push sbom image to ${IMAGE%:*}:${TASKRUN_NAME}\"\n  exit 1\nfi\n\necho \"[$(date --utc -Ins)] Push image with git revision\"\n\n# Push to a tag based on the git revision\necho \"Pushing to ${IMAGE}\"\nif ! retry buildah push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile \"/workspace/source/image-digest\" \"$IMAGE\" \\\n  \"docker://$IMAGE\"\nthen\n  echo \"Failed to push sbom image to $IMAGE\"\n  exit 1\nfi\n\ntee \"/tekton/results/IMAGE_DIGEST\" \u003c \"/workspace/source\"/image-digest\necho -n \"$IMAGE\" | tee /tekton/results/IMAGE_URL\n{\n  echo -n \"${IMAGE}@\"\n  cat \"/workspace/source/image-digest\"\n} \u003e \"/tekton/results/IMAGE_REF\"\necho\n\n# detect if keyless signing is required\nSIGNING_CONFIG='{}'\nKFLX_CONFIG_PATH='/tmp/konflux_config.json'\nif ! RETRY_STOP_IF_STDERR_MATCHES='configmaps \"cluster-config\" not found' retry kubectl get configmap cluster-config -n konflux-info -o json \u003e\"${KFLX_CONFIG_PATH}\"\nthen\n  echo \"Failed to fetch konflux cluster-config, default values will be used\" \u003e\u00262\nelse\n  SIGNING_CONFIG=\"$(cat ${KFLX_CONFIG_PATH})\"\nfi\n\n# configmap key -\u003e variable name mapping\ndeclare -A SIGNING_KEY_MAP=(\n  [defaultOIDCIssuer]=SIGSTORE_OIDC_ISSUER\n  [rekorInternalUrl]=REKOR_URL\n  [fulcioInternalUrl]=SIGSTORE_FULCIO_URL\n  [tufInternalUrl]=TUF_URL\n)\n\n# fallback keys when internal URL is not available\ndeclare -A SIGNING_FALLBACK_MAP=(\n  [rekorInternalUrl]=rekorExternalUrl\n  [fulcioInternalUrl]=fulcioExternalUrl\n  [tufInternalUrl]=tufExternalUrl\n)\n\nmissing=\"\"\nconfigured=0\nfor key in \"${!SIGNING_KEY_MAP[@]}\"; do\n  val=$(echo \"${SIGNING_CONFIG}\" | jq -r \".data.${key} // empty\")\n  if [ -z \"${val}\" ] \u0026\u0026 [ -n \"${SIGNING_FALLBACK_MAP[$key]+x}\" ]; then\n    fallback_key=\"${SIGNING_FALLBACK_MAP[$key]}\"\n    val=$(echo \"${SIGNING_CONFIG}\" | jq -r \".data.${fallback_key} // empty\")\n    if [ -n \"${val}\" ]; then\n      echo \"Using fallback ${fallback_key} instead of ${key}\"\n    fi\n  fi\n  if [ -z \"${val}\" ]; then\n    missing=\"${missing:+${missing}, }${key}\"\n  else\n    declare \"${SIGNING_KEY_MAP[$key]}=${val}\"\n    configured=$((configured + 1))\n  fi\ndone\n\nif [ \"${configured}\" -eq \"${#SIGNING_KEY_MAP[@]}\" ]; then\n  echo \"Keyless signing is enabled\"\n\n  # Save signing config for upload-sbom step\n  for key in \"${!SIGNING_KEY_MAP[@]}\"; do\n    envvar=\"${SIGNING_KEY_MAP[$key]}\"\n    printf '%s=%q\\n' \"${envvar}\" \"${!envvar}\"\n  done \u003e /shared/signing-config.env\n\n  echo \"Using Rekor URL: ${REKOR_URL}\"\n  echo \"Using Fulcio URL: ${SIGSTORE_FULCIO_URL}\"\n  echo \"Using OIDC issuer: ${SIGSTORE_OIDC_ISSUER}\"\n\n  echo \"Initializing TUF root from ${TUF_URL}\"\n  if ! retry cosign initialize --root \"${TUF_URL}/root.json\" --mirror \"${TUF_URL}\"\n  then\n    echo \"Failed to initialize TUF root\" \u003e\u00262\n    exit 1\n  fi\n\n  # env var consumed by cosign\n  SIGSTORE_ID_TOKEN=\"$(cat /var/run/sigstore/cosign/oidc-token)\"\n  export SIGSTORE_ID_TOKEN\n\n  IMAGE_REF=\"$(cat \"/tekton/results/IMAGE_REF\")\"\n\n  # Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\n  mkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"${IMAGE_REF}\" \u003e /tmp/auth/config.json\n  export DOCKER_CONFIG=/tmp/auth\n\n  echo \"[$(date --utc -Ins)] Sign image\"\n  echo \"Signing image ${IMAGE_REF} using keyless signing\"\n  if ! retry cosign sign -y \\\n    --rekor-url=\"${REKOR_URL}\" \\\n    --fulcio-url=\"${SIGSTORE_FULCIO_URL}\" \\\n    --oidc-issuer=\"${SIGSTORE_OIDC_ISSUER}\" \\\n    \"${IMAGE_REF}\"\n  then\n    echo \"Failed to sign image\" \u003e\u00262\n    exit 1\n  fi\nelif [ \"${configured}\" -eq 0 ]; then\n  echo \"Keyless signing is disabled (none of ${missing} are configured in the konflux-info/cluster-config configmap)\"\nelse\n  echo \"ERROR: Incomplete keyless signing configuration in konflux-info/cluster-config configmap. Missing: ${missing}\" \u003e\u00262\n  exit 1\nfi\n\necho \"[$(date --utc -Ins)] End push\"\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                },
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/var/run/sigstore/cosign",
                                    "name": "oidc-token",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "1100m",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1100m",
                                    "memory": "4Gi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "sbom-syft-generate",
                            "script": "#!/bin/bash\nset -euo pipefail\necho \"[$(date --utc -Ins)] Generate SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\ncase $SBOM_TYPE in\n  cyclonedx)\n    syft_sbom_type=cyclonedx-json@1.5 ;;\n  spdx)\n    syft_sbom_type=spdx-json@2.3 ;;\n  *)\n    echo \"Invalid SBOM type: $SBOM_TYPE. Valid: cyclonedx, spdx\" \u003e\u00262\n    exit 1\n    ;;\nesac\n\nOCI_DIR=\"$(cat /shared/container_path)\"\n\nsyft_oci_args=(\n  oci-dir:\"${OCI_DIR}\"\n  --output \"$syft_sbom_type=/workspace/source/sbom-image.json\"\n)\nsyft_source_args=(\n  dir:\"/workspace/source/$SOURCE_CODE_DIR/$CONTEXT\"\n  --output \"$syft_sbom_type=/workspace/source/sbom-source.json\"\n)\n\nif [ \"${SBOM_SYFT_SELECT_CATALOGERS}\" != \"\" ]; then\n  syft_oci_args+=(--select-catalogers \"${SBOM_SYFT_SELECT_CATALOGERS}\")\n  syft_source_args+=(--select-catalogers \"${SBOM_SYFT_SELECT_CATALOGERS}\")\nfi\n\necho \"Running syft on the image\"\nsyft \"${syft_oci_args[@]}\"\nif [[ \"${HERMETIC}\" == \"false\" \u0026\u0026 \"${SBOM_SOURCE_SCAN_ENABLED}\" == \"true\" ]]; then\n  echo \"Running syft on the source code\"\n  syft \"${syft_source_args[@]}\"\nelse\n  echo \"Skipping syft on source code.\"\nfi\n\necho \"[$(date --utc -Ins)] End sbom-syft-generate\"\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/shared",
                                    "name": "shared"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/source/source"
                        },
                        {
                            "args": [
                                "--additional-base-images"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/mobster:1.1.0-1770046049@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                            "name": "prepare-sboms",
                            "script": "#!/bin/bash\nset -euo pipefail\n\necho \"[$(date --utc -Ins)] Prepare SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\n# Convert Tekton array params into Mobster params\nADDITIONAL_BASE_IMAGES=()\nwhile [[ $# -gt 0 ]]; do\n  case $1 in\n    --additional-base-images)\n      shift\n      while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do ADDITIONAL_BASE_IMAGES+=(\"$1\"); shift; done\n      ;;\n    *)\n      echo \"unexpected argument: $1\" \u003e\u00262\n      exit 2\n      ;;\n  esac\ndone\n\nIMAGE_URL=\"$(cat \"/tekton/results/IMAGE_URL\")\"\nIMAGE_DIGEST=\"$(cat \"/tekton/results/IMAGE_DIGEST\")\"\n\necho \"[$(date --utc -Ins)] Generate SBOM with mobster\"\n\nmobster_args=(\n  generate\n  --output sbom.json\n)\n\n# Validation is a flag for `generate`, not `oci-image`, so we need to\n# handle it before the oci-image arguments\nif [ \"${SBOM_SKIP_VALIDATION}\" == \"true\" ]; then\n  echo \"Skipping SBOM validation\"\n  mobster_args+=(--skip-validation)\nfi\n\nmobster_args+=(\n  oci-image\n  --from-syft \"/workspace/source/sbom-image.json\"\n  --image-pullspec \"$IMAGE_URL\"\n  --image-digest \"$IMAGE_DIGEST\"\n  --parsed-dockerfile-path \"/shared/parsed_dockerfile.json\"\n  --base-image-digest-file \"/shared/base_images_digests\"\n)\n\nif [ -f \"/workspace/source/sbom-source.json\" ]; then\n  mobster_args+=(--from-syft \"/workspace/source/sbom-source.json\")\nfi\n\nif [ -f \"/workspace/source/sbom-prefetch.json\" ]; then\n  mobster_args+=(--from-hermeto \"/workspace/source/sbom-prefetch.json\")\nfi\n\nif [ -n \"${TARGET_STAGE}\" ]; then\n  mobster_args+=(--dockerfile-target \"${TARGET_STAGE}\")\nfi\n\nfor ADDITIONAL_BASE_IMAGE in \"${ADDITIONAL_BASE_IMAGES[@]}\"; do\n  mobster_args+=(--additional-base-image \"$ADDITIONAL_BASE_IMAGE\")\ndone\n\nif [ \"${CONTEXTUALIZE_SBOM}\" == \"true\" ] \u0026\u0026 [ \"${HERMETIC}\" == \"false\" ]; then\n  mobster_args+=(--contextualize)\nfi\n\nif [ -f \"/shared/prefetch-arch\" ]; then\n  mobster_args+=(--arch \"$(cat /shared/prefetch-arch)\")\nfi\n\nmobster \"${mobster_args[@]}\"\n\necho \"[$(date --utc -Ins)] End prepare-sboms\"\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "upload-sbom",
                            "script": "#!/bin/bash\nset -euo pipefail\n\necho \"[$(date --utc -Ins)] Upload SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\n# Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\nmkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"$(cat \"/tekton/results/IMAGE_REF\")\" \u003e /tmp/auth/config.json\nexport DOCKER_CONFIG=/tmp/auth\necho \"Pushing sbom to registry\"\nif ! retry cosign attach sbom --sbom sbom.json --type \"$SBOM_TYPE\" \"$(cat \"/tekton/results/IMAGE_REF\")\"\nthen\n    echo \"Failed to push sbom to registry\"\n    exit 1\nfi\n\n# Remove tag from IMAGE while allowing registry to contain a port number.\nsbom_repo=\"${IMAGE%:*}\"\nsbom_digest=\"$(sha256sum sbom.json | cut -d' ' -f1)\"\n# The SBOM_BLOB_URL is created by `cosign attach sbom`.\necho -n \"${sbom_repo}@sha256:${sbom_digest}\" | tee \"/tekton/results/SBOM_BLOB_URL\"\n\nif [ -f \"/shared/signing-config.env\" ]; then\n  # shellcheck source=/dev/null\n  source /shared/signing-config.env\n\n  echo \"Initializing TUF root from ${TUF_URL}\"\n  if ! retry cosign initialize --root \"${TUF_URL}/root.json\" --mirror \"${TUF_URL}\"\n  then\n    echo \"Failed to initialize TUF root\" \u003e\u00262\n    exit 1\n  fi\n\n  # env var consumed by cosign\n  SIGSTORE_ID_TOKEN=\"$(cat /var/run/sigstore/cosign/oidc-token)\"\n  export SIGSTORE_ID_TOKEN\n\n  IMAGE_REF=\"$(cat \"/tekton/results/IMAGE_REF\")\"\n\n  ATT_SBOM_TYPE=\"${SBOM_TYPE}\"\n  if [ \"${ATT_SBOM_TYPE}\" = \"spdx\" ]; then\n    # for format cossistency with cyclonedx format, we want to use spdxjson instad of spdx\n    # spdx export data as rawstring, we want structured json as cyclonedx\n    ATT_SBOM_TYPE=\"spdxjson\"\n  fi\n\n  echo \"[$(date --utc -Ins)] Sign SBOM\"\n  echo \"Signing and attaching SBOM to ${IMAGE_REF} using keyless signing\"\n  if ! retry cosign attest -y --type \"${ATT_SBOM_TYPE}\" --predicate sbom.json \\\n    --rekor-url=\"${REKOR_URL}\" \\\n    --fulcio-url=\"${SIGSTORE_FULCIO_URL}\" \\\n    --oidc-issuer=\"${SIGSTORE_OIDC_ISSUER}\" \\\n    \"${IMAGE_REF}\"\n  then\n    echo \"Failed to sign SBOM\" \u003e\u00262\n    exit 1\n  fi\nfi\n\necho\necho \"[$(date --utc -Ins)] End upload-sbom\"\n",
                            "securityContext": {
                                "runAsNonRoot": false,
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/var/run/sigstore/cosign",
                                    "name": "oidc-token",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "varlibcontainers"
                        },
                        {
                            "emptyDir": {},
                            "name": "shared"
                        },
                        {
                            "name": "etc-pki-entitlement",
                            "secret": {
                                "optional": true,
                                "secretName": "etc-pki-entitlement"
                            }
                        },
                        {
                            "name": "activation-key",
                            "secret": {
                                "optional": true,
                                "secretName": "activation-key"
                            }
                        },
                        {
                            "name": "additional-secret",
                            "secret": {
                                "optional": true,
                                "secretName": "does-not-exist"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "caching-ca-bundle",
                                "optional": true
                            },
                            "name": "proxy-ca-bundle"
                        },
                        {
                            "name": "oidc-token",
                            "projected": {
                                "sources": [
                                    {
                                        "serviceAccountToken": {
                                            "audience": "sigstore",
                                            "expirationSeconds": 600,
                                            "path": "oidc-token"
                                        }
                                    }
                                ]
                            }
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace containing the source code to build.",
                            "name": "source"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-be96994577",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/6ed73c77-2cbe-4947-97cc-262a7c3fbbc9",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, appstudio",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:06:09Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "push-dockerfile",
                    "tekton.dev/task": "push-dockerfile",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-test-in8fa3206a5d329de43c1482b7d03ba7aa-push-dockerfile",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "26159",
                "uid": "6ed73c77-2cbe-4947-97cc-262a7c3fbbc9"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                    },
                    {
                        "name": "DOCKERFILE",
                        "value": "Dockerfile"
                    },
                    {
                        "name": "CONTEXT",
                        "value": "."
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "push-dockerfile"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.3@sha256:64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-129b97e6ab"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:24Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:24Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-in8fa3206a5d32d5d95163e97f5bf8f3c1186cd9008736-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        "entryPoint": "push-dockerfile",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile"
                    }
                },
                "results": [
                    {
                        "name": "IMAGE_REF",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:cd9b4b1e0643789e8b5779e2ec12ed8285124342e94e3c82b44c0b9ceb1d4569"
                    }
                ],
                "startTime": "2026-07-01T16:06:12Z",
                "steps": [
                    {
                        "container": "step-push",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                        "name": "push",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://8d82bdda65893bc2831dcd9acb3a429061974a76d47594ab997d59c01907095c",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:23Z",
                            "message": "[{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:cd9b4b1e0643789e8b5779e2ec12ed8285124342e94e3c82b44c0b9ceb1d4569\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:22Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Discover Dockerfile from source code and push it to registry as an OCI artifact.",
                    "params": [
                        {
                            "description": "The built binary image. The Dockerfile is pushed to the same image repository alongside.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "description": "The built binary image digest, which is used to construct the tag of Dockerfile image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "./Dockerfile",
                            "description": "Path to the Dockerfile.",
                            "name": "DOCKERFILE",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Path to the directory to use as context.",
                            "name": "CONTEXT",
                            "type": "string"
                        },
                        {
                            "default": ".dockerfile",
                            "description": "Suffix of the Dockerfile image tag.",
                            "name": "TAG_SUFFIX",
                            "type": "string"
                        },
                        {
                            "default": "application/vnd.konflux.dockerfile",
                            "description": "Artifact type of the Dockerfile image.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest-pinned image reference to the Dockerfile image.",
                            "name": "IMAGE_REF",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--source",
                                "source",
                                "--context",
                                ".",
                                "--containerfile",
                                "Dockerfile",
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                                "--image-digest",
                                "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8",
                                "--artifact-type",
                                "application/vnd.konflux.dockerfile",
                                "--tag-suffix",
                                ".dockerfile",
                                "--result-path-image-ref",
                                "/tekton/results/IMAGE_REF",
                                "--alternative-filename",
                                "Dockerfile"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "push-containerfile"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                            "name": "push",
                            "workingDir": "/workspace/workspace"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace containing the source code from where the Dockerfile is discovered.",
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-be96994577",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/90d9f97e-22b4-458a-9149-dc8a7800b878",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:06:09Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "sast-snyk-check",
                    "tekton.dev/task": "sast-snyk-check",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-test-in8fa3206a5d329de43c1482b7d03ba7aa-sast-snyk-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "25835",
                "uid": "90d9f97e-22b4-458a-9149-dc8a7800b878"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-snyk-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-129b97e6ab"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:24Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:24Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-in8fa3206a5d329e5b80e3c63f7fabe76657f94cdbd915-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        "entryPoint": "sast-snyk-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SKIPPED\",\"timestamp\":\"2026-07-01T16:06:23+00:00\",\"note\":\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:09Z",
                "steps": [
                    {
                        "container": "step-sast-snyk-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-snyk-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d113aa2de84b0e2a81a61762a176d4a2e69e2b3cbe12b5b2a3b1db097deb6d94",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:23Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:23+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:21Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://bef788b03f15b84f19d8b9dc11b64eab9dbd857ad81b9b0381ddf86eabdffce4",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:24Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:23+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:24Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for security vulnerabilities, including common issues such as SQL injection, cross-site scripting (XSS), and code injection attacks using Snyk Code, a Static Application Security Testing (SAST) tool.\n\nFollow the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/) to obtain a snyk-token and to enable the snyk task in a Pipeline.\n\nThe snyk binary used in this Task comes from a container image defined in https://github.com/konflux-ci/konflux-test\n\nSee https://snyk.io/product/snyk-code/ and https://snyk.io/ for more information about the snyk tool.",
                    "params": [
                        {
                            "default": "snyk-secret",
                            "description": "Name of secret which contains Snyk token.",
                            "name": "SNYK_SECRET",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Append arguments.",
                            "name": "ARGS",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Digest of the image to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Report only important findings in task result. Default is \"true\". To report all findings in task result, specify \"false\". Uploaded SARIF report to remote registry always includes all findings, regardless of severity level.",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Write excluded records in file. Useful for auditing (defaults to false).",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Directories or files to be excluded from Snyk scan (Comma-separated). Useful to split the directories of a git repo across multiple components.",
                            "name": "IGNORE_FILE_PATHS",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "6Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "6Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SNYK_SECRET",
                                    "value": "snyk-secret"
                                },
                                {
                                    "name": "ARGS"
                                },
                                {
                                    "name": "IGNORE_FILE_PATHS"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-snyk-check",
                            "script": "#!/usr/bin/env bash\n\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\n# Installation of Red Hat certificates for cloning Red Hat internal repositories\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSNYK_TOKEN_PATH=\"/etc/secrets/snyk_token\"\nif [ -f \"${SNYK_TOKEN_PATH}\" ] \u0026\u0026 [ -s \"${SNYK_TOKEN_PATH}\" ]; then\n  # SNYK token is provided\n  SNYK_TOKEN=\"$(cat ${SNYK_TOKEN_PATH})\"\n  export SNYK_TOKEN\nelse\n  # According to shellcheck documentation, the following error can be ignored as it is ignored through indirection: https://www.shellcheck.net/wiki/SC2034\n  # shellcheck disable=SC2034\n  to_enable_snyk='[here](https://konflux-ci.dev/docs/testing/build/snyk/)'\n  note=\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given ${to_enable_snyk}\"\n  TEST_OUTPUT=$(make_result_json -r SKIPPED -t \"$note\")\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nSNYK_EXIT_CODE=0\nSOURCE_CODE_DIR=/workspace/workspace\n\n# We ignore files using snyk ignore if the user set up the IGNORE_FILE_PATHS variable.\n(cd \"${SOURCE_CODE_DIR}\" \u0026\u0026 IFS=\",\" \u0026\u0026 for path in $IGNORE_FILE_PATHS; do\n  snyk ignore --file-path=\"source/${path}\"\ndone)\n\nset +e\necho \"INFO: Running 'snyk code test'..\"\n# We do want to expand ARGS (it can be multiple CLI flags, not just one)\n# shellcheck disable=SC2086\n\n# Generate full paths for each directory in TARGET_DIRS\nIFS=\",\" read -ra TARGETS_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGETS_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # Ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ ! \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\n\n  # Ensure directory exists\n  if [ ! -d \"$resolved_path\" ]; then\n    echo \"Warning: Directory $resolved_path does not exist, skipping\"\n    continue\n  fi\n\n  echo \"INFO: Scanning directory: $resolved_path\"\n  # We do want to expand ARGS (it can be multiple CLI flags, not just one)\n  # shellcheck disable=SC2086\n  snyk code test $ARGS \"$resolved_path\" --max-depth=1 --sarif-file-output=\"${resolved_path}/sast_snyk_check_out_${d//\\//_}.json\" 1\u003e\u00262\u003e\u003e stdout.txt\n  cmd_exit_code=$?\n  # Track the exit code: if any snyk command fails, preserve the failure\n  # Exit codes: 0 = success, 1 = vulnerabilities found, 2 = error, 3 = no supported files\n  # Error codes (2+) always override, warning codes (1,3) only if no previous error\n  if [[ \"$cmd_exit_code\" -ne 0 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 1 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 3 ]]; then\n    SNYK_EXIT_CODE=$cmd_exit_code\n  fi\n\ndone\n\n# Merge all SARIF outputs\nfind \"$SOURCE_CODE_DIR\" -name \"sast_snyk_check_out_*.json\" -exec cat {} + \u003e \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\nset -e\ntest_not_skipped=0\nSKIP_MSG=\"We found 0 supported files\"\ngrep -q \"$SKIP_MSG\" stdout.txt || test_not_skipped=$?\n\nif [[ \"$SNYK_EXIT_CODE\" -eq 0 ]] || [[ \"$SNYK_EXIT_CODE\" -eq 1 ]]; then\n  # Check if the merged SARIF file has content - this could happen if the snyk scan found no findings\n  if [ ! -s \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\" ]; then\n    echo \"WARN: No JSON output files were generated by snyk scan\"\n    # Get snyk version for proper SARIF metadata\n    SNYK_VERSION=$(snyk --version 2\u003e/dev/null | head -1 | tr -d '\\n' || echo \"unknown\")\n    # Create a valid minimal SARIF structure using jq\n    # Note: coverage array is required even when empty because downstream jq commands expect it\n    jq -n --arg version \"$SNYK_VERSION\" '{\n      \"$schema\": \"https://json.schemastore.org/sarif-2.1.0.json\",\n      \"version\": \"2.1.0\",\n      \"runs\": [{\n        \"tool\": {\n          \"driver\": {\n            \"name\": \"snyk\",\n            \"version\": $version,\n            \"informationUri\": \"https://snyk.io\"\n          }\n        },\n        \"results\": [],\n        \"properties\": {\n          \"coverage\": []\n        }\n      }]\n    }' \u003e\"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\n  fi\n\n  # In order to generate csdiff/v1, we need to add the whole path of the source code as Snyk only provides an URI to embed the context\n  (cd  \"${SOURCE_CODE_DIR}\" \u0026\u0026 csgrep --mode=json --embed-context=3 \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json) \\\n    | csgrep --mode=json --strip-path-prefix=\"source/\"  \\\n    \u003e sast_snyk_check_out_all_findings.json\n\n  echo \"INFO: Initial results:\"\n  csgrep --mode=evtstat sast_snyk_check_out_all_findings.json\n\n  if [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\n  fi\n  PROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n  # create the KFP clone directory regardless\n  KFP_DIR=\"known-false-positives\"\n  KFP_CLONED=\"0\"\n  mkdir \"${KFP_DIR}\"\n\n  # We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\n  if [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n      echo \"INFO: Trying to clone known-false-positives..\"\n      git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\n  fi\n\n  if [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone know-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv sast_snyk_check_out_all_findings.json filtered_sast_snyk_check_out.json\n  else\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    CMD=(\n      csfilter-kfp\n      --verbose\n      --kfp-dir=\"${KFP_DIR}\"\n      --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [ \"${RECORD_EXCLUDED}\" == \"true\" ]; then\n      CMD+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    set +e\n    \"${CMD[@]}\" sast_snyk_check_out_all_findings.json \u003e filtered_sast_snyk_check_out.json\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n      echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n      echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\n    echo \"INFO: Results after filtering:\"\n    (set -x \u0026\u0026 csgrep --mode=evtstat filtered_sast_snyk_check_out.json)\n  fi\n\n  # Generation of scan stats\n\n  total_files=$(jq '[.runs[0].properties.coverage[].files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n  supported_files=$(jq '[.runs[0].properties.coverage[] | select(.type == \"SUPPORTED\") | .files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n\n  # We make sure the values are 0 if no supported/total files are found\n  if [ \"$total_files\" = \"null\" ] || [ -z \"$total_files\" ]; then\n    total_files=0\n  fi\n\n  if [ \"$supported_files\" = \"null\" ] || [ -z \"$supported_files\" ]; then\n    supported_files=0\n  fi\n\n  coverage_ratio=0\n  if (( total_files \u003e 0 )); then\n      coverage_ratio=$((supported_files * 100 / total_files))\n  fi\n\n  # embed stats in results file and convert to SARIF\n  csgrep --mode=sarif --set-scan-prop snyk-scanned-files-coverage:\"${coverage_ratio}\" \\\n                      --set-scan-prop snyk-scanned-files-success:\"${supported_files}\"  \\\n                      --set-scan-prop snyk-scanned-files-total:\"${total_files}\" \\\n                      filtered_sast_snyk_check_out.json  \u003e sast_snyk_check_out.sarif\n\n  # Create filtered SARIF for Tekton task result based on IMP_FINDINGS_ONLY parameter\n  if [ \"${IMP_FINDINGS_ONLY}\" == \"true\" ]; then\n    # Filter to only \"error\" level or higher (high/critical severity) for Tekton task result\n    # In SARIF, defects are given a level like \"error\" or \"warning\". Snyk maps \"high\" level findings to \"error\".\n    # - \"error\" → importance level 1\n    # - \"warning\" (or missing level) → importance level 0\n    RESULT_SARIF=\"result_sast_snyk_check_out.sarif\"\n    csgrep --mode=sarif --imp-level 1 sast_snyk_check_out.sarif \u003e \"$RESULT_SARIF\"\n  else\n    # Use all findings for Tekton task result\n    RESULT_SARIF=\"sast_snyk_check_out.sarif\"\n  fi\n\n  TEST_OUTPUT=\n  parse_test_output \"sast-snyk-check\" sarif \"$RESULT_SARIF\"  || true\n\n# When the test is skipped, the \"SNYK_EXIT_CODE\" is 3 and it can also be 3 in some other situation\nelif [[ \"$test_not_skipped\" -eq 0 ]]; then\n  note=\"Task sast-snyk-check success: Snyk code test found zero supported files.\"\n  ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n  echo \"sast-snyk-check test failed because of the following issues:\"\n  cat stdout.txt\n  note=\"Task sast-snyk-check failed: For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets",
                                    "name": "snyk-secret",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url provided. Skipping upload.'\n  exit 0\nfi\n\nUPLOAD_FILES=\"sast_snyk_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n    if [ \"${UPLOAD_FILES}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach to ${IMAGE_URL}\"\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        }
                    ],
                    "volumes": [
                        {
                            "name": "snyk-secret",
                            "secret": {
                                "optional": true,
                                "secretName": "snyk-secret"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-66308ef01b",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/2ceb14db-9a88-49ae-b2bc-7777fadc4242",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:08:58Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "build-container",
                    "tekton.dev/task": "buildah",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-test-incb41c92e238803de427bde3c966a36ad-build-container",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "30806",
                "uid": "2ceb14db-9a88-49ae-b2bc-7777fadc4242"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    },
                    {
                        "name": "DOCKERFILE",
                        "value": "Dockerfile"
                    },
                    {
                        "name": "CONTEXT",
                        "value": "."
                    },
                    {
                        "name": "HERMETIC",
                        "value": "false"
                    },
                    {
                        "name": "PREFETCH_INPUT",
                        "value": ""
                    },
                    {
                        "name": "IMAGE_EXPIRES_AFTER",
                        "value": "5d"
                    },
                    {
                        "name": "COMMIT_SHA",
                        "value": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    },
                    {
                        "name": "BUILD_ARGS",
                        "value": []
                    },
                    {
                        "name": "BUILD_ARGS_FILE",
                        "value": ""
                    },
                    {
                        "name": "PRIVILEGED_NESTED",
                        "value": "false"
                    },
                    {
                        "name": "SOURCE_URL",
                        "value": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone"
                    },
                    {
                        "name": "BUILDAH_FORMAT",
                        "value": "docker"
                    },
                    {
                        "name": "HTTP_PROXY",
                        "value": ""
                    },
                    {
                        "name": "NO_PROXY",
                        "value": ""
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "buildah"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:b68244eb0d68eff71861384ae73f5e93b11fd3da77a0381f14fb52604310d8c5"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "source",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-7ebc9832aa"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:11:45Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:11:45Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-incb41c92e23889990e7da694bed4c96ac53e2c7fc79bc-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "b68244eb0d68eff71861384ae73f5e93b11fd3da77a0381f14fb52604310d8c5"
                        },
                        "entryPoint": "buildah",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-buildah"
                    }
                },
                "results": [
                    {
                        "name": "IMAGE_DIGEST",
                        "type": "string",
                        "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                    },
                    {
                        "name": "IMAGE_REF",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8@sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                    },
                    {
                        "name": "IMAGE_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    },
                    {
                        "name": "SBOM_BLOB_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:1d698f962025dc9cad884e2bfa19945180dcced261a758f4d18a0b6402c82679"
                    }
                ],
                "startTime": "2026-07-01T16:08:58Z",
                "steps": [
                    {
                        "container": "step-build",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "build",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://ca05ec184be2598adee913ee3180408267856a027f98fae716a3251724f4f867",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:10:14Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:09:06Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-push",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "push",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://5913fb5adc2b47f8559ee504f5ea6735fbffcd2ead1f5359c6a9dfbd5b2dfacd",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:10:27Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8@sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:10:15Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-sbom-syft-generate",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "sbom-syft-generate",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://531e40f0557539b934a558ffca78ace31efec208e8edefc0957a7facd2ac281f",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:10:40Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8@sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:10:27Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-prepare-sboms",
                        "imageID": "quay.io/konflux-ci/mobster@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                        "name": "prepare-sboms",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://5a0af9cd1f57385818942da7c23a8f1b716b9e267a6aaefee77149529a5aa720",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:11:04Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8@sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:10:40Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload-sbom",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "upload-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://3da3ce453d72a476236e7ab73b90ecc601aa07aebaa29803edc1ddf54610d3ec",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:11:44Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8@sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"type\":1},{\"key\":\"SBOM_BLOB_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:1d698f962025dc9cad884e2bfa19945180dcced261a758f4d18a0b6402c82679\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:11:05Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Buildah task builds source code into a container image and pushes the image into container registry using buildah tool.\nIn addition, it generates a SBOM file, injects the SBOM file into final container image and pushes the SBOM file as separate image using cosign tool.\nWhen prefetch-dependencies task is activated it is using its artifacts to run build in hermetic environment.",
                    "params": [
                        {
                            "description": "Reference of the image buildah will produce.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "default": "./Dockerfile",
                            "description": "Path to the Dockerfile to build.",
                            "name": "DOCKERFILE",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Path to the directory to use as context.",
                            "name": "CONTEXT",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)",
                            "name": "TLSVERIFY",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Determines if build will be executed without network access.",
                            "name": "HERMETIC",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "In case it is not empty, the prefetched content should be made available to the build.",
                            "name": "PREFETCH_INPUT",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Delete image tag after specified time. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.",
                            "name": "IMAGE_EXPIRES_AFTER",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The image is built from this commit.",
                            "name": "COMMIT_SHA",
                            "type": "string"
                        },
                        {
                            "default": "repos.d",
                            "description": "Path in the git repository in which yum repository files are stored",
                            "name": "YUM_REPOS_D_SRC",
                            "type": "string"
                        },
                        {
                            "default": "fetched.repos.d",
                            "description": "Path in source workspace where dynamically-fetched repos are present",
                            "name": "YUM_REPOS_D_FETCHED",
                            "type": "string"
                        },
                        {
                            "default": "/etc/yum.repos.d",
                            "description": "Target path on the container in which yum repository files should be made available",
                            "name": "YUM_REPOS_D_TARGET",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Target stage in Dockerfile to build. If not specified, the Dockerfile is processed entirely to (and including) its last stage.",
                            "name": "TARGET_STAGE",
                            "type": "string"
                        },
                        {
                            "default": "etc-pki-entitlement",
                            "description": "Name of secret which contains the entitlement certificates",
                            "name": "ENTITLEMENT_SECRET",
                            "type": "string"
                        },
                        {
                            "default": "activation-key",
                            "description": "Name of secret which contains subscription activation key",
                            "name": "ACTIVATION_KEY",
                            "type": "string"
                        },
                        {
                            "default": "does-not-exist",
                            "description": "Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET",
                            "name": "ADDITIONAL_SECRET",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Array of --build-arg values (\"arg=value\" strings)",
                            "name": "BUILD_ARGS",
                            "type": "array"
                        },
                        {
                            "default": [],
                            "description": "Array of --env values (\"env=value\" strings)",
                            "name": "ENV_VARS",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file",
                            "name": "BUILD_ARGS_FILE",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to keep compatibility location at /root/buildinfo/ for ICM injection",
                            "name": "ICM_KEEP_COMPAT_LOCATION",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma separated list of extra capabilities to add when running 'buildah build'",
                            "name": "ADD_CAPABILITIES",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Squash all new and previous layers added as a part of this build, as per --squash",
                            "name": "SQUASH",
                            "type": "string"
                        },
                        {
                            "default": "overlay",
                            "description": "Storage driver to configure for buildah",
                            "name": "STORAGE_DRIVER",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to skip stages in Containerfile that seem unused by subsequent stages",
                            "name": "SKIP_UNUSED_STAGES",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional key=value labels that should be applied to the image",
                            "name": "LABELS",
                            "type": "array"
                        },
                        {
                            "default": [],
                            "description": "Additional key=value annotations that should be applied to the image",
                            "name": "ANNOTATIONS",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Path to a file with additional key=value annotations that should be applied to the image",
                            "name": "ANNOTATIONS_FILE",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to enable privileged mode, should be used only with remote VMs",
                            "name": "PRIVILEGED_NESTED",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Skip SBOM-related operations. This will likely cause EC policies to fail if enabled",
                            "name": "SKIP_SBOM_GENERATION",
                            "type": "string"
                        },
                        {
                            "default": "spdx",
                            "description": "Select the SBOM format to generate. Valid values: spdx, cyclonedx. Note: the SBOM from the prefetch task - if there is one - must be in the same format.",
                            "name": "SBOM_TYPE",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Extra option to customize Syft's default catalogers when generating SBOMs. The value corresponds to Syft's CLI flag --select-catalogers. The details about available catalogers can be found here: https://github.com/anchore/syft/wiki/Package-Cataloger-Selection",
                            "name": "SBOM_SYFT_SELECT_CATALOGERS",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Flag to enable or disable SBOM generation from source code. The scanner of the source code is enabled only for non-hermetic builds and can be disabled if the SBOM_SYFT_SELECT_CATALOGERS can't turn off catalogers that cause false positives on source code scanning.",
                            "name": "SBOM_SOURCE_SCAN_ENABLED",
                            "type": "string"
                        },
                        {
                            "default": "oci",
                            "description": "The format for the resulting image's mediaType. Valid values are oci (default) or docker.",
                            "name": "BUILDAH_FORMAT",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional base image references to include to the SBOM. Array of image_reference_with_digest strings",
                            "name": "ADDITIONAL_BASE_IMAGES",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Mount the current working directory into the build using --volume $PWD:/$WORKINGDIR_MOUNT. Note that the $PWD will be the context directory for the build (see the CONTEXT param).",
                            "name": "WORKINGDIR_MOUNT",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Determines if the image inherits the base image labels.",
                            "name": "INHERIT_BASE_IMAGE_LABELS",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTP/HTTPS proxy to use for the buildah pull and build operations. Will not be passed through to the container during the build process.",
                            "name": "HTTP_PROXY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma separated list of hosts or domains which should bypass the HTTP/HTTPS proxy.",
                            "name": "NO_PROXY",
                            "type": "string"
                        },
                        {
                            "default": "caching-ca-bundle",
                            "description": "The name of the ConfigMap to read proxy CA bundle data from.",
                            "name": "PROXY_CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the proxy CA bundle data.",
                            "name": "PROXY_CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Defines the single build time for all buildah builds in seconds since UNIX epoch. Conflicts with SOURCE_DATE_EPOCH.",
                            "name": "BUILD_TIMESTAMP",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The image is built from this URL.",
                            "name": "SOURCE_URL",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Determines if SBOM will be contextualized.",
                            "name": "CONTEXTUALIZE_SBOM",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Flag to enable or disable SBOM validation before save. Validation is optional - use this if you are experiencing performance issues.",
                            "name": "SBOM_SKIP_VALIDATION",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Omit build history information from the resulting image. Improves reproducibility by excluding timestamps and layer metadata.",
                            "name": "OMIT_HISTORY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Timestamp in seconds since Unix epoch for reproducible builds. Sets image created time and SOURCE_DATE_EPOCH build arg. Conflicts with BUILD_TIMESTAMP.",
                            "name": "SOURCE_DATE_EPOCH",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Clamp mtime of all files to at most SOURCE_DATE_EPOCH. Does nothing if SOURCE_DATE_EPOCH is not defined.",
                            "name": "REWRITE_TIMESTAMP",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Don't inject a content-sets.json or a labels.json file. This requires that the canonical Containerfile takes care of this itself.",
                            "name": "SKIP_INJECTIONS",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest of the image just built",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "description": "Image repository and tag where the built image was pushed",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image reference of the built image",
                            "name": "IMAGE_REF",
                            "type": "string"
                        },
                        {
                            "description": "Reference of SBOM blob digest to enable digest-based verification from provenance",
                            "name": "SBOM_BLOB_URL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {
                            "limits": {
                                "memory": "4Gi"
                            },
                            "requests": {
                                "cpu": "1",
                                "memory": "4Gi"
                            }
                        },
                        "env": [
                            {
                                "name": "STORAGE_DRIVER",
                                "value": "overlay"
                            },
                            {
                                "name": "HERMETIC",
                                "value": "false"
                            },
                            {
                                "name": "SOURCE_CODE_DIR",
                                "value": "source"
                            },
                            {
                                "name": "CONTEXT",
                                "value": "."
                            },
                            {
                                "name": "IMAGE",
                                "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                            },
                            {
                                "name": "TLSVERIFY",
                                "value": "true"
                            },
                            {
                                "name": "IMAGE_EXPIRES_AFTER",
                                "value": "5d"
                            },
                            {
                                "name": "YUM_REPOS_D_SRC",
                                "value": "repos.d"
                            },
                            {
                                "name": "YUM_REPOS_D_FETCHED",
                                "value": "fetched.repos.d"
                            },
                            {
                                "name": "YUM_REPOS_D_TARGET",
                                "value": "/etc/yum.repos.d"
                            },
                            {
                                "name": "TARGET_STAGE"
                            },
                            {
                                "name": "ENTITLEMENT_SECRET",
                                "value": "etc-pki-entitlement"
                            },
                            {
                                "name": "ACTIVATION_KEY",
                                "value": "activation-key"
                            },
                            {
                                "name": "ADDITIONAL_SECRET",
                                "value": "does-not-exist"
                            },
                            {
                                "name": "BUILD_ARGS_FILE"
                            },
                            {
                                "name": "ADD_CAPABILITIES"
                            },
                            {
                                "name": "SQUASH",
                                "value": "false"
                            },
                            {
                                "name": "SKIP_UNUSED_STAGES",
                                "value": "true"
                            },
                            {
                                "name": "PRIVILEGED_NESTED",
                                "value": "false"
                            },
                            {
                                "name": "SKIP_SBOM_GENERATION",
                                "value": "false"
                            },
                            {
                                "name": "SBOM_TYPE",
                                "value": "spdx"
                            },
                            {
                                "name": "SBOM_SYFT_SELECT_CATALOGERS"
                            },
                            {
                                "name": "SBOM_SOURCE_SCAN_ENABLED",
                                "value": "true"
                            },
                            {
                                "name": "ANNOTATIONS_FILE"
                            },
                            {
                                "name": "WORKINGDIR_MOUNT"
                            },
                            {
                                "name": "INHERIT_BASE_IMAGE_LABELS",
                                "value": "true"
                            },
                            {
                                "name": "BUILD_TIMESTAMP"
                            },
                            {
                                "name": "CONTEXTUALIZE_SBOM",
                                "value": "true"
                            },
                            {
                                "name": "SBOM_SKIP_VALIDATION",
                                "value": "true"
                            },
                            {
                                "name": "SKIP_INJECTIONS",
                                "value": "false"
                            }
                        ],
                        "imagePullPolicy": "IfNotPresent",
                        "volumeMounts": [
                            {
                                "mountPath": "/shared",
                                "name": "shared"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--build-args",
                                "--env",
                                "--labels",
                                "--annotations"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "4600m",
                                    "memory": "8Gi"
                                },
                                "requests": {
                                    "cpu": "4600m",
                                    "memory": "8Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/root"
                                },
                                {
                                    "name": "COMMIT_SHA",
                                    "value": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                },
                                {
                                    "name": "SOURCE_URL",
                                    "value": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone"
                                },
                                {
                                    "name": "DOCKERFILE",
                                    "value": "Dockerfile"
                                },
                                {
                                    "name": "BUILDAH_HTTP_PROXY"
                                },
                                {
                                    "name": "BUILDAH_NO_PROXY"
                                },
                                {
                                    "name": "ICM_KEEP_COMPAT_LOCATION",
                                    "value": "true"
                                },
                                {
                                    "name": "BUILDAH_OMIT_HISTORY",
                                    "value": "false"
                                },
                                {
                                    "name": "BUILDAH_SOURCE_DATE_EPOCH"
                                },
                                {
                                    "name": "BUILDAH_REWRITE_TIMESTAMP",
                                    "value": "false"
                                }
                            ],
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "build",
                            "script": "#!/bin/bash\nset -euo pipefail\n\nfunction set_proxy {\n  if [ -n \"${BUILDAH_HTTP_PROXY}\" ]; then\n    echo \"[$(date --utc -Ins)] Setting proxy to ${BUILDAH_HTTP_PROXY}\"\n    export HTTP_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    export HTTPS_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    export ALL_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    if [ -n \"${BUILDAH_NO_PROXY}\" ]; then\n      echo \"[$(date --utc -Ins)] Bypassing proxy for ${BUILDAH_NO_PROXY}\"\n      export NO_PROXY=\"${BUILDAH_NO_PROXY}\"\n    fi\n  fi\n}\n\nfunction unset_proxy {\n  echo \"[$(date --utc -Ins)] Unsetting proxy\"\n  unset HTTP_PROXY HTTPS_PROXY ALL_PROXY NO_PROXY\n}\n\necho \"[$(date --utc -Ins)] Validate context path\"\n\nif [ -z \"$CONTEXT\" ]; then\n  echo \"WARNING: CONTEXT is empty. Defaulting to '.' (the source directory).\" \u003e\u00262\n  CONTEXT=\".\"\nfi\n\nsource_dir_path=$(realpath \"$SOURCE_CODE_DIR\")\ncontext_dir_path=$(realpath \"$SOURCE_CODE_DIR/$CONTEXT\")\n\ncase \"$context_dir_path\" in\n  \"$source_dir_path\" | \"$source_dir_path/\"*)\n    # path is valid, do nothing\n    ;;\n  *)\n    echo \"ERROR: The CONTEXT parameter ('$CONTEXT') is invalid because it escapes the source directory.\" \u003e\u00262\n    echo \"Source path: $source_dir_path\" \u003e\u00262\n    echo \"Resolved path: $context_dir_path\" \u003e\u00262\n    exit 1\n    ;;\nesac\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nproxy_ca_bundle=/mnt/proxy-ca-bundle/ca-bundle.crt\nupdate_ca_trust=false\n\nif [ -f \"$ca_bundle\" ]; then\n  echo \"[$(date --utc -Ins)] Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors/ca-bundle.crt\n  update_ca_trust=true\nfi\n\nif [ -f \"$proxy_ca_bundle\" ] \u0026\u0026 [ -n \"${BUILDAH_HTTP_PROXY}\" ]; then\n  echo \"[$(date --utc -Ins)] Using mounted proxy CA bundle: $proxy_ca_bundle\"\n  cp -vf $proxy_ca_bundle /etc/pki/ca-trust/source/anchors/proxy-ca-bundle.crt\n  update_ca_trust=true\nfi\n\nif [ \"$update_ca_trust\" = \"true\" ]; then\n  update-ca-trust\nfi\n\necho \"[$(date --utc -Ins)] Prepare Dockerfile\"\n\nif [ -e \"$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE\" ]; then\n  dockerfile_path=\"$(pwd)/$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE\"\nelif [ -e \"$SOURCE_CODE_DIR/$DOCKERFILE\" ]; then\n  dockerfile_path=\"$(pwd)/$SOURCE_CODE_DIR/$DOCKERFILE\"\nelif [ -e \"$DOCKERFILE\" ]; then\n  # Instrumented builds (SAST) use this custom dockerfile step as their base\n  dockerfile_path=\"$DOCKERFILE\"\nelse\n  echo \"Cannot find Dockerfile $DOCKERFILE\"\n  exit 1\nfi\n\ndockerfile_copy=$(mktemp --tmpdir \"$(basename \"$dockerfile_path\").XXXXXX\")\ncp \"$dockerfile_path\" \"$dockerfile_copy\"\n\n# Inject the image content manifest into the container we are producing.\n# This will generate the content-sets.json file and copy it by appending a COPY\n# instruction to the Containerfile.\nicm_opts=()\nif [ \"${ICM_KEEP_COMPAT_LOCATION}\" = \"true\" ]; then\n  icm_opts+=(-c)\nfi\nif [ \"${SKIP_INJECTIONS}\" = \"false\" ]; then\n  inject-icm-to-containerfile \"${icm_opts[@]}\" \"$dockerfile_copy\" \"/var/workdir/cachi2/output/bom.json\" \"$SOURCE_CODE_DIR/$CONTEXT\"\nfi\n\necho \"[$(date --utc -Ins)] Prepare system (architecture: $(uname -m))\"\n\n# Fixing group permission on /var/lib/containers\nchown root:root /var/lib/containers\n\nsed -i 's/^\\s*short-name-mode\\s*=\\s*.*/short-name-mode = \"disabled\"/' /etc/containers/registries.conf\n\n# Setting new namespace to run buildah - 2^32-2\necho 'root:1:4294967294' | tee -a /etc/subuid \u003e\u003e /etc/subgid\n\nbuild_args=()\nenv_vars=()\n\nLABELS=()\nANNOTATIONS=()\n# Append any annotations from the specified file\nif [ -n \"${ANNOTATIONS_FILE}\" ] \u0026\u0026 [ -f \"${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\" ]; then\n  echo \"Reading annotations from file: ${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\"\n  while IFS= read -r line || [[ -n \"$line\" ]]; do\n    # Skip empty lines and comments\n    if [[ -n \"$line\" \u0026\u0026 ! \"$line\" =~ ^[[:space:]]*# ]]; then\n      ANNOTATIONS+=(\"--annotation\" \"$line\")\n    fi\n  done \u003c \"${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\"\nfi\n\n# Split `args` into two sets of arguments.\nwhile [[ $# -gt 0 ]]; do\n    case $1 in\n        --build-args)\n            shift\n            # Note: this may result in multiple --build-arg=KEY=value flags with the same KEY being\n            # passed to buildah. In that case, the *last* occurrence takes precedence. This is why\n            # we append BUILD_ARGS after the content of the BUILD_ARGS_FILE\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do build_args+=(\"$1\"); shift; done\n            ;;\n        --env)\n            shift\n            # Collect env entries of the form KEY=value\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do env_vars+=(\"$1\"); shift; done\n            ;;\n        --labels)\n            shift\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do LABELS+=(\"--label\" \"$1\"); shift; done\n            ;;\n        --annotations)\n            shift\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do ANNOTATIONS+=(\"--annotation\" \"$1\"); shift; done\n            ;;\n        *)\n            echo \"unexpected argument: $1\" \u003e\u00262\n            exit 2\n            ;;\n    esac\ndone\n\nBUILD_ARG_FLAGS=()\nfor build_arg in \"${build_args[@]}\"; do\n  BUILD_ARG_FLAGS+=(\"--build-arg=$build_arg\")\ndone\n\nENV_FLAGS=()\nfor env_var in \"${env_vars[@]}\"; do\n  ENV_FLAGS+=(\"--env=$env_var\")\ndone\n\nDOCKERFILE_ARG_FLAGS=()\nDOCKERFILE_ARG_FLAGS+=(\"${BUILD_ARG_FLAGS[@]}\")\nDOCKERFILE_ARG_FLAGS+=(\"${ENV_FLAGS[@]}\")\n\nif [ -n \"${BUILD_ARGS_FILE}\" ]; then\n  DOCKERFILE_ARG_FLAGS+=(\"--build-arg-file=${SOURCE_CODE_DIR}/${BUILD_ARGS_FILE}\")\nfi\n\ndockerfile-json \"${DOCKERFILE_ARG_FLAGS[@]}\" \"$dockerfile_copy\" \u003e /shared/parsed_dockerfile.json\nBASE_IMAGES=$(\n    jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName | select(test(\"^oci-archive:\") | not)' /shared/parsed_dockerfile.json |\n      tr -d '\"' |\n      tr -d \"'\"\n)\n\nBUILDAH_ARGS=()\nUNSHARE_ARGS=()\n\nif [ \"${HERMETIC}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--pull=never\")\n  UNSHARE_ARGS+=(\"--net\")\n  buildah_retries=3\n\n  set_proxy\n\n  for image in $BASE_IMAGES; do\n    if ! retry unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 --mount -- buildah pull --retry \"$buildah_retries\" \"$image\"\n    then\n      echo \"Failed to pull base image ${image}\"\n      exit 1\n    fi\n  done\n\n  unset_proxy\n\n  echo \"Build will be executed with network isolation\"\nfi\n\nif [ -n \"${TARGET_STAGE}\" ]; then\n  BUILDAH_ARGS+=(\"--target=${TARGET_STAGE}\")\nfi\n\nBUILDAH_ARGS+=(\"${BUILD_ARG_FLAGS[@]}\")\nBUILDAH_ARGS+=(\"${ENV_FLAGS[@]}\")\n\nif [ -n \"${BUILD_ARGS_FILE}\" ]; then\n  BUILDAH_ARGS+=(\"--build-arg-file=$(realpath \"${SOURCE_CODE_DIR}/${BUILD_ARGS_FILE}\")\")\nfi\n\n# Necessary for newer version of buildah if the host system does not contain up to date version of container-selinux\n# TODO remove the option once all hosts were updated\nBUILDAH_ARGS+=(\"--security-opt=unmask=/proc/interrupts\")\n\nif [ \"${PRIVILEGED_NESTED}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--security-opt=label=disable\")\n  BUILDAH_ARGS+=(\"--cap-add=all\")\n  BUILDAH_ARGS+=(\"--device=/dev/fuse\")\nfi\n\nif [ -n \"${ADD_CAPABILITIES}\" ]; then\n  BUILDAH_ARGS+=(\"--cap-add=${ADD_CAPABILITIES}\")\nfi\n\nif [ \"${SQUASH}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--squash\")\nfi\n\nif [ \"${SKIP_UNUSED_STAGES}\" != \"true\" ] ; then\n  BUILDAH_ARGS+=(\"--skip-unused-stages=false\")\nfi\n\nif [ \"${INHERIT_BASE_IMAGE_LABELS}\" != \"true\" ] ; then\n  BUILDAH_ARGS+=(\"--inherit-labels=false\")\nfi\n\nif [ -n \"${BUILDAH_SOURCE_DATE_EPOCH}\" ]; then\n  BUILDAH_ARGS+=(\"--source-date-epoch=${BUILDAH_SOURCE_DATE_EPOCH}\")\n  if [ \"${BUILDAH_REWRITE_TIMESTAMP}\" = \"true\" ]; then\n    BUILDAH_ARGS+=(\"--rewrite-timestamp\")\n  fi\n  if [ -n \"$BUILD_TIMESTAMP\" ]; then\n    echo \"ERROR: cannot use both BUILD_TIMESTAMP and SOURCE_DATE_EPOCH\"\n    exit 1\n  fi\n  # but do set it so that we get all the labels/annotations associated with it\n  BUILD_TIMESTAMP=\"$BUILDAH_SOURCE_DATE_EPOCH\"\nfi\n\nif [ \"${BUILDAH_OMIT_HISTORY}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--omit-history\")\nfi\n\nVOLUME_MOUNTS=()\n\necho \"[$(date --utc -Ins)] Setup prefetched\"\n\nif [ -f \"/workspace/source/cachi2/cachi2.env\" ]; then\n  # Identify the current arch to filter the prefetched content\n  PREFETCH_ARCH=\"$(uname -m)\"\n  echo \"$PREFETCH_ARCH\" \u003e /shared/prefetch-arch\n\n  echo \"Prefetched content will be made available\"\n\n  cp -r \"/workspace/source/cachi2\" /tmp/\n  chmod -R go+rwX /tmp/cachi2\n\n  # In case RPMs were prefetched and this is a multi-arch build,\n  # clean up the packages that do not match the architecture being built\n  RPM_PREFETCH_DIR=\"/tmp/cachi2/output/deps/rpm\"\n  if [ -d \"$RPM_PREFETCH_DIR\" ] \u0026\u0026 [ \"$(find $RPM_PREFETCH_DIR | wc -l)\" -gt 1 ]; then\n    echo \"Removing prefetched RPMs from non-matching architectures\"\n    PREFETCH_ARCH=\"$(uname -m)\"\n    for path in \"$RPM_PREFETCH_DIR\"/*; do\n      if [ \"$(basename \"$path\")\" != \"$PREFETCH_ARCH\" ]; then\n        echo \"Removing: $path\"\n        rm -rf \"$path\"\n      else\n        echo \"Keeping: $path\"\n      fi\n    done\n  fi\n\n  VOLUME_MOUNTS+=(--volume /tmp/cachi2:/cachi2)\n  # Read in the whole file (https://unix.stackexchange.com/questions/533277), then\n  # for each RUN ... line insert the cachi2.env command *after* any options like --mount\n  sed -E -i \\\n      -e 'H;1h;$!d;x' \\\n      -e 's@^\\s*(run((\\s|\\\\\\n)+-\\S+)*(\\s|\\\\\\n)+)@\\1. /cachi2/cachi2.env \\\u0026\\\u0026 \\\\\\n    @igM' \\\n      \"$dockerfile_copy\"\n\n  prefetched_repo_for_my_arch=\"/tmp/cachi2/output/deps/rpm/$(uname -m)/repos.d/cachi2.repo\"\n  if [ -f \"$prefetched_repo_for_my_arch\" ]; then\n    echo \"Adding $prefetched_repo_for_my_arch to $YUM_REPOS_D_FETCHED\"\n    mkdir -p \"$YUM_REPOS_D_FETCHED\"\n    if [ ! -f \"${YUM_REPOS_D_FETCHED}/cachi2.repo\" ]; then\n      cp \"$prefetched_repo_for_my_arch\" \"$YUM_REPOS_D_FETCHED\"\n    fi\n  fi\nfi\n\n# if yum repofiles stored in git, copy them to mount point outside the source dir\nif [ -d \"${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}\" ]; then\n  mkdir -p \"${YUM_REPOS_D_FETCHED}\"\n  cp -r \"${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}\"/* \"${YUM_REPOS_D_FETCHED}\"\nfi\n\n# if anything in the repofiles mount point (either fetched or from git), mount it\nif [ -d \"${YUM_REPOS_D_FETCHED}\" ]; then\n  chmod -R go+rwX \"${YUM_REPOS_D_FETCHED}\"\n  mount_point=$(realpath \"${YUM_REPOS_D_FETCHED}\")\n  VOLUME_MOUNTS+=(--volume \"${mount_point}:${YUM_REPOS_D_TARGET}\")\nfi\n\nDEFAULT_LABELS=(\n  \"--label\" \"architecture=$(uname -m)\"\n  \"--label\" \"vcs-type=git\"\n)\nif [ -n \"$COMMIT_SHA\" ]; then\n  DEFAULT_LABELS+=(\"--label\" \"vcs-ref=${COMMIT_SHA}\" \"--label\" \"org.opencontainers.image.revision=${COMMIT_SHA}\")\n  ANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.revision=${COMMIT_SHA}\")\nfi\nif [ -n \"$SOURCE_URL\" ]; then\n  DEFAULT_LABELS+=(\"--label\" \"org.opencontainers.image.source=${SOURCE_URL}\")\n  ANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.source=${SOURCE_URL}\")\nfi\n[ -n \"$IMAGE_EXPIRES_AFTER\" ] \u0026\u0026 DEFAULT_LABELS+=(\"--label\" \"quay.expires-after=$IMAGE_EXPIRES_AFTER\")\n\nBUILD_TIMESTAMP_RFC3339=\"\"\nif [ -n \"$BUILD_TIMESTAMP\" ]; then\n  BUILD_TIMESTAMP_RFC3339=$(date -u -d \"@$BUILD_TIMESTAMP\" +'%Y-%m-%dT%H:%M:%SZ')\nelse\n  BUILD_TIMESTAMP_RFC3339=$(date -u +'%Y-%m-%dT%H:%M:%SZ')\nfi\n\nDEFAULT_LABELS+=(\"--label\" \"build-date=${BUILD_TIMESTAMP_RFC3339}\")\nDEFAULT_LABELS+=(\"--label\" \"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\nANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\n\nlabel_pairs=()\n# If INHERIT_BASE_IMAGE_LABELS is true, get the labels from the final base image only\ntouch base_images_labels.json\nif [[ \"$INHERIT_BASE_IMAGE_LABELS\" == \"true\" ]] \u0026\u0026 [[ -n \"$BASE_IMAGES\" ]]; then\n  FINAL_BASE_IMAGE=$(\n    # Get the base image of the final stage\n    # The final stage can refer to a previous `FROM xxx AS yyy` stage, for example 'FROM bar AS foo; ... ; FROM foo; ...'\n    # Define a function that keeps nesting recursively into the parent stages until it finds the original base image\n    # Run the find_root_stage() function on the final stage\n    # If the final stage is scratch or oci-archive, return empty\n    jq -r '.Stages as $all_stages |\n      def find_root_stage($stage):\n        if $stage.From.Stage then\n          find_root_stage($all_stages[$stage.From.Stage.Index])\n        else\n          $stage\n        end;\n\n        find_root_stage(.Stages[-1]) |\n        if .From.Scratch or (.BaseName | test(\"^oci-archive:\")) then\n          empty\n        else\n          .BaseName\n        end' /shared/parsed_dockerfile.json |\n      tr -d '\"' |\n      tr -d \"'\"\n  )\n  if [[ -n \"$FINAL_BASE_IMAGE\" ]]; then\n    set_proxy\n    buildah pull \"$FINAL_BASE_IMAGE\" \u003e/dev/null` `\n    unset_proxy\n    buildah inspect \"$FINAL_BASE_IMAGE\" | jq '.OCIv1.config.Labels' \u003e\"base_images_labels.json\"\n  fi\nfi\n\n# Concatenate defaults and explicit labels. If a label appears twice, the last one wins.\nLABELS=(\"${DEFAULT_LABELS[@]}\" \"${LABELS[@]}\")\n\n# Get all the default and explicit labels so that they can be written into labels.json\nfor label in \"${LABELS[@]}\"; do\n  if [[ \"$label\" != \"--label\" ]]; then\n    label_pairs+=(\"$label\")\n  fi\ndone\n\n# Labels that we explicitly add to the image\nlabel_pairs+=(\"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\nlabel_pairs+=(\"io.buildah.version=$(buildah version --json | jq -r '.version')\")\n\nwhile IFS= read -r label; do\n  label_pairs+=(\"$label\")\ndone \u003c \u003c(jq -r '.Stages[].Commands[] | select(.Name == \"LABEL\") | .Labels[] | \"\\(.Key)=\\(.Value)\"' /shared/parsed_dockerfile.json | sed 's/\"//g')\n\nprintf '%s\\n' \"${label_pairs[@]}\" | jq -Rn '\n  [ inputs | select(length\u003e0) ]\n| map( split(\"=\") | {(.[0]): (.[1] // \"\")} )\n  | add' \u003e\"image_labels.json\"\n\njq -s '(.[0] // {}) * (.[1] // {})' \"base_images_labels.json\" \"image_labels.json\" \u003e\"$SOURCE_CODE_DIR/$CONTEXT/labels.json\"\n\njq '.' \"$SOURCE_CODE_DIR/$CONTEXT/labels.json\"\n\nif [ \"${SKIP_INJECTIONS}\" = \"false\" ]; then\n  echo \"\" \u003e\u003e\"$dockerfile_copy\"\n  # Always write labels.json to the new standard location\n  echo 'COPY labels.json /usr/share/buildinfo/labels.json' \u003e\u003e\"$dockerfile_copy\"\n  # Conditionally write to the old location for backward compatibility\n  if [ \"${ICM_KEEP_COMPAT_LOCATION}\" = \"true\" ]; then\n    echo 'COPY labels.json /root/buildinfo/labels.json' \u003e\u003e\"$dockerfile_copy\"\n  fi\nfi\n\n# Make sure our labels.json file isn't filtered out\ncontainerignore=\"\"\nif [ -f \"$SOURCE_CODE_DIR/$CONTEXT/.containerignore\" ]; then\n  containerignore=\"$SOURCE_CODE_DIR/$CONTEXT/.containerignore\"\nelif [ -f \"$SOURCE_CODE_DIR/$CONTEXT/.dockerignore\" ]; then\n  containerignore=\"$SOURCE_CODE_DIR/$CONTEXT/.dockerignore\"\nfi\n\nif [ -n \"$containerignore\" ]; then\n  ignorefile_copy=$(mktemp --tmpdir \"$(basename \"$containerignore\").XXXXXX\")\n  cp \"$containerignore\" \"$ignorefile_copy\"\n  {\n    echo \"\"\n    echo \"!/labels.json\"\n    echo \"!/content-sets.json\"\n  } \u003e\u003e \"$ignorefile_copy\"\n  BUILDAH_ARGS+=(--ignorefile \"$ignorefile_copy\")\nfi\n\necho \"[$(date --utc -Ins)] Register sub-man\"\n\nACTIVATION_KEY_PATH=\"/activation-key\"\nENTITLEMENT_PATH=\"/entitlement\"\n\n# 0. if hermetic=true, skip all subscription related stuff\n# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.\n# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.\n# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.\n# 3. If the Dockerfile contains the string \"subcription-manager register\", add the activation-keys volume\n#    to buildah but don't pre-register for backwards compatibility. Mount an empty directory on\n#    shared emptydir volume to \"/etc/pki/entitlement\" to prevent certificates from being included\n\nif [ \"${HERMETIC}\" != \"true\" ] \u0026\u0026 [ -e /activation-key/org ]; then\n  cp -r --preserve=mode \"$ACTIVATION_KEY_PATH\" /tmp/activation-key\n  mkdir -p /shared/rhsm/etc/pki/entitlement\n  mkdir -p /shared/rhsm/etc/pki/consumer\n\n  VOLUME_MOUNTS+=(-v /tmp/activation-key:/activation-key \\\n                  -v /shared/rhsm/etc/pki/entitlement:/etc/pki/entitlement:Z \\\n                  -v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z)\n  echo \"Adding activation key to the build\"\n\n  if ! grep -E \"^[^#]*subscription-manager.[^#]*register\" \"$dockerfile_path\"; then\n    # user is not running registration in the Containerfile: pre-register.\n    echo \"Pre-registering with subscription manager.\"\n    export RETRY_MAX_TRIES=6\n    if ! retry subscription-manager register --org \"$(cat /tmp/activation-key/org)\" --activationkey \"$(cat /tmp/activation-key/activationkey)\"\n    then\n      echo \"Subscription-manager register failed\"\n      exit 1\n    fi\n    unset RETRY_MAX_TRIES\n    trap 'subscription-manager unregister || true' EXIT\n\n    # copy generated certificates to /shared volume\n    cp /etc/pki/entitlement/*.pem /shared/rhsm/etc/pki/entitlement\n    cp /etc/pki/consumer/*.pem /shared/rhsm/etc/pki/consumer\n\n    # and then mount get /etc/rhsm/ca/redhat-uep.pem into /run/secrets/rhsm/ca\n    VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)\n  fi\n\nelif [ \"${HERMETIC}\" != \"true\" ] \u0026\u0026 find /entitlement -name \"*.pem\" \u003e /dev/null; then\n  cp -r --preserve=mode \"$ENTITLEMENT_PATH\" /tmp/entitlement\n  VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)\n  echo \"Adding the entitlement to the build\"\nfi\n\nif [ -n \"$WORKINGDIR_MOUNT\" ]; then\n  if [[ \"$WORKINGDIR_MOUNT\" == *:* ]]; then\n    echo \"WORKINGDIR_MOUNT contains ':'\" \u003e\u00262\n    echo \"Refusing to proceed in case this is an attempt to set unexpected mount options.\" \u003e\u00262\n    exit 1\n  fi\n  # ${SOURCE_CODE_DIR}/${CONTEXT} will be the $PWD when we call 'buildah build'\n  # (we set the workdir using 'unshare -w')\n  context_dir=$(realpath \"${SOURCE_CODE_DIR}/${CONTEXT}\")\n  VOLUME_MOUNTS+=(--volume \"$context_dir:${WORKINGDIR_MOUNT}\")\nfi\n\nif [ -n \"${ADDITIONAL_VOLUME_MOUNTS-}\" ]; then\n  # ADDITIONAL_VOLUME_MOUNTS allows to specify more volumes for the build.\n  # Instrumented builds (SAST) use this step as their base and add some other tools.\n  while read -r volume_mount; do\n    VOLUME_MOUNTS+=(\"--volume=$volume_mount\")\n  done \u003c\u003c\u003c \"$ADDITIONAL_VOLUME_MOUNTS\"\nfi\n\necho \"[$(date --utc -Ins)] Add secrets\"\n\nADDITIONAL_SECRET_PATH=\"/additional-secret\"\nADDITIONAL_SECRET_TMP=\"/tmp/additional-secret\"\nif [ -d \"$ADDITIONAL_SECRET_PATH\" ]; then\n  cp -r --preserve=mode -L \"$ADDITIONAL_SECRET_PATH\" $ADDITIONAL_SECRET_TMP\n  while read -r filename; do\n    echo \"Adding the secret ${ADDITIONAL_SECRET}/${filename} to the build, available at /run/secrets/${ADDITIONAL_SECRET}/${filename}\"\n    BUILDAH_ARGS+=(\"--secret=id=${ADDITIONAL_SECRET}/${filename},src=$ADDITIONAL_SECRET_TMP/${filename}\")\n  done \u003c \u003c(find $ADDITIONAL_SECRET_TMP -maxdepth 1 -type f -exec basename {} \\;)\nfi\n\n# Prevent ShellCheck from giving a warning because 'image' is defined and 'IMAGE' is not.\ndeclare IMAGE\n\nbuildah_cmd_array=(\n    buildah build\n    \"${VOLUME_MOUNTS[@]}\"\n    \"${BUILDAH_ARGS[@]}\"\n    \"${LABELS[@]}\"\n    \"${ANNOTATIONS[@]}\"\n    --tls-verify=\"$TLSVERIFY\" --no-cache\n    --ulimit nofile=4096:4096\n    --http-proxy=false\n    -f \"$dockerfile_copy\" -t \"$IMAGE\" .\n)\nbuildah_cmd=$(printf \"%q \" \"${buildah_cmd_array[@]}\")\n\nif [ \"${HERMETIC}\" == \"true\" ]; then\n  # enabling loopback adapter enables Bazel builds to work in hermetic mode.\n  command=\"ip link set lo up \u0026\u0026 $buildah_cmd\"\nelse\n  command=\"$buildah_cmd\"\nfi\n\n# disable host subcription manager integration\nfind /usr/share/rhel/secrets -type l -exec unlink {} \\;\n\nset_proxy\n\necho \"[$(date --utc -Ins)] Run buildah build\"\necho \"[$(date --utc -Ins)] ${command}\"\n\nunshare -Uf \"${UNSHARE_ARGS[@]}\" --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w \"${SOURCE_CODE_DIR}/$CONTEXT\" --mount -- sh -c \"$command\"\n\nunset_proxy\n\necho \"[$(date --utc -Ins)] Add metadata\"\n\n# Save the SBOM produced in prefetch so it can be merged into the final SBOM later\nif [ -f \"/tmp/cachi2/output/bom.json\" ]; then\n  echo \"Making copy of sbom-prefetch.json\"\n  cp /tmp/cachi2/output/bom.json ./sbom-prefetch.json\nfi\n\ntouch /shared/base_images_digests\necho \"Recording base image digests used\"\nfor image in $BASE_IMAGES; do\n  # Get the image pullspec and filter out a tag if it is not set\n  # Use head -n 1 to ensure we only get one result even if multiple images match the filter\n  base_image_digest=$(buildah images --format '{{ .Name }}{{ if ne .Tag \"\u003cnone\u003e\" }}:{{ .Tag }}{{ end }}@{{ .Digest }}' --filter reference=\"$image\" | head -n 1)\n  # In some cases, there might be BASE_IMAGES, but not any associated digest. This happens\n  # if buildah did not use that particular image during build because it was skipped\n  if [ -n \"$base_image_digest\" ]; then\n    echo \"$image $base_image_digest\" | tee -a /shared/base_images_digests\n  fi\ndone\n\nimage_name=$(echo \"${IMAGE##*/}\" | tr ':' '-')\nbuildah push \"$IMAGE\" oci:\"/shared/$image_name.oci\"\necho \"/shared/$image_name.oci\" \u003e /shared/container_path\n\necho \"[$(date --utc -Ins)] End build\"\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/entitlement",
                                    "name": "etc-pki-entitlement"
                                },
                                {
                                    "mountPath": "/activation-key",
                                    "name": "activation-key"
                                },
                                {
                                    "mountPath": "/additional-secret",
                                    "name": "additional-secret"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/mnt/proxy-ca-bundle",
                                    "name": "proxy-ca-bundle",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "600m",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "600m",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/root"
                                },
                                {
                                    "name": "BUILDAH_FORMAT",
                                    "value": "docker"
                                },
                                {
                                    "name": "TASKRUN_NAME",
                                    "value": "konflux-test-incb41c92e238803de427bde3c966a36ad-build-container"
                                }
                            ],
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "push",
                            "script": "#!/bin/bash\nset -e\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\necho \"[$(date --utc -Ins)] Convert image\"\n\n# While we can build images with the desired format, we will simplify any local\n# and remote build differences by just performing any necessary conversions at\n# push time.\npush_format=oci\nif [ \"${BUILDAH_FORMAT}\" == \"docker\" ]; then\n  push_format=docker\nfi\n\necho \"[$(date --utc -Ins)] Push image with unique tag\"\n\nbuildah_retries=3\n\n# Push to a unique tag based on the TaskRun name to avoid race conditions\necho \"Pushing to ${IMAGE%:*}:${TASKRUN_NAME}\"\nif ! retry buildah push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:${TASKRUN_NAME}\"\nthen\n  echo \"Failed to push sbom image to ${IMAGE%:*}:${TASKRUN_NAME}\"\n  exit 1\nfi\n\necho \"[$(date --utc -Ins)] Push image with git revision\"\n\n# Push to a tag based on the git revision\necho \"Pushing to ${IMAGE}\"\nif ! retry buildah push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile \"/workspace/source/image-digest\" \"$IMAGE\" \\\n  \"docker://$IMAGE\"\nthen\n  echo \"Failed to push sbom image to $IMAGE\"\n  exit 1\nfi\n\ntee \"/tekton/results/IMAGE_DIGEST\" \u003c \"/workspace/source\"/image-digest\necho -n \"$IMAGE\" | tee /tekton/results/IMAGE_URL\n{\n  echo -n \"${IMAGE}@\"\n  cat \"/workspace/source/image-digest\"\n} \u003e \"/tekton/results/IMAGE_REF\"\necho\n\n# detect if keyless signing is required\nSIGNING_CONFIG='{}'\nKFLX_CONFIG_PATH='/tmp/konflux_config.json'\nif ! RETRY_STOP_IF_STDERR_MATCHES='configmaps \"cluster-config\" not found' retry kubectl get configmap cluster-config -n konflux-info -o json \u003e\"${KFLX_CONFIG_PATH}\"\nthen\n  echo \"Failed to fetch konflux cluster-config, default values will be used\" \u003e\u00262\nelse\n  SIGNING_CONFIG=\"$(cat ${KFLX_CONFIG_PATH})\"\nfi\n\n# configmap key -\u003e variable name mapping\ndeclare -A SIGNING_KEY_MAP=(\n  [defaultOIDCIssuer]=SIGSTORE_OIDC_ISSUER\n  [rekorInternalUrl]=REKOR_URL\n  [fulcioInternalUrl]=SIGSTORE_FULCIO_URL\n  [tufInternalUrl]=TUF_URL\n)\n\n# fallback keys when internal URL is not available\ndeclare -A SIGNING_FALLBACK_MAP=(\n  [rekorInternalUrl]=rekorExternalUrl\n  [fulcioInternalUrl]=fulcioExternalUrl\n  [tufInternalUrl]=tufExternalUrl\n)\n\nmissing=\"\"\nconfigured=0\nfor key in \"${!SIGNING_KEY_MAP[@]}\"; do\n  val=$(echo \"${SIGNING_CONFIG}\" | jq -r \".data.${key} // empty\")\n  if [ -z \"${val}\" ] \u0026\u0026 [ -n \"${SIGNING_FALLBACK_MAP[$key]+x}\" ]; then\n    fallback_key=\"${SIGNING_FALLBACK_MAP[$key]}\"\n    val=$(echo \"${SIGNING_CONFIG}\" | jq -r \".data.${fallback_key} // empty\")\n    if [ -n \"${val}\" ]; then\n      echo \"Using fallback ${fallback_key} instead of ${key}\"\n    fi\n  fi\n  if [ -z \"${val}\" ]; then\n    missing=\"${missing:+${missing}, }${key}\"\n  else\n    declare \"${SIGNING_KEY_MAP[$key]}=${val}\"\n    configured=$((configured + 1))\n  fi\ndone\n\nif [ \"${configured}\" -eq \"${#SIGNING_KEY_MAP[@]}\" ]; then\n  echo \"Keyless signing is enabled\"\n\n  # Save signing config for upload-sbom step\n  for key in \"${!SIGNING_KEY_MAP[@]}\"; do\n    envvar=\"${SIGNING_KEY_MAP[$key]}\"\n    printf '%s=%q\\n' \"${envvar}\" \"${!envvar}\"\n  done \u003e /shared/signing-config.env\n\n  echo \"Using Rekor URL: ${REKOR_URL}\"\n  echo \"Using Fulcio URL: ${SIGSTORE_FULCIO_URL}\"\n  echo \"Using OIDC issuer: ${SIGSTORE_OIDC_ISSUER}\"\n\n  echo \"Initializing TUF root from ${TUF_URL}\"\n  if ! retry cosign initialize --root \"${TUF_URL}/root.json\" --mirror \"${TUF_URL}\"\n  then\n    echo \"Failed to initialize TUF root\" \u003e\u00262\n    exit 1\n  fi\n\n  # env var consumed by cosign\n  SIGSTORE_ID_TOKEN=\"$(cat /var/run/sigstore/cosign/oidc-token)\"\n  export SIGSTORE_ID_TOKEN\n\n  IMAGE_REF=\"$(cat \"/tekton/results/IMAGE_REF\")\"\n\n  # Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\n  mkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"${IMAGE_REF}\" \u003e /tmp/auth/config.json\n  export DOCKER_CONFIG=/tmp/auth\n\n  echo \"[$(date --utc -Ins)] Sign image\"\n  echo \"Signing image ${IMAGE_REF} using keyless signing\"\n  if ! retry cosign sign -y \\\n    --rekor-url=\"${REKOR_URL}\" \\\n    --fulcio-url=\"${SIGSTORE_FULCIO_URL}\" \\\n    --oidc-issuer=\"${SIGSTORE_OIDC_ISSUER}\" \\\n    \"${IMAGE_REF}\"\n  then\n    echo \"Failed to sign image\" \u003e\u00262\n    exit 1\n  fi\nelif [ \"${configured}\" -eq 0 ]; then\n  echo \"Keyless signing is disabled (none of ${missing} are configured in the konflux-info/cluster-config configmap)\"\nelse\n  echo \"ERROR: Incomplete keyless signing configuration in konflux-info/cluster-config configmap. Missing: ${missing}\" \u003e\u00262\n  exit 1\nfi\n\necho \"[$(date --utc -Ins)] End push\"\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                },
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/var/run/sigstore/cosign",
                                    "name": "oidc-token",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "1100m",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1100m",
                                    "memory": "4Gi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "sbom-syft-generate",
                            "script": "#!/bin/bash\nset -euo pipefail\necho \"[$(date --utc -Ins)] Generate SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\ncase $SBOM_TYPE in\n  cyclonedx)\n    syft_sbom_type=cyclonedx-json@1.5 ;;\n  spdx)\n    syft_sbom_type=spdx-json@2.3 ;;\n  *)\n    echo \"Invalid SBOM type: $SBOM_TYPE. Valid: cyclonedx, spdx\" \u003e\u00262\n    exit 1\n    ;;\nesac\n\nOCI_DIR=\"$(cat /shared/container_path)\"\n\nsyft_oci_args=(\n  oci-dir:\"${OCI_DIR}\"\n  --output \"$syft_sbom_type=/workspace/source/sbom-image.json\"\n)\nsyft_source_args=(\n  dir:\"/workspace/source/$SOURCE_CODE_DIR/$CONTEXT\"\n  --output \"$syft_sbom_type=/workspace/source/sbom-source.json\"\n)\n\nif [ \"${SBOM_SYFT_SELECT_CATALOGERS}\" != \"\" ]; then\n  syft_oci_args+=(--select-catalogers \"${SBOM_SYFT_SELECT_CATALOGERS}\")\n  syft_source_args+=(--select-catalogers \"${SBOM_SYFT_SELECT_CATALOGERS}\")\nfi\n\necho \"Running syft on the image\"\nsyft \"${syft_oci_args[@]}\"\nif [[ \"${HERMETIC}\" == \"false\" \u0026\u0026 \"${SBOM_SOURCE_SCAN_ENABLED}\" == \"true\" ]]; then\n  echo \"Running syft on the source code\"\n  syft \"${syft_source_args[@]}\"\nelse\n  echo \"Skipping syft on source code.\"\nfi\n\necho \"[$(date --utc -Ins)] End sbom-syft-generate\"\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/shared",
                                    "name": "shared"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/source/source"
                        },
                        {
                            "args": [
                                "--additional-base-images"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/mobster:1.1.0-1770046049@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                            "name": "prepare-sboms",
                            "script": "#!/bin/bash\nset -euo pipefail\n\necho \"[$(date --utc -Ins)] Prepare SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\n# Convert Tekton array params into Mobster params\nADDITIONAL_BASE_IMAGES=()\nwhile [[ $# -gt 0 ]]; do\n  case $1 in\n    --additional-base-images)\n      shift\n      while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do ADDITIONAL_BASE_IMAGES+=(\"$1\"); shift; done\n      ;;\n    *)\n      echo \"unexpected argument: $1\" \u003e\u00262\n      exit 2\n      ;;\n  esac\ndone\n\nIMAGE_URL=\"$(cat \"/tekton/results/IMAGE_URL\")\"\nIMAGE_DIGEST=\"$(cat \"/tekton/results/IMAGE_DIGEST\")\"\n\necho \"[$(date --utc -Ins)] Generate SBOM with mobster\"\n\nmobster_args=(\n  generate\n  --output sbom.json\n)\n\n# Validation is a flag for `generate`, not `oci-image`, so we need to\n# handle it before the oci-image arguments\nif [ \"${SBOM_SKIP_VALIDATION}\" == \"true\" ]; then\n  echo \"Skipping SBOM validation\"\n  mobster_args+=(--skip-validation)\nfi\n\nmobster_args+=(\n  oci-image\n  --from-syft \"/workspace/source/sbom-image.json\"\n  --image-pullspec \"$IMAGE_URL\"\n  --image-digest \"$IMAGE_DIGEST\"\n  --parsed-dockerfile-path \"/shared/parsed_dockerfile.json\"\n  --base-image-digest-file \"/shared/base_images_digests\"\n)\n\nif [ -f \"/workspace/source/sbom-source.json\" ]; then\n  mobster_args+=(--from-syft \"/workspace/source/sbom-source.json\")\nfi\n\nif [ -f \"/workspace/source/sbom-prefetch.json\" ]; then\n  mobster_args+=(--from-hermeto \"/workspace/source/sbom-prefetch.json\")\nfi\n\nif [ -n \"${TARGET_STAGE}\" ]; then\n  mobster_args+=(--dockerfile-target \"${TARGET_STAGE}\")\nfi\n\nfor ADDITIONAL_BASE_IMAGE in \"${ADDITIONAL_BASE_IMAGES[@]}\"; do\n  mobster_args+=(--additional-base-image \"$ADDITIONAL_BASE_IMAGE\")\ndone\n\nif [ \"${CONTEXTUALIZE_SBOM}\" == \"true\" ] \u0026\u0026 [ \"${HERMETIC}\" == \"false\" ]; then\n  mobster_args+=(--contextualize)\nfi\n\nif [ -f \"/shared/prefetch-arch\" ]; then\n  mobster_args+=(--arch \"$(cat /shared/prefetch-arch)\")\nfi\n\nmobster \"${mobster_args[@]}\"\n\necho \"[$(date --utc -Ins)] End prepare-sboms\"\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "upload-sbom",
                            "script": "#!/bin/bash\nset -euo pipefail\n\necho \"[$(date --utc -Ins)] Upload SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\n# Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\nmkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"$(cat \"/tekton/results/IMAGE_REF\")\" \u003e /tmp/auth/config.json\nexport DOCKER_CONFIG=/tmp/auth\necho \"Pushing sbom to registry\"\nif ! retry cosign attach sbom --sbom sbom.json --type \"$SBOM_TYPE\" \"$(cat \"/tekton/results/IMAGE_REF\")\"\nthen\n    echo \"Failed to push sbom to registry\"\n    exit 1\nfi\n\n# Remove tag from IMAGE while allowing registry to contain a port number.\nsbom_repo=\"${IMAGE%:*}\"\nsbom_digest=\"$(sha256sum sbom.json | cut -d' ' -f1)\"\n# The SBOM_BLOB_URL is created by `cosign attach sbom`.\necho -n \"${sbom_repo}@sha256:${sbom_digest}\" | tee \"/tekton/results/SBOM_BLOB_URL\"\n\nif [ -f \"/shared/signing-config.env\" ]; then\n  # shellcheck source=/dev/null\n  source /shared/signing-config.env\n\n  echo \"Initializing TUF root from ${TUF_URL}\"\n  if ! retry cosign initialize --root \"${TUF_URL}/root.json\" --mirror \"${TUF_URL}\"\n  then\n    echo \"Failed to initialize TUF root\" \u003e\u00262\n    exit 1\n  fi\n\n  # env var consumed by cosign\n  SIGSTORE_ID_TOKEN=\"$(cat /var/run/sigstore/cosign/oidc-token)\"\n  export SIGSTORE_ID_TOKEN\n\n  IMAGE_REF=\"$(cat \"/tekton/results/IMAGE_REF\")\"\n\n  ATT_SBOM_TYPE=\"${SBOM_TYPE}\"\n  if [ \"${ATT_SBOM_TYPE}\" = \"spdx\" ]; then\n    # for format cossistency with cyclonedx format, we want to use spdxjson instad of spdx\n    # spdx export data as rawstring, we want structured json as cyclonedx\n    ATT_SBOM_TYPE=\"spdxjson\"\n  fi\n\n  echo \"[$(date --utc -Ins)] Sign SBOM\"\n  echo \"Signing and attaching SBOM to ${IMAGE_REF} using keyless signing\"\n  if ! retry cosign attest -y --type \"${ATT_SBOM_TYPE}\" --predicate sbom.json \\\n    --rekor-url=\"${REKOR_URL}\" \\\n    --fulcio-url=\"${SIGSTORE_FULCIO_URL}\" \\\n    --oidc-issuer=\"${SIGSTORE_OIDC_ISSUER}\" \\\n    \"${IMAGE_REF}\"\n  then\n    echo \"Failed to sign SBOM\" \u003e\u00262\n    exit 1\n  fi\nfi\n\necho\necho \"[$(date --utc -Ins)] End upload-sbom\"\n",
                            "securityContext": {
                                "runAsNonRoot": false,
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/var/run/sigstore/cosign",
                                    "name": "oidc-token",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "varlibcontainers"
                        },
                        {
                            "emptyDir": {},
                            "name": "shared"
                        },
                        {
                            "name": "etc-pki-entitlement",
                            "secret": {
                                "optional": true,
                                "secretName": "etc-pki-entitlement"
                            }
                        },
                        {
                            "name": "activation-key",
                            "secret": {
                                "optional": true,
                                "secretName": "activation-key"
                            }
                        },
                        {
                            "name": "additional-secret",
                            "secret": {
                                "optional": true,
                                "secretName": "does-not-exist"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "caching-ca-bundle",
                                "optional": true
                            },
                            "name": "proxy-ca-bundle"
                        },
                        {
                            "name": "oidc-token",
                            "projected": {
                                "sources": [
                                    {
                                        "serviceAccountToken": {
                                            "audience": "sigstore",
                                            "expirationSeconds": 600,
                                            "path": "oidc-token"
                                        }
                                    }
                                ]
                            }
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace containing the source code to build.",
                            "name": "source"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-66308ef01b",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/ad8ef4e5-4288-4c57-b31d-6ac7213a1a79",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, appstudio",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:11:58Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "push-dockerfile",
                    "tekton.dev/task": "push-dockerfile",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-test-incb41c92e238803de427bde3c966a36ad-push-dockerfile",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "32042",
                "uid": "ad8ef4e5-4288-4c57-b31d-6ac7213a1a79"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                    },
                    {
                        "name": "DOCKERFILE",
                        "value": "Dockerfile"
                    },
                    {
                        "name": "CONTEXT",
                        "value": "."
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "push-dockerfile"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.3@sha256:64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-7ebc9832aa"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:12:13Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:12:13Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-incb41c92e238818e492150d96c73e97a374a3936a3b1f-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        "entryPoint": "push-dockerfile",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile"
                    }
                },
                "results": [
                    {
                        "name": "IMAGE_REF",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:3597137e2a67349c9445fce10fd75fd5b5f78748d7bdaf4f2d9aeaa617f7a091"
                    }
                ],
                "startTime": "2026-07-01T16:12:01Z",
                "steps": [
                    {
                        "container": "step-push",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                        "name": "push",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://337417144bf449480c13c627e82ad2df0822a4e6a6079fe84ea2eacf7733eacd",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:12Z",
                            "message": "[{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs@sha256:3597137e2a67349c9445fce10fd75fd5b5f78748d7bdaf4f2d9aeaa617f7a091\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:11Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Discover Dockerfile from source code and push it to registry as an OCI artifact.",
                    "params": [
                        {
                            "description": "The built binary image. The Dockerfile is pushed to the same image repository alongside.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "description": "The built binary image digest, which is used to construct the tag of Dockerfile image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "./Dockerfile",
                            "description": "Path to the Dockerfile.",
                            "name": "DOCKERFILE",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Path to the directory to use as context.",
                            "name": "CONTEXT",
                            "type": "string"
                        },
                        {
                            "default": ".dockerfile",
                            "description": "Suffix of the Dockerfile image tag.",
                            "name": "TAG_SUFFIX",
                            "type": "string"
                        },
                        {
                            "default": "application/vnd.konflux.dockerfile",
                            "description": "Artifact type of the Dockerfile image.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest-pinned image reference to the Dockerfile image.",
                            "name": "IMAGE_REF",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--source",
                                "source",
                                "--context",
                                ".",
                                "--containerfile",
                                "Dockerfile",
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                                "--image-digest",
                                "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127",
                                "--artifact-type",
                                "application/vnd.konflux.dockerfile",
                                "--tag-suffix",
                                ".dockerfile",
                                "--result-path-image-ref",
                                "/tekton/results/IMAGE_REF",
                                "--alternative-filename",
                                "Dockerfile"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "push-containerfile"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                            "name": "push",
                            "workingDir": "/workspace/workspace"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace containing the source code from where the Dockerfile is discovered.",
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-66308ef01b",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/a234f097-e3bd-4810-b7ea-a1d01fcb2826",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:11:57Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "sast-snyk-check",
                    "tekton.dev/task": "sast-snyk-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-test-incb41c92e238803de427bde3c966a36ad-sast-snyk-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "31714",
                "uid": "a234f097-e3bd-4810-b7ea-a1d01fcb2826"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-snyk-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-7ebc9832aa"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:12:13Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:12:13Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-incb41c92e23887e7b7bf92614486eb0baadb7047b0df9-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        "entryPoint": "sast-snyk-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SKIPPED\",\"timestamp\":\"2026-07-01T16:12:12+00:00\",\"note\":\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:11:58Z",
                "steps": [
                    {
                        "container": "step-sast-snyk-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-snyk-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://a81c16f443ba4920d931da234d9bb54682f26494b4e020ab4594d7899e2b2162",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:12Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T16:12:12+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:10Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://c38cd2bcda6421912baaae623f2de1b2a2835a68e2a108dc06185030ddd800a8",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:12Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T16:12:12+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:12Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for security vulnerabilities, including common issues such as SQL injection, cross-site scripting (XSS), and code injection attacks using Snyk Code, a Static Application Security Testing (SAST) tool.\n\nFollow the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/) to obtain a snyk-token and to enable the snyk task in a Pipeline.\n\nThe snyk binary used in this Task comes from a container image defined in https://github.com/konflux-ci/konflux-test\n\nSee https://snyk.io/product/snyk-code/ and https://snyk.io/ for more information about the snyk tool.",
                    "params": [
                        {
                            "default": "snyk-secret",
                            "description": "Name of secret which contains Snyk token.",
                            "name": "SNYK_SECRET",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Append arguments.",
                            "name": "ARGS",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Digest of the image to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Report only important findings in task result. Default is \"true\". To report all findings in task result, specify \"false\". Uploaded SARIF report to remote registry always includes all findings, regardless of severity level.",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Write excluded records in file. Useful for auditing (defaults to false).",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Directories or files to be excluded from Snyk scan (Comma-separated). Useful to split the directories of a git repo across multiple components.",
                            "name": "IGNORE_FILE_PATHS",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "6Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "6Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SNYK_SECRET",
                                    "value": "snyk-secret"
                                },
                                {
                                    "name": "ARGS"
                                },
                                {
                                    "name": "IGNORE_FILE_PATHS"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-snyk-check",
                            "script": "#!/usr/bin/env bash\n\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\n# Installation of Red Hat certificates for cloning Red Hat internal repositories\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSNYK_TOKEN_PATH=\"/etc/secrets/snyk_token\"\nif [ -f \"${SNYK_TOKEN_PATH}\" ] \u0026\u0026 [ -s \"${SNYK_TOKEN_PATH}\" ]; then\n  # SNYK token is provided\n  SNYK_TOKEN=\"$(cat ${SNYK_TOKEN_PATH})\"\n  export SNYK_TOKEN\nelse\n  # According to shellcheck documentation, the following error can be ignored as it is ignored through indirection: https://www.shellcheck.net/wiki/SC2034\n  # shellcheck disable=SC2034\n  to_enable_snyk='[here](https://konflux-ci.dev/docs/testing/build/snyk/)'\n  note=\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given ${to_enable_snyk}\"\n  TEST_OUTPUT=$(make_result_json -r SKIPPED -t \"$note\")\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nSNYK_EXIT_CODE=0\nSOURCE_CODE_DIR=/workspace/workspace\n\n# We ignore files using snyk ignore if the user set up the IGNORE_FILE_PATHS variable.\n(cd \"${SOURCE_CODE_DIR}\" \u0026\u0026 IFS=\",\" \u0026\u0026 for path in $IGNORE_FILE_PATHS; do\n  snyk ignore --file-path=\"source/${path}\"\ndone)\n\nset +e\necho \"INFO: Running 'snyk code test'..\"\n# We do want to expand ARGS (it can be multiple CLI flags, not just one)\n# shellcheck disable=SC2086\n\n# Generate full paths for each directory in TARGET_DIRS\nIFS=\",\" read -ra TARGETS_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGETS_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # Ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ ! \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\n\n  # Ensure directory exists\n  if [ ! -d \"$resolved_path\" ]; then\n    echo \"Warning: Directory $resolved_path does not exist, skipping\"\n    continue\n  fi\n\n  echo \"INFO: Scanning directory: $resolved_path\"\n  # We do want to expand ARGS (it can be multiple CLI flags, not just one)\n  # shellcheck disable=SC2086\n  snyk code test $ARGS \"$resolved_path\" --max-depth=1 --sarif-file-output=\"${resolved_path}/sast_snyk_check_out_${d//\\//_}.json\" 1\u003e\u00262\u003e\u003e stdout.txt\n  cmd_exit_code=$?\n  # Track the exit code: if any snyk command fails, preserve the failure\n  # Exit codes: 0 = success, 1 = vulnerabilities found, 2 = error, 3 = no supported files\n  # Error codes (2+) always override, warning codes (1,3) only if no previous error\n  if [[ \"$cmd_exit_code\" -ne 0 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 1 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 3 ]]; then\n    SNYK_EXIT_CODE=$cmd_exit_code\n  fi\n\ndone\n\n# Merge all SARIF outputs\nfind \"$SOURCE_CODE_DIR\" -name \"sast_snyk_check_out_*.json\" -exec cat {} + \u003e \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\nset -e\ntest_not_skipped=0\nSKIP_MSG=\"We found 0 supported files\"\ngrep -q \"$SKIP_MSG\" stdout.txt || test_not_skipped=$?\n\nif [[ \"$SNYK_EXIT_CODE\" -eq 0 ]] || [[ \"$SNYK_EXIT_CODE\" -eq 1 ]]; then\n  # Check if the merged SARIF file has content - this could happen if the snyk scan found no findings\n  if [ ! -s \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\" ]; then\n    echo \"WARN: No JSON output files were generated by snyk scan\"\n    # Get snyk version for proper SARIF metadata\n    SNYK_VERSION=$(snyk --version 2\u003e/dev/null | head -1 | tr -d '\\n' || echo \"unknown\")\n    # Create a valid minimal SARIF structure using jq\n    # Note: coverage array is required even when empty because downstream jq commands expect it\n    jq -n --arg version \"$SNYK_VERSION\" '{\n      \"$schema\": \"https://json.schemastore.org/sarif-2.1.0.json\",\n      \"version\": \"2.1.0\",\n      \"runs\": [{\n        \"tool\": {\n          \"driver\": {\n            \"name\": \"snyk\",\n            \"version\": $version,\n            \"informationUri\": \"https://snyk.io\"\n          }\n        },\n        \"results\": [],\n        \"properties\": {\n          \"coverage\": []\n        }\n      }]\n    }' \u003e\"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\n  fi\n\n  # In order to generate csdiff/v1, we need to add the whole path of the source code as Snyk only provides an URI to embed the context\n  (cd  \"${SOURCE_CODE_DIR}\" \u0026\u0026 csgrep --mode=json --embed-context=3 \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json) \\\n    | csgrep --mode=json --strip-path-prefix=\"source/\"  \\\n    \u003e sast_snyk_check_out_all_findings.json\n\n  echo \"INFO: Initial results:\"\n  csgrep --mode=evtstat sast_snyk_check_out_all_findings.json\n\n  if [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\n  fi\n  PROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n  # create the KFP clone directory regardless\n  KFP_DIR=\"known-false-positives\"\n  KFP_CLONED=\"0\"\n  mkdir \"${KFP_DIR}\"\n\n  # We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\n  if [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n      echo \"INFO: Trying to clone known-false-positives..\"\n      git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\n  fi\n\n  if [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone know-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv sast_snyk_check_out_all_findings.json filtered_sast_snyk_check_out.json\n  else\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    CMD=(\n      csfilter-kfp\n      --verbose\n      --kfp-dir=\"${KFP_DIR}\"\n      --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [ \"${RECORD_EXCLUDED}\" == \"true\" ]; then\n      CMD+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    set +e\n    \"${CMD[@]}\" sast_snyk_check_out_all_findings.json \u003e filtered_sast_snyk_check_out.json\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n      echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n      echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\n    echo \"INFO: Results after filtering:\"\n    (set -x \u0026\u0026 csgrep --mode=evtstat filtered_sast_snyk_check_out.json)\n  fi\n\n  # Generation of scan stats\n\n  total_files=$(jq '[.runs[0].properties.coverage[].files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n  supported_files=$(jq '[.runs[0].properties.coverage[] | select(.type == \"SUPPORTED\") | .files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n\n  # We make sure the values are 0 if no supported/total files are found\n  if [ \"$total_files\" = \"null\" ] || [ -z \"$total_files\" ]; then\n    total_files=0\n  fi\n\n  if [ \"$supported_files\" = \"null\" ] || [ -z \"$supported_files\" ]; then\n    supported_files=0\n  fi\n\n  coverage_ratio=0\n  if (( total_files \u003e 0 )); then\n      coverage_ratio=$((supported_files * 100 / total_files))\n  fi\n\n  # embed stats in results file and convert to SARIF\n  csgrep --mode=sarif --set-scan-prop snyk-scanned-files-coverage:\"${coverage_ratio}\" \\\n                      --set-scan-prop snyk-scanned-files-success:\"${supported_files}\"  \\\n                      --set-scan-prop snyk-scanned-files-total:\"${total_files}\" \\\n                      filtered_sast_snyk_check_out.json  \u003e sast_snyk_check_out.sarif\n\n  # Create filtered SARIF for Tekton task result based on IMP_FINDINGS_ONLY parameter\n  if [ \"${IMP_FINDINGS_ONLY}\" == \"true\" ]; then\n    # Filter to only \"error\" level or higher (high/critical severity) for Tekton task result\n    # In SARIF, defects are given a level like \"error\" or \"warning\". Snyk maps \"high\" level findings to \"error\".\n    # - \"error\" → importance level 1\n    # - \"warning\" (or missing level) → importance level 0\n    RESULT_SARIF=\"result_sast_snyk_check_out.sarif\"\n    csgrep --mode=sarif --imp-level 1 sast_snyk_check_out.sarif \u003e \"$RESULT_SARIF\"\n  else\n    # Use all findings for Tekton task result\n    RESULT_SARIF=\"sast_snyk_check_out.sarif\"\n  fi\n\n  TEST_OUTPUT=\n  parse_test_output \"sast-snyk-check\" sarif \"$RESULT_SARIF\"  || true\n\n# When the test is skipped, the \"SNYK_EXIT_CODE\" is 3 and it can also be 3 in some other situation\nelif [[ \"$test_not_skipped\" -eq 0 ]]; then\n  note=\"Task sast-snyk-check success: Snyk code test found zero supported files.\"\n  ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n  echo \"sast-snyk-check test failed because of the following issues:\"\n  cat stdout.txt\n  note=\"Task sast-snyk-check failed: For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets",
                                    "name": "snyk-secret",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url provided. Skipping upload.'\n  exit 0\nfi\n\nUPLOAD_FILES=\"sast_snyk_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n    if [ \"${UPLOAD_FILES}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach to ${IMAGE_URL}\"\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        }
                    ],
                    "volumes": [
                        {
                            "name": "snyk-secret",
                            "secret": {
                                "optional": true,
                                "secretName": "snyk-secret"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/be1ad986-2cbd-48bc-897a-606b8fe4d411",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "virus, konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:06:09Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "clamav-scan",
                    "tekton.dev/task": "clamav-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-test-integr8fa3206a5d329de43c1482b7d03ba7aa-clamav-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "27449",
                "uid": "be1ad986-2cbd-48bc-897a-606b8fe4d411"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clamav-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:07:10Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:07:10Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-integr8fa3206adef02b1efcd0ee2b7eba38fcbec28932-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        "entryPoint": "clamav-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\", \"digests\": [\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"timestamp\":\"1782922022\",\"namespace\":\"required_checks\",\"successes\":2,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\",\"note\":\"All checks passed successfully\"}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:10Z",
                "steps": [
                    {
                        "container": "step-extract-and-scan-image",
                        "imageID": "quay.io/konflux-ci/clamav-db@sha256:2da6c1a37fef998b68b675505fb654b1123e3cd889c190c59b4527d11621e8fc",
                        "name": "extract-and-scan-image",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://055a464363dc920352589b8dc53b8136059bc2db245d04801cfe520b6bdcf623",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:07:02Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\\\", \\\"digests\\\": [\\\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782922022\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:22Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f7f98ee2f0184e449d735d68ec30e6b069f665e4b23a1111b171d0c27a4c2af7",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:07:05Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\\\", \\\"digests\\\": [\\\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782922022\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:07:02Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans the content of container images and OCI artifacts for viruses, malware, and other malicious content using ClamAV antivirus scanner.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image arch.",
                            "name": "image-arch",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "8",
                            "description": "Maximum number of threads clamd runs.",
                            "name": "clamd-max-threads",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-upload",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                },
                                "requests": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/work"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                                },
                                {
                                    "name": "IMAGE_ARCH"
                                },
                                {
                                    "name": "MAX_THREADS",
                                    "value": "8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clamav-db:latest",
                            "name": "extract-and-scan-image",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Start clamd in background\n/start-clamd.sh\n\n# Bootstrap .docker config in overridden HOME.\n# This prevents 'oc' CLI failures in clean environments where ~/.docker does not exist.\nif [ ! -d ~/.docker ]; then\n    mkdir -p ~/.docker\n    echo '{}' \u003e ~/.docker/config.json\nfi\n\nimagewithouttag=$(echo $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\" | tr -d '\\n')\n\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\n\n# check if image is attestation one, skip the clamav scan in such case\nif [[ $imageanddigest == *.att ]]\nthen\n    echo \"$imageanddigest is an attestation image. Skipping ClamAV scan.\"\n    exit 0\nfi\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\nmkdir logs\nmkdir content\ncd content\necho \"Detecting artifact type for ${imageanddigest}.\"\necho '{\"artifact\":{\"pullspec\":\"'\"${imageanddigest}\"'\",\"type\":\"unknown\",\"mediaType\":\"\"}}' \u003e /work/logs/artifact-meta.json\n\n# Function to scan content and process results with ClamAV and EC\n# Parameters:\n#   $1: destination - path to the content to scan\n#   $2: suffix - suffix for log file names (e.g., \"oci\", \"amd64\")\n#   $3: digest - digest to add to digests_processed array\n#   $4: scan_message - optional message describing what is being scanned\nscan_and_process() {\n  local destination=\"$1\"\n  local suffix=\"$2\"\n  local digest=\"$3\"\n  local scan_message=\"${4:-Scanning content}\"\n\n  db_version=$(clamdscan --version | sed 's|.*/\\(.*\\)/.*|\\1|')\n\n  echo \"$scan_message. This operation may take a while.\"\n  clamdscan \"${destination}\" -vi --multiscan --fdpass \\\n    | tee \"/work/logs/clamscan-result-${suffix}.log\" || true\n\n  echo \"Executed-on: Scan was executed on clamsdcan version - $(clamdscan --version) Database version: $db_version\" | tee -a \"/work/logs/clamscan-result-${suffix}.log\"\n\n  digests_processed+=(\"\\\"$digest\\\"\")\n\n  if [[ -e \"/work/logs/clamscan-result-${suffix}.log\" ]]; then\n    # OPA/EC requires structured data input, add clamAV log into json\n    jq -Rs '{ output: . }' \"/work/logs/clamscan-result-${suffix}.log\" \u003e \"/work/logs/clamscan-result-log-${suffix}.json\"\n\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o json \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" || true\n\n    # workaround: due to a bug in ec-cli, we cannot generate json and appstudio output at the same time, running it again\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o appstudio \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" | tee \"/work/logs/clamscan-ec-test-${suffix}.json\" || true\n\n    cat \"/work/logs/clamscan-ec-test-${suffix}.json\"\n  fi\n}\n\n# Detect artifact type: container image vs OCI artifact\n# First, try to get image manifests (works for container images)\n# Use subshell to prevent get_image_manifests() from exiting the main script if it fails\n# (get_image_manifests uses exit 1 when Architecture field is missing, which happens for OCI artifacts)\nimage_manifests=$(bash -c '. /utils.sh; get_image_manifests -i \"'\"${imageanddigest}\"'\"' 2\u003e/dev/null || echo \"\")\n\n# If get_image_manifests failed, check if it's an OCI artifact by inspecting manifest media type\nif [ -z \"$image_manifests\" ]; then\n  echo \"get_image_manifests returned empty, checking if this is an OCI artifact...\"\n  raw_manifest=$(skopeo inspect --raw --authfile ~/.docker/config.json \"docker://${imageanddigest}\" 2\u003e/dev/null || true)\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"inspected\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n\n  if [ -n \"$raw_manifest\" ]; then\n    media_type=$(echo \"$raw_manifest\" | jq -r '.mediaType // .config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n    artifact_type=$(echo \"$raw_manifest\" | jq -r '.artifactType // empty' 2\u003e/dev/null || echo \"\")\n    config_media_type=$(echo \"$raw_manifest\" | jq -r '.config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n\n    # Determine if this is an OCI artifact (not a container image)\n    # OCI artifacts typically have:\n    # - An empty/scratch config (config.mediaType contains \"empty\" or \"scratch\")\n    # - An explicit artifactType field that is not a container image type\n    is_oci_artifact=false\n\n    # Check if config is empty/scratch (typical for OCI artifacts like python wheels, helm charts, etc.)\n    if echo \"$config_media_type\" | grep -qiE \"(empty|scratch)\"; then\n      is_oci_artifact=true\n    fi\n\n    # Check if artifactType is set and is not a container image type\n    if [ -n \"$artifact_type\" ] \u0026\u0026 ! echo \"$artifact_type\" | grep -qE \"application/vnd\\.(oci|docker)\\.(image|container)\"; then\n      is_oci_artifact=true\n    fi\n\n    if [ \"$is_oci_artifact\" = true ]; then\n      # This is an OCI artifact (e.g., python wheels, helm charts, etc.)\n      echo \"Detected OCI artifact (artifactType: ${artifact_type:-unset}, config.mediaType: ${config_media_type:-unset}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.artifactType = '\"\\\"${artifact_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    elif echo \"$media_type\" | grep -qE \"(application/vnd\\.(docker|oci)\\.(distribution|image)\\.manifest|application/vnd\\.docker\\.distribution\\.manifest)\"; then\n      # This looks like a container image manifest, but get_image_manifests failed\n      echo \"Detected container image manifest type: $media_type, but get_image_manifests failed. This may indicate an error.\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"$media_type\\\"\"' | .artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      note=\"Task clamav-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n      ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n      echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n      exit 0\n    else\n      # Likely an OCI artifact with non-standard media type\n      echo \"Detected OCI artifact (media type: ${media_type:-unknown}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    fi\n  else\n    echo \"Failed to inspect artifact \\\"$imageanddigest\\\". Unable to determine type.\"\n    note=\"Task clamav-scan failed: Failed to inspect artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 0\n  fi\nfi\n\n# Process container images (existing logic)\nif [ -n \"$image_manifests\" ]; then\n  echo \"Detected container image. Processing image manifests.\"\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n  # Proceed only if a specific arch is provided.\n  # This typically occurs when using Tekton Matrix to launch multiple TaskRuns to scan all architectures of a multi-arch image in parallel.\n  if [ -n \"$IMAGE_ARCH\" ]; then\n    arch=\"${IMAGE_ARCH#*/}\"\n    if [ \"${arch}\" = \"x86_64\" ]; then\n      arch=\"amd64\"\n    fi\n\n    # Check if arch is supported; if not (e.g., it's 'local', see link below), default to amd64.\n    # https://github.com/redhat-appstudio/infra-deployments/blob/main/components/multi-platform-controller/production/stone-prd-rh01/host-config.yaml#L9-L14\n    case \"$arch\" in\n      amd64|ppc64le|arm64|s390x)\n        ;;\n      *)\n        arch=\"amd64\"\n        ;;\n    esac\n\n    image_manifests=$(echo \"$image_manifests\" | jq -c --arg arch \"$arch\" '{($arch): .[$arch]}')\n  fi\n\n  while read -r arch arch_sha; do\n    destination=$(echo content-$arch)\n    mkdir -p \"$destination\"\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    echo \"Running \\\"oc image extract\\\" on image of arch $arch\"\n    retry oc image extract --only-files=true --registry-config ~/.docker/config.json \"$arch_imageanddigest\" --path=\"/:${destination}\" --filter-by-os=\"linux/${arch}\"\n    if [ $? -ne 0 ]; then\n      echo \"Unable to extract image for arch $arch. Skipping ClamAV scan!\"\n      exit 0\n    fi\n\n    # Scan and process container image for this architecture\n    scan_and_process \"${destination}\" \"$arch\" \"$arch_sha\" \"Scanning image for arch $arch\"\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nfi\n\njq -s -rce '\n  reduce .[] as $item ({\"timestamp\":\"0\",\"namespace\":\"\",\"successes\":0,\"failures\":0,\"warnings\":0,\"result\":\"\",\"note\":\"\"};\n    {\n    \"timestamp\" : (if .timestamp \u003c $item.timestamp then $item.timestamp else .timestamp end),\n    \"namespace\" : $item.namespace,\n    \"successes\" : (.successes + $item.successes),\n    \"failures\" : (.failures + $item.failures),\n    \"warnings\" : (.warnings + $item.warnings),\n    \"result\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.result else .result end),\n    \"note\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.note else .note end)\n    })' /work/logs/clamscan-ec-test-*.json | tee /tekton/results/TEST_OUTPUT\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_UPLOAD",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\n# Skip upload if requested e.g. read-only CI tests where push access is denied\nif [ \"$SKIP_UPLOAD\" == \"true\" ]; then\n  echo \"Upload skipped by parameter.\"\n  exit 0\nfi\n\n# Don't return a glob expression when no matches are found\nshopt -s nullglob\n\ncd logs\n\nfor UPLOAD_FILE in clamscan-result*.log; do\n  MEDIA_TYPE=text/vnd.clamav\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\nfor UPLOAD_FILE in clamscan-ec-test*.json; do\n  MEDIA_TYPE=application/vnd.konflux.test_output+json\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\n\nif [ -z \"${args}\" ]; then\n  echo \"No files found. Skipping upload.\"\n  exit 0;\nfi\n\necho \"Selecting auth\"\nselect-oci-auth $IMAGE_URL \u003e $HOME/auth.json\necho \"Attaching to ${IMAGE_URL}\"\n retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type application/vnd.clamav \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${args[@]}\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "dbfolder"
                        },
                        {
                            "emptyDir": {},
                            "name": "work"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/da96c938-848d-4720-82fe-40dfc3b15527",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:06:09Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "apply-tags",
                    "tekton.dev/task": "apply-tags",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-test-integra8fa3206a5d329de43c1482b7d03ba7aa-apply-tags",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "26151",
                "uid": "da96c938-848d-4720-82fe-40dfc3b15527"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "apply-tags"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:23Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:23Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-integra8fa3206dc1d5db779dd40026e6775d26ef47261-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        "entryPoint": "apply-tags",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-apply-tags"
                    }
                },
                "startTime": "2026-07-01T16:06:11Z",
                "steps": [
                    {
                        "container": "step-apply-additional-tags",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                        "name": "apply-additional-tags",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://759cde2254ab6d2c1a59209dc97fcf560b0f335078f152426aa991f23c6d99a6",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:23Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:21Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Applies additional tags to the built image.",
                    "params": [
                        {
                            "description": "Image repository and tag reference of the the built image.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest of the built image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional tags that will be applied to the image in the registry.",
                            "name": "ADDITIONAL_TAGS",
                            "type": "array"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                                "--digest",
                                "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8",
                                "--tags",
                                "--tags-from-image-label",
                                "konflux.additional-tags"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "apply-tags"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                            "name": "apply-additional-tags"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/4b941cfe-e19b-427b-b76a-ce55bc2ae58e",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:06:09Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "clair-scan",
                    "tekton.dev/task": "clair-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-test-integra8fa3206a5d329de43c1482b7d03ba7aa-clair-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "27357",
                "uid": "4b941cfe-e19b-427b-b76a-ce55bc2ae58e"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clair-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:07:10Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:07:10Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-integra8fa320692ed1c84a23c5dc6bc5e9f0d11d635b0-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        "entryPoint": "clair-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clair-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\", \"digests\": [\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\"]}}\n"
                    },
                    {
                        "name": "REPORTS",
                        "type": "string",
                        "value": "{\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\":\"sha256:07895e735ef3a15fadd871eea136a88849cceb81997b5409516dba72cedb18b9\"}\n"
                    },
                    {
                        "name": "SCAN_OUTPUT",
                        "type": "string",
                        "value": "{\"vulnerabilities\":{\"critical\":0,\"high\":0,\"medium\":0,\"low\":0,\"unknown\":0},\"unpatched_vulnerabilities\":{\"critical\":0,\"high\":0,\"medium\":147,\"low\":150,\"unknown\":0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:07:05+00:00\",\"note\":\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:09Z",
                "steps": [
                    {
                        "container": "step-get-image-manifests",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "get-image-manifests",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://711bc29f5865f5e6692cf835a547b8ca73b58f43424f56a3d6271c7b5bd0a182",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:28Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:23Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-get-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/clair-in-ci@sha256:e030a6094b6d88b430ed049a6a59808f4b795e9d8293d72a4bbab44da8cc429f",
                        "name": "get-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://9f2d58146e7bf1edfda5dd6eaa2e33bb79c26b9376da62b79d3c04da7bb67da6",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:57Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:29Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-oci-attach-report",
                        "imageID": "quay.io/konflux-ci/oras@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                        "name": "oci-attach-report",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://a97396ea41655fb216d58c6782820a40e3ed80deb55f5a8166511be17e020a79",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:07:00Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:57Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-conftest-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "conftest-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://531ed73016ec72fc15290eb41d1488c5842252979fb230c6c138361ba4a3efb1",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:07:05Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\\\", \\\"digests\\\": [\\\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\\\"]}}\\n\",\"type\":1},{\"key\":\"REPORTS\",\"value\":\"{\\\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\\\":\\\"sha256:07895e735ef3a15fadd871eea136a88849cceb81997b5409516dba72cedb18b9\\\"}\\n\",\"type\":1},{\"key\":\"SCAN_OUTPUT\",\"value\":\"{\\\"vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":0,\\\"medium\\\":0,\\\"low\\\":0,\\\"unknown\\\":0},\\\"unpatched_vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":0,\\\"medium\\\":147,\\\"low\\\":150,\\\"unknown\\\":0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:07:05+00:00\\\",\\\"note\\\":\\\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:07:01Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for vulnerabilities using Clair, by comparing the components of container image against Clair's vulnerability databases.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform built by.",
                            "name": "image-platform",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused, should be removed in next task version.",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-oci-attach-report",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Clair scan result.",
                            "name": "SCAN_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        },
                        {
                            "description": "Mapping of image digests to report digests",
                            "name": "REPORTS",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "get-image-manifests",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\necho \"Inspecting raw image manifest $imageanddigest.\"\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"' | while read -r arch arch_sha; do\n    echo \"$arch_sha\" \u003e /tekton/home/image-manifest-$arch.sha\n  done\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task clair-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                },
                                "requests": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                                },
                                {
                                    "name": "IMAGE_PLATFORM"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clair-in-ci:v1",
                            "imagePullPolicy": "Always",
                            "name": "get-vulnerabilities",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n# shellcheck source=/utils.sh\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\n# the quay report format used by the Conftest rules in the\n# conftest-vulnerabilities step doesn't contain the \"issued\" date which\n# we require in the policy rules, so we resort to running clair-action\n# twice to produce both quay and clair formatted output\nclair_report() {\n  { retry clair-action report --image-ref=\"$1\" --db-path=/tmp/matcher.db --format=clair | tee  \"clair-report-$2.json\"; } \u0026\u0026 \\\n  { retry clair-action convert  --file-path=\"clair-report-$2.json\" --format=quay \u003e \"clair-result-$2.json\"; }\n}\n\nrun_clair_on_arch() {\n  local arch=\"$1\"\n  local sha_file=\"image-manifest-$arch.sha\"\n\n  if [ -e \"$sha_file\" ]; then\n    local arch_sha\n    arch_sha=$(\u003c\"$sha_file\")\n    local digest=\"${imagewithouttag}@${arch_sha}\"\n\n    echo \"Running clair-action on $arch image manifest...\"\n    clair_report \"$digest\" \"$arch\" || true\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n   fi\n}\n\nplatform=\"${IMAGE_PLATFORM}\"\n\n# If a platform is specified, extract the architecture and run clair-action on the corresponding image manifest\nif [ -n \"$platform\" ]; then\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n  # Validate against supported arch list. If it's not a known arch, fallback to amd64\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  run_clair_on_arch \"$arch\"\n\n# If no platform is specified, run clair-action on all available image manifests\nelse\n  for sha_file in image-manifest-*.sha; do\n    if [ -e \"$sha_file\" ]; then\n      arch=$(basename \"$sha_file\" | sed 's/image-manifest-//;s/.sha//')\n      run_clair_on_arch \"$arch\"\n    fi\n  done\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nimages_processed=$(echo \"${images_processed_template/\\[%s]/[$digests_processed_string]}\")\necho \"$images_processed\" \u003e images-processed.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_OCI_ATTACH_REPORT",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                            "name": "oci-attach-report",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nif [ \"$SKIP_OCI_ATTACH_REPORT\" = \"true\" ]; then\n  echo 'OCI attach report skipped by parameter.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\nif ! compgen -G \"clair-report-*.json\" \u003e /dev/null; then\n  echo 'No Clair reports generated. Skipping upload.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\necho \"Selecting auth\"\nselect-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n\nrepository=\"${IMAGE_URL/:*/}\"\n\narch() {\n  report_file=\"$1\"\n  arch=\"${report_file/*-}\"\n  echo \"${arch/.json/}\"\n}\n\nMEDIA_TYPE='application/vnd.redhat.clair-report+json'\n\nreports_json=\"\"\nfor f in clair-report-*.json; do\n  digest=$(cat \"image-manifest-$(arch \"$f\").sha\")\n  image_ref=\"${repository}@${digest}\"\n  echo \"Attaching $f to ${image_ref}\"\n  if ! report_digest=\"$(retry oras attach --no-tty --format go-template='{{.digest}}' --registry-config \\\n    \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${image_ref}\" \"$f:${MEDIA_TYPE}\")\"\n  then\n    echo \"Failed to attach ${f} to ${image_ref}\"\n    exit 1\n  fi\n  # shellcheck disable=SC2016\n  reports_json=\"$(yq --output-format json --indent=0 eval-all '. as $i ireduce ({}; . * $i)' \u003c(echo \"${reports_json}\") \u003c(echo \"${digest}: ${report_digest}\"))\"\ndone\necho \"${reports_json}\" \u003e reports.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "conftest-vulnerabilities",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nclair_result_files=$(ls /tekton/home/clair-result-*.json)\nif [ -z \"$clair_result_files\" ]; then\n  echo \"Previous step [get-vulnerabilities] failed: No clair-result files found in /tekton/home.\"\nfi\n\nmissing_vulnerabilities_files=\"\"\nfor file in $clair_result_files; do\n  file_suffix=$(basename \"$file\" | sed 's/clair-result-//;s/.json//')\n  if [ ! -s \"$file\" ]; then\n    echo \"Previous step [get-vulnerabilities] failed: $file is empty.\"\n  else\n    /usr/bin/conftest test --no-fail $file \\\n    --policy /project/clair/vulnerabilities-check.rego --namespace required_checks \\\n    --output=json | tee /tekton/home/clair-vulnerabilities-$file_suffix.json || true\n  fi\n\n  #check for missing \"clair-vulnerabilities-\u003carch\u003e/image-index\" file and create a string\n  if [ ! -f \"/tekton/home/clair-vulnerabilities-$file_suffix.json\" ]; then\n    missing_vulnerabilities_files+=\"${missing_vulnerabilities_files:+, }/tekton/home/clair-vulnerabilities-$file_suffix.json\"\n  fi\ndone\n\nif [ -n \"$missing_vulnerabilities_files\" ]; then\n  note=\"Task clair-scan failed: $missing_vulnerabilities_files did not generate. For details, check Tekton task log.\"\n  TEST_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"$missing_vulnerabilities_files did not generate correctly. For details, check conftest command in Tekton task log.\"\n  echo \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n  exit 0\nfi\n\nscan_result='{\"vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}, \"unpatched_vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}}'\nfor file in /tekton/home/clair-vulnerabilities-*.json; do\n    result=$(jq -rce \\\n        '{\n            vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            },\n            unpatched_vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            }\n        }' \"$file\")\n\n    scan_result=$(jq -s -rce \\\n          '.[0].vulnerabilities.critical += .[1].vulnerabilities.critical |\n          .[0].vulnerabilities.high += .[1].vulnerabilities.high |\n          .[0].vulnerabilities.medium += .[1].vulnerabilities.medium |\n          .[0].vulnerabilities.low += .[1].vulnerabilities.low |\n          .[0].vulnerabilities.unknown += .[1].vulnerabilities.unknown |\n          .[0].unpatched_vulnerabilities.critical += .[1].unpatched_vulnerabilities.critical |\n          .[0].unpatched_vulnerabilities.high += .[1].unpatched_vulnerabilities.high |\n          .[0].unpatched_vulnerabilities.medium += .[1].unpatched_vulnerabilities.medium |\n          .[0].unpatched_vulnerabilities.low += .[1].unpatched_vulnerabilities.low |\n          .[0].unpatched_vulnerabilities.unknown += .[1].unpatched_vulnerabilities.unknown |\n          .[0]' \u003c\u003c\u003c\"$scan_result $result\")\ndone\n\necho \"$scan_result\" | tee \"/tekton/results/SCAN_OUTPUT\"\n\ncat /tekton/home/images-processed.json | tee /tekton/results/IMAGES_PROCESSED\n# shellcheck disable=SC2154\ncat /tekton/home/reports.json \u003e \"/tekton/results/REPORTS\"\n\nnote=\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\"\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"$note\")\necho \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/993825ec-e7e1-4cdb-861f-8721f2721721",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:11:58Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "apply-tags",
                    "tekton.dev/task": "apply-tags",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-test-integracb41c92e238803de427bde3c966a36ad-apply-tags",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "32013",
                "uid": "993825ec-e7e1-4cdb-861f-8721f2721721"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "apply-tags"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:12:11Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:12:11Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-integracb41c920371012c18d49f979f30693e50f8a8c8-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        "entryPoint": "apply-tags",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-apply-tags"
                    }
                },
                "startTime": "2026-07-01T16:12:00Z",
                "steps": [
                    {
                        "container": "step-apply-additional-tags",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                        "name": "apply-additional-tags",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://cc302adee754d7263366a1dc862e8244accc9bb15eb1b932d6501558b9c194fa",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:10Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:09Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Applies additional tags to the built image.",
                    "params": [
                        {
                            "description": "Image repository and tag reference of the the built image.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest of the built image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional tags that will be applied to the image in the registry.",
                            "name": "ADDITIONAL_TAGS",
                            "type": "array"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                                "--digest",
                                "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127",
                                "--tags",
                                "--tags-from-image-label",
                                "konflux.additional-tags"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "apply-tags"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                            "name": "apply-additional-tags"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/8fb65993-5530-499a-ab4a-9ae80c87c9fd",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:11:57Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "clair-scan",
                    "tekton.dev/task": "clair-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-test-integracb41c92e238803de427bde3c966a36ad-clair-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "33644",
                "uid": "8fb65993-5530-499a-ab4a-9ae80c87c9fd"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clair-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:12:55Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:12:55Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-integracb41c92ad79c9d601553f8d4da1cfe77aeabd17-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        "entryPoint": "clair-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clair-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\", \"digests\": [\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\"]}}\n"
                    },
                    {
                        "name": "REPORTS",
                        "type": "string",
                        "value": "{\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\":\"sha256:9c334daeee732fe12ab83d6f8e0bfbad9938740d8fdb07b2c7d60edfbc62268b\"}\n"
                    },
                    {
                        "name": "SCAN_OUTPUT",
                        "type": "string",
                        "value": "{\"vulnerabilities\":{\"critical\":0,\"high\":0,\"medium\":0,\"low\":0,\"unknown\":0},\"unpatched_vulnerabilities\":{\"critical\":0,\"high\":0,\"medium\":147,\"low\":150,\"unknown\":0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:12:53+00:00\",\"note\":\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:11:57Z",
                "steps": [
                    {
                        "container": "step-get-image-manifests",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "get-image-manifests",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://baf4fa5360175663916a539e8d71777f0d740b0f1178085589d9df2a80508cde",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:17Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:11Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-get-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/clair-in-ci@sha256:e030a6094b6d88b430ed049a6a59808f4b795e9d8293d72a4bbab44da8cc429f",
                        "name": "get-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://e606841a8ed48dca6ecd8eb0af3de021c98aac3f5f85d6a374abf4f7361f1818",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:43Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:17Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-oci-attach-report",
                        "imageID": "quay.io/konflux-ci/oras@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                        "name": "oci-attach-report",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://0e147325433c315da765f4036148a490275c3be999e27363e14cca6cf9bf0e15",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:48Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:44Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-conftest-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "conftest-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://3571d0fef4187c561b1c9f745470e057e0543188871a88d0ff823392b78b74d2",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:53Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\\\", \\\"digests\\\": [\\\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\\\"]}}\\n\",\"type\":1},{\"key\":\"REPORTS\",\"value\":\"{\\\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\\\":\\\"sha256:9c334daeee732fe12ab83d6f8e0bfbad9938740d8fdb07b2c7d60edfbc62268b\\\"}\\n\",\"type\":1},{\"key\":\"SCAN_OUTPUT\",\"value\":\"{\\\"vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":0,\\\"medium\\\":0,\\\"low\\\":0,\\\"unknown\\\":0},\\\"unpatched_vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":0,\\\"medium\\\":147,\\\"low\\\":150,\\\"unknown\\\":0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:12:53+00:00\\\",\\\"note\\\":\\\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:48Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for vulnerabilities using Clair, by comparing the components of container image against Clair's vulnerability databases.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform built by.",
                            "name": "image-platform",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused, should be removed in next task version.",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-oci-attach-report",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Clair scan result.",
                            "name": "SCAN_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        },
                        {
                            "description": "Mapping of image digests to report digests",
                            "name": "REPORTS",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "get-image-manifests",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\necho \"Inspecting raw image manifest $imageanddigest.\"\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"' | while read -r arch arch_sha; do\n    echo \"$arch_sha\" \u003e /tekton/home/image-manifest-$arch.sha\n  done\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task clair-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                },
                                "requests": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                                },
                                {
                                    "name": "IMAGE_PLATFORM"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clair-in-ci:v1",
                            "imagePullPolicy": "Always",
                            "name": "get-vulnerabilities",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n# shellcheck source=/utils.sh\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\n# the quay report format used by the Conftest rules in the\n# conftest-vulnerabilities step doesn't contain the \"issued\" date which\n# we require in the policy rules, so we resort to running clair-action\n# twice to produce both quay and clair formatted output\nclair_report() {\n  { retry clair-action report --image-ref=\"$1\" --db-path=/tmp/matcher.db --format=clair | tee  \"clair-report-$2.json\"; } \u0026\u0026 \\\n  { retry clair-action convert  --file-path=\"clair-report-$2.json\" --format=quay \u003e \"clair-result-$2.json\"; }\n}\n\nrun_clair_on_arch() {\n  local arch=\"$1\"\n  local sha_file=\"image-manifest-$arch.sha\"\n\n  if [ -e \"$sha_file\" ]; then\n    local arch_sha\n    arch_sha=$(\u003c\"$sha_file\")\n    local digest=\"${imagewithouttag}@${arch_sha}\"\n\n    echo \"Running clair-action on $arch image manifest...\"\n    clair_report \"$digest\" \"$arch\" || true\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n   fi\n}\n\nplatform=\"${IMAGE_PLATFORM}\"\n\n# If a platform is specified, extract the architecture and run clair-action on the corresponding image manifest\nif [ -n \"$platform\" ]; then\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n  # Validate against supported arch list. If it's not a known arch, fallback to amd64\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  run_clair_on_arch \"$arch\"\n\n# If no platform is specified, run clair-action on all available image manifests\nelse\n  for sha_file in image-manifest-*.sha; do\n    if [ -e \"$sha_file\" ]; then\n      arch=$(basename \"$sha_file\" | sed 's/image-manifest-//;s/.sha//')\n      run_clair_on_arch \"$arch\"\n    fi\n  done\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nimages_processed=$(echo \"${images_processed_template/\\[%s]/[$digests_processed_string]}\")\necho \"$images_processed\" \u003e images-processed.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_OCI_ATTACH_REPORT",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                            "name": "oci-attach-report",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nif [ \"$SKIP_OCI_ATTACH_REPORT\" = \"true\" ]; then\n  echo 'OCI attach report skipped by parameter.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\nif ! compgen -G \"clair-report-*.json\" \u003e /dev/null; then\n  echo 'No Clair reports generated. Skipping upload.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\necho \"Selecting auth\"\nselect-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n\nrepository=\"${IMAGE_URL/:*/}\"\n\narch() {\n  report_file=\"$1\"\n  arch=\"${report_file/*-}\"\n  echo \"${arch/.json/}\"\n}\n\nMEDIA_TYPE='application/vnd.redhat.clair-report+json'\n\nreports_json=\"\"\nfor f in clair-report-*.json; do\n  digest=$(cat \"image-manifest-$(arch \"$f\").sha\")\n  image_ref=\"${repository}@${digest}\"\n  echo \"Attaching $f to ${image_ref}\"\n  if ! report_digest=\"$(retry oras attach --no-tty --format go-template='{{.digest}}' --registry-config \\\n    \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${image_ref}\" \"$f:${MEDIA_TYPE}\")\"\n  then\n    echo \"Failed to attach ${f} to ${image_ref}\"\n    exit 1\n  fi\n  # shellcheck disable=SC2016\n  reports_json=\"$(yq --output-format json --indent=0 eval-all '. as $i ireduce ({}; . * $i)' \u003c(echo \"${reports_json}\") \u003c(echo \"${digest}: ${report_digest}\"))\"\ndone\necho \"${reports_json}\" \u003e reports.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "conftest-vulnerabilities",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nclair_result_files=$(ls /tekton/home/clair-result-*.json)\nif [ -z \"$clair_result_files\" ]; then\n  echo \"Previous step [get-vulnerabilities] failed: No clair-result files found in /tekton/home.\"\nfi\n\nmissing_vulnerabilities_files=\"\"\nfor file in $clair_result_files; do\n  file_suffix=$(basename \"$file\" | sed 's/clair-result-//;s/.json//')\n  if [ ! -s \"$file\" ]; then\n    echo \"Previous step [get-vulnerabilities] failed: $file is empty.\"\n  else\n    /usr/bin/conftest test --no-fail $file \\\n    --policy /project/clair/vulnerabilities-check.rego --namespace required_checks \\\n    --output=json | tee /tekton/home/clair-vulnerabilities-$file_suffix.json || true\n  fi\n\n  #check for missing \"clair-vulnerabilities-\u003carch\u003e/image-index\" file and create a string\n  if [ ! -f \"/tekton/home/clair-vulnerabilities-$file_suffix.json\" ]; then\n    missing_vulnerabilities_files+=\"${missing_vulnerabilities_files:+, }/tekton/home/clair-vulnerabilities-$file_suffix.json\"\n  fi\ndone\n\nif [ -n \"$missing_vulnerabilities_files\" ]; then\n  note=\"Task clair-scan failed: $missing_vulnerabilities_files did not generate. For details, check Tekton task log.\"\n  TEST_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"$missing_vulnerabilities_files did not generate correctly. For details, check conftest command in Tekton task log.\"\n  echo \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n  exit 0\nfi\n\nscan_result='{\"vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}, \"unpatched_vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}}'\nfor file in /tekton/home/clair-vulnerabilities-*.json; do\n    result=$(jq -rce \\\n        '{\n            vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            },\n            unpatched_vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            }\n        }' \"$file\")\n\n    scan_result=$(jq -s -rce \\\n          '.[0].vulnerabilities.critical += .[1].vulnerabilities.critical |\n          .[0].vulnerabilities.high += .[1].vulnerabilities.high |\n          .[0].vulnerabilities.medium += .[1].vulnerabilities.medium |\n          .[0].vulnerabilities.low += .[1].vulnerabilities.low |\n          .[0].vulnerabilities.unknown += .[1].vulnerabilities.unknown |\n          .[0].unpatched_vulnerabilities.critical += .[1].unpatched_vulnerabilities.critical |\n          .[0].unpatched_vulnerabilities.high += .[1].unpatched_vulnerabilities.high |\n          .[0].unpatched_vulnerabilities.medium += .[1].unpatched_vulnerabilities.medium |\n          .[0].unpatched_vulnerabilities.low += .[1].unpatched_vulnerabilities.low |\n          .[0].unpatched_vulnerabilities.unknown += .[1].unpatched_vulnerabilities.unknown |\n          .[0]' \u003c\u003c\u003c\"$scan_result $result\")\ndone\n\necho \"$scan_result\" | tee \"/tekton/results/SCAN_OUTPUT\"\n\ncat /tekton/home/images-processed.json | tee /tekton/results/IMAGES_PROCESSED\n# shellcheck disable=SC2154\ncat /tekton/home/reports.json \u003e \"/tekton/results/REPORTS\"\n\nnote=\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\"\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"$note\")\necho \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/bf42fe36-ee9d-42d5-a4ec-7473fa02574b",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:02:45Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "init",
                    "tekton.dev/task": "init",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-test-integration-c8fa3206a5d329de43c1482b7d03ba7aa-init",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "23141",
                "uid": "bf42fe36-ee9d-42d5-a4ec-7473fa02574b"
            },
            "spec": {
                "params": [
                    {
                        "name": "enable-cache-proxy",
                        "value": "false"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "init"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:02:50Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:02:50Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-integration-c85c971e4b2b6eb714b5d87dbd77a697bc-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19"
                        },
                        "entryPoint": "init",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-init"
                    }
                },
                "results": [
                    {
                        "name": "http-proxy",
                        "type": "string",
                        "value": ""
                    },
                    {
                        "name": "no-proxy",
                        "type": "string",
                        "value": ""
                    }
                ],
                "startTime": "2026-07-01T16:02:46Z",
                "steps": [
                    {
                        "container": "step-init",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:59f2ea93fa4d47342b54acb434422ee07ebccd927a06a00d3f3eca70f8356ddf",
                        "name": "init",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://fa819ac0e4835fa3c7ef73b18580e31aa4399fbe282d8c887c38c19580cbb16d",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:02:49Z",
                            "message": "[{\"key\":\"http-proxy\",\"value\":\"\",\"type\":1},{\"key\":\"no-proxy\",\"value\":\"\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:02:49Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Initialize Pipeline Task, enables configuration for cache-proxy if required during the PipelineRun.",
                    "params": [
                        {
                            "default": "false",
                            "description": "Enable cache proxy configuration",
                            "name": "enable-cache-proxy",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "HTTP proxy URL for cache proxy (when enable-cache-proxy is true)",
                            "name": "http-proxy",
                            "type": "string"
                        },
                        {
                            "description": "NO_PROXY value for cache proxy (when enable-cache-proxy is true)",
                            "name": "no-proxy",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "args": [
                                "--enable",
                                "false"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "config",
                                "cache-proxy"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                },
                                {
                                    "name": "DEFAULT_HTTP_PROXY",
                                    "value": "squid.caching.svc.cluster.local:3128"
                                },
                                {
                                    "name": "DEFAULT_NO_PROXY",
                                    "value": "brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai"
                                },
                                {
                                    "name": "HTTP_PROXY_RESULTS_PATH",
                                    "value": "/tekton/results/http-proxy"
                                },
                                {
                                    "name": "NO_PROXY_RESULTS_PATH",
                                    "value": "/tekton/results/no-proxy"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:59f2ea93fa4d47342b54acb434422ee07ebccd927a06a00d3f3eca70f8356ddf",
                            "name": "init"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/972e7ee9-8a7d-46df-89bc-b0626ce2e9bd",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:08:25Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "init",
                    "tekton.dev/task": "init",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-test-integration-ccb41c92e238803de427bde3c966a36ad-init",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "29335",
                "uid": "972e7ee9-8a7d-46df-89bc-b0626ce2e9bd"
            },
            "spec": {
                "params": [
                    {
                        "name": "enable-cache-proxy",
                        "value": "false"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "init"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:08:30Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:08:30Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-integration-cc84f6f78bec69108c0a2e95f443ad7ffe-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19"
                        },
                        "entryPoint": "init",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-init"
                    }
                },
                "results": [
                    {
                        "name": "http-proxy",
                        "type": "string",
                        "value": ""
                    },
                    {
                        "name": "no-proxy",
                        "type": "string",
                        "value": ""
                    }
                ],
                "startTime": "2026-07-01T16:08:25Z",
                "steps": [
                    {
                        "container": "step-init",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:59f2ea93fa4d47342b54acb434422ee07ebccd927a06a00d3f3eca70f8356ddf",
                        "name": "init",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://b21cf41ef1902d46aa0ff53fbfb5795914865f2bc239ec8eedc048e028d7f32e",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:30Z",
                            "message": "[{\"key\":\"http-proxy\",\"value\":\"\",\"type\":1},{\"key\":\"no-proxy\",\"value\":\"\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:08:30Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Initialize Pipeline Task, enables configuration for cache-proxy if required during the PipelineRun.",
                    "params": [
                        {
                            "default": "false",
                            "description": "Enable cache proxy configuration",
                            "name": "enable-cache-proxy",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "HTTP proxy URL for cache proxy (when enable-cache-proxy is true)",
                            "name": "http-proxy",
                            "type": "string"
                        },
                        {
                            "description": "NO_PROXY value for cache proxy (when enable-cache-proxy is true)",
                            "name": "no-proxy",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "args": [
                                "--enable",
                                "false"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "config",
                                "cache-proxy"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                },
                                {
                                    "name": "DEFAULT_HTTP_PROXY",
                                    "value": "squid.caching.svc.cluster.local:3128"
                                },
                                {
                                    "name": "DEFAULT_NO_PROXY",
                                    "value": "brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai"
                                },
                                {
                                    "name": "HTTP_PROXY_RESULTS_PATH",
                                    "value": "/tekton/results/http-proxy"
                                },
                                {
                                    "name": "NO_PROXY_RESULTS_PATH",
                                    "value": "/tekton/results/no-proxy"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:59f2ea93fa4d47342b54acb434422ee07ebccd927a06a00d3f3eca70f8356ddf",
                            "name": "init"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/658cff10-909b-4c94-8f2a-80945c68a387",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:11:57Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "ecosystem-cert-preflight-checks",
                    "tekton.dev/task": "ecosystem-cert-preflight-checks",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-test-integration-clone-4b913ca3b21301d6bd24b0f0d7165fb6",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "33648",
                "uid": "658cff10-909b-4c94-8f2a-80945c68a387"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "ecosystem-cert-preflight-checks"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:12:44Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:12:44Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-integration-cl77fd21508834f48abdbeed0b9ef93165-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        "entryPoint": "ecosystem-cert-preflight-checks",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks"
                    }
                },
                "results": [
                    {
                        "name": "ARTIFACT_TYPE",
                        "type": "string",
                        "value": "application"
                    },
                    {
                        "name": "ARTIFACT_TYPE_SET_BY",
                        "type": "string",
                        "value": "introspection"
                    },
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\", \"digests\": [\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\"]}}"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922360\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T16:11:58Z",
                "steps": [
                    {
                        "container": "step-introspect",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "introspect",
                        "provenance": {},
                        "results": [
                            {
                                "name": "artifact-type",
                                "type": "string",
                                "value": "application"
                            },
                            {
                                "name": "artifact-type-set-by",
                                "type": "string",
                                "value": "introspection"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://9ff6b1571691cf3b3d03fb2b80812e151a7ef9d546c45c1f4754de0f5f3beac1",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:12Z",
                            "message": "[{\"key\":\"artifact-type\",\"value\":\"application\",\"type\":4},{\"key\":\"artifact-type-set-by\",\"value\":\"introspection\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:11Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-generate-container-auth",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "generate-container-auth",
                        "provenance": {},
                        "results": [
                            {
                                "name": "auth-json-path",
                                "type": "string",
                                "value": "/auth/auth.json"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://e00ff55c35c198d2f35bf73765c1ac9abb8bbe0ea90e549934ed0454bf998213",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:12Z",
                            "message": "[{\"key\":\"auth-json-path\",\"value\":\"/auth/auth.json\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:12Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-set-skip-for-bundles",
                        "imageID": "quay.io/redhat-appstudio/konflux-test@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                        "name": "set-skip-for-bundles",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://6764ecd3daaab8b4b6db874c2ef45cdf3fada7914c9a3366b0cf68016a1d1f75",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:12Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:12Z"
                        },
                        "terminationReason": "Skipped"
                    },
                    {
                        "container": "step-app-check",
                        "imageID": "quay.io/opdev/preflight@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                        "name": "app-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://3ba942fe28913c4a06c61ca72c92c2cee40bba39980ee090d80157e3e7d32c88",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:39Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:13Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-app-set-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "app-set-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "images-processed",
                                "type": "string",
                                "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\", \"digests\": [\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\"]}}"
                            },
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922360\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://823cf854a960b42eab61da09077b31d43e1ff195dea32bd14e977322f2df44cf",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:40Z",
                            "message": "[{\"key\":\"images-processed\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\\\", \\\"digests\\\": [\\\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\\\"]}}\",\"type\":4},{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782922360\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:40Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-final-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "final-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922360\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://b753055d7b09d5ca481c8560fb4d142e26fb362545e0e3d6adbf330aba382d8c",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:42Z",
                            "message": "[{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782922360\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:41Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for certification readiness. Note that running this against an operatorbundle will result in a skip, as bundle validation is not executed through this task.",
                    "params": [
                        {
                            "description": "Image url to scan.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "introspect",
                            "description": "The type of artifact. Select from application, operatorbundle, or introspect.",
                            "name": "artifact-type",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform the image is built on.",
                            "name": "platform",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Ecosystem checks pass or fail outcome.",
                            "name": "TEST_OUTPUT",
                            "type": "string",
                            "value": "$(steps.final-outcome.results.test-output)"
                        },
                        {
                            "description": "The artifact type, either introspected or set.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type)"
                        },
                        {
                            "description": "How the artifact type was set.",
                            "name": "ARTIFACT_TYPE_SET_BY",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type-set-by)"
                        },
                        {
                            "description": "Collected image digests",
                            "name": "IMAGES_PROCESSED",
                            "type": "string",
                            "value": "$(steps.app-set-outcome.results.images-processed)"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_ARTIFACT_TYPE",
                                    "value": "introspect"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "introspect",
                            "results": [
                                {
                                    "description": "The type of artifact this task is considering.",
                                    "name": "artifact-type"
                                },
                                {
                                    "description": "The process that sets the artifact type. Informational.\nValues from: introspection, parameter.\n",
                                    "name": "artifact-type-set-by"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n_SET_BY=parameter\n# If the parameter is invalid, we'll introspect\nif [[ \"${PARAM_ARTIFACT_TYPE}\" != \"application\" ]] \u0026\u0026 [[ \"${PARAM_ARTIFACT_TYPE}\" != \"operatorbundle\" ]]; then\n  echo \"Artifact type will be determined by introspection.\"\n  _SET_BY=introspection\nfi\nprintf \"%s\" \"${_SET_BY}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type-set-by\"\n\nif [[ \"${_SET_BY}\" == \"parameter\" ]]; then\n  # short circuit if the artifact type was set via parameter.\n  echo \"Skipping introspection because the artifact-type parameter is explicitly set to \\\"${PARAM_ARTIFACT_TYPE}\\\".\"\n  printf \"%s\" \"${PARAM_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\n  exit 0\nfi\n\n# If the image URL points to a manifest list (a multi-arch image), check the labels on any of the child\n# images (don't fail in the case where the list does not include an image for the arch of the system\n# where this pipeline is running).\n\ndeclare -a _SKOPEO_INSPECT_ARGS\n\nskopeo_retries=3\n\necho \"Checking the media type of the OCI artifact...\"\nif ! _RAW_IMAGE_MANIFEST=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\")\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n_IMAGE_MEDIA_TYPE=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.mediaType')\necho \"The media type of the OCI artifact is ${_IMAGE_MEDIA_TYPE}.\"\n\nif [[ \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.docker.distribution.manifest.list.v2+json\" || \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.oci.image.index.v1+json\" ]]; then\n  _CURRENT_ARCH=$(uname -m)\n  _CURRENT_OS=$(uname -s | tr '[:upper:]' '[:lower:]')\n\n  # The archs returned by uname are not always the same as the archs used by OCI manifests, so we need\n  # to map them.\n  case ${_CURRENT_ARCH} in\n    \"aarch64\")\n      _CURRENT_ARCH=\"arm64\"\n      ;;\n    \"x86_64\")\n      _CURRENT_ARCH=\"amd64\"\n      ;;\n    *)\n      ;;\n  esac\n\n  # If the manifest list contains an image for the current OS and architecture, prefer to test that.\n  _MATCHING_IMAGE_COUNT=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r \"[.manifests[] | select(.platform.os == \\\"${_CURRENT_OS}\\\" and .platform.architecture == \\\"${_CURRENT_ARCH}\\\")] | length\")\n  if [[ \"${_MATCHING_IMAGE_COUNT}\" -gt 0 ]]; then\n    echo \"Found an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}).\"\n  else\n    # If there is no image for the current OS and architecture, just use the first one in the list.\n    _INSPECT_OVERRIDE_IMAGE_OS=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.os')\n    _INSPECT_OVERRIDE_IMAGE_ARCH=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.architecture')\n    _SKOPEO_INSPECT_ARGS+=(\"--override-os=${_INSPECT_OVERRIDE_IMAGE_OS}\")\n    _SKOPEO_INSPECT_ARGS+=(\"--override-arch=${_INSPECT_OVERRIDE_IMAGE_ARCH}\")\n\n    echo \"Could not find an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}), inspecting the image for ${_INSPECT_OVERRIDE_IMAGE_OS}/${_INSPECT_OVERRIDE_IMAGE_ARCH} instead.\"\n  fi\nfi\n\n# Introspect based on minimum count of operator-framework related bundle labels.\necho \"Looking for image labels that indicate this might be an operator bundle...\"\n\n# We purposely do not quote the array elements here, so that they are expanded by the shell as separate args.\n# shellcheck disable=SC2068\nif ! retry skopeo inspect --retry-times \"$skopeo_retries\" ${_SKOPEO_INSPECT_ARGS[@]} \"docker://${PARAM_IMAGE_URL}\" \\\n  | jq '.Labels | keys | .[]' -r \\\n  | { grep operators.operatorframework.io.bundle || true ;} \\\n  | tee /tmp/ecosystem-image-labels\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n\n_OPFW_LABEL_COUNT=$(grep -c operators.operatorframework.io.bundle /tmp/ecosystem-image-labels || true)\n_MIN_LABELS=3\n\necho \"Found ${_OPFW_LABEL_COUNT} matching labels.\"\necho \"Expecting ${_MIN_LABELS} or more to identify this image as an operator bundle.\"\n\n# If the image has several labels, assume it is an operator\n_ARTIFACT_TYPE=application\n(( _OPFW_LABEL_COUNT \u003e= _MIN_LABELS )) \u0026\u0026 _ARTIFACT_TYPE=operatorbundle\n\nprintf \"%s\" \"${_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\necho \"Introspection concludes that this artifact is of type \\\"${_ARTIFACT_TYPE}\\\".\"\n"
                        },
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "generate-container-auth",
                            "results": [
                                {
                                    "description": "Path to auth.json",
                                    "name": "auth-json-path"
                                }
                            ],
                            "script": "_AUTH_JSON_PATH=\"/auth/auth.json\"\necho \"Selecting auth for $PARAM_IMAGE_URL\"\n# `select-oci-auth` here assumes the input credentials are at path ~/.docker/config.json\nselect-oci-auth \"$PARAM_IMAGE_URL\" \u003e \"${_AUTH_JSON_PATH}\"\n\nprintf \"%s\" \"${_AUTH_JSON_PATH}\" \u003e \"/tekton/steps/step-generate-container-auth/results/auth-json-path\"\necho \"Auth json written to \\\"${_AUTH_JSON_PATH}\\\".\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/auth",
                                    "name": "auth"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/redhat-appstudio/konflux-test:v1.4.31@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                            "name": "set-skip-for-bundles",
                            "results": [
                                {
                                    "description": "A skipped tekton result for bundles.",
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nNOTE=\"This ecosystem check is not executed for operatorbundles.\"\n\n# shellcheck source=/dev/null\n. /utils.sh # gives us the make_result_json helper used below.\n\n# Generate TEST_OUTPUT\n# We're skipping the test, but don't use status \"SKIPPED\" because\n# it produces unwanted Conforma violations\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"${NOTE}\")\n\nprintf \"%s\" \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-set-skip-for-bundles/results/test-output\" /bundle/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/bundle",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "operatorbundle"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PFLT_DOCKERCONFIG",
                                    "value": "$(steps.generate-container-auth.results.auth-json-path)"
                                },
                                {
                                    "name": "PFLT_KONFLUX",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                },
                                {
                                    "name": "PARAM_PLATFORM"
                                }
                            ],
                            "image": "quay.io/opdev/preflight:stable@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                            "name": "app-check",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nimage_url=\"${PARAM_IMAGE_URL}\"\nplatform=\"${PARAM_PLATFORM}\"\n\nif [ -n \"$platform\" ]; then\n  # Extract part after slash if present\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n\n  # Validate against supported arch list. If it's not a known arch, return an error result\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  /usr/local/bin/preflight check container \"$image_url\" --platform \"$arch\"\nelse\n  /usr/local/bin/preflight check container \"$image_url\"\nfi\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                },
                                {
                                    "mountPath": "/auth",
                                    "name": "auth",
                                    "readOnly": true
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "app-set-outcome",
                            "results": [
                                {
                                    "description": "The overall outcome of this task.",
                                    "name": "test-output"
                                },
                                {
                                    "description": "Processed image digests.",
                                    "name": "images-processed"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n# Declare Supported architectures\ndeclare -a SUPPORTED_ARCHES=(amd64 arm64 ppc64le s390x)\n\nskopeo_retries=3\n\n# Initialize result vars\nPFLT_PASS_COUNT=0\nPFLT_FAIL_COUNT=0\nPFLT_ERROR_COUNT=0\nPFLT_RESULT=\"SUCCESS\"\n\n# Loop over SUPPORTED_ARCHES and process results\nfor ARCH in \"${SUPPORTED_ARCHES[@]}\"\ndo\n    # Check if results directory exits\n    RESULT_JSON_PATH=/artifacts/${ARCH}/results.json\n    if ! [ -f \"${RESULT_JSON_PATH}\" ]; then\n        continue\n    fi\n    # Process results\n    if jq -e '.passed == false' \"${RESULT_JSON_PATH}\" \u003e /dev/null; then PFLT_RESULT=\"FAILURE\"; fi\n    PFLT_PASS_COUNT=$((PFLT_PASS_COUNT+$(jq -r '.results.passed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_FAIL_COUNT=$((PFLT_FAIL_COUNT+$(jq -r '.results.failed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_ERROR_COUNT=$((PFLT_ERROR_COUNT+$(jq -r '.results.errors | length' \"${RESULT_JSON_PATH}\")))\ndone\n\n# Mark as ERROR if no results were recorded, which can occur when an unsupported or malformed\n# architecture is parsed from the `platform` parameter.\nif [[ $PFLT_FAIL_COUNT -eq 0 ]] \u0026\u0026 [[ $PFLT_PASS_COUNT -eq 0 ]] ; then PFLT_RESULT=\"ERROR\" ; fi\n\nif [[ $PFLT_ERROR_COUNT -gt 0 ]]; then PFLT_RESULT=\"ERROR\" ; fi\nPFLT_NOTE=\"Task preflight is a ${PFLT_RESULT}: Refer to Tekton task logs for more information\"\n\n# Generate TEST_OUTPUT\nTEST_OUTPUT=$(jq -rce \\\n--arg date \"$(date +%s)\" \\\n--arg note \"${PFLT_NOTE}\" \\\n--arg result \"${PFLT_RESULT}\" \\\n--arg successes \"${PFLT_PASS_COUNT}\" \\\n--arg failures \"${PFLT_FAIL_COUNT}\" \\\n--arg warnings \"0\" \\\n--null-input \\\n'{  result: $result,\n    timestamp: $date,\n    note: $note,\n    successes: $successes|tonumber,\n    failures: $failures|tonumber,\n    warnings: $warnings|tonumber\n}')\necho -n \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-app-set-outcome/results/test-output\" /artifacts/konflux.results.json\n\n# Generate IMAGES_PROCESSED\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$PARAM_IMAGE_URL\"'\", \"digests\": [%s]}}'\ndeclare -a digests_processed=()\n\n# Extract processed image digests from \"/artifacts/$arch/cert-image.json\"\nwhile read -r cert_image_file; do\n  docker_image_digest=$(jq -r '.docker_image_digest' \"$cert_image_file\")\n  if [[ -n \"$docker_image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$docker_image_digest\\\" \"* ]]; then\n    digests_processed+=(\"\\\"$docker_image_digest\\\"\")\n  fi\ndone \u003c \u003c(find /artifacts -type f -name \"cert-image.json\")\n\nimage_digest=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\" | sha256sum | awk '{print \"sha256:\" $1}')\nif [[ -n \"$image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$image_digest\\\" \"* ]]; then\n  digests_processed+=(\"\\\"$image_digest\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\nfinal_output=\"${images_processed_template/\\[%s]/[$digests_processed_string]}\"\necho -n \"${final_output}\" \u003e \"/tekton/steps/step-app-set-outcome/results/images-processed\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "final-outcome",
                            "results": [
                                {
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\nset -o xtrace\n\nif [[ ! -f /mount/konflux.results.json ]]; then\n  printf \"Unable to populate the right test log output because the artifact's type is not recorded correctly. Please file a bug.\" | tee \"/tekton/steps/step-final-outcome/results/test-output\"\n  exit 91\nfi\n\ntee \"/tekton/steps/step-final-outcome/results/test-output\" \u003c /mount/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mount",
                                    "name": "pfltoutputdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "pfltoutputdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "auth"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/f1f89011-2e43-418c-b6be-bb77ff7e6e84",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:06:09Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "ecosystem-cert-preflight-checks",
                    "tekton.dev/task": "ecosystem-cert-preflight-checks",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-test-integration-clone-7a64241e2fedc8d28e78bdd84172f8a1",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "27287",
                "uid": "f1f89011-2e43-418c-b6be-bb77ff7e6e84"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "ecosystem-cert-preflight-checks"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:56Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:56Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-integration-cla84573761413a76e0d997d28eecbd2d5-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        "entryPoint": "ecosystem-cert-preflight-checks",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks"
                    }
                },
                "results": [
                    {
                        "name": "ARTIFACT_TYPE",
                        "type": "string",
                        "value": "application"
                    },
                    {
                        "name": "ARTIFACT_TYPE_SET_BY",
                        "type": "string",
                        "value": "introspection"
                    },
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\", \"digests\": [\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\"]}}"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922014\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T16:06:09Z",
                "steps": [
                    {
                        "container": "step-introspect",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "introspect",
                        "provenance": {},
                        "results": [
                            {
                                "name": "artifact-type",
                                "type": "string",
                                "value": "application"
                            },
                            {
                                "name": "artifact-type-set-by",
                                "type": "string",
                                "value": "introspection"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://198d9a29bd3fa75db95df4a5b1e0ac5a3de66764fe28c736dce5251fed07c11a",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:25Z",
                            "message": "[{\"key\":\"artifact-type\",\"value\":\"application\",\"type\":4},{\"key\":\"artifact-type-set-by\",\"value\":\"introspection\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:23Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-generate-container-auth",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "generate-container-auth",
                        "provenance": {},
                        "results": [
                            {
                                "name": "auth-json-path",
                                "type": "string",
                                "value": "/auth/auth.json"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://65f25f89927060fef0c4b679a3b1d1037644f9b4ce884987e8c7b45397e772f8",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:25Z",
                            "message": "[{\"key\":\"auth-json-path\",\"value\":\"/auth/auth.json\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:25Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-set-skip-for-bundles",
                        "imageID": "quay.io/redhat-appstudio/konflux-test@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                        "name": "set-skip-for-bundles",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://b30f18e09ee29f30c7f976d4ecadaae028ab77894eb635ab96f5b560271006b1",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:26Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:26Z"
                        },
                        "terminationReason": "Skipped"
                    },
                    {
                        "container": "step-app-check",
                        "imageID": "quay.io/opdev/preflight@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                        "name": "app-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://5be9345f7fa5fc78cfb06c916808be92f1d511693d533740672a80b4c4b71295",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:54Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:26Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-app-set-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "app-set-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "images-processed",
                                "type": "string",
                                "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\", \"digests\": [\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\"]}}"
                            },
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922014\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://8dafb573bfc2fef81104626646304c18fe78e0a2d24c0594b1d5f1b04ff86309",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:55Z",
                            "message": "[{\"key\":\"images-processed\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776\\\", \\\"digests\\\": [\\\"sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8\\\"]}}\",\"type\":4},{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782922014\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:54Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-final-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "final-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922014\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://892bf28d2c596fe29329c44363acd943b5949fc4b5a62d658d8f22434a5b9a89",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:55Z",
                            "message": "[{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782922014\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:55Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for certification readiness. Note that running this against an operatorbundle will result in a skip, as bundle validation is not executed through this task.",
                    "params": [
                        {
                            "description": "Image url to scan.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "introspect",
                            "description": "The type of artifact. Select from application, operatorbundle, or introspect.",
                            "name": "artifact-type",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform the image is built on.",
                            "name": "platform",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Ecosystem checks pass or fail outcome.",
                            "name": "TEST_OUTPUT",
                            "type": "string",
                            "value": "$(steps.final-outcome.results.test-output)"
                        },
                        {
                            "description": "The artifact type, either introspected or set.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type)"
                        },
                        {
                            "description": "How the artifact type was set.",
                            "name": "ARTIFACT_TYPE_SET_BY",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type-set-by)"
                        },
                        {
                            "description": "Collected image digests",
                            "name": "IMAGES_PROCESSED",
                            "type": "string",
                            "value": "$(steps.app-set-outcome.results.images-processed)"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_ARTIFACT_TYPE",
                                    "value": "introspect"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "introspect",
                            "results": [
                                {
                                    "description": "The type of artifact this task is considering.",
                                    "name": "artifact-type"
                                },
                                {
                                    "description": "The process that sets the artifact type. Informational.\nValues from: introspection, parameter.\n",
                                    "name": "artifact-type-set-by"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n_SET_BY=parameter\n# If the parameter is invalid, we'll introspect\nif [[ \"${PARAM_ARTIFACT_TYPE}\" != \"application\" ]] \u0026\u0026 [[ \"${PARAM_ARTIFACT_TYPE}\" != \"operatorbundle\" ]]; then\n  echo \"Artifact type will be determined by introspection.\"\n  _SET_BY=introspection\nfi\nprintf \"%s\" \"${_SET_BY}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type-set-by\"\n\nif [[ \"${_SET_BY}\" == \"parameter\" ]]; then\n  # short circuit if the artifact type was set via parameter.\n  echo \"Skipping introspection because the artifact-type parameter is explicitly set to \\\"${PARAM_ARTIFACT_TYPE}\\\".\"\n  printf \"%s\" \"${PARAM_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\n  exit 0\nfi\n\n# If the image URL points to a manifest list (a multi-arch image), check the labels on any of the child\n# images (don't fail in the case where the list does not include an image for the arch of the system\n# where this pipeline is running).\n\ndeclare -a _SKOPEO_INSPECT_ARGS\n\nskopeo_retries=3\n\necho \"Checking the media type of the OCI artifact...\"\nif ! _RAW_IMAGE_MANIFEST=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\")\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n_IMAGE_MEDIA_TYPE=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.mediaType')\necho \"The media type of the OCI artifact is ${_IMAGE_MEDIA_TYPE}.\"\n\nif [[ \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.docker.distribution.manifest.list.v2+json\" || \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.oci.image.index.v1+json\" ]]; then\n  _CURRENT_ARCH=$(uname -m)\n  _CURRENT_OS=$(uname -s | tr '[:upper:]' '[:lower:]')\n\n  # The archs returned by uname are not always the same as the archs used by OCI manifests, so we need\n  # to map them.\n  case ${_CURRENT_ARCH} in\n    \"aarch64\")\n      _CURRENT_ARCH=\"arm64\"\n      ;;\n    \"x86_64\")\n      _CURRENT_ARCH=\"amd64\"\n      ;;\n    *)\n      ;;\n  esac\n\n  # If the manifest list contains an image for the current OS and architecture, prefer to test that.\n  _MATCHING_IMAGE_COUNT=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r \"[.manifests[] | select(.platform.os == \\\"${_CURRENT_OS}\\\" and .platform.architecture == \\\"${_CURRENT_ARCH}\\\")] | length\")\n  if [[ \"${_MATCHING_IMAGE_COUNT}\" -gt 0 ]]; then\n    echo \"Found an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}).\"\n  else\n    # If there is no image for the current OS and architecture, just use the first one in the list.\n    _INSPECT_OVERRIDE_IMAGE_OS=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.os')\n    _INSPECT_OVERRIDE_IMAGE_ARCH=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.architecture')\n    _SKOPEO_INSPECT_ARGS+=(\"--override-os=${_INSPECT_OVERRIDE_IMAGE_OS}\")\n    _SKOPEO_INSPECT_ARGS+=(\"--override-arch=${_INSPECT_OVERRIDE_IMAGE_ARCH}\")\n\n    echo \"Could not find an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}), inspecting the image for ${_INSPECT_OVERRIDE_IMAGE_OS}/${_INSPECT_OVERRIDE_IMAGE_ARCH} instead.\"\n  fi\nfi\n\n# Introspect based on minimum count of operator-framework related bundle labels.\necho \"Looking for image labels that indicate this might be an operator bundle...\"\n\n# We purposely do not quote the array elements here, so that they are expanded by the shell as separate args.\n# shellcheck disable=SC2068\nif ! retry skopeo inspect --retry-times \"$skopeo_retries\" ${_SKOPEO_INSPECT_ARGS[@]} \"docker://${PARAM_IMAGE_URL}\" \\\n  | jq '.Labels | keys | .[]' -r \\\n  | { grep operators.operatorframework.io.bundle || true ;} \\\n  | tee /tmp/ecosystem-image-labels\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n\n_OPFW_LABEL_COUNT=$(grep -c operators.operatorframework.io.bundle /tmp/ecosystem-image-labels || true)\n_MIN_LABELS=3\n\necho \"Found ${_OPFW_LABEL_COUNT} matching labels.\"\necho \"Expecting ${_MIN_LABELS} or more to identify this image as an operator bundle.\"\n\n# If the image has several labels, assume it is an operator\n_ARTIFACT_TYPE=application\n(( _OPFW_LABEL_COUNT \u003e= _MIN_LABELS )) \u0026\u0026 _ARTIFACT_TYPE=operatorbundle\n\nprintf \"%s\" \"${_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\necho \"Introspection concludes that this artifact is of type \\\"${_ARTIFACT_TYPE}\\\".\"\n"
                        },
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "generate-container-auth",
                            "results": [
                                {
                                    "description": "Path to auth.json",
                                    "name": "auth-json-path"
                                }
                            ],
                            "script": "_AUTH_JSON_PATH=\"/auth/auth.json\"\necho \"Selecting auth for $PARAM_IMAGE_URL\"\n# `select-oci-auth` here assumes the input credentials are at path ~/.docker/config.json\nselect-oci-auth \"$PARAM_IMAGE_URL\" \u003e \"${_AUTH_JSON_PATH}\"\n\nprintf \"%s\" \"${_AUTH_JSON_PATH}\" \u003e \"/tekton/steps/step-generate-container-auth/results/auth-json-path\"\necho \"Auth json written to \\\"${_AUTH_JSON_PATH}\\\".\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/auth",
                                    "name": "auth"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/redhat-appstudio/konflux-test:v1.4.31@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                            "name": "set-skip-for-bundles",
                            "results": [
                                {
                                    "description": "A skipped tekton result for bundles.",
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nNOTE=\"This ecosystem check is not executed for operatorbundles.\"\n\n# shellcheck source=/dev/null\n. /utils.sh # gives us the make_result_json helper used below.\n\n# Generate TEST_OUTPUT\n# We're skipping the test, but don't use status \"SKIPPED\" because\n# it produces unwanted Conforma violations\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"${NOTE}\")\n\nprintf \"%s\" \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-set-skip-for-bundles/results/test-output\" /bundle/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/bundle",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "operatorbundle"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PFLT_DOCKERCONFIG",
                                    "value": "$(steps.generate-container-auth.results.auth-json-path)"
                                },
                                {
                                    "name": "PFLT_KONFLUX",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                },
                                {
                                    "name": "PARAM_PLATFORM"
                                }
                            ],
                            "image": "quay.io/opdev/preflight:stable@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                            "name": "app-check",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nimage_url=\"${PARAM_IMAGE_URL}\"\nplatform=\"${PARAM_PLATFORM}\"\n\nif [ -n \"$platform\" ]; then\n  # Extract part after slash if present\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n\n  # Validate against supported arch list. If it's not a known arch, return an error result\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  /usr/local/bin/preflight check container \"$image_url\" --platform \"$arch\"\nelse\n  /usr/local/bin/preflight check container \"$image_url\"\nfi\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                },
                                {
                                    "mountPath": "/auth",
                                    "name": "auth",
                                    "readOnly": true
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "app-set-outcome",
                            "results": [
                                {
                                    "description": "The overall outcome of this task.",
                                    "name": "test-output"
                                },
                                {
                                    "description": "Processed image digests.",
                                    "name": "images-processed"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n# Declare Supported architectures\ndeclare -a SUPPORTED_ARCHES=(amd64 arm64 ppc64le s390x)\n\nskopeo_retries=3\n\n# Initialize result vars\nPFLT_PASS_COUNT=0\nPFLT_FAIL_COUNT=0\nPFLT_ERROR_COUNT=0\nPFLT_RESULT=\"SUCCESS\"\n\n# Loop over SUPPORTED_ARCHES and process results\nfor ARCH in \"${SUPPORTED_ARCHES[@]}\"\ndo\n    # Check if results directory exits\n    RESULT_JSON_PATH=/artifacts/${ARCH}/results.json\n    if ! [ -f \"${RESULT_JSON_PATH}\" ]; then\n        continue\n    fi\n    # Process results\n    if jq -e '.passed == false' \"${RESULT_JSON_PATH}\" \u003e /dev/null; then PFLT_RESULT=\"FAILURE\"; fi\n    PFLT_PASS_COUNT=$((PFLT_PASS_COUNT+$(jq -r '.results.passed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_FAIL_COUNT=$((PFLT_FAIL_COUNT+$(jq -r '.results.failed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_ERROR_COUNT=$((PFLT_ERROR_COUNT+$(jq -r '.results.errors | length' \"${RESULT_JSON_PATH}\")))\ndone\n\n# Mark as ERROR if no results were recorded, which can occur when an unsupported or malformed\n# architecture is parsed from the `platform` parameter.\nif [[ $PFLT_FAIL_COUNT -eq 0 ]] \u0026\u0026 [[ $PFLT_PASS_COUNT -eq 0 ]] ; then PFLT_RESULT=\"ERROR\" ; fi\n\nif [[ $PFLT_ERROR_COUNT -gt 0 ]]; then PFLT_RESULT=\"ERROR\" ; fi\nPFLT_NOTE=\"Task preflight is a ${PFLT_RESULT}: Refer to Tekton task logs for more information\"\n\n# Generate TEST_OUTPUT\nTEST_OUTPUT=$(jq -rce \\\n--arg date \"$(date +%s)\" \\\n--arg note \"${PFLT_NOTE}\" \\\n--arg result \"${PFLT_RESULT}\" \\\n--arg successes \"${PFLT_PASS_COUNT}\" \\\n--arg failures \"${PFLT_FAIL_COUNT}\" \\\n--arg warnings \"0\" \\\n--null-input \\\n'{  result: $result,\n    timestamp: $date,\n    note: $note,\n    successes: $successes|tonumber,\n    failures: $failures|tonumber,\n    warnings: $warnings|tonumber\n}')\necho -n \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-app-set-outcome/results/test-output\" /artifacts/konflux.results.json\n\n# Generate IMAGES_PROCESSED\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$PARAM_IMAGE_URL\"'\", \"digests\": [%s]}}'\ndeclare -a digests_processed=()\n\n# Extract processed image digests from \"/artifacts/$arch/cert-image.json\"\nwhile read -r cert_image_file; do\n  docker_image_digest=$(jq -r '.docker_image_digest' \"$cert_image_file\")\n  if [[ -n \"$docker_image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$docker_image_digest\\\" \"* ]]; then\n    digests_processed+=(\"\\\"$docker_image_digest\\\"\")\n  fi\ndone \u003c \u003c(find /artifacts -type f -name \"cert-image.json\")\n\nimage_digest=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\" | sha256sum | awk '{print \"sha256:\" $1}')\nif [[ -n \"$image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$image_digest\\\" \"* ]]; then\n  digests_processed+=(\"\\\"$image_digest\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\nfinal_output=\"${images_processed_template/\\[%s]/[$digests_processed_string]}\"\necho -n \"${final_output}\" \u003e \"/tekton/steps/step-app-set-outcome/results/images-processed\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "final-outcome",
                            "results": [
                                {
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\nset -o xtrace\n\nif [[ ! -f /mount/konflux.results.json ]]; then\n  printf \"Unable to populate the right test log output because the artifact's type is not recorded correctly. Please file a bug.\" | tee \"/tekton/steps/step-final-outcome/results/test-output\"\n  exit 91\nfi\n\ntee \"/tekton/steps/step-final-outcome/results/test-output\" \u003c /mount/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mount",
                                    "name": "pfltoutputdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "pfltoutputdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "auth"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/ec47d6e5-bfca-45d2-92f8-952f9bc93436",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "virus, konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:11:58Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "clamav-scan",
                    "tekton.dev/task": "clamav-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-test-integrcb41c92e238803de427bde3c966a36ad-clamav-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "34132",
                "uid": "ec47d6e5-bfca-45d2-92f8-952f9bc93436"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clamav-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:12:57Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:12:57Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test-integrcb41c92ed7ffdd0f8bf0ba9be2f51ea5d05e5343-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        "entryPoint": "clamav-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\", \"digests\": [\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"timestamp\":\"1782922372\",\"namespace\":\"required_checks\",\"successes\":2,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\",\"note\":\"All checks passed successfully\"}\n"
                    }
                ],
                "startTime": "2026-07-01T16:11:58Z",
                "steps": [
                    {
                        "container": "step-extract-and-scan-image",
                        "imageID": "quay.io/konflux-ci/clamav-db@sha256:2da6c1a37fef998b68b675505fb654b1123e3cd889c190c59b4527d11621e8fc",
                        "name": "extract-and-scan-image",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://09964a0ba58417c25e4fa18e79c560992804d4022b3866c6fd63b727e390a29b",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:52Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\\\", \\\"digests\\\": [\\\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782922372\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:11Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://c75cfe864eab749045c67da99d31ab393b972bac7eb53697b38f3f8857f3a7cc",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:56Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\\\", \\\"digests\\\": [\\\"sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782922372\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:53Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans the content of container images and OCI artifacts for viruses, malware, and other malicious content using ClamAV antivirus scanner.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image arch.",
                            "name": "image-arch",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "8",
                            "description": "Maximum number of threads clamd runs.",
                            "name": "clamd-max-threads",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-upload",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                },
                                "requests": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/work"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                                },
                                {
                                    "name": "IMAGE_ARCH"
                                },
                                {
                                    "name": "MAX_THREADS",
                                    "value": "8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clamav-db:latest",
                            "name": "extract-and-scan-image",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Start clamd in background\n/start-clamd.sh\n\n# Bootstrap .docker config in overridden HOME.\n# This prevents 'oc' CLI failures in clean environments where ~/.docker does not exist.\nif [ ! -d ~/.docker ]; then\n    mkdir -p ~/.docker\n    echo '{}' \u003e ~/.docker/config.json\nfi\n\nimagewithouttag=$(echo $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\" | tr -d '\\n')\n\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\n\n# check if image is attestation one, skip the clamav scan in such case\nif [[ $imageanddigest == *.att ]]\nthen\n    echo \"$imageanddigest is an attestation image. Skipping ClamAV scan.\"\n    exit 0\nfi\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\nmkdir logs\nmkdir content\ncd content\necho \"Detecting artifact type for ${imageanddigest}.\"\necho '{\"artifact\":{\"pullspec\":\"'\"${imageanddigest}\"'\",\"type\":\"unknown\",\"mediaType\":\"\"}}' \u003e /work/logs/artifact-meta.json\n\n# Function to scan content and process results with ClamAV and EC\n# Parameters:\n#   $1: destination - path to the content to scan\n#   $2: suffix - suffix for log file names (e.g., \"oci\", \"amd64\")\n#   $3: digest - digest to add to digests_processed array\n#   $4: scan_message - optional message describing what is being scanned\nscan_and_process() {\n  local destination=\"$1\"\n  local suffix=\"$2\"\n  local digest=\"$3\"\n  local scan_message=\"${4:-Scanning content}\"\n\n  db_version=$(clamdscan --version | sed 's|.*/\\(.*\\)/.*|\\1|')\n\n  echo \"$scan_message. This operation may take a while.\"\n  clamdscan \"${destination}\" -vi --multiscan --fdpass \\\n    | tee \"/work/logs/clamscan-result-${suffix}.log\" || true\n\n  echo \"Executed-on: Scan was executed on clamsdcan version - $(clamdscan --version) Database version: $db_version\" | tee -a \"/work/logs/clamscan-result-${suffix}.log\"\n\n  digests_processed+=(\"\\\"$digest\\\"\")\n\n  if [[ -e \"/work/logs/clamscan-result-${suffix}.log\" ]]; then\n    # OPA/EC requires structured data input, add clamAV log into json\n    jq -Rs '{ output: . }' \"/work/logs/clamscan-result-${suffix}.log\" \u003e \"/work/logs/clamscan-result-log-${suffix}.json\"\n\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o json \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" || true\n\n    # workaround: due to a bug in ec-cli, we cannot generate json and appstudio output at the same time, running it again\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o appstudio \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" | tee \"/work/logs/clamscan-ec-test-${suffix}.json\" || true\n\n    cat \"/work/logs/clamscan-ec-test-${suffix}.json\"\n  fi\n}\n\n# Detect artifact type: container image vs OCI artifact\n# First, try to get image manifests (works for container images)\n# Use subshell to prevent get_image_manifests() from exiting the main script if it fails\n# (get_image_manifests uses exit 1 when Architecture field is missing, which happens for OCI artifacts)\nimage_manifests=$(bash -c '. /utils.sh; get_image_manifests -i \"'\"${imageanddigest}\"'\"' 2\u003e/dev/null || echo \"\")\n\n# If get_image_manifests failed, check if it's an OCI artifact by inspecting manifest media type\nif [ -z \"$image_manifests\" ]; then\n  echo \"get_image_manifests returned empty, checking if this is an OCI artifact...\"\n  raw_manifest=$(skopeo inspect --raw --authfile ~/.docker/config.json \"docker://${imageanddigest}\" 2\u003e/dev/null || true)\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"inspected\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n\n  if [ -n \"$raw_manifest\" ]; then\n    media_type=$(echo \"$raw_manifest\" | jq -r '.mediaType // .config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n    artifact_type=$(echo \"$raw_manifest\" | jq -r '.artifactType // empty' 2\u003e/dev/null || echo \"\")\n    config_media_type=$(echo \"$raw_manifest\" | jq -r '.config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n\n    # Determine if this is an OCI artifact (not a container image)\n    # OCI artifacts typically have:\n    # - An empty/scratch config (config.mediaType contains \"empty\" or \"scratch\")\n    # - An explicit artifactType field that is not a container image type\n    is_oci_artifact=false\n\n    # Check if config is empty/scratch (typical for OCI artifacts like python wheels, helm charts, etc.)\n    if echo \"$config_media_type\" | grep -qiE \"(empty|scratch)\"; then\n      is_oci_artifact=true\n    fi\n\n    # Check if artifactType is set and is not a container image type\n    if [ -n \"$artifact_type\" ] \u0026\u0026 ! echo \"$artifact_type\" | grep -qE \"application/vnd\\.(oci|docker)\\.(image|container)\"; then\n      is_oci_artifact=true\n    fi\n\n    if [ \"$is_oci_artifact\" = true ]; then\n      # This is an OCI artifact (e.g., python wheels, helm charts, etc.)\n      echo \"Detected OCI artifact (artifactType: ${artifact_type:-unset}, config.mediaType: ${config_media_type:-unset}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.artifactType = '\"\\\"${artifact_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    elif echo \"$media_type\" | grep -qE \"(application/vnd\\.(docker|oci)\\.(distribution|image)\\.manifest|application/vnd\\.docker\\.distribution\\.manifest)\"; then\n      # This looks like a container image manifest, but get_image_manifests failed\n      echo \"Detected container image manifest type: $media_type, but get_image_manifests failed. This may indicate an error.\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"$media_type\\\"\"' | .artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      note=\"Task clamav-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n      ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n      echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n      exit 0\n    else\n      # Likely an OCI artifact with non-standard media type\n      echo \"Detected OCI artifact (media type: ${media_type:-unknown}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    fi\n  else\n    echo \"Failed to inspect artifact \\\"$imageanddigest\\\". Unable to determine type.\"\n    note=\"Task clamav-scan failed: Failed to inspect artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 0\n  fi\nfi\n\n# Process container images (existing logic)\nif [ -n \"$image_manifests\" ]; then\n  echo \"Detected container image. Processing image manifests.\"\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n  # Proceed only if a specific arch is provided.\n  # This typically occurs when using Tekton Matrix to launch multiple TaskRuns to scan all architectures of a multi-arch image in parallel.\n  if [ -n \"$IMAGE_ARCH\" ]; then\n    arch=\"${IMAGE_ARCH#*/}\"\n    if [ \"${arch}\" = \"x86_64\" ]; then\n      arch=\"amd64\"\n    fi\n\n    # Check if arch is supported; if not (e.g., it's 'local', see link below), default to amd64.\n    # https://github.com/redhat-appstudio/infra-deployments/blob/main/components/multi-platform-controller/production/stone-prd-rh01/host-config.yaml#L9-L14\n    case \"$arch\" in\n      amd64|ppc64le|arm64|s390x)\n        ;;\n      *)\n        arch=\"amd64\"\n        ;;\n    esac\n\n    image_manifests=$(echo \"$image_manifests\" | jq -c --arg arch \"$arch\" '{($arch): .[$arch]}')\n  fi\n\n  while read -r arch arch_sha; do\n    destination=$(echo content-$arch)\n    mkdir -p \"$destination\"\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    echo \"Running \\\"oc image extract\\\" on image of arch $arch\"\n    retry oc image extract --only-files=true --registry-config ~/.docker/config.json \"$arch_imageanddigest\" --path=\"/:${destination}\" --filter-by-os=\"linux/${arch}\"\n    if [ $? -ne 0 ]; then\n      echo \"Unable to extract image for arch $arch. Skipping ClamAV scan!\"\n      exit 0\n    fi\n\n    # Scan and process container image for this architecture\n    scan_and_process \"${destination}\" \"$arch\" \"$arch_sha\" \"Scanning image for arch $arch\"\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nfi\n\njq -s -rce '\n  reduce .[] as $item ({\"timestamp\":\"0\",\"namespace\":\"\",\"successes\":0,\"failures\":0,\"warnings\":0,\"result\":\"\",\"note\":\"\"};\n    {\n    \"timestamp\" : (if .timestamp \u003c $item.timestamp then $item.timestamp else .timestamp end),\n    \"namespace\" : $item.namespace,\n    \"successes\" : (.successes + $item.successes),\n    \"failures\" : (.failures + $item.failures),\n    \"warnings\" : (.warnings + $item.warnings),\n    \"result\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.result else .result end),\n    \"note\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.note else .note end)\n    })' /work/logs/clamscan-ec-test-*.json | tee /tekton/results/TEST_OUTPUT\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_UPLOAD",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\n# Skip upload if requested e.g. read-only CI tests where push access is denied\nif [ \"$SKIP_UPLOAD\" == \"true\" ]; then\n  echo \"Upload skipped by parameter.\"\n  exit 0\nfi\n\n# Don't return a glob expression when no matches are found\nshopt -s nullglob\n\ncd logs\n\nfor UPLOAD_FILE in clamscan-result*.log; do\n  MEDIA_TYPE=text/vnd.clamav\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\nfor UPLOAD_FILE in clamscan-ec-test*.json; do\n  MEDIA_TYPE=application/vnd.konflux.test_output+json\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\n\nif [ -z \"${args}\" ]; then\n  echo \"No files found. Skipping upload.\"\n  exit 0;\nfi\n\necho \"Selecting auth\"\nselect-oci-auth $IMAGE_URL \u003e $HOME/auth.json\necho \"Attaching to ${IMAGE_URL}\"\n retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type application/vnd.clamav \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${args[@]}\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "dbfolder"
                        },
                        {
                            "emptyDir": {},
                            "name": "work"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/commit_sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "build.appstudio.redhat.com/pull_request_number": "9600",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-be96994577",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-hdtybp",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440/records/07675be1-12eb-4a7c-bb68-23e5f7d07382",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"dd629d1b8d1861c8cc91d4d74033bef4f7f24776\",\"eventType\":\"pull_request\",\"pull_request-id\":9600}",
                    "results.tekton.dev/result": "group-7d3v/results/89872227-265b-4078-b7af-6e23d736d440",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-konflux-test-integration-clone-ssamjs",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:06:09Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84579769616",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9600",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "dd629d1b8d1861c8cc91d4d74033bef4f7f24776",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                    "tekton.dev/pipelineRunUID": "89872227-265b-4078-b7af-6e23d736d440",
                    "tekton.dev/pipelineTask": "sast-unicode-check",
                    "tekton.dev/task": "sast-unicode-check",
                    "test.appstudio.openshift.io/pr-group-sha": "7424e41ae0977e3be9214701a18ece81265f4b89fc07896d5babc4f57a6df5"
                },
                "name": "konflux-test8fa3206a5d329de43c1482b7d03ba7aa-sast-unicode-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-gf2m8",
                        "uid": "89872227-265b-4078-b7af-6e23d736d440"
                    }
                ],
                "resourceVersion": "25918",
                "uid": "07675be1-12eb-4a7c-bb68-23e5f7d07382"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-unicode-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.4@sha256:d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-129b97e6ab"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:27Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:27Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-test8fa3206a5d329de2b59081f2d39c9116f820e8361ad07c2-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        "entryPoint": "sast-unicode-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:06:24+00:00\",\"note\":\"Task sast-unicode-check success: No finding was detected\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:11Z",
                "steps": [
                    {
                        "container": "step-sast-unicode-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-unicode-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://1df604eb31374ce80c7806dc21a20449cced49b1e86719807bed139771db9dce",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:24Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:24+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:23Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://6e5583f9c86171fbea52d92e450db323ee7256f2ed9d94180a6cb7f6f625982b",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:27Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:24+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:25Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for non-printable unicode characters in all text files.",
                    "params": [
                        {
                            "description": "Image digest used for ORAS upload.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL used for ORAS upload.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "-p bidi -v -d -t",
                            "description": "arguments for find-unicode-control command.",
                            "name": "FIND_UNICODE_CONTROL_ARGS",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (defaults to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "FIND_UNICODE_CONTROL_ARGS",
                                    "value": "-p bidi -v -d -t"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "SOURCE_CODE_DIR",
                                    "value": "/workspace/workspace"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-unicode-check",
                            "script": "#!/usr/bin/env bash\nset -exuo pipefail\n\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSCAN_PROP=\"https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58\"\nFUC_EXIT_CODE=0\n\n# shellcheck disable=SC2086\nLANG=en_US.utf8 find_unicode_control.py ${FIND_UNICODE_CONTROL_ARGS} \"${SOURCE_CODE_DIR}/source\" \\\n    \u003eraw_sast_unicode_check_out.txt \\\n    2\u003eraw_sast_unicode_check_out.log \\\n    || FUC_EXIT_CODE=$?\nif [[ \"${FUC_EXIT_CODE}\" -ne 0 ]] \u0026\u0026 [[ \"${FUC_EXIT_CODE}\" -ne 1 ]]; then\n    echo \"Failed to run find-unicode-control command\" \u003e\u00262\n    cat raw_sast_unicode_check_out.log\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Translate the output format\nif ! sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\\1: warning:\\2|' -e 's|^|Error: UNICONTROL_WARNING:\\n|'; then\n    echo \"Error: failed to translate the unicontrol output format\" \u003e\u00262\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Process all results as configured with CSGERP_OPTS\nCSGERP_OPTS=(\n    --mode=json\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"${SCAN_PROP}\"\n    --strip-path-prefix=\"${SOURCE_CODE_DIR}\"/source/\n)\n# In order to generate csdiff/v1, we need to add the whole path of the source code as\n# sast-unicode-check only provides an URI to embed the context\nif ! csgrep \"${CSGERP_OPTS[@]}\" raw_sast_unicode_check_out.txt \u003e processed_sast_unicode_check_out.json 2\u003e processed_sast_unicode_check_out.err; then\n    echo \"Error occurred while running csgrep with CSGERP_OPTS:\"\n    cat processed_sast_unicode_check_out.err\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\ncsgrep --mode=evtstat processed_sast_unicode_check_out.json\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\n# If KFP clone failed, use the unfiltered results\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # Build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    # Append --record-excluded option if RECORD_EXCLUDED is true\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" processed_sast_unicode_check_out.json \u003e sast_unicode_check_out.json 2\u003e sast_unicode_check_out.error\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n        mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\n    else\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\n# Generate sarif report\ncsgrep --mode=sarif sast_unicode_check_out.json \u003e sast_unicode_check_out.sarif\nif [[ \"${FUC_EXIT_CODE}\" -eq 0 ]]; then\n    note=\"Task sast-unicode-check success: No finding was detected\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelif [[ \"${FUC_EXIT_CODE}\" -eq 1 ]] \u0026\u0026 [[ ! -s  sast_unicode_check_out.sarif ]]; then\n    note=\"Task sast-unicode-check success: Some findings were detected, but filtered by known false positive\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n    echo \"sast-unicode-check test failed because of the following issues:\"\n    cat sast_unicode_check_out.json\n    TEST_OUTPUT=\n    parse_test_output \"sast-unicode-check\" sarif sast_unicode_check_out.sarif  || true\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-dd629d1b8d1861c8cc91d4d74033bef4f7f24776"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:2e800e32704e56e6b9a1c2dcd649aa4b9f39534667f18edf5c126aa63f55d1e8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url param provided. Skipping upload.'\n  exit 0;\nfi\n\nUPLOAD_FILES=\"sast_unicode_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n\n    if [ \"${UPLOAD_FILE}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone?rev=9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/commit_sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "build.appstudio.redhat.com/pull_request_number": "9601",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-66308ef01b",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-nubdop",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\"",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone/commit/9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration-clone",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466/records/8a7b352b-a44c-412a-abae-3189740d3bfb",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration-clone\",\"commit\":\"9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8\",\"eventType\":\"pull_request\",\"pull_request-id\":9601}",
                    "results.tekton.dev/result": "group-7d3v/results/95d34238-822e-4928-b423-a5859e0ad466",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:11:58Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "konflux-test-integration-clone-ssamjs",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580909161",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "konflux-test-integration-clone-ssamjs-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "9601",
                    "pipelinesascode.tekton.dev/repository": "konflux-test-integration-clone-ssamjs",
                    "pipelinesascode.tekton.dev/sha": "9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration-clone",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRun": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                    "tekton.dev/pipelineRunUID": "95d34238-822e-4928-b423-a5859e0ad466",
                    "tekton.dev/pipelineTask": "sast-unicode-check",
                    "tekton.dev/task": "sast-unicode-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "konflux-testcb41c92e238803de427bde3c966a36ad-sast-unicode-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp",
                        "uid": "95d34238-822e-4928-b423-a5859e0ad466"
                    }
                ],
                "resourceVersion": "31915",
                "uid": "8a7b352b-a44c-412a-abae-3189740d3bfb"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                    }
                ],
                "serviceAccountName": "build-pipeline-konflux-test-integration-clone-ssamjs",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-unicode-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.4@sha256:d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-7ebc9832aa"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:12:17Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:12:17Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "konflux-testcb41c92e238803d142f7957062614a8a04f2d4918257178-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        "entryPoint": "sast-unicode-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:12:14+00:00\",\"note\":\"Task sast-unicode-check success: No finding was detected\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:12:00Z",
                "steps": [
                    {
                        "container": "step-sast-unicode-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-unicode-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f10f374e1b19591c9f581a9c29a9f653d0e85e9232daff6025fcfce039334c2b",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:14Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:12:14+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:12Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://8c8a23607327cc6c0cff52ce30f2a8b1fa9b4729e41bcb766a431ea546b8604a",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:16Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:12:14+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:14Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for non-printable unicode characters in all text files.",
                    "params": [
                        {
                            "description": "Image digest used for ORAS upload.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL used for ORAS upload.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "-p bidi -v -d -t",
                            "description": "arguments for find-unicode-control command.",
                            "name": "FIND_UNICODE_CONTROL_ARGS",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (defaults to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "FIND_UNICODE_CONTROL_ARGS",
                                    "value": "-p bidi -v -d -t"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "SOURCE_CODE_DIR",
                                    "value": "/workspace/workspace"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-unicode-check",
                            "script": "#!/usr/bin/env bash\nset -exuo pipefail\n\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSCAN_PROP=\"https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58\"\nFUC_EXIT_CODE=0\n\n# shellcheck disable=SC2086\nLANG=en_US.utf8 find_unicode_control.py ${FIND_UNICODE_CONTROL_ARGS} \"${SOURCE_CODE_DIR}/source\" \\\n    \u003eraw_sast_unicode_check_out.txt \\\n    2\u003eraw_sast_unicode_check_out.log \\\n    || FUC_EXIT_CODE=$?\nif [[ \"${FUC_EXIT_CODE}\" -ne 0 ]] \u0026\u0026 [[ \"${FUC_EXIT_CODE}\" -ne 1 ]]; then\n    echo \"Failed to run find-unicode-control command\" \u003e\u00262\n    cat raw_sast_unicode_check_out.log\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Translate the output format\nif ! sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\\1: warning:\\2|' -e 's|^|Error: UNICONTROL_WARNING:\\n|'; then\n    echo \"Error: failed to translate the unicontrol output format\" \u003e\u00262\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Process all results as configured with CSGERP_OPTS\nCSGERP_OPTS=(\n    --mode=json\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"${SCAN_PROP}\"\n    --strip-path-prefix=\"${SOURCE_CODE_DIR}\"/source/\n)\n# In order to generate csdiff/v1, we need to add the whole path of the source code as\n# sast-unicode-check only provides an URI to embed the context\nif ! csgrep \"${CSGERP_OPTS[@]}\" raw_sast_unicode_check_out.txt \u003e processed_sast_unicode_check_out.json 2\u003e processed_sast_unicode_check_out.err; then\n    echo \"Error occurred while running csgrep with CSGERP_OPTS:\"\n    cat processed_sast_unicode_check_out.err\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\ncsgrep --mode=evtstat processed_sast_unicode_check_out.json\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\n# If KFP clone failed, use the unfiltered results\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # Build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    # Append --record-excluded option if RECORD_EXCLUDED is true\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" processed_sast_unicode_check_out.json \u003e sast_unicode_check_out.json 2\u003e sast_unicode_check_out.error\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n        mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\n    else\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\n# Generate sarif report\ncsgrep --mode=sarif sast_unicode_check_out.json \u003e sast_unicode_check_out.sarif\nif [[ \"${FUC_EXIT_CODE}\" -eq 0 ]]; then\n    note=\"Task sast-unicode-check success: No finding was detected\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelif [[ \"${FUC_EXIT_CODE}\" -eq 1 ]] \u0026\u0026 [[ ! -s  sast_unicode_check_out.sarif ]]; then\n    note=\"Task sast-unicode-check success: Some findings were detected, but filtered by known false positive\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n    echo \"sast-unicode-check test failed because of the following issues:\"\n    cat sast_unicode_check_out.json\n    TEST_OUTPUT=\n    parse_test_output \"sast-unicode-check\" sarif sast_unicode_check_out.sarif  || true\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/konflux-test-integration-clone-ssamjs:on-pr-9ebf211ec0432cc8da33f14967d1c1eb3a1b1bf8"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:da3928586c4ada69adff8b87d6066b7ce683122889eae073bc4efa8fb89ec127"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url param provided. Skipping upload.'\n  exit 0;\nfi\n\nUPLOAD_FILES=\"sast_unicode_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n\n    if [ \"${UPLOAD_FILE}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/133bcb0e-e603-4056-ac61-7cc3f0c75039",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:12:46Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "coverity-availability-check",
                    "tekton.dev/task": "coverity-availability-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "pyt3919dda34612d906191daa61e56f2190-coverity-availability-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "34913",
                "uid": "133bcb0e-e603-4056-ac61-7cc3f0c75039"
            },
            "spec": {
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "coverity-availability-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:13:55Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:13:55Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "pyt3919dda34612d906191daa616c84e336e62a0cb0b3889401b37b9f06-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        "entryPoint": "coverity-availability-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check"
                    }
                },
                "results": [
                    {
                        "name": "STATUS",
                        "type": "string",
                        "value": "failed"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"2026-07-01T16:13:19+00:00\",\"note\":\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\",\"namespace\":\"default\",\"successes\":0,\"failures\":1,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:12:49Z",
                "steps": [
                    {
                        "container": "step-coverity-availability-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "coverity-availability-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://379af4c55d4ed87b69c38e1a627482514c8c10e487da5462211d6921595540c7",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:13:19Z",
                            "message": "[{\"key\":\"STATUS\",\"value\":\"failed\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"2026-07-01T16:13:19+00:00\\\",\\\"note\\\":\\\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":1,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:13:19Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This task performs needed checks in order to use Coverity image in the pipeline. It will check for a Coverity license secret and an authentication secret for pulling the image.",
                    "params": [
                        {
                            "default": "cov-license",
                            "description": "Name of secret which contains the Coverity license",
                            "name": "COV_LICENSE",
                            "type": "string"
                        },
                        {
                            "default": "auth-token-coverity-image",
                            "description": "Name of secret which contains the authentication token for pulling the Coverity image.",
                            "name": "AUTH_TOKEN_COVERITY_IMAGE",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task result output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Tekton task simple status to be later checked",
                            "name": "STATUS",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "COV_LICENSE",
                                    "value": "cov-license"
                                },
                                {
                                    "name": "AUTH_TOKEN_COVERITY_IMAGE",
                                    "value": "auth-token-coverity-image"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "coverity-availability-check",
                            "script": "#!/usr/bin/env bash\nset -eo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Checking Coverity license\nCOV_LICENSE_PATH=/etc/secrets/cov/cov-license\nif [ -f \"${COV_LICENSE_PATH}\" ] \u0026\u0026 [ -s \"${COV_LICENSE_PATH}\" ]; then\n  echo \"Coverity license detected!\"\nelse\n  echo 'No license file for Coverity was detected. Coverity scan will not be executed...'\n  echo 'Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license'\n  note=\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# Checking authentication token for downloading coverity image\nAUTH_TOKEN_COVERITY_IMAGE_PATH=/etc/secrets/auth/config.json\nif [ -f \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ] \u0026\u0026 [ -s \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ]; then\n  echo \"Authentication token detected!\"\nelse\n  echo 'No authentication token for downloading Coverity image detected. Coverity scan will not be executed...'\n  echo 'Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image'\n  note=\"Task coverity-availability-check failed: No authentication token for downloading Coverity image detected. Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nnote=\"Task coverity-availability-check completed: Coverity availability checks finished succesfully.\"\n# shellcheck disable=SC2034\nTEST_OUTPUT=$(make_result_json -r SUCCESS -s 1 -t \"$note\")\necho -n \"success\" | tee \"/tekton/results/STATUS\"\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets/cov",
                                    "name": "cov-license",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/etc/secrets/auth/config.json",
                                    "name": "auth-token-coverity-image",
                                    "subPath": ".dockerconfigjson"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "cov-license",
                            "secret": {
                                "optional": true,
                                "secretName": "cov-license"
                            }
                        },
                        {
                            "name": "auth-token-coverity-image",
                            "secret": {
                                "optional": true,
                                "secretName": "auth-token-coverity-image"
                            }
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/365db54c-6efe-4631-be76-ca16168c7d24",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:12:46Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "deprecated-base-image-check",
                    "tekton.dev/task": "deprecated-image-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "pyt3919dda34612d906191daa61e56f2190-deprecated-base-image-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "33670",
                "uid": "365db54c-6efe-4631-be76-ca16168c7d24"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "deprecated-image-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:13:15Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:13:15Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "pyt3919dda34612d906191daa6138df9c3a880f36d67f2ee0b9f23cc406-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        "entryPoint": "deprecated-image-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\", \"digests\": [\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:13:05+00:00\",\"note\":\"Task deprecated-image-check completed: Check result for task result.\",\"namespace\":\"required_checks\",\"successes\":1,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:12:46Z",
                "steps": [
                    {
                        "container": "step-check-images",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "check-images",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://7f55ff3e13a6a52e00b18ac1ecec0fa05ee9b44a8d95d46b82c799ae5499bd70",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:13:07Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\\\", \\\"digests\\\": [\\\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:13:05+00:00\\\",\\\"note\\\":\\\"Task deprecated-image-check completed: Check result for task result.\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":1,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:55Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Identifies the unmaintained and potentially insecure deprecated base images. Pyxis API collects metadata from image repository, and Conftest applies supplied policy to identify the deprecated images using that metadata.",
                    "params": [
                        {
                            "default": "/project/repository/",
                            "description": "Path to directory containing Conftest policies.",
                            "name": "POLICY_DIR",
                            "type": "string"
                        },
                        {
                            "default": "required_checks",
                            "description": "Namespace for Conftest policy.",
                            "name": "POLICY_NAMESPACE",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Digests of base build images.",
                            "name": "BASE_IMAGES_DIGESTS",
                            "type": "string"
                        },
                        {
                            "description": "Fully qualified image name.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "POLICY_DIR",
                                    "value": "/project/repository/"
                                },
                                {
                                    "name": "POLICY_NAMESPACE",
                                    "value": "required_checks"
                                },
                                {
                                    "name": "BASE_IMAGES_DIGESTS"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "check-images",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nIMAGES_TO_BE_PROCESSED_PATH=\"/tmp/images_to_be_processed.txt\"\ntouch /tmp/images_to_be_processed.txt\n\nsuccess_counter=0\nfailure_counter=0\nerror_counter=0\nwarnings_counter=0\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo -n $imagewithouttag@$IMAGE_DIGEST)\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  while read -r arch arch_sha; do\n    SBOM_FILE_PATH=$(echo \"/tmp/sbom-$arch.json\")\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    # Get base images from SBOM\n    cosign download sbom $arch_imageanddigest \u003e ${SBOM_FILE_PATH}\n    if [ $? -ne 0 ]; then\n      echo \"Unable to download sbom for arch $arch.\"\n      continue\n    fi\n\n    \u003c \"${SBOM_FILE_PATH}\" jq -r '\n        if .bomFormat == \"CycloneDX\" then\n            .formulation[]?\n            | .components[]?\n            | select(any(.properties[]?; .name | test(\"^konflux:container:is_(base|builder)_image\")))\n            | (\n                .purl\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        else\n            .packages[]\n            | select(any(.annotations[]?.comment; (fromjson?).name? | test(\"^konflux:container:is_(base|builder)_image\")?))\n            | [.externalRefs[]? | select(.referenceType == \"purl\").referenceLocator] as $purls\n            | (\n                $purls | first\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        end\n    ' \u003e\u003e \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"Detected base images from $arch SBOM:\"\n    cat \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"\"\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task deprecated-image-check failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nif [ -n \"${BASE_IMAGES_DIGESTS}\" ];\nthen\n  echo \"Base images passed by param BASE_IMAGES_DIGESTS: $BASE_IMAGES_DIGESTS\"\n  # Get images from the parameter\n  for IMAGE_WITH_TAG in $(echo -n \"$BASE_IMAGES_DIGESTS\" | sed 's/\\\\n/\\'$'\\n''/g' );\n  do\n    echo $IMAGE_WITH_TAG | cut -d \":\" -f1 \u003e\u003e ${IMAGES_TO_BE_PROCESSED_PATH}\n  done\nfi\n\n# we want to remove duplicated entries\nBASE_IMAGES=$(sort -u \"${IMAGES_TO_BE_PROCESSED_PATH}\")\n\necho \"Images to be checked:\"\necho \"$BASE_IMAGES\"\necho \"\"\n\nfor BASE_IMAGE in ${BASE_IMAGES};\ndo\n  IFS=:'/' read -r IMAGE_REGISTRY IMAGE_REPOSITORY\u003c\u003c\u003c $BASE_IMAGE\n\n  # Red Hat Catalog hack: registry.redhat.io must be queried as registry.access.redhat.com in Red Hat catalog\n  IMAGE_REGISTRY_CATALOG=$(echo \"${IMAGE_REGISTRY}\" | sed 's/^registry.redhat.io$/registry.access.redhat.com/')\n\n  export IMAGE_REPO_PATH=/tmp/${IMAGE_REPOSITORY}\n  mkdir -p ${IMAGE_REPO_PATH}\n  echo \"Querying Red Hat Catalog for $BASE_IMAGE.\"\n  http_code=$(curl -s -o ${IMAGE_REPO_PATH}/repository_data.json -w '%{http_code}' \"https://catalog.redhat.com/api/containers/v1/repositories/registry/${IMAGE_REGISTRY_CATALOG}/repository/${IMAGE_REPOSITORY}\")\n\n  if [ \"$http_code\" == \"200\" ];\n  then\n    echo \"Running conftest using $POLICY_DIR policy, $POLICY_NAMESPACE namespace.\"\n    /usr/bin/conftest test --no-fail ${IMAGE_REPO_PATH}/repository_data.json \\\n    --policy $POLICY_DIR --namespace $POLICY_NAMESPACE \\\n    --output=json | tee ${IMAGE_REPO_PATH}/deprecated_image_check_output.json\n\n    failures_num=$(jq -r '.[].failures|length' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${failures_num}\" -gt 0 ]]; then\n      echo \"[FAILURE] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} has been deprecated\"\n    fi\n    failure_counter=$((failure_counter+failures_num))\n\n    successes_num=$(jq -r '.[].successes' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${successes_num}\" -gt 0 ]]; then\n      echo \"[SUCCESS] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} is valid\"\n    fi\n    success_counter=$((success_counter+successes_num))\n\n  elif [ \"$http_code\" == \"404\" ];\n  then\n    echo \"[WARNING] Registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} not found in Red Hat Catalog. Task cannot provide results if image is deprecated.\"\n    warnings_counter=$((warnings_counter+1))\n  else\n    echo \"[ERROR] Unexpected error (HTTP code: ${http_code}) occurred for registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY}.\"\n    error_counter=$((error_counter+1))\n  fi\ndone\n\nnote=\"Task deprecated-image-check failed: Command conftest failed. For details, check Tekton task log.\"\nERROR_OUTPUT=$(make_result_json -r ERROR -n \"$POLICY_NAMESPACE\" -t \"$note\")\n\nnote=\"Task deprecated-image-check completed: Check result for task result.\"\nif [[ \"$error_counter\" == 0 ]];\nthen\n  if [[ \"${failure_counter}\" -gt 0 ]]; then\n    RES=\"FAILURE\"\n  elif [[ \"${warnings_counter}\" -gt 0 ]]; then\n    RES=\"WARNING\"\n  elif [[ \"${success_counter}\" -eq 0 ]]; then\n    # when all counters are 0, there are no base images to check\n    note=\"Task deprecated-image-check success: No base images to check.\"\n    RES=\"SUCCESS\"\n  else\n    RES=\"SUCCESS\"\n  fi\n  TEST_OUTPUT=$(make_result_json \\\n    -r \"${RES}\" -n \"$POLICY_NAMESPACE\" \\\n    -s \"${success_counter}\" -f \"${failure_counter}\" -w \"${warnings_counter}\" -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee /tekton/results/TEST_OUTPUT\n\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/7cee3b9f-5d09-4cee-a7c7-d53208b482c5",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:06:38Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "coverity-availability-check",
                    "tekton.dev/task": "coverity-availability-check"
                },
                "name": "pyt450c68fd68d7d82b2b004de10b4c1756-coverity-availability-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "26673",
                "uid": "7cee3b9f-5d09-4cee-a7c7-d53208b482c5"
            },
            "spec": {
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "coverity-availability-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:54Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:54Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "pyt450c68fd68d7d82b2b004de1156e2adc32b548845bf815af13ebcd3d-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        "entryPoint": "coverity-availability-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check"
                    }
                },
                "results": [
                    {
                        "name": "STATUS",
                        "type": "string",
                        "value": "failed"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"2026-07-01T16:06:53+00:00\",\"note\":\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\",\"namespace\":\"default\",\"successes\":0,\"failures\":1,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:39Z",
                "steps": [
                    {
                        "container": "step-coverity-availability-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "coverity-availability-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f440943297ababc5e0c8d7dcb7ffaa0c271493dd3935b398e81654aec8d9c5f4",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:53Z",
                            "message": "[{\"key\":\"STATUS\",\"value\":\"failed\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:53+00:00\\\",\\\"note\\\":\\\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":1,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:53Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This task performs needed checks in order to use Coverity image in the pipeline. It will check for a Coverity license secret and an authentication secret for pulling the image.",
                    "params": [
                        {
                            "default": "cov-license",
                            "description": "Name of secret which contains the Coverity license",
                            "name": "COV_LICENSE",
                            "type": "string"
                        },
                        {
                            "default": "auth-token-coverity-image",
                            "description": "Name of secret which contains the authentication token for pulling the Coverity image.",
                            "name": "AUTH_TOKEN_COVERITY_IMAGE",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task result output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Tekton task simple status to be later checked",
                            "name": "STATUS",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "COV_LICENSE",
                                    "value": "cov-license"
                                },
                                {
                                    "name": "AUTH_TOKEN_COVERITY_IMAGE",
                                    "value": "auth-token-coverity-image"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "coverity-availability-check",
                            "script": "#!/usr/bin/env bash\nset -eo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Checking Coverity license\nCOV_LICENSE_PATH=/etc/secrets/cov/cov-license\nif [ -f \"${COV_LICENSE_PATH}\" ] \u0026\u0026 [ -s \"${COV_LICENSE_PATH}\" ]; then\n  echo \"Coverity license detected!\"\nelse\n  echo 'No license file for Coverity was detected. Coverity scan will not be executed...'\n  echo 'Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license'\n  note=\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# Checking authentication token for downloading coverity image\nAUTH_TOKEN_COVERITY_IMAGE_PATH=/etc/secrets/auth/config.json\nif [ -f \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ] \u0026\u0026 [ -s \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ]; then\n  echo \"Authentication token detected!\"\nelse\n  echo 'No authentication token for downloading Coverity image detected. Coverity scan will not be executed...'\n  echo 'Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image'\n  note=\"Task coverity-availability-check failed: No authentication token for downloading Coverity image detected. Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nnote=\"Task coverity-availability-check completed: Coverity availability checks finished succesfully.\"\n# shellcheck disable=SC2034\nTEST_OUTPUT=$(make_result_json -r SUCCESS -s 1 -t \"$note\")\necho -n \"success\" | tee \"/tekton/results/STATUS\"\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets/cov",
                                    "name": "cov-license",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/etc/secrets/auth/config.json",
                                    "name": "auth-token-coverity-image",
                                    "subPath": ".dockerconfigjson"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "cov-license",
                            "secret": {
                                "optional": true,
                                "secretName": "cov-license"
                            }
                        },
                        {
                            "name": "auth-token-coverity-image",
                            "secret": {
                                "optional": true,
                                "secretName": "auth-token-coverity-image"
                            }
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/16c99c5c-c965-4444-a7cd-4f9850476732",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:06:38Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "deprecated-base-image-check",
                    "tekton.dev/task": "deprecated-image-check"
                },
                "name": "pyt450c68fd68d7d82b2b004de10b4c1756-deprecated-base-image-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "27291",
                "uid": "16c99c5c-c965-4444-a7cd-4f9850476732"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "deprecated-image-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:07:00Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:07:00Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "pyt450c68fd68d7d82b2b004de1e8dfee71cc9d639f5e9b0a3eb9784aea-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        "entryPoint": "deprecated-image-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\", \"digests\": [\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:06:59+00:00\",\"note\":\"Task deprecated-image-check completed: Check result for task result.\",\"namespace\":\"required_checks\",\"successes\":1,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:38Z",
                "steps": [
                    {
                        "container": "step-check-images",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "check-images",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://8493a8e762e43807fde0dd247a74ba714affafc135622fe3b8e476be4ec25b57",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:59Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\\\", \\\"digests\\\": [\\\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:59+00:00\\\",\\\"note\\\":\\\"Task deprecated-image-check completed: Check result for task result.\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":1,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:50Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Identifies the unmaintained and potentially insecure deprecated base images. Pyxis API collects metadata from image repository, and Conftest applies supplied policy to identify the deprecated images using that metadata.",
                    "params": [
                        {
                            "default": "/project/repository/",
                            "description": "Path to directory containing Conftest policies.",
                            "name": "POLICY_DIR",
                            "type": "string"
                        },
                        {
                            "default": "required_checks",
                            "description": "Namespace for Conftest policy.",
                            "name": "POLICY_NAMESPACE",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Digests of base build images.",
                            "name": "BASE_IMAGES_DIGESTS",
                            "type": "string"
                        },
                        {
                            "description": "Fully qualified image name.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "POLICY_DIR",
                                    "value": "/project/repository/"
                                },
                                {
                                    "name": "POLICY_NAMESPACE",
                                    "value": "required_checks"
                                },
                                {
                                    "name": "BASE_IMAGES_DIGESTS"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "check-images",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nIMAGES_TO_BE_PROCESSED_PATH=\"/tmp/images_to_be_processed.txt\"\ntouch /tmp/images_to_be_processed.txt\n\nsuccess_counter=0\nfailure_counter=0\nerror_counter=0\nwarnings_counter=0\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo -n $imagewithouttag@$IMAGE_DIGEST)\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  while read -r arch arch_sha; do\n    SBOM_FILE_PATH=$(echo \"/tmp/sbom-$arch.json\")\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    # Get base images from SBOM\n    cosign download sbom $arch_imageanddigest \u003e ${SBOM_FILE_PATH}\n    if [ $? -ne 0 ]; then\n      echo \"Unable to download sbom for arch $arch.\"\n      continue\n    fi\n\n    \u003c \"${SBOM_FILE_PATH}\" jq -r '\n        if .bomFormat == \"CycloneDX\" then\n            .formulation[]?\n            | .components[]?\n            | select(any(.properties[]?; .name | test(\"^konflux:container:is_(base|builder)_image\")))\n            | (\n                .purl\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        else\n            .packages[]\n            | select(any(.annotations[]?.comment; (fromjson?).name? | test(\"^konflux:container:is_(base|builder)_image\")?))\n            | [.externalRefs[]? | select(.referenceType == \"purl\").referenceLocator] as $purls\n            | (\n                $purls | first\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        end\n    ' \u003e\u003e \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"Detected base images from $arch SBOM:\"\n    cat \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"\"\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task deprecated-image-check failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nif [ -n \"${BASE_IMAGES_DIGESTS}\" ];\nthen\n  echo \"Base images passed by param BASE_IMAGES_DIGESTS: $BASE_IMAGES_DIGESTS\"\n  # Get images from the parameter\n  for IMAGE_WITH_TAG in $(echo -n \"$BASE_IMAGES_DIGESTS\" | sed 's/\\\\n/\\'$'\\n''/g' );\n  do\n    echo $IMAGE_WITH_TAG | cut -d \":\" -f1 \u003e\u003e ${IMAGES_TO_BE_PROCESSED_PATH}\n  done\nfi\n\n# we want to remove duplicated entries\nBASE_IMAGES=$(sort -u \"${IMAGES_TO_BE_PROCESSED_PATH}\")\n\necho \"Images to be checked:\"\necho \"$BASE_IMAGES\"\necho \"\"\n\nfor BASE_IMAGE in ${BASE_IMAGES};\ndo\n  IFS=:'/' read -r IMAGE_REGISTRY IMAGE_REPOSITORY\u003c\u003c\u003c $BASE_IMAGE\n\n  # Red Hat Catalog hack: registry.redhat.io must be queried as registry.access.redhat.com in Red Hat catalog\n  IMAGE_REGISTRY_CATALOG=$(echo \"${IMAGE_REGISTRY}\" | sed 's/^registry.redhat.io$/registry.access.redhat.com/')\n\n  export IMAGE_REPO_PATH=/tmp/${IMAGE_REPOSITORY}\n  mkdir -p ${IMAGE_REPO_PATH}\n  echo \"Querying Red Hat Catalog for $BASE_IMAGE.\"\n  http_code=$(curl -s -o ${IMAGE_REPO_PATH}/repository_data.json -w '%{http_code}' \"https://catalog.redhat.com/api/containers/v1/repositories/registry/${IMAGE_REGISTRY_CATALOG}/repository/${IMAGE_REPOSITORY}\")\n\n  if [ \"$http_code\" == \"200\" ];\n  then\n    echo \"Running conftest using $POLICY_DIR policy, $POLICY_NAMESPACE namespace.\"\n    /usr/bin/conftest test --no-fail ${IMAGE_REPO_PATH}/repository_data.json \\\n    --policy $POLICY_DIR --namespace $POLICY_NAMESPACE \\\n    --output=json | tee ${IMAGE_REPO_PATH}/deprecated_image_check_output.json\n\n    failures_num=$(jq -r '.[].failures|length' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${failures_num}\" -gt 0 ]]; then\n      echo \"[FAILURE] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} has been deprecated\"\n    fi\n    failure_counter=$((failure_counter+failures_num))\n\n    successes_num=$(jq -r '.[].successes' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${successes_num}\" -gt 0 ]]; then\n      echo \"[SUCCESS] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} is valid\"\n    fi\n    success_counter=$((success_counter+successes_num))\n\n  elif [ \"$http_code\" == \"404\" ];\n  then\n    echo \"[WARNING] Registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} not found in Red Hat Catalog. Task cannot provide results if image is deprecated.\"\n    warnings_counter=$((warnings_counter+1))\n  else\n    echo \"[ERROR] Unexpected error (HTTP code: ${http_code}) occurred for registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY}.\"\n    error_counter=$((error_counter+1))\n  fi\ndone\n\nnote=\"Task deprecated-image-check failed: Command conftest failed. For details, check Tekton task log.\"\nERROR_OUTPUT=$(make_result_json -r ERROR -n \"$POLICY_NAMESPACE\" -t \"$note\")\n\nnote=\"Task deprecated-image-check completed: Check result for task result.\"\nif [[ \"$error_counter\" == 0 ]];\nthen\n  if [[ \"${failure_counter}\" -gt 0 ]]; then\n    RES=\"FAILURE\"\n  elif [[ \"${warnings_counter}\" -gt 0 ]]; then\n    RES=\"WARNING\"\n  elif [[ \"${success_counter}\" -eq 0 ]]; then\n    # when all counters are 0, there are no base images to check\n    note=\"Task deprecated-image-check success: No base images to check.\"\n    RES=\"SUCCESS\"\n  else\n    RES=\"SUCCESS\"\n  fi\n  TEST_OUTPUT=$(make_result_json \\\n    -r \"${RES}\" -n \"$POLICY_NAMESPACE\" \\\n    -s \"${success_counter}\" -f \"${failure_counter}\" -w \"${warnings_counter}\" -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee /tekton/results/TEST_OUTPUT\n\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/db697337-387e-44ff-8e35-b26b6fc5db46",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:19:48Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "coverity-availability-check",
                    "tekton.dev/task": "coverity-availability-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "pyt74c9db29e9ad9f69b84231fd84c2a90e-coverity-availability-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "40030",
                "uid": "db697337-387e-44ff-8e35-b26b6fc5db46"
            },
            "spec": {
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "coverity-availability-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:20:05Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:20:05Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "pyt74c9db29e9ad9f69b84231fde76e3dd0779ca894ef18b0dfa931d109-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        "entryPoint": "coverity-availability-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check"
                    }
                },
                "results": [
                    {
                        "name": "STATUS",
                        "type": "string",
                        "value": "failed"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"2026-07-01T16:20:03+00:00\",\"note\":\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\",\"namespace\":\"default\",\"successes\":0,\"failures\":1,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:19:49Z",
                "steps": [
                    {
                        "container": "step-coverity-availability-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "coverity-availability-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f67efaa833e0d2abad4312d05998c151f395f7eae1e1d8722c8dafca13c406d2",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:03Z",
                            "message": "[{\"key\":\"STATUS\",\"value\":\"failed\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"2026-07-01T16:20:03+00:00\\\",\\\"note\\\":\\\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":1,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:03Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This task performs needed checks in order to use Coverity image in the pipeline. It will check for a Coverity license secret and an authentication secret for pulling the image.",
                    "params": [
                        {
                            "default": "cov-license",
                            "description": "Name of secret which contains the Coverity license",
                            "name": "COV_LICENSE",
                            "type": "string"
                        },
                        {
                            "default": "auth-token-coverity-image",
                            "description": "Name of secret which contains the authentication token for pulling the Coverity image.",
                            "name": "AUTH_TOKEN_COVERITY_IMAGE",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task result output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Tekton task simple status to be later checked",
                            "name": "STATUS",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "COV_LICENSE",
                                    "value": "cov-license"
                                },
                                {
                                    "name": "AUTH_TOKEN_COVERITY_IMAGE",
                                    "value": "auth-token-coverity-image"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "coverity-availability-check",
                            "script": "#!/usr/bin/env bash\nset -eo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Checking Coverity license\nCOV_LICENSE_PATH=/etc/secrets/cov/cov-license\nif [ -f \"${COV_LICENSE_PATH}\" ] \u0026\u0026 [ -s \"${COV_LICENSE_PATH}\" ]; then\n  echo \"Coverity license detected!\"\nelse\n  echo 'No license file for Coverity was detected. Coverity scan will not be executed...'\n  echo 'Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license'\n  note=\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# Checking authentication token for downloading coverity image\nAUTH_TOKEN_COVERITY_IMAGE_PATH=/etc/secrets/auth/config.json\nif [ -f \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ] \u0026\u0026 [ -s \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ]; then\n  echo \"Authentication token detected!\"\nelse\n  echo 'No authentication token for downloading Coverity image detected. Coverity scan will not be executed...'\n  echo 'Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image'\n  note=\"Task coverity-availability-check failed: No authentication token for downloading Coverity image detected. Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nnote=\"Task coverity-availability-check completed: Coverity availability checks finished succesfully.\"\n# shellcheck disable=SC2034\nTEST_OUTPUT=$(make_result_json -r SUCCESS -s 1 -t \"$note\")\necho -n \"success\" | tee \"/tekton/results/STATUS\"\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets/cov",
                                    "name": "cov-license",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/etc/secrets/auth/config.json",
                                    "name": "auth-token-coverity-image",
                                    "subPath": ".dockerconfigjson"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "cov-license",
                            "secret": {
                                "optional": true,
                                "secretName": "cov-license"
                            }
                        },
                        {
                            "name": "auth-token-coverity-image",
                            "secret": {
                                "optional": true,
                                "secretName": "auth-token-coverity-image"
                            }
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/7b16e696-8ec8-4560-8664-55dd1740962b",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:19:47Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "deprecated-base-image-check",
                    "tekton.dev/task": "deprecated-image-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "pyt74c9db29e9ad9f69b84231fd84c2a90e-deprecated-base-image-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "40234",
                "uid": "7b16e696-8ec8-4560-8664-55dd1740962b"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "deprecated-image-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:20:13Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:20:13Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "pyt74c9db29e9ad9f69b84231fd063db5c5e6717e7a6a5677da33f0be63-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        "entryPoint": "deprecated-image-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\", \"digests\": [\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:20:10+00:00\",\"note\":\"Task deprecated-image-check completed: Check result for task result.\",\"namespace\":\"required_checks\",\"successes\":1,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:19:47Z",
                "steps": [
                    {
                        "container": "step-check-images",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "check-images",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://20ab50a24228f0968f2adfed82d0408c8a82210066c107829fc272423232d703",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:10Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\\\", \\\"digests\\\": [\\\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:20:10+00:00\\\",\\\"note\\\":\\\"Task deprecated-image-check completed: Check result for task result.\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":1,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:00Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Identifies the unmaintained and potentially insecure deprecated base images. Pyxis API collects metadata from image repository, and Conftest applies supplied policy to identify the deprecated images using that metadata.",
                    "params": [
                        {
                            "default": "/project/repository/",
                            "description": "Path to directory containing Conftest policies.",
                            "name": "POLICY_DIR",
                            "type": "string"
                        },
                        {
                            "default": "required_checks",
                            "description": "Namespace for Conftest policy.",
                            "name": "POLICY_NAMESPACE",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Digests of base build images.",
                            "name": "BASE_IMAGES_DIGESTS",
                            "type": "string"
                        },
                        {
                            "description": "Fully qualified image name.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "POLICY_DIR",
                                    "value": "/project/repository/"
                                },
                                {
                                    "name": "POLICY_NAMESPACE",
                                    "value": "required_checks"
                                },
                                {
                                    "name": "BASE_IMAGES_DIGESTS"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "check-images",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nIMAGES_TO_BE_PROCESSED_PATH=\"/tmp/images_to_be_processed.txt\"\ntouch /tmp/images_to_be_processed.txt\n\nsuccess_counter=0\nfailure_counter=0\nerror_counter=0\nwarnings_counter=0\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo -n $imagewithouttag@$IMAGE_DIGEST)\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  while read -r arch arch_sha; do\n    SBOM_FILE_PATH=$(echo \"/tmp/sbom-$arch.json\")\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    # Get base images from SBOM\n    cosign download sbom $arch_imageanddigest \u003e ${SBOM_FILE_PATH}\n    if [ $? -ne 0 ]; then\n      echo \"Unable to download sbom for arch $arch.\"\n      continue\n    fi\n\n    \u003c \"${SBOM_FILE_PATH}\" jq -r '\n        if .bomFormat == \"CycloneDX\" then\n            .formulation[]?\n            | .components[]?\n            | select(any(.properties[]?; .name | test(\"^konflux:container:is_(base|builder)_image\")))\n            | (\n                .purl\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        else\n            .packages[]\n            | select(any(.annotations[]?.comment; (fromjson?).name? | test(\"^konflux:container:is_(base|builder)_image\")?))\n            | [.externalRefs[]? | select(.referenceType == \"purl\").referenceLocator] as $purls\n            | (\n                $purls | first\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        end\n    ' \u003e\u003e \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"Detected base images from $arch SBOM:\"\n    cat \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"\"\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task deprecated-image-check failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nif [ -n \"${BASE_IMAGES_DIGESTS}\" ];\nthen\n  echo \"Base images passed by param BASE_IMAGES_DIGESTS: $BASE_IMAGES_DIGESTS\"\n  # Get images from the parameter\n  for IMAGE_WITH_TAG in $(echo -n \"$BASE_IMAGES_DIGESTS\" | sed 's/\\\\n/\\'$'\\n''/g' );\n  do\n    echo $IMAGE_WITH_TAG | cut -d \":\" -f1 \u003e\u003e ${IMAGES_TO_BE_PROCESSED_PATH}\n  done\nfi\n\n# we want to remove duplicated entries\nBASE_IMAGES=$(sort -u \"${IMAGES_TO_BE_PROCESSED_PATH}\")\n\necho \"Images to be checked:\"\necho \"$BASE_IMAGES\"\necho \"\"\n\nfor BASE_IMAGE in ${BASE_IMAGES};\ndo\n  IFS=:'/' read -r IMAGE_REGISTRY IMAGE_REPOSITORY\u003c\u003c\u003c $BASE_IMAGE\n\n  # Red Hat Catalog hack: registry.redhat.io must be queried as registry.access.redhat.com in Red Hat catalog\n  IMAGE_REGISTRY_CATALOG=$(echo \"${IMAGE_REGISTRY}\" | sed 's/^registry.redhat.io$/registry.access.redhat.com/')\n\n  export IMAGE_REPO_PATH=/tmp/${IMAGE_REPOSITORY}\n  mkdir -p ${IMAGE_REPO_PATH}\n  echo \"Querying Red Hat Catalog for $BASE_IMAGE.\"\n  http_code=$(curl -s -o ${IMAGE_REPO_PATH}/repository_data.json -w '%{http_code}' \"https://catalog.redhat.com/api/containers/v1/repositories/registry/${IMAGE_REGISTRY_CATALOG}/repository/${IMAGE_REPOSITORY}\")\n\n  if [ \"$http_code\" == \"200\" ];\n  then\n    echo \"Running conftest using $POLICY_DIR policy, $POLICY_NAMESPACE namespace.\"\n    /usr/bin/conftest test --no-fail ${IMAGE_REPO_PATH}/repository_data.json \\\n    --policy $POLICY_DIR --namespace $POLICY_NAMESPACE \\\n    --output=json | tee ${IMAGE_REPO_PATH}/deprecated_image_check_output.json\n\n    failures_num=$(jq -r '.[].failures|length' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${failures_num}\" -gt 0 ]]; then\n      echo \"[FAILURE] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} has been deprecated\"\n    fi\n    failure_counter=$((failure_counter+failures_num))\n\n    successes_num=$(jq -r '.[].successes' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${successes_num}\" -gt 0 ]]; then\n      echo \"[SUCCESS] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} is valid\"\n    fi\n    success_counter=$((success_counter+successes_num))\n\n  elif [ \"$http_code\" == \"404\" ];\n  then\n    echo \"[WARNING] Registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} not found in Red Hat Catalog. Task cannot provide results if image is deprecated.\"\n    warnings_counter=$((warnings_counter+1))\n  else\n    echo \"[ERROR] Unexpected error (HTTP code: ${http_code}) occurred for registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY}.\"\n    error_counter=$((error_counter+1))\n  fi\ndone\n\nnote=\"Task deprecated-image-check failed: Command conftest failed. For details, check Tekton task log.\"\nERROR_OUTPUT=$(make_result_json -r ERROR -n \"$POLICY_NAMESPACE\" -t \"$note\")\n\nnote=\"Task deprecated-image-check completed: Check result for task result.\"\nif [[ \"$error_counter\" == 0 ]];\nthen\n  if [[ \"${failure_counter}\" -gt 0 ]]; then\n    RES=\"FAILURE\"\n  elif [[ \"${warnings_counter}\" -gt 0 ]]; then\n    RES=\"WARNING\"\n  elif [[ \"${success_counter}\" -eq 0 ]]; then\n    # when all counters are 0, there are no base images to check\n    note=\"Task deprecated-image-check success: No base images to check.\"\n    RES=\"SUCCESS\"\n  else\n    RES=\"SUCCESS\"\n  fi\n  TEST_OUTPUT=$(make_result_json \\\n    -r \"${RES}\" -n \"$POLICY_NAMESPACE\" \\\n    -s \"${success_counter}\" -f \"${failure_counter}\" -w \"${warnings_counter}\" -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee /tekton/results/TEST_OUTPUT\n\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/c050215d-47b2-43e5-9842-1706d129b8ae",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:59:43Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "coverity-availability-check",
                    "tekton.dev/task": "coverity-availability-check",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "pyt9c4dbda3de630b75da3c266631df42cc-coverity-availability-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "20785",
                "uid": "c050215d-47b2-43e5-9842-1706d129b8ae"
            },
            "spec": {
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "coverity-availability-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:00:11Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:00:11Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "pyt9c4dbda3de630b75da3c2666273aa411972cbb7b7082cd41a586dda5-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        "entryPoint": "coverity-availability-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check"
                    }
                },
                "results": [
                    {
                        "name": "STATUS",
                        "type": "string",
                        "value": "failed"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"2026-07-01T16:00:10+00:00\",\"note\":\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\",\"namespace\":\"default\",\"successes\":0,\"failures\":1,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T15:59:45Z",
                "steps": [
                    {
                        "container": "step-coverity-availability-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "coverity-availability-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://e4a5d9851914032ea1940333f4d705db6a8e01f5148a1fe6452f95828cf3c43c",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:10Z",
                            "message": "[{\"key\":\"STATUS\",\"value\":\"failed\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"2026-07-01T16:00:10+00:00\\\",\\\"note\\\":\\\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":1,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:10Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This task performs needed checks in order to use Coverity image in the pipeline. It will check for a Coverity license secret and an authentication secret for pulling the image.",
                    "params": [
                        {
                            "default": "cov-license",
                            "description": "Name of secret which contains the Coverity license",
                            "name": "COV_LICENSE",
                            "type": "string"
                        },
                        {
                            "default": "auth-token-coverity-image",
                            "description": "Name of secret which contains the authentication token for pulling the Coverity image.",
                            "name": "AUTH_TOKEN_COVERITY_IMAGE",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task result output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Tekton task simple status to be later checked",
                            "name": "STATUS",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "COV_LICENSE",
                                    "value": "cov-license"
                                },
                                {
                                    "name": "AUTH_TOKEN_COVERITY_IMAGE",
                                    "value": "auth-token-coverity-image"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "coverity-availability-check",
                            "script": "#!/usr/bin/env bash\nset -eo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Checking Coverity license\nCOV_LICENSE_PATH=/etc/secrets/cov/cov-license\nif [ -f \"${COV_LICENSE_PATH}\" ] \u0026\u0026 [ -s \"${COV_LICENSE_PATH}\" ]; then\n  echo \"Coverity license detected!\"\nelse\n  echo 'No license file for Coverity was detected. Coverity scan will not be executed...'\n  echo 'Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license'\n  note=\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# Checking authentication token for downloading coverity image\nAUTH_TOKEN_COVERITY_IMAGE_PATH=/etc/secrets/auth/config.json\nif [ -f \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ] \u0026\u0026 [ -s \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ]; then\n  echo \"Authentication token detected!\"\nelse\n  echo 'No authentication token for downloading Coverity image detected. Coverity scan will not be executed...'\n  echo 'Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image'\n  note=\"Task coverity-availability-check failed: No authentication token for downloading Coverity image detected. Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nnote=\"Task coverity-availability-check completed: Coverity availability checks finished succesfully.\"\n# shellcheck disable=SC2034\nTEST_OUTPUT=$(make_result_json -r SUCCESS -s 1 -t \"$note\")\necho -n \"success\" | tee \"/tekton/results/STATUS\"\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets/cov",
                                    "name": "cov-license",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/etc/secrets/auth/config.json",
                                    "name": "auth-token-coverity-image",
                                    "subPath": ".dockerconfigjson"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "cov-license",
                            "secret": {
                                "optional": true,
                                "secretName": "cov-license"
                            }
                        },
                        {
                            "name": "auth-token-coverity-image",
                            "secret": {
                                "optional": true,
                                "secretName": "auth-token-coverity-image"
                            }
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/d2471dcf-71c8-45f7-b191-e971ca1217bd",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:59:42Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "deprecated-base-image-check",
                    "tekton.dev/task": "deprecated-image-check",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "pyt9c4dbda3de630b75da3c266631df42cc-deprecated-base-image-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "20711",
                "uid": "d2471dcf-71c8-45f7-b191-e971ca1217bd"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "deprecated-image-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:00:21Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:00:21Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "pyt9c4dbda3de630b75da3c26664ca72c885327b0881a14e9310e778cdb-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        "entryPoint": "deprecated-image-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\", \"digests\": [\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:00:20+00:00\",\"note\":\"Task deprecated-image-check completed: Check result for task result.\",\"namespace\":\"required_checks\",\"successes\":1,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T15:59:43Z",
                "steps": [
                    {
                        "container": "step-check-images",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "check-images",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://9032f154b6084389d60ba79cff5ead13c8e433c340b1c3fc1ef68e556d9e19fe",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:20Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\\\", \\\"digests\\\": [\\\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:00:20+00:00\\\",\\\"note\\\":\\\"Task deprecated-image-check completed: Check result for task result.\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":1,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:10Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Identifies the unmaintained and potentially insecure deprecated base images. Pyxis API collects metadata from image repository, and Conftest applies supplied policy to identify the deprecated images using that metadata.",
                    "params": [
                        {
                            "default": "/project/repository/",
                            "description": "Path to directory containing Conftest policies.",
                            "name": "POLICY_DIR",
                            "type": "string"
                        },
                        {
                            "default": "required_checks",
                            "description": "Namespace for Conftest policy.",
                            "name": "POLICY_NAMESPACE",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Digests of base build images.",
                            "name": "BASE_IMAGES_DIGESTS",
                            "type": "string"
                        },
                        {
                            "description": "Fully qualified image name.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "POLICY_DIR",
                                    "value": "/project/repository/"
                                },
                                {
                                    "name": "POLICY_NAMESPACE",
                                    "value": "required_checks"
                                },
                                {
                                    "name": "BASE_IMAGES_DIGESTS"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "check-images",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nIMAGES_TO_BE_PROCESSED_PATH=\"/tmp/images_to_be_processed.txt\"\ntouch /tmp/images_to_be_processed.txt\n\nsuccess_counter=0\nfailure_counter=0\nerror_counter=0\nwarnings_counter=0\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo -n $imagewithouttag@$IMAGE_DIGEST)\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  while read -r arch arch_sha; do\n    SBOM_FILE_PATH=$(echo \"/tmp/sbom-$arch.json\")\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    # Get base images from SBOM\n    cosign download sbom $arch_imageanddigest \u003e ${SBOM_FILE_PATH}\n    if [ $? -ne 0 ]; then\n      echo \"Unable to download sbom for arch $arch.\"\n      continue\n    fi\n\n    \u003c \"${SBOM_FILE_PATH}\" jq -r '\n        if .bomFormat == \"CycloneDX\" then\n            .formulation[]?\n            | .components[]?\n            | select(any(.properties[]?; .name | test(\"^konflux:container:is_(base|builder)_image\")))\n            | (\n                .purl\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        else\n            .packages[]\n            | select(any(.annotations[]?.comment; (fromjson?).name? | test(\"^konflux:container:is_(base|builder)_image\")?))\n            | [.externalRefs[]? | select(.referenceType == \"purl\").referenceLocator] as $purls\n            | (\n                $purls | first\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        end\n    ' \u003e\u003e \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"Detected base images from $arch SBOM:\"\n    cat \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"\"\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task deprecated-image-check failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nif [ -n \"${BASE_IMAGES_DIGESTS}\" ];\nthen\n  echo \"Base images passed by param BASE_IMAGES_DIGESTS: $BASE_IMAGES_DIGESTS\"\n  # Get images from the parameter\n  for IMAGE_WITH_TAG in $(echo -n \"$BASE_IMAGES_DIGESTS\" | sed 's/\\\\n/\\'$'\\n''/g' );\n  do\n    echo $IMAGE_WITH_TAG | cut -d \":\" -f1 \u003e\u003e ${IMAGES_TO_BE_PROCESSED_PATH}\n  done\nfi\n\n# we want to remove duplicated entries\nBASE_IMAGES=$(sort -u \"${IMAGES_TO_BE_PROCESSED_PATH}\")\n\necho \"Images to be checked:\"\necho \"$BASE_IMAGES\"\necho \"\"\n\nfor BASE_IMAGE in ${BASE_IMAGES};\ndo\n  IFS=:'/' read -r IMAGE_REGISTRY IMAGE_REPOSITORY\u003c\u003c\u003c $BASE_IMAGE\n\n  # Red Hat Catalog hack: registry.redhat.io must be queried as registry.access.redhat.com in Red Hat catalog\n  IMAGE_REGISTRY_CATALOG=$(echo \"${IMAGE_REGISTRY}\" | sed 's/^registry.redhat.io$/registry.access.redhat.com/')\n\n  export IMAGE_REPO_PATH=/tmp/${IMAGE_REPOSITORY}\n  mkdir -p ${IMAGE_REPO_PATH}\n  echo \"Querying Red Hat Catalog for $BASE_IMAGE.\"\n  http_code=$(curl -s -o ${IMAGE_REPO_PATH}/repository_data.json -w '%{http_code}' \"https://catalog.redhat.com/api/containers/v1/repositories/registry/${IMAGE_REGISTRY_CATALOG}/repository/${IMAGE_REPOSITORY}\")\n\n  if [ \"$http_code\" == \"200\" ];\n  then\n    echo \"Running conftest using $POLICY_DIR policy, $POLICY_NAMESPACE namespace.\"\n    /usr/bin/conftest test --no-fail ${IMAGE_REPO_PATH}/repository_data.json \\\n    --policy $POLICY_DIR --namespace $POLICY_NAMESPACE \\\n    --output=json | tee ${IMAGE_REPO_PATH}/deprecated_image_check_output.json\n\n    failures_num=$(jq -r '.[].failures|length' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${failures_num}\" -gt 0 ]]; then\n      echo \"[FAILURE] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} has been deprecated\"\n    fi\n    failure_counter=$((failure_counter+failures_num))\n\n    successes_num=$(jq -r '.[].successes' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${successes_num}\" -gt 0 ]]; then\n      echo \"[SUCCESS] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} is valid\"\n    fi\n    success_counter=$((success_counter+successes_num))\n\n  elif [ \"$http_code\" == \"404\" ];\n  then\n    echo \"[WARNING] Registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} not found in Red Hat Catalog. Task cannot provide results if image is deprecated.\"\n    warnings_counter=$((warnings_counter+1))\n  else\n    echo \"[ERROR] Unexpected error (HTTP code: ${http_code}) occurred for registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY}.\"\n    error_counter=$((error_counter+1))\n  fi\ndone\n\nnote=\"Task deprecated-image-check failed: Command conftest failed. For details, check Tekton task log.\"\nERROR_OUTPUT=$(make_result_json -r ERROR -n \"$POLICY_NAMESPACE\" -t \"$note\")\n\nnote=\"Task deprecated-image-check completed: Check result for task result.\"\nif [[ \"$error_counter\" == 0 ]];\nthen\n  if [[ \"${failure_counter}\" -gt 0 ]]; then\n    RES=\"FAILURE\"\n  elif [[ \"${warnings_counter}\" -gt 0 ]]; then\n    RES=\"WARNING\"\n  elif [[ \"${success_counter}\" -eq 0 ]]; then\n    # when all counters are 0, there are no base images to check\n    note=\"Task deprecated-image-check success: No base images to check.\"\n    RES=\"SUCCESS\"\n  else\n    RES=\"SUCCESS\"\n  fi\n  TEST_OUTPUT=$(make_result_json \\\n    -r \"${RES}\" -n \"$POLICY_NAMESPACE\" \\\n    -s \"${success_counter}\" -f \"${failure_counter}\" -w \"${warnings_counter}\" -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee /tekton/results/TEST_OUTPUT\n\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-cc0121c13a",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/aaae31cf-4856-4f25-933d-44479ec16ce3",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:08:40Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "prefetch-dependencies",
                    "tekton.dev/task": "prefetch-dependencies",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-co3919dda34612d906191daa61e56f2190-prefetch-dependencies",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "29483",
                "uid": "aaae31cf-4856-4f25-933d-44479ec16ce3"
            },
            "spec": {
                "params": [
                    {
                        "name": "input",
                        "value": ""
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "prefetch-dependencies"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.3@sha256:45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "source",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-626b0c735f"
                        }
                    },
                    {
                        "name": "git-basic-auth",
                        "secret": {
                            "secretName": "pac-gitauth-ckslpa"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:08:51Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:08:51Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-co3919dda34612d90619b48ca9acf79a013620f7ccc568e154f1-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        "entryPoint": "prefetch-dependencies",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies"
                    }
                },
                "startTime": "2026-07-01T16:08:41Z",
                "steps": [
                    {
                        "container": "step-prefetch-dependencies",
                        "imageID": "quay.io/konflux-ci/hermeto@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                        "name": "prefetch-dependencies",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://367dc03b9ca6fbab78e19a18f38332e53977dcfe8b8422c3d103234aea1e4d0b",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:51Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:08:45Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Task that prefetches project dependencies for hermetic build.",
                    "params": [
                        {
                            "description": "Configures project packages that will have their dependencies prefetched.",
                            "name": "input",
                            "type": "string"
                        },
                        {
                            "default": "debug",
                            "description": "Set the logging level (debug, info, warn, error, fatal).",
                            "name": "log-level",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Pass configuration to the prefetch tool.\nNote this needs to be passed as a YAML-formatted config dump, not as a file path!\n",
                            "name": "config-file-content",
                            "type": "string"
                        },
                        {
                            "default": "spdx",
                            "description": "Select the SBOM format to generate. Valid values: spdx, cyclonedx.",
                            "name": "sbom-type",
                            "type": "string"
                        },
                        {
                            "default": "strict",
                            "description": "Control how input requirement violations are handled: strict (errors) or permissive (warnings).",
                            "name": "mode",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "activation-key",
                            "description": "Name of secret which contains subscription activation key",
                            "name": "ACTIVATION_KEY",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "debug"
                                },
                                {
                                    "name": "KBC_PD_INPUT"
                                },
                                {
                                    "name": "KBC_PD_SOURCE_DIR",
                                    "value": "/workspace/source/source"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR",
                                    "value": "/workspace/source/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_SBOM_FORMAT",
                                    "value": "spdx"
                                },
                                {
                                    "name": "KBC_PD_MODE",
                                    "value": "strict"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR_MOUNT_POINT",
                                    "value": "/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_ENV_FILE",
                                    "value": "/workspace/source/cachi2/cachi2.env"
                                },
                                {
                                    "name": "KBC_PD_GIT_AUTH_DIRECTORY",
                                    "value": "/workspace/git-basic-auth"
                                },
                                {
                                    "name": "WORKSPACE_NETRC_PATH"
                                },
                                {
                                    "name": "CONFIG_FILE_CONTENT"
                                }
                            ],
                            "image": "quay.io/konflux-ci/hermeto:0.48.0@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                            "name": "prefetch-dependencies",
                            "script": "#!/bin/bash\n\nif [ -n \"${WORKSPACE_NETRC_PATH}\" ]; then\n  export NETRC=\"${WORKSPACE_NETRC_PATH}/.netrc\"\nfi\n\nCA_BUNDLE_PATH=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$CA_BUNDLE_PATH\" ]; then\n  cp -vf \"$CA_BUNDLE_PATH\" /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [ -e /activation-key/org ] \u0026\u0026 [ -e /activation-key/activationkey ]; then\n  export KBC_PD_RHSM_ORG=/activation-key/org\n  export KBC_PD_RHSM_ACTIVATION_KEY=/activation-key/activationkey\nfi\n\nif [ -n \"${CONFIG_FILE_CONTENT}\" ]; then\n  echo \"${CONFIG_FILE_CONTENT}\" \u003e /mnt/config/config.yaml\n  export KBC_PD_CONFIG_FILE=/mnt/config/config.yaml\nfi\n\nkonflux-build-cli prefetch-dependencies\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/activation-key",
                                    "name": "activation-key"
                                },
                                {
                                    "mountPath": "/mnt/config",
                                    "name": "config"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "activation-key",
                            "secret": {
                                "optional": true,
                                "secretName": "activation-key"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "config"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace with the source code, prefetch artifacts will be stored on the workspace as well",
                            "name": "source"
                        },
                        {
                            "description": "A Workspace containing a .gitconfig and .git-credentials file or username and password.\nThese will be copied to the user's home before prefetch is run. Any\nother files in this Workspace are ignored. It is strongly recommended\nto bind a Secret to this Workspace over other volume types.\n",
                            "name": "git-basic-auth",
                            "optional": true
                        },
                        {
                            "description": "Workspace containing a .netrc file. Prefetch will use the credentials in this file when\nperforming http(s) requests.\n",
                            "name": "netrc",
                            "optional": true
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-9d0756f48f",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/d085b7c5-bac3-4e64-8b7e-7621f111ce0f",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:15:55Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "prefetch-dependencies",
                    "tekton.dev/task": "prefetch-dependencies",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-co74c9db29e9ad9f69b84231fd84c2a90e-prefetch-dependencies",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "37061",
                "uid": "d085b7c5-bac3-4e64-8b7e-7621f111ce0f"
            },
            "spec": {
                "params": [
                    {
                        "name": "input",
                        "value": ""
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "prefetch-dependencies"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.3@sha256:45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "source",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-4942403eef"
                        }
                    },
                    {
                        "name": "git-basic-auth",
                        "secret": {
                            "secretName": "pac-gitauth-jvoyri"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:16:05Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:16:05Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-co74c9db29e9ad9f69b82087ebc6fbb0afbda2ab7e01e8c176a2-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        "entryPoint": "prefetch-dependencies",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies"
                    }
                },
                "startTime": "2026-07-01T16:15:56Z",
                "steps": [
                    {
                        "container": "step-prefetch-dependencies",
                        "imageID": "quay.io/konflux-ci/hermeto@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                        "name": "prefetch-dependencies",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://96a50d67bbd8b22e6c4530da940346e3f65cf4d34ca6bb8380bee8b82d409d6d",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:16:05Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:15:59Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Task that prefetches project dependencies for hermetic build.",
                    "params": [
                        {
                            "description": "Configures project packages that will have their dependencies prefetched.",
                            "name": "input",
                            "type": "string"
                        },
                        {
                            "default": "debug",
                            "description": "Set the logging level (debug, info, warn, error, fatal).",
                            "name": "log-level",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Pass configuration to the prefetch tool.\nNote this needs to be passed as a YAML-formatted config dump, not as a file path!\n",
                            "name": "config-file-content",
                            "type": "string"
                        },
                        {
                            "default": "spdx",
                            "description": "Select the SBOM format to generate. Valid values: spdx, cyclonedx.",
                            "name": "sbom-type",
                            "type": "string"
                        },
                        {
                            "default": "strict",
                            "description": "Control how input requirement violations are handled: strict (errors) or permissive (warnings).",
                            "name": "mode",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "activation-key",
                            "description": "Name of secret which contains subscription activation key",
                            "name": "ACTIVATION_KEY",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "debug"
                                },
                                {
                                    "name": "KBC_PD_INPUT"
                                },
                                {
                                    "name": "KBC_PD_SOURCE_DIR",
                                    "value": "/workspace/source/source"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR",
                                    "value": "/workspace/source/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_SBOM_FORMAT",
                                    "value": "spdx"
                                },
                                {
                                    "name": "KBC_PD_MODE",
                                    "value": "strict"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR_MOUNT_POINT",
                                    "value": "/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_ENV_FILE",
                                    "value": "/workspace/source/cachi2/cachi2.env"
                                },
                                {
                                    "name": "KBC_PD_GIT_AUTH_DIRECTORY",
                                    "value": "/workspace/git-basic-auth"
                                },
                                {
                                    "name": "WORKSPACE_NETRC_PATH"
                                },
                                {
                                    "name": "CONFIG_FILE_CONTENT"
                                }
                            ],
                            "image": "quay.io/konflux-ci/hermeto:0.48.0@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                            "name": "prefetch-dependencies",
                            "script": "#!/bin/bash\n\nif [ -n \"${WORKSPACE_NETRC_PATH}\" ]; then\n  export NETRC=\"${WORKSPACE_NETRC_PATH}/.netrc\"\nfi\n\nCA_BUNDLE_PATH=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$CA_BUNDLE_PATH\" ]; then\n  cp -vf \"$CA_BUNDLE_PATH\" /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [ -e /activation-key/org ] \u0026\u0026 [ -e /activation-key/activationkey ]; then\n  export KBC_PD_RHSM_ORG=/activation-key/org\n  export KBC_PD_RHSM_ACTIVATION_KEY=/activation-key/activationkey\nfi\n\nif [ -n \"${CONFIG_FILE_CONTENT}\" ]; then\n  echo \"${CONFIG_FILE_CONTENT}\" \u003e /mnt/config/config.yaml\n  export KBC_PD_CONFIG_FILE=/mnt/config/config.yaml\nfi\n\nkonflux-build-cli prefetch-dependencies\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/activation-key",
                                    "name": "activation-key"
                                },
                                {
                                    "mountPath": "/mnt/config",
                                    "name": "config"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "activation-key",
                            "secret": {
                                "optional": true,
                                "secretName": "activation-key"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "config"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace with the source code, prefetch artifacts will be stored on the workspace as well",
                            "name": "source"
                        },
                        {
                            "description": "A Workspace containing a .gitconfig and .git-credentials file or username and password.\nThese will be copied to the user's home before prefetch is run. Any\nother files in this Workspace are ignored. It is strongly recommended\nto bind a Secret to this Workspace over other volume types.\n",
                            "name": "git-basic-auth",
                            "optional": true
                        },
                        {
                            "description": "Workspace containing a .netrc file. Prefetch will use the credentials in this file when\nperforming http(s) requests.\n",
                            "name": "netrc",
                            "optional": true
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-177c6218cd",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/edd462e5-fdc9-41ff-8e52-1b0102131565",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:55:33Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "prefetch-dependencies",
                    "tekton.dev/task": "prefetch-dependencies",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-co9c4dbda3de630b75da3c266631df42cc-prefetch-dependencies",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "17235",
                "uid": "edd462e5-fdc9-41ff-8e52-1b0102131565"
            },
            "spec": {
                "params": [
                    {
                        "name": "input",
                        "value": ""
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "prefetch-dependencies"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.3@sha256:45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "source",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-5be0da5124"
                        }
                    },
                    {
                        "name": "git-basic-auth",
                        "secret": {
                            "secretName": "pac-gitauth-uhmncu"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T15:55:45Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T15:55:45Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-co9c4dbda3de630b75da815fd41d660022d2c5a573f3c81e523d-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        "entryPoint": "prefetch-dependencies",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies"
                    }
                },
                "startTime": "2026-07-01T15:55:34Z",
                "steps": [
                    {
                        "container": "step-prefetch-dependencies",
                        "imageID": "quay.io/konflux-ci/hermeto@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                        "name": "prefetch-dependencies",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://819b01dcb93c52bc1cd4e696ef14deccad9245982b5197cbfb3c6d3381fe5e91",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T15:55:44Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T15:55:38Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Task that prefetches project dependencies for hermetic build.",
                    "params": [
                        {
                            "description": "Configures project packages that will have their dependencies prefetched.",
                            "name": "input",
                            "type": "string"
                        },
                        {
                            "default": "debug",
                            "description": "Set the logging level (debug, info, warn, error, fatal).",
                            "name": "log-level",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Pass configuration to the prefetch tool.\nNote this needs to be passed as a YAML-formatted config dump, not as a file path!\n",
                            "name": "config-file-content",
                            "type": "string"
                        },
                        {
                            "default": "spdx",
                            "description": "Select the SBOM format to generate. Valid values: spdx, cyclonedx.",
                            "name": "sbom-type",
                            "type": "string"
                        },
                        {
                            "default": "strict",
                            "description": "Control how input requirement violations are handled: strict (errors) or permissive (warnings).",
                            "name": "mode",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "activation-key",
                            "description": "Name of secret which contains subscription activation key",
                            "name": "ACTIVATION_KEY",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "debug"
                                },
                                {
                                    "name": "KBC_PD_INPUT"
                                },
                                {
                                    "name": "KBC_PD_SOURCE_DIR",
                                    "value": "/workspace/source/source"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR",
                                    "value": "/workspace/source/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_SBOM_FORMAT",
                                    "value": "spdx"
                                },
                                {
                                    "name": "KBC_PD_MODE",
                                    "value": "strict"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR_MOUNT_POINT",
                                    "value": "/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_ENV_FILE",
                                    "value": "/workspace/source/cachi2/cachi2.env"
                                },
                                {
                                    "name": "KBC_PD_GIT_AUTH_DIRECTORY",
                                    "value": "/workspace/git-basic-auth"
                                },
                                {
                                    "name": "WORKSPACE_NETRC_PATH"
                                },
                                {
                                    "name": "CONFIG_FILE_CONTENT"
                                }
                            ],
                            "image": "quay.io/konflux-ci/hermeto:0.48.0@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                            "name": "prefetch-dependencies",
                            "script": "#!/bin/bash\n\nif [ -n \"${WORKSPACE_NETRC_PATH}\" ]; then\n  export NETRC=\"${WORKSPACE_NETRC_PATH}/.netrc\"\nfi\n\nCA_BUNDLE_PATH=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$CA_BUNDLE_PATH\" ]; then\n  cp -vf \"$CA_BUNDLE_PATH\" /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [ -e /activation-key/org ] \u0026\u0026 [ -e /activation-key/activationkey ]; then\n  export KBC_PD_RHSM_ORG=/activation-key/org\n  export KBC_PD_RHSM_ACTIVATION_KEY=/activation-key/activationkey\nfi\n\nif [ -n \"${CONFIG_FILE_CONTENT}\" ]; then\n  echo \"${CONFIG_FILE_CONTENT}\" \u003e /mnt/config/config.yaml\n  export KBC_PD_CONFIG_FILE=/mnt/config/config.yaml\nfi\n\nkonflux-build-cli prefetch-dependencies\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/activation-key",
                                    "name": "activation-key"
                                },
                                {
                                    "mountPath": "/mnt/config",
                                    "name": "config"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "activation-key",
                            "secret": {
                                "optional": true,
                                "secretName": "activation-key"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "config"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace with the source code, prefetch artifacts will be stored on the workspace as well",
                            "name": "source"
                        },
                        {
                            "description": "A Workspace containing a .gitconfig and .git-credentials file or username and password.\nThese will be copied to the user's home before prefetch is run. Any\nother files in this Workspace are ignored. It is strongly recommended\nto bind a Secret to this Workspace over other volume types.\n",
                            "name": "git-basic-auth",
                            "optional": true
                        },
                        {
                            "description": "Workspace containing a .netrc file. Prefetch will use the credentials in this file when\nperforming http(s) requests.\n",
                            "name": "netrc",
                            "optional": true
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/8a151a33-92c3-4a2a-906c-daf05b6dcda3",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:12:47Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "rpms-signature-scan",
                    "tekton.dev/task": "rpms-signature-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-comp3919dda34612d906191daa61e56f2190-rpms-signature-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "35385",
                "uid": "8a151a33-92c3-4a2a-906c-daf05b6dcda3"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    },
                    {
                        "name": "image-digest",
                        "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "rpms-signature-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:14:59Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:14:59Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-comp3919dda34612d90683fb5095f6218c1c0c206588933bf19e-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        "entryPoint": "rpms-signature-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\", \"digests\": [\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\"]}}\n"
                    },
                    {
                        "name": "RPMS_DATA",
                        "type": "string",
                        "value": "{\"keys\": {\"199e2f91fd431d51\": 467, \"unsigned\": 0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:14:58+00:00\",\"note\":\"Task rpms-signature-scan completed successfully\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:12:51Z",
                "steps": [
                    {
                        "container": "step-rpms-signature-scan",
                        "imageID": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                        "name": "rpms-signature-scan",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://04098ca508f1e9458962a04dccdc0cb6f993f11f1cac3015720b24f54ccd2c65",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:57Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:14:03Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-output-results",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                        "name": "output-results",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://0d0b4c316c870227d75b85d186823454c3f4a39542eb78cff62294b213f55982",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:58Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\\\", \\\"digests\\\": [\\\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\\\"]}}\\n\",\"type\":1},{\"key\":\"RPMS_DATA\",\"value\":\"{\\\"keys\\\": {\\\"199e2f91fd431d51\\\": 467, \\\"unsigned\\\": 0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:14:58+00:00\\\",\\\"note\\\":\\\"Task rpms-signature-scan completed successfully\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:14:57Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans RPMs in an image and provide information about RPMs signatures.",
                    "params": [
                        {
                            "description": "Image URL",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Image digest to scan",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "/tmp",
                            "description": "Directory that will be used for storing temporary\nfiles produced by this task.\n",
                            "name": "workdir",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Information about signed and unsigned RPMs",
                            "name": "RPMS_DATA",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                                },
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                            "name": "rpms-signature-scan",
                            "script": "#!/bin/bash\nset -ex\nset -o pipefail\n\nrpm_verifier \\\n  --image-url \"${IMAGE_URL}\" \\\n  --image-digest \"${IMAGE_DIGEST}\" \\\n  --workdir \"${WORKDIR}\" \\\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                },
                                "requests": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.46@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                            "name": "output-results",
                            "script": "#!/bin/bash\nset -ex\n\nsource /utils.sh\nstatus=$(cat \"${WORKDIR}\"/status)\nrpms_data=$(cat \"${WORKDIR}\"/results)\nimages_processed=$(cat \"${WORKDIR}\"/images_processed)\n\nif [ \"$status\" == \"ERROR\" ]; then\n  note=\"Task rpms-signature-scan failed to scan images. Refer to Tekton task output for details\"\nelse\n  note=\"Task rpms-signature-scan completed successfully\"\nfi\n\nTEST_OUTPUT=$(make_result_json -r \"$status\" -t \"$note\")\n\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\necho \"${rpms_data}\" | tee \"/tekton/results/RPMS_DATA\"\necho \"${images_processed}\" | tee \"/tekton/results/IMAGES_PROCESSED\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "workdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/f67ddad8-243b-45b9-bb08-a74855a903f5",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:19:48Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "rpms-signature-scan",
                    "tekton.dev/task": "rpms-signature-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-comp74c9db29e9ad9f69b84231fd84c2a90e-rpms-signature-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "40512",
                "uid": "f67ddad8-243b-45b9-bb08-a74855a903f5"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    },
                    {
                        "name": "image-digest",
                        "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "rpms-signature-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:21:15Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:21:15Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-comp74c9db29e9ad9f691e6e158173211dc42eb63f7cd5e94096-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        "entryPoint": "rpms-signature-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\", \"digests\": [\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\"]}}\n"
                    },
                    {
                        "name": "RPMS_DATA",
                        "type": "string",
                        "value": "{\"keys\": {\"199e2f91fd431d51\": 467, \"unsigned\": 0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:21:14+00:00\",\"note\":\"Task rpms-signature-scan completed successfully\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:19:52Z",
                "steps": [
                    {
                        "container": "step-rpms-signature-scan",
                        "imageID": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                        "name": "rpms-signature-scan",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://30c3ae7b7d2a8734bdd9bf0f45d2ea4cb55f9f105e40ff5d51260282de70306f",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:21:13Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:10Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-output-results",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                        "name": "output-results",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f3e813f9f9664637eb45c388366859fa156f7a717203edc7d4cb1ce7033f7a74",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:21:15Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\\\", \\\"digests\\\": [\\\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\\\"]}}\\n\",\"type\":1},{\"key\":\"RPMS_DATA\",\"value\":\"{\\\"keys\\\": {\\\"199e2f91fd431d51\\\": 467, \\\"unsigned\\\": 0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:21:14+00:00\\\",\\\"note\\\":\\\"Task rpms-signature-scan completed successfully\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:21:14Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans RPMs in an image and provide information about RPMs signatures.",
                    "params": [
                        {
                            "description": "Image URL",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Image digest to scan",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "/tmp",
                            "description": "Directory that will be used for storing temporary\nfiles produced by this task.\n",
                            "name": "workdir",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Information about signed and unsigned RPMs",
                            "name": "RPMS_DATA",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                                },
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                            "name": "rpms-signature-scan",
                            "script": "#!/bin/bash\nset -ex\nset -o pipefail\n\nrpm_verifier \\\n  --image-url \"${IMAGE_URL}\" \\\n  --image-digest \"${IMAGE_DIGEST}\" \\\n  --workdir \"${WORKDIR}\" \\\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                },
                                "requests": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.46@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                            "name": "output-results",
                            "script": "#!/bin/bash\nset -ex\n\nsource /utils.sh\nstatus=$(cat \"${WORKDIR}\"/status)\nrpms_data=$(cat \"${WORKDIR}\"/results)\nimages_processed=$(cat \"${WORKDIR}\"/images_processed)\n\nif [ \"$status\" == \"ERROR\" ]; then\n  note=\"Task rpms-signature-scan failed to scan images. Refer to Tekton task output for details\"\nelse\n  note=\"Task rpms-signature-scan completed successfully\"\nfi\n\nTEST_OUTPUT=$(make_result_json -r \"$status\" -t \"$note\")\n\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\necho \"${rpms_data}\" | tee \"/tekton/results/RPMS_DATA\"\necho \"${images_processed}\" | tee \"/tekton/results/IMAGES_PROCESSED\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "workdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/c13b6b64-6874-4004-9d6d-082ec5ef6318",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:59:44Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "rpms-signature-scan",
                    "tekton.dev/task": "rpms-signature-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-comp9c4dbda3de630b75da3c266631df42cc-rpms-signature-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "21353",
                "uid": "c13b6b64-6874-4004-9d6d-082ec5ef6318"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    },
                    {
                        "name": "image-digest",
                        "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "rpms-signature-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:01:09Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:01:09Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-comp9c4dbda3de630b75e16b0e59fabfbed99935bfe251e95cfe-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        "entryPoint": "rpms-signature-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\", \"digests\": [\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\"]}}\n"
                    },
                    {
                        "name": "RPMS_DATA",
                        "type": "string",
                        "value": "{\"keys\": {\"199e2f91fd431d51\": 467, \"unsigned\": 0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:01:08+00:00\",\"note\":\"Task rpms-signature-scan completed successfully\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T15:59:48Z",
                "steps": [
                    {
                        "container": "step-rpms-signature-scan",
                        "imageID": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                        "name": "rpms-signature-scan",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://94d0402843dfab874294e98e59ef5b320d03fb28bfbf78609d4c1dfe0c42dba3",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:01:07Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:13Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-output-results",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                        "name": "output-results",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://c83f553d65aa49ae753486f2978232c89934299e66dfad8b2f68048784ab5f48",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:01:08Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\\\", \\\"digests\\\": [\\\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\\\"]}}\\n\",\"type\":1},{\"key\":\"RPMS_DATA\",\"value\":\"{\\\"keys\\\": {\\\"199e2f91fd431d51\\\": 467, \\\"unsigned\\\": 0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:01:08+00:00\\\",\\\"note\\\":\\\"Task rpms-signature-scan completed successfully\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:01:08Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans RPMs in an image and provide information about RPMs signatures.",
                    "params": [
                        {
                            "description": "Image URL",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Image digest to scan",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "/tmp",
                            "description": "Directory that will be used for storing temporary\nfiles produced by this task.\n",
                            "name": "workdir",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Information about signed and unsigned RPMs",
                            "name": "RPMS_DATA",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                                },
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                            "name": "rpms-signature-scan",
                            "script": "#!/bin/bash\nset -ex\nset -o pipefail\n\nrpm_verifier \\\n  --image-url \"${IMAGE_URL}\" \\\n  --image-digest \"${IMAGE_DIGEST}\" \\\n  --workdir \"${WORKDIR}\" \\\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                },
                                "requests": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.46@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                            "name": "output-results",
                            "script": "#!/bin/bash\nset -ex\n\nsource /utils.sh\nstatus=$(cat \"${WORKDIR}\"/status)\nrpms_data=$(cat \"${WORKDIR}\"/results)\nimages_processed=$(cat \"${WORKDIR}\"/images_processed)\n\nif [ \"$status\" == \"ERROR\" ]; then\n  note=\"Task rpms-signature-scan failed to scan images. Refer to Tekton task output for details\"\nelse\n  note=\"Task rpms-signature-scan completed successfully\"\nfi\n\nTEST_OUTPUT=$(make_result_json -r \"$status\" -t \"$note\")\n\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\necho \"${rpms_data}\" | tee \"/tekton/results/RPMS_DATA\"\necho \"${images_processed}\" | tee \"/tekton/results/IMAGES_PROCESSED\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "workdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-cc0121c13a",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/02fe61cb-b139-4930-9ff0-1074a663deb7",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:12:46Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "sast-unicode-check",
                    "tekton.dev/task": "sast-unicode-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-compo3919dda34612d906191daa61e56f2190-sast-unicode-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "35034",
                "uid": "02fe61cb-b139-4930-9ff0-1074a663deb7"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-unicode-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.4@sha256:d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-626b0c735f"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:14:06Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:14:06Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-compo3919dda34612d90a969bd3b10fddf7df08af80a907bef19-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        "entryPoint": "sast-unicode-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:14:02+00:00\",\"note\":\"Task sast-unicode-check success: No finding was detected\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:12:49Z",
                "steps": [
                    {
                        "container": "step-sast-unicode-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-unicode-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://5ca353df83e25ae1e92712d5eda5f022689b1505f78cc05783d0839b0bf002f2",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:02Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:14:02+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:14:00Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://3d25fdfa725bcd8e499a26961afd2a7acda4343fa0acc2f8a919c339785b5fa6",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:05Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:14:02+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:14:03Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for non-printable unicode characters in all text files.",
                    "params": [
                        {
                            "description": "Image digest used for ORAS upload.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL used for ORAS upload.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "-p bidi -v -d -t",
                            "description": "arguments for find-unicode-control command.",
                            "name": "FIND_UNICODE_CONTROL_ARGS",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (defaults to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "FIND_UNICODE_CONTROL_ARGS",
                                    "value": "-p bidi -v -d -t"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "SOURCE_CODE_DIR",
                                    "value": "/workspace/workspace"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-unicode-check",
                            "script": "#!/usr/bin/env bash\nset -exuo pipefail\n\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSCAN_PROP=\"https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58\"\nFUC_EXIT_CODE=0\n\n# shellcheck disable=SC2086\nLANG=en_US.utf8 find_unicode_control.py ${FIND_UNICODE_CONTROL_ARGS} \"${SOURCE_CODE_DIR}/source\" \\\n    \u003eraw_sast_unicode_check_out.txt \\\n    2\u003eraw_sast_unicode_check_out.log \\\n    || FUC_EXIT_CODE=$?\nif [[ \"${FUC_EXIT_CODE}\" -ne 0 ]] \u0026\u0026 [[ \"${FUC_EXIT_CODE}\" -ne 1 ]]; then\n    echo \"Failed to run find-unicode-control command\" \u003e\u00262\n    cat raw_sast_unicode_check_out.log\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Translate the output format\nif ! sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\\1: warning:\\2|' -e 's|^|Error: UNICONTROL_WARNING:\\n|'; then\n    echo \"Error: failed to translate the unicontrol output format\" \u003e\u00262\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Process all results as configured with CSGERP_OPTS\nCSGERP_OPTS=(\n    --mode=json\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"${SCAN_PROP}\"\n    --strip-path-prefix=\"${SOURCE_CODE_DIR}\"/source/\n)\n# In order to generate csdiff/v1, we need to add the whole path of the source code as\n# sast-unicode-check only provides an URI to embed the context\nif ! csgrep \"${CSGERP_OPTS[@]}\" raw_sast_unicode_check_out.txt \u003e processed_sast_unicode_check_out.json 2\u003e processed_sast_unicode_check_out.err; then\n    echo \"Error occurred while running csgrep with CSGERP_OPTS:\"\n    cat processed_sast_unicode_check_out.err\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\ncsgrep --mode=evtstat processed_sast_unicode_check_out.json\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\n# If KFP clone failed, use the unfiltered results\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # Build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    # Append --record-excluded option if RECORD_EXCLUDED is true\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" processed_sast_unicode_check_out.json \u003e sast_unicode_check_out.json 2\u003e sast_unicode_check_out.error\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n        mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\n    else\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\n# Generate sarif report\ncsgrep --mode=sarif sast_unicode_check_out.json \u003e sast_unicode_check_out.sarif\nif [[ \"${FUC_EXIT_CODE}\" -eq 0 ]]; then\n    note=\"Task sast-unicode-check success: No finding was detected\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelif [[ \"${FUC_EXIT_CODE}\" -eq 1 ]] \u0026\u0026 [[ ! -s  sast_unicode_check_out.sarif ]]; then\n    note=\"Task sast-unicode-check success: Some findings were detected, but filtered by known false positive\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n    echo \"sast-unicode-check test failed because of the following issues:\"\n    cat sast_unicode_check_out.json\n    TEST_OUTPUT=\n    parse_test_output \"sast-unicode-check\" sarif sast_unicode_check_out.sarif  || true\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url param provided. Skipping upload.'\n  exit 0;\nfi\n\nUPLOAD_FILES=\"sast_unicode_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n\n    if [ \"${UPLOAD_FILE}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-9d0756f48f",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/37d08757-631b-49ad-9cea-f4b2bff4bfb9",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:19:48Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "sast-unicode-check",
                    "tekton.dev/task": "sast-unicode-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-compo74c9db29e9ad9f69b84231fd84c2a90e-sast-unicode-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "40320",
                "uid": "37d08757-631b-49ad-9cea-f4b2bff4bfb9"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-unicode-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.4@sha256:d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-4942403eef"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:20:46Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:20:46Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-compo74c9db29e9ad9f65dd06fc23b2a8755ca782044515f76f7-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        "entryPoint": "sast-unicode-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:20:09+00:00\",\"note\":\"Task sast-unicode-check success: No finding was detected\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:19:50Z",
                "steps": [
                    {
                        "container": "step-sast-unicode-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-unicode-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://a317023f4c50b389fef46afab94ac977a9b2362dce95043611c71a16b1465110",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:09Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:20:09+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:07Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://997b42aca588a4deed6f29954993a4b48b3650fcdbeb3b9edf31533c47c3df82",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:11Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:20:09+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:10Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for non-printable unicode characters in all text files.",
                    "params": [
                        {
                            "description": "Image digest used for ORAS upload.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL used for ORAS upload.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "-p bidi -v -d -t",
                            "description": "arguments for find-unicode-control command.",
                            "name": "FIND_UNICODE_CONTROL_ARGS",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (defaults to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "FIND_UNICODE_CONTROL_ARGS",
                                    "value": "-p bidi -v -d -t"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "SOURCE_CODE_DIR",
                                    "value": "/workspace/workspace"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-unicode-check",
                            "script": "#!/usr/bin/env bash\nset -exuo pipefail\n\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSCAN_PROP=\"https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58\"\nFUC_EXIT_CODE=0\n\n# shellcheck disable=SC2086\nLANG=en_US.utf8 find_unicode_control.py ${FIND_UNICODE_CONTROL_ARGS} \"${SOURCE_CODE_DIR}/source\" \\\n    \u003eraw_sast_unicode_check_out.txt \\\n    2\u003eraw_sast_unicode_check_out.log \\\n    || FUC_EXIT_CODE=$?\nif [[ \"${FUC_EXIT_CODE}\" -ne 0 ]] \u0026\u0026 [[ \"${FUC_EXIT_CODE}\" -ne 1 ]]; then\n    echo \"Failed to run find-unicode-control command\" \u003e\u00262\n    cat raw_sast_unicode_check_out.log\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Translate the output format\nif ! sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\\1: warning:\\2|' -e 's|^|Error: UNICONTROL_WARNING:\\n|'; then\n    echo \"Error: failed to translate the unicontrol output format\" \u003e\u00262\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Process all results as configured with CSGERP_OPTS\nCSGERP_OPTS=(\n    --mode=json\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"${SCAN_PROP}\"\n    --strip-path-prefix=\"${SOURCE_CODE_DIR}\"/source/\n)\n# In order to generate csdiff/v1, we need to add the whole path of the source code as\n# sast-unicode-check only provides an URI to embed the context\nif ! csgrep \"${CSGERP_OPTS[@]}\" raw_sast_unicode_check_out.txt \u003e processed_sast_unicode_check_out.json 2\u003e processed_sast_unicode_check_out.err; then\n    echo \"Error occurred while running csgrep with CSGERP_OPTS:\"\n    cat processed_sast_unicode_check_out.err\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\ncsgrep --mode=evtstat processed_sast_unicode_check_out.json\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\n# If KFP clone failed, use the unfiltered results\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # Build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    # Append --record-excluded option if RECORD_EXCLUDED is true\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" processed_sast_unicode_check_out.json \u003e sast_unicode_check_out.json 2\u003e sast_unicode_check_out.error\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n        mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\n    else\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\n# Generate sarif report\ncsgrep --mode=sarif sast_unicode_check_out.json \u003e sast_unicode_check_out.sarif\nif [[ \"${FUC_EXIT_CODE}\" -eq 0 ]]; then\n    note=\"Task sast-unicode-check success: No finding was detected\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelif [[ \"${FUC_EXIT_CODE}\" -eq 1 ]] \u0026\u0026 [[ ! -s  sast_unicode_check_out.sarif ]]; then\n    note=\"Task sast-unicode-check success: Some findings were detected, but filtered by known false positive\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n    echo \"sast-unicode-check test failed because of the following issues:\"\n    cat sast_unicode_check_out.json\n    TEST_OUTPUT=\n    parse_test_output \"sast-unicode-check\" sarif sast_unicode_check_out.sarif  || true\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url param provided. Skipping upload.'\n  exit 0;\nfi\n\nUPLOAD_FILES=\"sast_unicode_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n\n    if [ \"${UPLOAD_FILE}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-177c6218cd",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/0d2e4d83-645d-4f2a-aa43-fcd260aec1fc",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:59:43Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "sast-unicode-check",
                    "tekton.dev/task": "sast-unicode-check",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-compo9c4dbda3de630b75da3c266631df42cc-sast-unicode-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "20799",
                "uid": "0d2e4d83-645d-4f2a-aa43-fcd260aec1fc"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-unicode-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.4@sha256:d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-5be0da5124"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:00:19Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:00:19Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-compo9c4dbda3de630b7819f25c0562b7502d7896b59928f5c62-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        "entryPoint": "sast-unicode-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:00:15+00:00\",\"note\":\"Task sast-unicode-check success: No finding was detected\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T15:59:45Z",
                "steps": [
                    {
                        "container": "step-sast-unicode-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-unicode-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d1cf1eafe7cdc8c261ac9a5b7d2113680114790760802effa46f3a277ae6f634",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:15Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:00:15+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:14Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://c066d71b9b304a2ee606d44c29c87d0b0ec38e3805d9d8b5eb8075a95c1ed5b9",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:18Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:00:15+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:16Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for non-printable unicode characters in all text files.",
                    "params": [
                        {
                            "description": "Image digest used for ORAS upload.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL used for ORAS upload.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "-p bidi -v -d -t",
                            "description": "arguments for find-unicode-control command.",
                            "name": "FIND_UNICODE_CONTROL_ARGS",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (defaults to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "FIND_UNICODE_CONTROL_ARGS",
                                    "value": "-p bidi -v -d -t"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "SOURCE_CODE_DIR",
                                    "value": "/workspace/workspace"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-unicode-check",
                            "script": "#!/usr/bin/env bash\nset -exuo pipefail\n\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSCAN_PROP=\"https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58\"\nFUC_EXIT_CODE=0\n\n# shellcheck disable=SC2086\nLANG=en_US.utf8 find_unicode_control.py ${FIND_UNICODE_CONTROL_ARGS} \"${SOURCE_CODE_DIR}/source\" \\\n    \u003eraw_sast_unicode_check_out.txt \\\n    2\u003eraw_sast_unicode_check_out.log \\\n    || FUC_EXIT_CODE=$?\nif [[ \"${FUC_EXIT_CODE}\" -ne 0 ]] \u0026\u0026 [[ \"${FUC_EXIT_CODE}\" -ne 1 ]]; then\n    echo \"Failed to run find-unicode-control command\" \u003e\u00262\n    cat raw_sast_unicode_check_out.log\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Translate the output format\nif ! sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\\1: warning:\\2|' -e 's|^|Error: UNICONTROL_WARNING:\\n|'; then\n    echo \"Error: failed to translate the unicontrol output format\" \u003e\u00262\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Process all results as configured with CSGERP_OPTS\nCSGERP_OPTS=(\n    --mode=json\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"${SCAN_PROP}\"\n    --strip-path-prefix=\"${SOURCE_CODE_DIR}\"/source/\n)\n# In order to generate csdiff/v1, we need to add the whole path of the source code as\n# sast-unicode-check only provides an URI to embed the context\nif ! csgrep \"${CSGERP_OPTS[@]}\" raw_sast_unicode_check_out.txt \u003e processed_sast_unicode_check_out.json 2\u003e processed_sast_unicode_check_out.err; then\n    echo \"Error occurred while running csgrep with CSGERP_OPTS:\"\n    cat processed_sast_unicode_check_out.err\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\ncsgrep --mode=evtstat processed_sast_unicode_check_out.json\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\n# If KFP clone failed, use the unfiltered results\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # Build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    # Append --record-excluded option if RECORD_EXCLUDED is true\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" processed_sast_unicode_check_out.json \u003e sast_unicode_check_out.json 2\u003e sast_unicode_check_out.error\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n        mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\n    else\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\n# Generate sarif report\ncsgrep --mode=sarif sast_unicode_check_out.json \u003e sast_unicode_check_out.sarif\nif [[ \"${FUC_EXIT_CODE}\" -eq 0 ]]; then\n    note=\"Task sast-unicode-check success: No finding was detected\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelif [[ \"${FUC_EXIT_CODE}\" -eq 1 ]] \u0026\u0026 [[ ! -s  sast_unicode_check_out.sarif ]]; then\n    note=\"Task sast-unicode-check success: Some findings were detected, but filtered by known false positive\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n    echo \"sast-unicode-check test failed because of the following issues:\"\n    cat sast_unicode_check_out.json\n    TEST_OUTPUT=\n    parse_test_output \"sast-unicode-check\" sarif sast_unicode_check_out.sarif  || true\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url param provided. Skipping upload.'\n  exit 0;\nfi\n\nUPLOAD_FILES=\"sast_unicode_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n\n    if [ \"${UPLOAD_FILE}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/e71fa933-d59f-4970-aa18-0aaadb9afd72",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:12:47Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "apply-tags",
                    "tekton.dev/task": "apply-tags",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-29jvp-apply-tags",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "35153",
                "uid": "e71fa933-d59f-4970-aa18-0aaadb9afd72"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "apply-tags"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:13:55Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:13:55Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-pull-request-29jvp-apply-tags-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        "entryPoint": "apply-tags",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-apply-tags"
                    }
                },
                "startTime": "2026-07-01T16:12:50Z",
                "steps": [
                    {
                        "container": "step-apply-additional-tags",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                        "name": "apply-additional-tags",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://88a0049002e4cea162739deafe7917e8fb3ab79508569af11f3a1edc31c0c485",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:13:20Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:13:19Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Applies additional tags to the built image.",
                    "params": [
                        {
                            "description": "Image repository and tag reference of the the built image.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest of the built image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional tags that will be applied to the image in the registry.",
                            "name": "ADDITIONAL_TAGS",
                            "type": "array"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                                "--digest",
                                "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5",
                                "--tags",
                                "--tags-from-image-label",
                                "konflux.additional-tags"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "apply-tags"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                            "name": "apply-additional-tags"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-cc0121c13a",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/59e41543-d9f9-4035-9daa-47bba61d1123",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:08:53Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "build-container",
                    "tekton.dev/task": "buildah",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-29jvp-build-container",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "32342",
                "uid": "59e41543-d9f9-4035-9daa-47bba61d1123"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    },
                    {
                        "name": "DOCKERFILE",
                        "value": "docker/Dockerfile"
                    },
                    {
                        "name": "CONTEXT",
                        "value": "python-component"
                    },
                    {
                        "name": "HERMETIC",
                        "value": "false"
                    },
                    {
                        "name": "PREFETCH_INPUT",
                        "value": ""
                    },
                    {
                        "name": "IMAGE_EXPIRES_AFTER",
                        "value": "5d"
                    },
                    {
                        "name": "COMMIT_SHA",
                        "value": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    },
                    {
                        "name": "BUILD_ARGS",
                        "value": []
                    },
                    {
                        "name": "BUILD_ARGS_FILE",
                        "value": ""
                    },
                    {
                        "name": "PRIVILEGED_NESTED",
                        "value": "false"
                    },
                    {
                        "name": "SOURCE_URL",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    },
                    {
                        "name": "BUILDAH_FORMAT",
                        "value": "docker"
                    },
                    {
                        "name": "HTTP_PROXY",
                        "value": ""
                    },
                    {
                        "name": "NO_PROXY",
                        "value": ""
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "buildah"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:b68244eb0d68eff71861384ae73f5e93b11fd3da77a0381f14fb52604310d8c5"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "source",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-626b0c735f"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:12:24Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:12:24Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-bc4daddc526a8572d9c18e56769d3aa2-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "b68244eb0d68eff71861384ae73f5e93b11fd3da77a0381f14fb52604310d8c5"
                        },
                        "entryPoint": "buildah",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-buildah"
                    }
                },
                "results": [
                    {
                        "name": "IMAGE_DIGEST",
                        "type": "string",
                        "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                    },
                    {
                        "name": "IMAGE_REF",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa@sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                    },
                    {
                        "name": "IMAGE_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    },
                    {
                        "name": "SBOM_BLOB_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:bd7d243593d38bb78a4e62d6989e3ba1f6bbd90c2b4be9001759244688fff4d6"
                    }
                ],
                "startTime": "2026-07-01T16:08:53Z",
                "steps": [
                    {
                        "container": "step-build",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "build",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://df2321b89dfa39ac7f856508fbb0fbb658cb14618453620edf5a13d570ca25eb",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:09:47Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:09:01Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-push",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "push",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://4aa0c7c03101f8e20cb1c16354d81e2f951beaa45ffa69cc0630d5e4681a3c04",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:10:38Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa@sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:09:48Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-sbom-syft-generate",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "sbom-syft-generate",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://79e98af4718468f875fb4490aa499ebfa6a281545d17b079a67d121b138f33e7",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:11:09Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa@sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:10:38Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-prepare-sboms",
                        "imageID": "quay.io/konflux-ci/mobster@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                        "name": "prepare-sboms",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://05ed66dc52728266620cc9074208e6dc1517a73f46c45dbd88cc8df99c76a307",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:11:40Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa@sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:11:10Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload-sbom",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "upload-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://9e37ab2dded4ad05b3d9db0b0ac2e3c6f1492ca2f54292f2d8768e9dc7eef4a5",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:23Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa@sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"type\":1},{\"key\":\"SBOM_BLOB_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:bd7d243593d38bb78a4e62d6989e3ba1f6bbd90c2b4be9001759244688fff4d6\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:11:40Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Buildah task builds source code into a container image and pushes the image into container registry using buildah tool.\nIn addition, it generates a SBOM file, injects the SBOM file into final container image and pushes the SBOM file as separate image using cosign tool.\nWhen prefetch-dependencies task is activated it is using its artifacts to run build in hermetic environment.",
                    "params": [
                        {
                            "description": "Reference of the image buildah will produce.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "default": "./Dockerfile",
                            "description": "Path to the Dockerfile to build.",
                            "name": "DOCKERFILE",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Path to the directory to use as context.",
                            "name": "CONTEXT",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)",
                            "name": "TLSVERIFY",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Determines if build will be executed without network access.",
                            "name": "HERMETIC",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "In case it is not empty, the prefetched content should be made available to the build.",
                            "name": "PREFETCH_INPUT",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Delete image tag after specified time. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.",
                            "name": "IMAGE_EXPIRES_AFTER",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The image is built from this commit.",
                            "name": "COMMIT_SHA",
                            "type": "string"
                        },
                        {
                            "default": "repos.d",
                            "description": "Path in the git repository in which yum repository files are stored",
                            "name": "YUM_REPOS_D_SRC",
                            "type": "string"
                        },
                        {
                            "default": "fetched.repos.d",
                            "description": "Path in source workspace where dynamically-fetched repos are present",
                            "name": "YUM_REPOS_D_FETCHED",
                            "type": "string"
                        },
                        {
                            "default": "/etc/yum.repos.d",
                            "description": "Target path on the container in which yum repository files should be made available",
                            "name": "YUM_REPOS_D_TARGET",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Target stage in Dockerfile to build. If not specified, the Dockerfile is processed entirely to (and including) its last stage.",
                            "name": "TARGET_STAGE",
                            "type": "string"
                        },
                        {
                            "default": "etc-pki-entitlement",
                            "description": "Name of secret which contains the entitlement certificates",
                            "name": "ENTITLEMENT_SECRET",
                            "type": "string"
                        },
                        {
                            "default": "activation-key",
                            "description": "Name of secret which contains subscription activation key",
                            "name": "ACTIVATION_KEY",
                            "type": "string"
                        },
                        {
                            "default": "does-not-exist",
                            "description": "Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET",
                            "name": "ADDITIONAL_SECRET",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Array of --build-arg values (\"arg=value\" strings)",
                            "name": "BUILD_ARGS",
                            "type": "array"
                        },
                        {
                            "default": [],
                            "description": "Array of --env values (\"env=value\" strings)",
                            "name": "ENV_VARS",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file",
                            "name": "BUILD_ARGS_FILE",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to keep compatibility location at /root/buildinfo/ for ICM injection",
                            "name": "ICM_KEEP_COMPAT_LOCATION",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma separated list of extra capabilities to add when running 'buildah build'",
                            "name": "ADD_CAPABILITIES",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Squash all new and previous layers added as a part of this build, as per --squash",
                            "name": "SQUASH",
                            "type": "string"
                        },
                        {
                            "default": "overlay",
                            "description": "Storage driver to configure for buildah",
                            "name": "STORAGE_DRIVER",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to skip stages in Containerfile that seem unused by subsequent stages",
                            "name": "SKIP_UNUSED_STAGES",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional key=value labels that should be applied to the image",
                            "name": "LABELS",
                            "type": "array"
                        },
                        {
                            "default": [],
                            "description": "Additional key=value annotations that should be applied to the image",
                            "name": "ANNOTATIONS",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Path to a file with additional key=value annotations that should be applied to the image",
                            "name": "ANNOTATIONS_FILE",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to enable privileged mode, should be used only with remote VMs",
                            "name": "PRIVILEGED_NESTED",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Skip SBOM-related operations. This will likely cause EC policies to fail if enabled",
                            "name": "SKIP_SBOM_GENERATION",
                            "type": "string"
                        },
                        {
                            "default": "spdx",
                            "description": "Select the SBOM format to generate. Valid values: spdx, cyclonedx. Note: the SBOM from the prefetch task - if there is one - must be in the same format.",
                            "name": "SBOM_TYPE",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Extra option to customize Syft's default catalogers when generating SBOMs. The value corresponds to Syft's CLI flag --select-catalogers. The details about available catalogers can be found here: https://github.com/anchore/syft/wiki/Package-Cataloger-Selection",
                            "name": "SBOM_SYFT_SELECT_CATALOGERS",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Flag to enable or disable SBOM generation from source code. The scanner of the source code is enabled only for non-hermetic builds and can be disabled if the SBOM_SYFT_SELECT_CATALOGERS can't turn off catalogers that cause false positives on source code scanning.",
                            "name": "SBOM_SOURCE_SCAN_ENABLED",
                            "type": "string"
                        },
                        {
                            "default": "oci",
                            "description": "The format for the resulting image's mediaType. Valid values are oci (default) or docker.",
                            "name": "BUILDAH_FORMAT",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional base image references to include to the SBOM. Array of image_reference_with_digest strings",
                            "name": "ADDITIONAL_BASE_IMAGES",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Mount the current working directory into the build using --volume $PWD:/$WORKINGDIR_MOUNT. Note that the $PWD will be the context directory for the build (see the CONTEXT param).",
                            "name": "WORKINGDIR_MOUNT",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Determines if the image inherits the base image labels.",
                            "name": "INHERIT_BASE_IMAGE_LABELS",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTP/HTTPS proxy to use for the buildah pull and build operations. Will not be passed through to the container during the build process.",
                            "name": "HTTP_PROXY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma separated list of hosts or domains which should bypass the HTTP/HTTPS proxy.",
                            "name": "NO_PROXY",
                            "type": "string"
                        },
                        {
                            "default": "caching-ca-bundle",
                            "description": "The name of the ConfigMap to read proxy CA bundle data from.",
                            "name": "PROXY_CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the proxy CA bundle data.",
                            "name": "PROXY_CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Defines the single build time for all buildah builds in seconds since UNIX epoch. Conflicts with SOURCE_DATE_EPOCH.",
                            "name": "BUILD_TIMESTAMP",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The image is built from this URL.",
                            "name": "SOURCE_URL",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Determines if SBOM will be contextualized.",
                            "name": "CONTEXTUALIZE_SBOM",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Flag to enable or disable SBOM validation before save. Validation is optional - use this if you are experiencing performance issues.",
                            "name": "SBOM_SKIP_VALIDATION",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Omit build history information from the resulting image. Improves reproducibility by excluding timestamps and layer metadata.",
                            "name": "OMIT_HISTORY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Timestamp in seconds since Unix epoch for reproducible builds. Sets image created time and SOURCE_DATE_EPOCH build arg. Conflicts with BUILD_TIMESTAMP.",
                            "name": "SOURCE_DATE_EPOCH",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Clamp mtime of all files to at most SOURCE_DATE_EPOCH. Does nothing if SOURCE_DATE_EPOCH is not defined.",
                            "name": "REWRITE_TIMESTAMP",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Don't inject a content-sets.json or a labels.json file. This requires that the canonical Containerfile takes care of this itself.",
                            "name": "SKIP_INJECTIONS",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest of the image just built",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "description": "Image repository and tag where the built image was pushed",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image reference of the built image",
                            "name": "IMAGE_REF",
                            "type": "string"
                        },
                        {
                            "description": "Reference of SBOM blob digest to enable digest-based verification from provenance",
                            "name": "SBOM_BLOB_URL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {
                            "limits": {
                                "memory": "4Gi"
                            },
                            "requests": {
                                "cpu": "1",
                                "memory": "4Gi"
                            }
                        },
                        "env": [
                            {
                                "name": "STORAGE_DRIVER",
                                "value": "overlay"
                            },
                            {
                                "name": "HERMETIC",
                                "value": "false"
                            },
                            {
                                "name": "SOURCE_CODE_DIR",
                                "value": "source"
                            },
                            {
                                "name": "CONTEXT",
                                "value": "python-component"
                            },
                            {
                                "name": "IMAGE",
                                "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                            },
                            {
                                "name": "TLSVERIFY",
                                "value": "true"
                            },
                            {
                                "name": "IMAGE_EXPIRES_AFTER",
                                "value": "5d"
                            },
                            {
                                "name": "YUM_REPOS_D_SRC",
                                "value": "repos.d"
                            },
                            {
                                "name": "YUM_REPOS_D_FETCHED",
                                "value": "fetched.repos.d"
                            },
                            {
                                "name": "YUM_REPOS_D_TARGET",
                                "value": "/etc/yum.repos.d"
                            },
                            {
                                "name": "TARGET_STAGE"
                            },
                            {
                                "name": "ENTITLEMENT_SECRET",
                                "value": "etc-pki-entitlement"
                            },
                            {
                                "name": "ACTIVATION_KEY",
                                "value": "activation-key"
                            },
                            {
                                "name": "ADDITIONAL_SECRET",
                                "value": "does-not-exist"
                            },
                            {
                                "name": "BUILD_ARGS_FILE"
                            },
                            {
                                "name": "ADD_CAPABILITIES"
                            },
                            {
                                "name": "SQUASH",
                                "value": "false"
                            },
                            {
                                "name": "SKIP_UNUSED_STAGES",
                                "value": "true"
                            },
                            {
                                "name": "PRIVILEGED_NESTED",
                                "value": "false"
                            },
                            {
                                "name": "SKIP_SBOM_GENERATION",
                                "value": "false"
                            },
                            {
                                "name": "SBOM_TYPE",
                                "value": "spdx"
                            },
                            {
                                "name": "SBOM_SYFT_SELECT_CATALOGERS"
                            },
                            {
                                "name": "SBOM_SOURCE_SCAN_ENABLED",
                                "value": "true"
                            },
                            {
                                "name": "ANNOTATIONS_FILE"
                            },
                            {
                                "name": "WORKINGDIR_MOUNT"
                            },
                            {
                                "name": "INHERIT_BASE_IMAGE_LABELS",
                                "value": "true"
                            },
                            {
                                "name": "BUILD_TIMESTAMP"
                            },
                            {
                                "name": "CONTEXTUALIZE_SBOM",
                                "value": "true"
                            },
                            {
                                "name": "SBOM_SKIP_VALIDATION",
                                "value": "true"
                            },
                            {
                                "name": "SKIP_INJECTIONS",
                                "value": "false"
                            }
                        ],
                        "imagePullPolicy": "IfNotPresent",
                        "volumeMounts": [
                            {
                                "mountPath": "/shared",
                                "name": "shared"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--build-args",
                                "--env",
                                "--labels",
                                "--annotations"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "4600m",
                                    "memory": "8Gi"
                                },
                                "requests": {
                                    "cpu": "4600m",
                                    "memory": "8Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/root"
                                },
                                {
                                    "name": "COMMIT_SHA",
                                    "value": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                },
                                {
                                    "name": "SOURCE_URL",
                                    "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                                },
                                {
                                    "name": "DOCKERFILE",
                                    "value": "docker/Dockerfile"
                                },
                                {
                                    "name": "BUILDAH_HTTP_PROXY"
                                },
                                {
                                    "name": "BUILDAH_NO_PROXY"
                                },
                                {
                                    "name": "ICM_KEEP_COMPAT_LOCATION",
                                    "value": "true"
                                },
                                {
                                    "name": "BUILDAH_OMIT_HISTORY",
                                    "value": "false"
                                },
                                {
                                    "name": "BUILDAH_SOURCE_DATE_EPOCH"
                                },
                                {
                                    "name": "BUILDAH_REWRITE_TIMESTAMP",
                                    "value": "false"
                                }
                            ],
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "build",
                            "script": "#!/bin/bash\nset -euo pipefail\n\nfunction set_proxy {\n  if [ -n \"${BUILDAH_HTTP_PROXY}\" ]; then\n    echo \"[$(date --utc -Ins)] Setting proxy to ${BUILDAH_HTTP_PROXY}\"\n    export HTTP_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    export HTTPS_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    export ALL_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    if [ -n \"${BUILDAH_NO_PROXY}\" ]; then\n      echo \"[$(date --utc -Ins)] Bypassing proxy for ${BUILDAH_NO_PROXY}\"\n      export NO_PROXY=\"${BUILDAH_NO_PROXY}\"\n    fi\n  fi\n}\n\nfunction unset_proxy {\n  echo \"[$(date --utc -Ins)] Unsetting proxy\"\n  unset HTTP_PROXY HTTPS_PROXY ALL_PROXY NO_PROXY\n}\n\necho \"[$(date --utc -Ins)] Validate context path\"\n\nif [ -z \"$CONTEXT\" ]; then\n  echo \"WARNING: CONTEXT is empty. Defaulting to '.' (the source directory).\" \u003e\u00262\n  CONTEXT=\".\"\nfi\n\nsource_dir_path=$(realpath \"$SOURCE_CODE_DIR\")\ncontext_dir_path=$(realpath \"$SOURCE_CODE_DIR/$CONTEXT\")\n\ncase \"$context_dir_path\" in\n  \"$source_dir_path\" | \"$source_dir_path/\"*)\n    # path is valid, do nothing\n    ;;\n  *)\n    echo \"ERROR: The CONTEXT parameter ('$CONTEXT') is invalid because it escapes the source directory.\" \u003e\u00262\n    echo \"Source path: $source_dir_path\" \u003e\u00262\n    echo \"Resolved path: $context_dir_path\" \u003e\u00262\n    exit 1\n    ;;\nesac\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nproxy_ca_bundle=/mnt/proxy-ca-bundle/ca-bundle.crt\nupdate_ca_trust=false\n\nif [ -f \"$ca_bundle\" ]; then\n  echo \"[$(date --utc -Ins)] Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors/ca-bundle.crt\n  update_ca_trust=true\nfi\n\nif [ -f \"$proxy_ca_bundle\" ] \u0026\u0026 [ -n \"${BUILDAH_HTTP_PROXY}\" ]; then\n  echo \"[$(date --utc -Ins)] Using mounted proxy CA bundle: $proxy_ca_bundle\"\n  cp -vf $proxy_ca_bundle /etc/pki/ca-trust/source/anchors/proxy-ca-bundle.crt\n  update_ca_trust=true\nfi\n\nif [ \"$update_ca_trust\" = \"true\" ]; then\n  update-ca-trust\nfi\n\necho \"[$(date --utc -Ins)] Prepare Dockerfile\"\n\nif [ -e \"$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE\" ]; then\n  dockerfile_path=\"$(pwd)/$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE\"\nelif [ -e \"$SOURCE_CODE_DIR/$DOCKERFILE\" ]; then\n  dockerfile_path=\"$(pwd)/$SOURCE_CODE_DIR/$DOCKERFILE\"\nelif [ -e \"$DOCKERFILE\" ]; then\n  # Instrumented builds (SAST) use this custom dockerfile step as their base\n  dockerfile_path=\"$DOCKERFILE\"\nelse\n  echo \"Cannot find Dockerfile $DOCKERFILE\"\n  exit 1\nfi\n\ndockerfile_copy=$(mktemp --tmpdir \"$(basename \"$dockerfile_path\").XXXXXX\")\ncp \"$dockerfile_path\" \"$dockerfile_copy\"\n\n# Inject the image content manifest into the container we are producing.\n# This will generate the content-sets.json file and copy it by appending a COPY\n# instruction to the Containerfile.\nicm_opts=()\nif [ \"${ICM_KEEP_COMPAT_LOCATION}\" = \"true\" ]; then\n  icm_opts+=(-c)\nfi\nif [ \"${SKIP_INJECTIONS}\" = \"false\" ]; then\n  inject-icm-to-containerfile \"${icm_opts[@]}\" \"$dockerfile_copy\" \"/var/workdir/cachi2/output/bom.json\" \"$SOURCE_CODE_DIR/$CONTEXT\"\nfi\n\necho \"[$(date --utc -Ins)] Prepare system (architecture: $(uname -m))\"\n\n# Fixing group permission on /var/lib/containers\nchown root:root /var/lib/containers\n\nsed -i 's/^\\s*short-name-mode\\s*=\\s*.*/short-name-mode = \"disabled\"/' /etc/containers/registries.conf\n\n# Setting new namespace to run buildah - 2^32-2\necho 'root:1:4294967294' | tee -a /etc/subuid \u003e\u003e /etc/subgid\n\nbuild_args=()\nenv_vars=()\n\nLABELS=()\nANNOTATIONS=()\n# Append any annotations from the specified file\nif [ -n \"${ANNOTATIONS_FILE}\" ] \u0026\u0026 [ -f \"${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\" ]; then\n  echo \"Reading annotations from file: ${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\"\n  while IFS= read -r line || [[ -n \"$line\" ]]; do\n    # Skip empty lines and comments\n    if [[ -n \"$line\" \u0026\u0026 ! \"$line\" =~ ^[[:space:]]*# ]]; then\n      ANNOTATIONS+=(\"--annotation\" \"$line\")\n    fi\n  done \u003c \"${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\"\nfi\n\n# Split `args` into two sets of arguments.\nwhile [[ $# -gt 0 ]]; do\n    case $1 in\n        --build-args)\n            shift\n            # Note: this may result in multiple --build-arg=KEY=value flags with the same KEY being\n            # passed to buildah. In that case, the *last* occurrence takes precedence. This is why\n            # we append BUILD_ARGS after the content of the BUILD_ARGS_FILE\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do build_args+=(\"$1\"); shift; done\n            ;;\n        --env)\n            shift\n            # Collect env entries of the form KEY=value\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do env_vars+=(\"$1\"); shift; done\n            ;;\n        --labels)\n            shift\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do LABELS+=(\"--label\" \"$1\"); shift; done\n            ;;\n        --annotations)\n            shift\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do ANNOTATIONS+=(\"--annotation\" \"$1\"); shift; done\n            ;;\n        *)\n            echo \"unexpected argument: $1\" \u003e\u00262\n            exit 2\n            ;;\n    esac\ndone\n\nBUILD_ARG_FLAGS=()\nfor build_arg in \"${build_args[@]}\"; do\n  BUILD_ARG_FLAGS+=(\"--build-arg=$build_arg\")\ndone\n\nENV_FLAGS=()\nfor env_var in \"${env_vars[@]}\"; do\n  ENV_FLAGS+=(\"--env=$env_var\")\ndone\n\nDOCKERFILE_ARG_FLAGS=()\nDOCKERFILE_ARG_FLAGS+=(\"${BUILD_ARG_FLAGS[@]}\")\nDOCKERFILE_ARG_FLAGS+=(\"${ENV_FLAGS[@]}\")\n\nif [ -n \"${BUILD_ARGS_FILE}\" ]; then\n  DOCKERFILE_ARG_FLAGS+=(\"--build-arg-file=${SOURCE_CODE_DIR}/${BUILD_ARGS_FILE}\")\nfi\n\ndockerfile-json \"${DOCKERFILE_ARG_FLAGS[@]}\" \"$dockerfile_copy\" \u003e /shared/parsed_dockerfile.json\nBASE_IMAGES=$(\n    jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName | select(test(\"^oci-archive:\") | not)' /shared/parsed_dockerfile.json |\n      tr -d '\"' |\n      tr -d \"'\"\n)\n\nBUILDAH_ARGS=()\nUNSHARE_ARGS=()\n\nif [ \"${HERMETIC}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--pull=never\")\n  UNSHARE_ARGS+=(\"--net\")\n  buildah_retries=3\n\n  set_proxy\n\n  for image in $BASE_IMAGES; do\n    if ! retry unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 --mount -- buildah pull --retry \"$buildah_retries\" \"$image\"\n    then\n      echo \"Failed to pull base image ${image}\"\n      exit 1\n    fi\n  done\n\n  unset_proxy\n\n  echo \"Build will be executed with network isolation\"\nfi\n\nif [ -n \"${TARGET_STAGE}\" ]; then\n  BUILDAH_ARGS+=(\"--target=${TARGET_STAGE}\")\nfi\n\nBUILDAH_ARGS+=(\"${BUILD_ARG_FLAGS[@]}\")\nBUILDAH_ARGS+=(\"${ENV_FLAGS[@]}\")\n\nif [ -n \"${BUILD_ARGS_FILE}\" ]; then\n  BUILDAH_ARGS+=(\"--build-arg-file=$(realpath \"${SOURCE_CODE_DIR}/${BUILD_ARGS_FILE}\")\")\nfi\n\n# Necessary for newer version of buildah if the host system does not contain up to date version of container-selinux\n# TODO remove the option once all hosts were updated\nBUILDAH_ARGS+=(\"--security-opt=unmask=/proc/interrupts\")\n\nif [ \"${PRIVILEGED_NESTED}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--security-opt=label=disable\")\n  BUILDAH_ARGS+=(\"--cap-add=all\")\n  BUILDAH_ARGS+=(\"--device=/dev/fuse\")\nfi\n\nif [ -n \"${ADD_CAPABILITIES}\" ]; then\n  BUILDAH_ARGS+=(\"--cap-add=${ADD_CAPABILITIES}\")\nfi\n\nif [ \"${SQUASH}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--squash\")\nfi\n\nif [ \"${SKIP_UNUSED_STAGES}\" != \"true\" ] ; then\n  BUILDAH_ARGS+=(\"--skip-unused-stages=false\")\nfi\n\nif [ \"${INHERIT_BASE_IMAGE_LABELS}\" != \"true\" ] ; then\n  BUILDAH_ARGS+=(\"--inherit-labels=false\")\nfi\n\nif [ -n \"${BUILDAH_SOURCE_DATE_EPOCH}\" ]; then\n  BUILDAH_ARGS+=(\"--source-date-epoch=${BUILDAH_SOURCE_DATE_EPOCH}\")\n  if [ \"${BUILDAH_REWRITE_TIMESTAMP}\" = \"true\" ]; then\n    BUILDAH_ARGS+=(\"--rewrite-timestamp\")\n  fi\n  if [ -n \"$BUILD_TIMESTAMP\" ]; then\n    echo \"ERROR: cannot use both BUILD_TIMESTAMP and SOURCE_DATE_EPOCH\"\n    exit 1\n  fi\n  # but do set it so that we get all the labels/annotations associated with it\n  BUILD_TIMESTAMP=\"$BUILDAH_SOURCE_DATE_EPOCH\"\nfi\n\nif [ \"${BUILDAH_OMIT_HISTORY}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--omit-history\")\nfi\n\nVOLUME_MOUNTS=()\n\necho \"[$(date --utc -Ins)] Setup prefetched\"\n\nif [ -f \"/workspace/source/cachi2/cachi2.env\" ]; then\n  # Identify the current arch to filter the prefetched content\n  PREFETCH_ARCH=\"$(uname -m)\"\n  echo \"$PREFETCH_ARCH\" \u003e /shared/prefetch-arch\n\n  echo \"Prefetched content will be made available\"\n\n  cp -r \"/workspace/source/cachi2\" /tmp/\n  chmod -R go+rwX /tmp/cachi2\n\n  # In case RPMs were prefetched and this is a multi-arch build,\n  # clean up the packages that do not match the architecture being built\n  RPM_PREFETCH_DIR=\"/tmp/cachi2/output/deps/rpm\"\n  if [ -d \"$RPM_PREFETCH_DIR\" ] \u0026\u0026 [ \"$(find $RPM_PREFETCH_DIR | wc -l)\" -gt 1 ]; then\n    echo \"Removing prefetched RPMs from non-matching architectures\"\n    PREFETCH_ARCH=\"$(uname -m)\"\n    for path in \"$RPM_PREFETCH_DIR\"/*; do\n      if [ \"$(basename \"$path\")\" != \"$PREFETCH_ARCH\" ]; then\n        echo \"Removing: $path\"\n        rm -rf \"$path\"\n      else\n        echo \"Keeping: $path\"\n      fi\n    done\n  fi\n\n  VOLUME_MOUNTS+=(--volume /tmp/cachi2:/cachi2)\n  # Read in the whole file (https://unix.stackexchange.com/questions/533277), then\n  # for each RUN ... line insert the cachi2.env command *after* any options like --mount\n  sed -E -i \\\n      -e 'H;1h;$!d;x' \\\n      -e 's@^\\s*(run((\\s|\\\\\\n)+-\\S+)*(\\s|\\\\\\n)+)@\\1. /cachi2/cachi2.env \\\u0026\\\u0026 \\\\\\n    @igM' \\\n      \"$dockerfile_copy\"\n\n  prefetched_repo_for_my_arch=\"/tmp/cachi2/output/deps/rpm/$(uname -m)/repos.d/cachi2.repo\"\n  if [ -f \"$prefetched_repo_for_my_arch\" ]; then\n    echo \"Adding $prefetched_repo_for_my_arch to $YUM_REPOS_D_FETCHED\"\n    mkdir -p \"$YUM_REPOS_D_FETCHED\"\n    if [ ! -f \"${YUM_REPOS_D_FETCHED}/cachi2.repo\" ]; then\n      cp \"$prefetched_repo_for_my_arch\" \"$YUM_REPOS_D_FETCHED\"\n    fi\n  fi\nfi\n\n# if yum repofiles stored in git, copy them to mount point outside the source dir\nif [ -d \"${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}\" ]; then\n  mkdir -p \"${YUM_REPOS_D_FETCHED}\"\n  cp -r \"${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}\"/* \"${YUM_REPOS_D_FETCHED}\"\nfi\n\n# if anything in the repofiles mount point (either fetched or from git), mount it\nif [ -d \"${YUM_REPOS_D_FETCHED}\" ]; then\n  chmod -R go+rwX \"${YUM_REPOS_D_FETCHED}\"\n  mount_point=$(realpath \"${YUM_REPOS_D_FETCHED}\")\n  VOLUME_MOUNTS+=(--volume \"${mount_point}:${YUM_REPOS_D_TARGET}\")\nfi\n\nDEFAULT_LABELS=(\n  \"--label\" \"architecture=$(uname -m)\"\n  \"--label\" \"vcs-type=git\"\n)\nif [ -n \"$COMMIT_SHA\" ]; then\n  DEFAULT_LABELS+=(\"--label\" \"vcs-ref=${COMMIT_SHA}\" \"--label\" \"org.opencontainers.image.revision=${COMMIT_SHA}\")\n  ANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.revision=${COMMIT_SHA}\")\nfi\nif [ -n \"$SOURCE_URL\" ]; then\n  DEFAULT_LABELS+=(\"--label\" \"org.opencontainers.image.source=${SOURCE_URL}\")\n  ANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.source=${SOURCE_URL}\")\nfi\n[ -n \"$IMAGE_EXPIRES_AFTER\" ] \u0026\u0026 DEFAULT_LABELS+=(\"--label\" \"quay.expires-after=$IMAGE_EXPIRES_AFTER\")\n\nBUILD_TIMESTAMP_RFC3339=\"\"\nif [ -n \"$BUILD_TIMESTAMP\" ]; then\n  BUILD_TIMESTAMP_RFC3339=$(date -u -d \"@$BUILD_TIMESTAMP\" +'%Y-%m-%dT%H:%M:%SZ')\nelse\n  BUILD_TIMESTAMP_RFC3339=$(date -u +'%Y-%m-%dT%H:%M:%SZ')\nfi\n\nDEFAULT_LABELS+=(\"--label\" \"build-date=${BUILD_TIMESTAMP_RFC3339}\")\nDEFAULT_LABELS+=(\"--label\" \"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\nANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\n\nlabel_pairs=()\n# If INHERIT_BASE_IMAGE_LABELS is true, get the labels from the final base image only\ntouch base_images_labels.json\nif [[ \"$INHERIT_BASE_IMAGE_LABELS\" == \"true\" ]] \u0026\u0026 [[ -n \"$BASE_IMAGES\" ]]; then\n  FINAL_BASE_IMAGE=$(\n    # Get the base image of the final stage\n    # The final stage can refer to a previous `FROM xxx AS yyy` stage, for example 'FROM bar AS foo; ... ; FROM foo; ...'\n    # Define a function that keeps nesting recursively into the parent stages until it finds the original base image\n    # Run the find_root_stage() function on the final stage\n    # If the final stage is scratch or oci-archive, return empty\n    jq -r '.Stages as $all_stages |\n      def find_root_stage($stage):\n        if $stage.From.Stage then\n          find_root_stage($all_stages[$stage.From.Stage.Index])\n        else\n          $stage\n        end;\n\n        find_root_stage(.Stages[-1]) |\n        if .From.Scratch or (.BaseName | test(\"^oci-archive:\")) then\n          empty\n        else\n          .BaseName\n        end' /shared/parsed_dockerfile.json |\n      tr -d '\"' |\n      tr -d \"'\"\n  )\n  if [[ -n \"$FINAL_BASE_IMAGE\" ]]; then\n    set_proxy\n    buildah pull \"$FINAL_BASE_IMAGE\" \u003e/dev/null` `\n    unset_proxy\n    buildah inspect \"$FINAL_BASE_IMAGE\" | jq '.OCIv1.config.Labels' \u003e\"base_images_labels.json\"\n  fi\nfi\n\n# Concatenate defaults and explicit labels. If a label appears twice, the last one wins.\nLABELS=(\"${DEFAULT_LABELS[@]}\" \"${LABELS[@]}\")\n\n# Get all the default and explicit labels so that they can be written into labels.json\nfor label in \"${LABELS[@]}\"; do\n  if [[ \"$label\" != \"--label\" ]]; then\n    label_pairs+=(\"$label\")\n  fi\ndone\n\n# Labels that we explicitly add to the image\nlabel_pairs+=(\"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\nlabel_pairs+=(\"io.buildah.version=$(buildah version --json | jq -r '.version')\")\n\nwhile IFS= read -r label; do\n  label_pairs+=(\"$label\")\ndone \u003c \u003c(jq -r '.Stages[].Commands[] | select(.Name == \"LABEL\") | .Labels[] | \"\\(.Key)=\\(.Value)\"' /shared/parsed_dockerfile.json | sed 's/\"//g')\n\nprintf '%s\\n' \"${label_pairs[@]}\" | jq -Rn '\n  [ inputs | select(length\u003e0) ]\n| map( split(\"=\") | {(.[0]): (.[1] // \"\")} )\n  | add' \u003e\"image_labels.json\"\n\njq -s '(.[0] // {}) * (.[1] // {})' \"base_images_labels.json\" \"image_labels.json\" \u003e\"$SOURCE_CODE_DIR/$CONTEXT/labels.json\"\n\njq '.' \"$SOURCE_CODE_DIR/$CONTEXT/labels.json\"\n\nif [ \"${SKIP_INJECTIONS}\" = \"false\" ]; then\n  echo \"\" \u003e\u003e\"$dockerfile_copy\"\n  # Always write labels.json to the new standard location\n  echo 'COPY labels.json /usr/share/buildinfo/labels.json' \u003e\u003e\"$dockerfile_copy\"\n  # Conditionally write to the old location for backward compatibility\n  if [ \"${ICM_KEEP_COMPAT_LOCATION}\" = \"true\" ]; then\n    echo 'COPY labels.json /root/buildinfo/labels.json' \u003e\u003e\"$dockerfile_copy\"\n  fi\nfi\n\n# Make sure our labels.json file isn't filtered out\ncontainerignore=\"\"\nif [ -f \"$SOURCE_CODE_DIR/$CONTEXT/.containerignore\" ]; then\n  containerignore=\"$SOURCE_CODE_DIR/$CONTEXT/.containerignore\"\nelif [ -f \"$SOURCE_CODE_DIR/$CONTEXT/.dockerignore\" ]; then\n  containerignore=\"$SOURCE_CODE_DIR/$CONTEXT/.dockerignore\"\nfi\n\nif [ -n \"$containerignore\" ]; then\n  ignorefile_copy=$(mktemp --tmpdir \"$(basename \"$containerignore\").XXXXXX\")\n  cp \"$containerignore\" \"$ignorefile_copy\"\n  {\n    echo \"\"\n    echo \"!/labels.json\"\n    echo \"!/content-sets.json\"\n  } \u003e\u003e \"$ignorefile_copy\"\n  BUILDAH_ARGS+=(--ignorefile \"$ignorefile_copy\")\nfi\n\necho \"[$(date --utc -Ins)] Register sub-man\"\n\nACTIVATION_KEY_PATH=\"/activation-key\"\nENTITLEMENT_PATH=\"/entitlement\"\n\n# 0. if hermetic=true, skip all subscription related stuff\n# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.\n# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.\n# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.\n# 3. If the Dockerfile contains the string \"subcription-manager register\", add the activation-keys volume\n#    to buildah but don't pre-register for backwards compatibility. Mount an empty directory on\n#    shared emptydir volume to \"/etc/pki/entitlement\" to prevent certificates from being included\n\nif [ \"${HERMETIC}\" != \"true\" ] \u0026\u0026 [ -e /activation-key/org ]; then\n  cp -r --preserve=mode \"$ACTIVATION_KEY_PATH\" /tmp/activation-key\n  mkdir -p /shared/rhsm/etc/pki/entitlement\n  mkdir -p /shared/rhsm/etc/pki/consumer\n\n  VOLUME_MOUNTS+=(-v /tmp/activation-key:/activation-key \\\n                  -v /shared/rhsm/etc/pki/entitlement:/etc/pki/entitlement:Z \\\n                  -v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z)\n  echo \"Adding activation key to the build\"\n\n  if ! grep -E \"^[^#]*subscription-manager.[^#]*register\" \"$dockerfile_path\"; then\n    # user is not running registration in the Containerfile: pre-register.\n    echo \"Pre-registering with subscription manager.\"\n    export RETRY_MAX_TRIES=6\n    if ! retry subscription-manager register --org \"$(cat /tmp/activation-key/org)\" --activationkey \"$(cat /tmp/activation-key/activationkey)\"\n    then\n      echo \"Subscription-manager register failed\"\n      exit 1\n    fi\n    unset RETRY_MAX_TRIES\n    trap 'subscription-manager unregister || true' EXIT\n\n    # copy generated certificates to /shared volume\n    cp /etc/pki/entitlement/*.pem /shared/rhsm/etc/pki/entitlement\n    cp /etc/pki/consumer/*.pem /shared/rhsm/etc/pki/consumer\n\n    # and then mount get /etc/rhsm/ca/redhat-uep.pem into /run/secrets/rhsm/ca\n    VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)\n  fi\n\nelif [ \"${HERMETIC}\" != \"true\" ] \u0026\u0026 find /entitlement -name \"*.pem\" \u003e /dev/null; then\n  cp -r --preserve=mode \"$ENTITLEMENT_PATH\" /tmp/entitlement\n  VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)\n  echo \"Adding the entitlement to the build\"\nfi\n\nif [ -n \"$WORKINGDIR_MOUNT\" ]; then\n  if [[ \"$WORKINGDIR_MOUNT\" == *:* ]]; then\n    echo \"WORKINGDIR_MOUNT contains ':'\" \u003e\u00262\n    echo \"Refusing to proceed in case this is an attempt to set unexpected mount options.\" \u003e\u00262\n    exit 1\n  fi\n  # ${SOURCE_CODE_DIR}/${CONTEXT} will be the $PWD when we call 'buildah build'\n  # (we set the workdir using 'unshare -w')\n  context_dir=$(realpath \"${SOURCE_CODE_DIR}/${CONTEXT}\")\n  VOLUME_MOUNTS+=(--volume \"$context_dir:${WORKINGDIR_MOUNT}\")\nfi\n\nif [ -n \"${ADDITIONAL_VOLUME_MOUNTS-}\" ]; then\n  # ADDITIONAL_VOLUME_MOUNTS allows to specify more volumes for the build.\n  # Instrumented builds (SAST) use this step as their base and add some other tools.\n  while read -r volume_mount; do\n    VOLUME_MOUNTS+=(\"--volume=$volume_mount\")\n  done \u003c\u003c\u003c \"$ADDITIONAL_VOLUME_MOUNTS\"\nfi\n\necho \"[$(date --utc -Ins)] Add secrets\"\n\nADDITIONAL_SECRET_PATH=\"/additional-secret\"\nADDITIONAL_SECRET_TMP=\"/tmp/additional-secret\"\nif [ -d \"$ADDITIONAL_SECRET_PATH\" ]; then\n  cp -r --preserve=mode -L \"$ADDITIONAL_SECRET_PATH\" $ADDITIONAL_SECRET_TMP\n  while read -r filename; do\n    echo \"Adding the secret ${ADDITIONAL_SECRET}/${filename} to the build, available at /run/secrets/${ADDITIONAL_SECRET}/${filename}\"\n    BUILDAH_ARGS+=(\"--secret=id=${ADDITIONAL_SECRET}/${filename},src=$ADDITIONAL_SECRET_TMP/${filename}\")\n  done \u003c \u003c(find $ADDITIONAL_SECRET_TMP -maxdepth 1 -type f -exec basename {} \\;)\nfi\n\n# Prevent ShellCheck from giving a warning because 'image' is defined and 'IMAGE' is not.\ndeclare IMAGE\n\nbuildah_cmd_array=(\n    buildah build\n    \"${VOLUME_MOUNTS[@]}\"\n    \"${BUILDAH_ARGS[@]}\"\n    \"${LABELS[@]}\"\n    \"${ANNOTATIONS[@]}\"\n    --tls-verify=\"$TLSVERIFY\" --no-cache\n    --ulimit nofile=4096:4096\n    --http-proxy=false\n    -f \"$dockerfile_copy\" -t \"$IMAGE\" .\n)\nbuildah_cmd=$(printf \"%q \" \"${buildah_cmd_array[@]}\")\n\nif [ \"${HERMETIC}\" == \"true\" ]; then\n  # enabling loopback adapter enables Bazel builds to work in hermetic mode.\n  command=\"ip link set lo up \u0026\u0026 $buildah_cmd\"\nelse\n  command=\"$buildah_cmd\"\nfi\n\n# disable host subcription manager integration\nfind /usr/share/rhel/secrets -type l -exec unlink {} \\;\n\nset_proxy\n\necho \"[$(date --utc -Ins)] Run buildah build\"\necho \"[$(date --utc -Ins)] ${command}\"\n\nunshare -Uf \"${UNSHARE_ARGS[@]}\" --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w \"${SOURCE_CODE_DIR}/$CONTEXT\" --mount -- sh -c \"$command\"\n\nunset_proxy\n\necho \"[$(date --utc -Ins)] Add metadata\"\n\n# Save the SBOM produced in prefetch so it can be merged into the final SBOM later\nif [ -f \"/tmp/cachi2/output/bom.json\" ]; then\n  echo \"Making copy of sbom-prefetch.json\"\n  cp /tmp/cachi2/output/bom.json ./sbom-prefetch.json\nfi\n\ntouch /shared/base_images_digests\necho \"Recording base image digests used\"\nfor image in $BASE_IMAGES; do\n  # Get the image pullspec and filter out a tag if it is not set\n  # Use head -n 1 to ensure we only get one result even if multiple images match the filter\n  base_image_digest=$(buildah images --format '{{ .Name }}{{ if ne .Tag \"\u003cnone\u003e\" }}:{{ .Tag }}{{ end }}@{{ .Digest }}' --filter reference=\"$image\" | head -n 1)\n  # In some cases, there might be BASE_IMAGES, but not any associated digest. This happens\n  # if buildah did not use that particular image during build because it was skipped\n  if [ -n \"$base_image_digest\" ]; then\n    echo \"$image $base_image_digest\" | tee -a /shared/base_images_digests\n  fi\ndone\n\nimage_name=$(echo \"${IMAGE##*/}\" | tr ':' '-')\nbuildah push \"$IMAGE\" oci:\"/shared/$image_name.oci\"\necho \"/shared/$image_name.oci\" \u003e /shared/container_path\n\necho \"[$(date --utc -Ins)] End build\"\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/entitlement",
                                    "name": "etc-pki-entitlement"
                                },
                                {
                                    "mountPath": "/activation-key",
                                    "name": "activation-key"
                                },
                                {
                                    "mountPath": "/additional-secret",
                                    "name": "additional-secret"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/mnt/proxy-ca-bundle",
                                    "name": "proxy-ca-bundle",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "600m",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "600m",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/root"
                                },
                                {
                                    "name": "BUILDAH_FORMAT",
                                    "value": "docker"
                                },
                                {
                                    "name": "TASKRUN_NAME",
                                    "value": "python-component-bcqjpf-on-pull-request-29jvp-build-container"
                                }
                            ],
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "push",
                            "script": "#!/bin/bash\nset -e\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\necho \"[$(date --utc -Ins)] Convert image\"\n\n# While we can build images with the desired format, we will simplify any local\n# and remote build differences by just performing any necessary conversions at\n# push time.\npush_format=oci\nif [ \"${BUILDAH_FORMAT}\" == \"docker\" ]; then\n  push_format=docker\nfi\n\necho \"[$(date --utc -Ins)] Push image with unique tag\"\n\nbuildah_retries=3\n\n# Push to a unique tag based on the TaskRun name to avoid race conditions\necho \"Pushing to ${IMAGE%:*}:${TASKRUN_NAME}\"\nif ! retry buildah push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:${TASKRUN_NAME}\"\nthen\n  echo \"Failed to push sbom image to ${IMAGE%:*}:${TASKRUN_NAME}\"\n  exit 1\nfi\n\necho \"[$(date --utc -Ins)] Push image with git revision\"\n\n# Push to a tag based on the git revision\necho \"Pushing to ${IMAGE}\"\nif ! retry buildah push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile \"/workspace/source/image-digest\" \"$IMAGE\" \\\n  \"docker://$IMAGE\"\nthen\n  echo \"Failed to push sbom image to $IMAGE\"\n  exit 1\nfi\n\ntee \"/tekton/results/IMAGE_DIGEST\" \u003c \"/workspace/source\"/image-digest\necho -n \"$IMAGE\" | tee /tekton/results/IMAGE_URL\n{\n  echo -n \"${IMAGE}@\"\n  cat \"/workspace/source/image-digest\"\n} \u003e \"/tekton/results/IMAGE_REF\"\necho\n\n# detect if keyless signing is required\nSIGNING_CONFIG='{}'\nKFLX_CONFIG_PATH='/tmp/konflux_config.json'\nif ! RETRY_STOP_IF_STDERR_MATCHES='configmaps \"cluster-config\" not found' retry kubectl get configmap cluster-config -n konflux-info -o json \u003e\"${KFLX_CONFIG_PATH}\"\nthen\n  echo \"Failed to fetch konflux cluster-config, default values will be used\" \u003e\u00262\nelse\n  SIGNING_CONFIG=\"$(cat ${KFLX_CONFIG_PATH})\"\nfi\n\n# configmap key -\u003e variable name mapping\ndeclare -A SIGNING_KEY_MAP=(\n  [defaultOIDCIssuer]=SIGSTORE_OIDC_ISSUER\n  [rekorInternalUrl]=REKOR_URL\n  [fulcioInternalUrl]=SIGSTORE_FULCIO_URL\n  [tufInternalUrl]=TUF_URL\n)\n\n# fallback keys when internal URL is not available\ndeclare -A SIGNING_FALLBACK_MAP=(\n  [rekorInternalUrl]=rekorExternalUrl\n  [fulcioInternalUrl]=fulcioExternalUrl\n  [tufInternalUrl]=tufExternalUrl\n)\n\nmissing=\"\"\nconfigured=0\nfor key in \"${!SIGNING_KEY_MAP[@]}\"; do\n  val=$(echo \"${SIGNING_CONFIG}\" | jq -r \".data.${key} // empty\")\n  if [ -z \"${val}\" ] \u0026\u0026 [ -n \"${SIGNING_FALLBACK_MAP[$key]+x}\" ]; then\n    fallback_key=\"${SIGNING_FALLBACK_MAP[$key]}\"\n    val=$(echo \"${SIGNING_CONFIG}\" | jq -r \".data.${fallback_key} // empty\")\n    if [ -n \"${val}\" ]; then\n      echo \"Using fallback ${fallback_key} instead of ${key}\"\n    fi\n  fi\n  if [ -z \"${val}\" ]; then\n    missing=\"${missing:+${missing}, }${key}\"\n  else\n    declare \"${SIGNING_KEY_MAP[$key]}=${val}\"\n    configured=$((configured + 1))\n  fi\ndone\n\nif [ \"${configured}\" -eq \"${#SIGNING_KEY_MAP[@]}\" ]; then\n  echo \"Keyless signing is enabled\"\n\n  # Save signing config for upload-sbom step\n  for key in \"${!SIGNING_KEY_MAP[@]}\"; do\n    envvar=\"${SIGNING_KEY_MAP[$key]}\"\n    printf '%s=%q\\n' \"${envvar}\" \"${!envvar}\"\n  done \u003e /shared/signing-config.env\n\n  echo \"Using Rekor URL: ${REKOR_URL}\"\n  echo \"Using Fulcio URL: ${SIGSTORE_FULCIO_URL}\"\n  echo \"Using OIDC issuer: ${SIGSTORE_OIDC_ISSUER}\"\n\n  echo \"Initializing TUF root from ${TUF_URL}\"\n  if ! retry cosign initialize --root \"${TUF_URL}/root.json\" --mirror \"${TUF_URL}\"\n  then\n    echo \"Failed to initialize TUF root\" \u003e\u00262\n    exit 1\n  fi\n\n  # env var consumed by cosign\n  SIGSTORE_ID_TOKEN=\"$(cat /var/run/sigstore/cosign/oidc-token)\"\n  export SIGSTORE_ID_TOKEN\n\n  IMAGE_REF=\"$(cat \"/tekton/results/IMAGE_REF\")\"\n\n  # Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\n  mkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"${IMAGE_REF}\" \u003e /tmp/auth/config.json\n  export DOCKER_CONFIG=/tmp/auth\n\n  echo \"[$(date --utc -Ins)] Sign image\"\n  echo \"Signing image ${IMAGE_REF} using keyless signing\"\n  if ! retry cosign sign -y \\\n    --rekor-url=\"${REKOR_URL}\" \\\n    --fulcio-url=\"${SIGSTORE_FULCIO_URL}\" \\\n    --oidc-issuer=\"${SIGSTORE_OIDC_ISSUER}\" \\\n    \"${IMAGE_REF}\"\n  then\n    echo \"Failed to sign image\" \u003e\u00262\n    exit 1\n  fi\nelif [ \"${configured}\" -eq 0 ]; then\n  echo \"Keyless signing is disabled (none of ${missing} are configured in the konflux-info/cluster-config configmap)\"\nelse\n  echo \"ERROR: Incomplete keyless signing configuration in konflux-info/cluster-config configmap. Missing: ${missing}\" \u003e\u00262\n  exit 1\nfi\n\necho \"[$(date --utc -Ins)] End push\"\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                },
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/var/run/sigstore/cosign",
                                    "name": "oidc-token",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "1100m",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1100m",
                                    "memory": "4Gi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "sbom-syft-generate",
                            "script": "#!/bin/bash\nset -euo pipefail\necho \"[$(date --utc -Ins)] Generate SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\ncase $SBOM_TYPE in\n  cyclonedx)\n    syft_sbom_type=cyclonedx-json@1.5 ;;\n  spdx)\n    syft_sbom_type=spdx-json@2.3 ;;\n  *)\n    echo \"Invalid SBOM type: $SBOM_TYPE. Valid: cyclonedx, spdx\" \u003e\u00262\n    exit 1\n    ;;\nesac\n\nOCI_DIR=\"$(cat /shared/container_path)\"\n\nsyft_oci_args=(\n  oci-dir:\"${OCI_DIR}\"\n  --output \"$syft_sbom_type=/workspace/source/sbom-image.json\"\n)\nsyft_source_args=(\n  dir:\"/workspace/source/$SOURCE_CODE_DIR/$CONTEXT\"\n  --output \"$syft_sbom_type=/workspace/source/sbom-source.json\"\n)\n\nif [ \"${SBOM_SYFT_SELECT_CATALOGERS}\" != \"\" ]; then\n  syft_oci_args+=(--select-catalogers \"${SBOM_SYFT_SELECT_CATALOGERS}\")\n  syft_source_args+=(--select-catalogers \"${SBOM_SYFT_SELECT_CATALOGERS}\")\nfi\n\necho \"Running syft on the image\"\nsyft \"${syft_oci_args[@]}\"\nif [[ \"${HERMETIC}\" == \"false\" \u0026\u0026 \"${SBOM_SOURCE_SCAN_ENABLED}\" == \"true\" ]]; then\n  echo \"Running syft on the source code\"\n  syft \"${syft_source_args[@]}\"\nelse\n  echo \"Skipping syft on source code.\"\nfi\n\necho \"[$(date --utc -Ins)] End sbom-syft-generate\"\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/shared",
                                    "name": "shared"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/source/source"
                        },
                        {
                            "args": [
                                "--additional-base-images"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/mobster:1.1.0-1770046049@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                            "name": "prepare-sboms",
                            "script": "#!/bin/bash\nset -euo pipefail\n\necho \"[$(date --utc -Ins)] Prepare SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\n# Convert Tekton array params into Mobster params\nADDITIONAL_BASE_IMAGES=()\nwhile [[ $# -gt 0 ]]; do\n  case $1 in\n    --additional-base-images)\n      shift\n      while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do ADDITIONAL_BASE_IMAGES+=(\"$1\"); shift; done\n      ;;\n    *)\n      echo \"unexpected argument: $1\" \u003e\u00262\n      exit 2\n      ;;\n  esac\ndone\n\nIMAGE_URL=\"$(cat \"/tekton/results/IMAGE_URL\")\"\nIMAGE_DIGEST=\"$(cat \"/tekton/results/IMAGE_DIGEST\")\"\n\necho \"[$(date --utc -Ins)] Generate SBOM with mobster\"\n\nmobster_args=(\n  generate\n  --output sbom.json\n)\n\n# Validation is a flag for `generate`, not `oci-image`, so we need to\n# handle it before the oci-image arguments\nif [ \"${SBOM_SKIP_VALIDATION}\" == \"true\" ]; then\n  echo \"Skipping SBOM validation\"\n  mobster_args+=(--skip-validation)\nfi\n\nmobster_args+=(\n  oci-image\n  --from-syft \"/workspace/source/sbom-image.json\"\n  --image-pullspec \"$IMAGE_URL\"\n  --image-digest \"$IMAGE_DIGEST\"\n  --parsed-dockerfile-path \"/shared/parsed_dockerfile.json\"\n  --base-image-digest-file \"/shared/base_images_digests\"\n)\n\nif [ -f \"/workspace/source/sbom-source.json\" ]; then\n  mobster_args+=(--from-syft \"/workspace/source/sbom-source.json\")\nfi\n\nif [ -f \"/workspace/source/sbom-prefetch.json\" ]; then\n  mobster_args+=(--from-hermeto \"/workspace/source/sbom-prefetch.json\")\nfi\n\nif [ -n \"${TARGET_STAGE}\" ]; then\n  mobster_args+=(--dockerfile-target \"${TARGET_STAGE}\")\nfi\n\nfor ADDITIONAL_BASE_IMAGE in \"${ADDITIONAL_BASE_IMAGES[@]}\"; do\n  mobster_args+=(--additional-base-image \"$ADDITIONAL_BASE_IMAGE\")\ndone\n\nif [ \"${CONTEXTUALIZE_SBOM}\" == \"true\" ] \u0026\u0026 [ \"${HERMETIC}\" == \"false\" ]; then\n  mobster_args+=(--contextualize)\nfi\n\nif [ -f \"/shared/prefetch-arch\" ]; then\n  mobster_args+=(--arch \"$(cat /shared/prefetch-arch)\")\nfi\n\nmobster \"${mobster_args[@]}\"\n\necho \"[$(date --utc -Ins)] End prepare-sboms\"\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "upload-sbom",
                            "script": "#!/bin/bash\nset -euo pipefail\n\necho \"[$(date --utc -Ins)] Upload SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\n# Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\nmkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"$(cat \"/tekton/results/IMAGE_REF\")\" \u003e /tmp/auth/config.json\nexport DOCKER_CONFIG=/tmp/auth\necho \"Pushing sbom to registry\"\nif ! retry cosign attach sbom --sbom sbom.json --type \"$SBOM_TYPE\" \"$(cat \"/tekton/results/IMAGE_REF\")\"\nthen\n    echo \"Failed to push sbom to registry\"\n    exit 1\nfi\n\n# Remove tag from IMAGE while allowing registry to contain a port number.\nsbom_repo=\"${IMAGE%:*}\"\nsbom_digest=\"$(sha256sum sbom.json | cut -d' ' -f1)\"\n# The SBOM_BLOB_URL is created by `cosign attach sbom`.\necho -n \"${sbom_repo}@sha256:${sbom_digest}\" | tee \"/tekton/results/SBOM_BLOB_URL\"\n\nif [ -f \"/shared/signing-config.env\" ]; then\n  # shellcheck source=/dev/null\n  source /shared/signing-config.env\n\n  echo \"Initializing TUF root from ${TUF_URL}\"\n  if ! retry cosign initialize --root \"${TUF_URL}/root.json\" --mirror \"${TUF_URL}\"\n  then\n    echo \"Failed to initialize TUF root\" \u003e\u00262\n    exit 1\n  fi\n\n  # env var consumed by cosign\n  SIGSTORE_ID_TOKEN=\"$(cat /var/run/sigstore/cosign/oidc-token)\"\n  export SIGSTORE_ID_TOKEN\n\n  IMAGE_REF=\"$(cat \"/tekton/results/IMAGE_REF\")\"\n\n  ATT_SBOM_TYPE=\"${SBOM_TYPE}\"\n  if [ \"${ATT_SBOM_TYPE}\" = \"spdx\" ]; then\n    # for format cossistency with cyclonedx format, we want to use spdxjson instad of spdx\n    # spdx export data as rawstring, we want structured json as cyclonedx\n    ATT_SBOM_TYPE=\"spdxjson\"\n  fi\n\n  echo \"[$(date --utc -Ins)] Sign SBOM\"\n  echo \"Signing and attaching SBOM to ${IMAGE_REF} using keyless signing\"\n  if ! retry cosign attest -y --type \"${ATT_SBOM_TYPE}\" --predicate sbom.json \\\n    --rekor-url=\"${REKOR_URL}\" \\\n    --fulcio-url=\"${SIGSTORE_FULCIO_URL}\" \\\n    --oidc-issuer=\"${SIGSTORE_OIDC_ISSUER}\" \\\n    \"${IMAGE_REF}\"\n  then\n    echo \"Failed to sign SBOM\" \u003e\u00262\n    exit 1\n  fi\nfi\n\necho\necho \"[$(date --utc -Ins)] End upload-sbom\"\n",
                            "securityContext": {
                                "runAsNonRoot": false,
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/var/run/sigstore/cosign",
                                    "name": "oidc-token",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "varlibcontainers"
                        },
                        {
                            "emptyDir": {},
                            "name": "shared"
                        },
                        {
                            "name": "etc-pki-entitlement",
                            "secret": {
                                "optional": true,
                                "secretName": "etc-pki-entitlement"
                            }
                        },
                        {
                            "name": "activation-key",
                            "secret": {
                                "optional": true,
                                "secretName": "activation-key"
                            }
                        },
                        {
                            "name": "additional-secret",
                            "secret": {
                                "optional": true,
                                "secretName": "does-not-exist"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "caching-ca-bundle",
                                "optional": true
                            },
                            "name": "proxy-ca-bundle"
                        },
                        {
                            "name": "oidc-token",
                            "projected": {
                                "sources": [
                                    {
                                        "serviceAccountToken": {
                                            "audience": "sigstore",
                                            "expirationSeconds": 600,
                                            "path": "oidc-token"
                                        }
                                    }
                                ]
                            }
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace containing the source code to build.",
                            "name": "source"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/23ccb047-2d77-4884-b54a-9c25bbf92ee7",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:12:24Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "build-image-index",
                    "tekton.dev/task": "build-image-index",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-29jvp-build-image-index",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "33658",
                "uid": "23ccb047-2d77-4884-b54a-9c25bbf92ee7"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    },
                    {
                        "name": "COMMIT_SHA",
                        "value": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    },
                    {
                        "name": "IMAGE_EXPIRES_AFTER",
                        "value": "5d"
                    },
                    {
                        "name": "ALWAYS_BUILD_INDEX",
                        "value": "false"
                    },
                    {
                        "name": "IMAGES",
                        "value": [
                            "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa@sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                        ]
                    },
                    {
                        "name": "BUILDAH_FORMAT",
                        "value": "docker"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "build-image-index"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:12:44Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:12:44Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-d8f661bbbdbc3d4163ceb427547c2a14-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        "entryPoint": "build-image-index",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-build-image-index"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "type": "string",
                        "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                    },
                    {
                        "name": "IMAGE_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    }
                ],
                "startTime": "2026-07-01T16:12:24Z",
                "steps": [
                    {
                        "container": "step-build",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "build",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://630e4afcc1493c11e639a39488dfcd6038f1f79cf7c748d63789258973c0287f",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:36Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:30Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-create-sbom",
                        "imageID": "quay.io/konflux-ci/mobster@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                        "name": "create-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://65cb71421804310d3dede072858e855d2d6740e5620e4c0ac852f4a24e73d12f",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:36Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:36Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload-sbom",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "upload-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f2b7023c53e5a06538d57c8ace422953df4f1e4ca063915ba22c045e0d2c36ba",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:12:42Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:12:37Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This takes existing Image Manifests and combines them in an Image Index.",
                    "params": [
                        {
                            "description": "The target image and tag where the image will be pushed to.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)",
                            "name": "TLSVERIFY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The commit the image is built from.",
                            "name": "COMMIT_SHA",
                            "type": "string"
                        },
                        {
                            "description": "List of Image Manifests to be referenced by the Image Index",
                            "name": "IMAGES",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Delete image tag after specified time resulting in garbage collection of the digest. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.",
                            "name": "IMAGE_EXPIRES_AFTER",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Build an image index even if IMAGES is of length 1. Default true. If the image index generation is skipped, the task will forward values for params.IMAGES[0] to results.IMAGE_*. In order to properly set all results, use the repository:tag@sha256:digest format for the IMAGES parameter.",
                            "name": "ALWAYS_BUILD_INDEX",
                            "type": "string"
                        },
                        {
                            "default": "vfs",
                            "description": "Storage driver to configure for buildah",
                            "name": "STORAGE_DRIVER",
                            "type": "string"
                        },
                        {
                            "default": "oci",
                            "description": "The format for the resulting image's mediaType. Valid values are oci (default) or docker.",
                            "name": "BUILDAH_FORMAT",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Flag to enable or disable SBOM validation before save. Validation is optional - use this if you are experiencing performance issues.",
                            "name": "SBOM_SKIP_VALIDATION",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest of the image just built",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "description": "Image repository and tag where the built image was pushed",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "List of all referenced image manifests",
                            "name": "IMAGES",
                            "type": "string"
                        },
                        {
                            "description": "Image reference of the built image containing both the repository and the digest",
                            "name": "IMAGE_REF",
                            "type": "string"
                        },
                        {
                            "description": "Reference of SBOM blob digest to enable digest-based verification from provenance",
                            "name": "SBOM_BLOB_URL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "env": [
                            {
                                "name": "BUILDAH_FORMAT",
                                "value": "docker"
                            },
                            {
                                "name": "COMMIT_SHA",
                                "value": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                            },
                            {
                                "name": "IMAGE",
                                "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                            },
                            {
                                "name": "TLSVERIFY",
                                "value": "true"
                            },
                            {
                                "name": "ALWAYS_BUILD_INDEX",
                                "value": "false"
                            },
                            {
                                "name": "STORAGE_DRIVER",
                                "value": "vfs"
                            }
                        ],
                        "volumeMounts": [
                            {
                                "mountPath": "/index-build-data",
                                "name": "shared-dir"
                            },
                            {
                                "mountPath": "/mnt/trusted-ca",
                                "name": "trusted-ca",
                                "readOnly": true
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa@sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "250m",
                                    "memory": "4Gi"
                                }
                            },
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "build",
                            "script": "#!/bin/bash\n# Fixing group permission on /var/lib/containers\nset -eu\nset -o pipefail\nchown root:root /var/lib/containers\n\nsed -i 's/^\\s*short-name-mode\\s*=\\s*.*/short-name-mode = \"disabled\"/' /etc/containers/registries.conf\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [[ $# -ne 1 \u0026\u0026 \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n  echo \"Skipping image index generation while supplying multiple image inputs is unsupported.\"\n  exit 2\nfi\n\nbuildah manifest create \"$IMAGE\"\nfor i in $@\ndo\n  TOADD=\"$i\"\n  TOADD_URL=\"$(echo \"$i\" | cut -d@ -f1)\"\n  TOADD_DIGEST=\"$(echo \"$i\" | cut -d@ -f2)\"\n  if [[ $(echo \"$i\" | tr -cd \":\" | wc -c) == 2 ]]; then\n    #format is repository:tag@sha256:digest\n    #we need to remove the tag, and just reference the digest\n    #as tag + digest is not supported\n    TOADD_REPOSITORY=\"$(echo \"$i\" | cut -d: -f1)\"\n    TOADD=\"${TOADD_REPOSITORY}@${TOADD_DIGEST}\"\n  fi\n  if [[ \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n    echo \"Skipping image index generation. Returning results for $TOADD.\"\n    echo -n \"${TOADD_URL}\" \u003e \"/tekton/results/IMAGE_URL\"\n    echo -n \"${TOADD_DIGEST}\" \u003e \"/tekton/results/IMAGE_DIGEST\"\n    echo -n \"${TOADD}\" \u003e \"/tekton/results/IMAGES\"\n    exit 0\n  fi\n\n  echo \"Adding $TOADD\"\n  buildah manifest add $IMAGE \"docker://$TOADD\" --all\ndone\n\necho \"Validating format consistency\"\nINCOMPATIBLE_STRING=\"vnd.oci.image.manifest\"\nINCOMPATIBLE_NAME=\"oci\"\nif [ \"$BUILDAH_FORMAT\" == \"oci\" ]; then\n  INCOMPATIBLE_STRING=\"vnd.docker.distribution.manifest\"\n  INCOMPATIBLE_NAME=\"docker\"\nfi\n\n# If mismatched formats (e.g., Docker manifests within an OCI index) exist locally, 'buildah push'\n# converts the inner manifests to match the target BUILDAH_FORMAT.\n# This alters the digests and breaks the link to the attached SBOMs.\nMANIFEST_MEDIA_TYPES=$(buildah manifest inspect \"$IMAGE\" | jq -er '.manifests[].mediaType')\nif echo \"$MANIFEST_MEDIA_TYPES\" | grep -q \"$INCOMPATIBLE_STRING\"; then\n  echo \"ERROR: Platform image contains $INCOMPATIBLE_NAME format, but index will be $BUILDAH_FORMAT\"\n  echo \"This will cause digest changes and break SBOM accessibility.\"\n  echo \"Ensure all platform images are built with buildah-format: $BUILDAH_FORMAT\"\n  exit 1\nfi\n\n# While the BUILDAH_FORMAT environment variable can define the push\n# format, lets be explicit about the format that we want when we push.\npush_format=oci\nif [ \"${BUILDAH_FORMAT}\" == \"docker\" ]; then\n  push_format=docker\nfi\n\nbuildah_retries=3\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://$IMAGE\"\nthen\n    echo \"Failed to push image ${IMAGE} to registry\"\n    exit 1\nfi\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:python-component-bcqjpf-on-pull-request-29jvp-build-image-index\"\nthen\n    echo \"Failed to push image ${IMAGE%:*}:python-component-bcqjpf-on-pull-request-29jvp-build-image-index to registry\"\n    exit 1\nfi\n\nINDEX_REPOSITORY=\"$(echo \"$IMAGE\" | cut -d@ -f1 | cut -d: -f1)\"\nMANIFEST_DIGESTS=$(buildah manifest inspect \"$IMAGE\" | jq -er \".manifests[].digest\")\nimage_manifests=\"\"\nfor i in $MANIFEST_DIGESTS\ndo\n  image_manifests=\"${image_manifests} ${INDEX_REPOSITORY}@${i},\"\ndone\n\ntee \"/tekton/results/IMAGE_DIGEST\" \u003c image-digest\necho -n \"$IMAGE\" | tee \"/tekton/results/IMAGE_URL\"\n{\n  echo -n \"${IMAGE}@\"\n  cat \"image-digest\"\n} \u003e \"/tekton/results/IMAGE_REF\"\necho -n \"${image_manifests:1:-1}\" \u003e \"/tekton/results/IMAGES\"\n\n# buildah manifest inspect will always give precedence to the local image.\n# Since we built this image in the same place as we are inspecting it, we can\n# just inspect it instead of finding the digest and inspecting the remote image.\nbuildah manifest inspect \"$IMAGE\" \u003e /index-build-data/manifest_data.json\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/mobster:1.1.0-1770046049@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                            "name": "create-sbom",
                            "script": "#!/bin/bash\nset -e\n\nMANIFEST_DATA_FILE=\"/index-build-data/manifest_data.json\"\nif [ ! -f \"$MANIFEST_DATA_FILE\" ]; then\n  echo \"The manifest_data.json file does not exist. Skipping the SBOM creation...\"\n  exit 0\nfi\n\nIMAGE_URL=\"$(cat \"/tekton/results/IMAGE_URL\")\"\nIMAGE_DIGEST=\"$(cat \"/tekton/results/IMAGE_DIGEST\")\"\necho \"Creating SBOM result file...\"\nmobster_args=(generate --output /index-build-data/index.spdx.json)\n\nif [ \"${SBOM_SKIP_VALIDATION}\" == \"true\" ]; then\n  echo \"Skipping SBOM validation\"\n  mobster_args+=(--skip-validation)\nfi\n\nmobster_args+=(\n  oci-index\n  --index-image-pullspec \"$IMAGE_URL\"\n  --index-image-digest \"$IMAGE_DIGEST\"\n  --index-manifest-path \"$MANIFEST_DATA_FILE\"\n)\nmobster \"${mobster_args[@]}\"\n"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "upload-sbom",
                            "script": "#!/bin/bash\nset -e\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSBOM_RESULT_FILE=\"/index-build-data/index.spdx.json\"\nif [ ! -f \"$SBOM_RESULT_FILE\" ]; then\n  echo \"The index.spdx.json file does not exists. Skipping the SBOM upload...\"\n  exit 0\nfi\n\n# Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\nmkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"$(cat \"/tekton/results/IMAGE_REF\")\" \u003e /tmp/auth/config.json\nexport DOCKER_CONFIG=/tmp/auth\n\necho \"Pushing sbom to registry\"\nif ! retry cosign attach sbom --sbom \"$SBOM_RESULT_FILE\" --type spdx \"$(cat \"/tekton/results/IMAGE_REF\")\"\nthen\n    echo \"Failed to push sbom to registry\"\n    exit 1\nfi\n\n# Remove tag from IMAGE while allowing registry to contain a port number.\nsbom_repo=\"${IMAGE%:*}\"\nsbom_digest=\"$(sha256sum \"$SBOM_RESULT_FILE\" | cut -d' ' -f1)\"\n# The SBOM_BLOB_URL is created by `cosign attach sbom`.\necho -n \"${sbom_repo}@sha256:${sbom_digest}\" | tee \"/tekton/results/SBOM_BLOB_URL\"\n",
                            "securityContext": {
                                "runAsNonRoot": false,
                                "runAsUser": 0
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "shared-dir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/ff7a0693-6f16-4942-b183-014c18dfa142",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:12:46Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "clair-scan",
                    "tekton.dev/task": "clair-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-29jvp-clair-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "36657",
                "uid": "ff7a0693-6f16-4942-b183-014c18dfa142"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clair-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:14:56Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:14:56Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-pull-request-29jvp-clair-scan-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        "entryPoint": "clair-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clair-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\", \"digests\": [\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\"]}}\n"
                    },
                    {
                        "name": "REPORTS",
                        "type": "string",
                        "value": "{\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\":\"sha256:f30c9653854574220ac00503c681db40fe96088b5ae16539f9a2b0a8f9d79891\"}\n"
                    },
                    {
                        "name": "SCAN_OUTPUT",
                        "type": "string",
                        "value": "{\"vulnerabilities\":{\"critical\":0,\"high\":331,\"medium\":873,\"low\":241,\"unknown\":2},\"unpatched_vulnerabilities\":{\"critical\":0,\"high\":4,\"medium\":489,\"low\":633,\"unknown\":0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:14:55+00:00\",\"note\":\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:12:46Z",
                "steps": [
                    {
                        "container": "step-get-image-manifests",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "get-image-manifests",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://3119ca4b40532405abae7c4c29ef89eb95adc94a7e7a20895f888ef71123dfb2",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:13:24Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:13:18Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-get-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/clair-in-ci@sha256:e030a6094b6d88b430ed049a6a59808f4b795e9d8293d72a4bbab44da8cc429f",
                        "name": "get-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://4e5e9046fe2a5d73d1563bdb51d21a5360f7fcf58cf4001e718026eb97906ad6",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:15Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:13:24Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-oci-attach-report",
                        "imageID": "quay.io/konflux-ci/oras@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                        "name": "oci-attach-report",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://5ab70907da511c1621eae0bb05a0431b1fabe6ae4e0938075bd4ecd0317bc6ac",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:20Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:14:16Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-conftest-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "conftest-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://3e2f79e81e8a9ed88c1ca23b16729e60167194b1b70797162a49ac71b86b2cda",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:55Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\\\", \\\"digests\\\": [\\\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\\\"]}}\\n\",\"type\":1},{\"key\":\"REPORTS\",\"value\":\"{\\\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\\\":\\\"sha256:f30c9653854574220ac00503c681db40fe96088b5ae16539f9a2b0a8f9d79891\\\"}\\n\",\"type\":1},{\"key\":\"SCAN_OUTPUT\",\"value\":\"{\\\"vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":331,\\\"medium\\\":873,\\\"low\\\":241,\\\"unknown\\\":2},\\\"unpatched_vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":4,\\\"medium\\\":489,\\\"low\\\":633,\\\"unknown\\\":0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:14:55+00:00\\\",\\\"note\\\":\\\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:14:21Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for vulnerabilities using Clair, by comparing the components of container image against Clair's vulnerability databases.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform built by.",
                            "name": "image-platform",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused, should be removed in next task version.",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-oci-attach-report",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Clair scan result.",
                            "name": "SCAN_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        },
                        {
                            "description": "Mapping of image digests to report digests",
                            "name": "REPORTS",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "get-image-manifests",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\necho \"Inspecting raw image manifest $imageanddigest.\"\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"' | while read -r arch arch_sha; do\n    echo \"$arch_sha\" \u003e /tekton/home/image-manifest-$arch.sha\n  done\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task clair-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                },
                                "requests": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                                },
                                {
                                    "name": "IMAGE_PLATFORM"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clair-in-ci:v1",
                            "imagePullPolicy": "Always",
                            "name": "get-vulnerabilities",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n# shellcheck source=/utils.sh\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\n# the quay report format used by the Conftest rules in the\n# conftest-vulnerabilities step doesn't contain the \"issued\" date which\n# we require in the policy rules, so we resort to running clair-action\n# twice to produce both quay and clair formatted output\nclair_report() {\n  { retry clair-action report --image-ref=\"$1\" --db-path=/tmp/matcher.db --format=clair | tee  \"clair-report-$2.json\"; } \u0026\u0026 \\\n  { retry clair-action convert  --file-path=\"clair-report-$2.json\" --format=quay \u003e \"clair-result-$2.json\"; }\n}\n\nrun_clair_on_arch() {\n  local arch=\"$1\"\n  local sha_file=\"image-manifest-$arch.sha\"\n\n  if [ -e \"$sha_file\" ]; then\n    local arch_sha\n    arch_sha=$(\u003c\"$sha_file\")\n    local digest=\"${imagewithouttag}@${arch_sha}\"\n\n    echo \"Running clair-action on $arch image manifest...\"\n    clair_report \"$digest\" \"$arch\" || true\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n   fi\n}\n\nplatform=\"${IMAGE_PLATFORM}\"\n\n# If a platform is specified, extract the architecture and run clair-action on the corresponding image manifest\nif [ -n \"$platform\" ]; then\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n  # Validate against supported arch list. If it's not a known arch, fallback to amd64\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  run_clair_on_arch \"$arch\"\n\n# If no platform is specified, run clair-action on all available image manifests\nelse\n  for sha_file in image-manifest-*.sha; do\n    if [ -e \"$sha_file\" ]; then\n      arch=$(basename \"$sha_file\" | sed 's/image-manifest-//;s/.sha//')\n      run_clair_on_arch \"$arch\"\n    fi\n  done\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nimages_processed=$(echo \"${images_processed_template/\\[%s]/[$digests_processed_string]}\")\necho \"$images_processed\" \u003e images-processed.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_OCI_ATTACH_REPORT",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                            "name": "oci-attach-report",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nif [ \"$SKIP_OCI_ATTACH_REPORT\" = \"true\" ]; then\n  echo 'OCI attach report skipped by parameter.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\nif ! compgen -G \"clair-report-*.json\" \u003e /dev/null; then\n  echo 'No Clair reports generated. Skipping upload.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\necho \"Selecting auth\"\nselect-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n\nrepository=\"${IMAGE_URL/:*/}\"\n\narch() {\n  report_file=\"$1\"\n  arch=\"${report_file/*-}\"\n  echo \"${arch/.json/}\"\n}\n\nMEDIA_TYPE='application/vnd.redhat.clair-report+json'\n\nreports_json=\"\"\nfor f in clair-report-*.json; do\n  digest=$(cat \"image-manifest-$(arch \"$f\").sha\")\n  image_ref=\"${repository}@${digest}\"\n  echo \"Attaching $f to ${image_ref}\"\n  if ! report_digest=\"$(retry oras attach --no-tty --format go-template='{{.digest}}' --registry-config \\\n    \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${image_ref}\" \"$f:${MEDIA_TYPE}\")\"\n  then\n    echo \"Failed to attach ${f} to ${image_ref}\"\n    exit 1\n  fi\n  # shellcheck disable=SC2016\n  reports_json=\"$(yq --output-format json --indent=0 eval-all '. as $i ireduce ({}; . * $i)' \u003c(echo \"${reports_json}\") \u003c(echo \"${digest}: ${report_digest}\"))\"\ndone\necho \"${reports_json}\" \u003e reports.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "conftest-vulnerabilities",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nclair_result_files=$(ls /tekton/home/clair-result-*.json)\nif [ -z \"$clair_result_files\" ]; then\n  echo \"Previous step [get-vulnerabilities] failed: No clair-result files found in /tekton/home.\"\nfi\n\nmissing_vulnerabilities_files=\"\"\nfor file in $clair_result_files; do\n  file_suffix=$(basename \"$file\" | sed 's/clair-result-//;s/.json//')\n  if [ ! -s \"$file\" ]; then\n    echo \"Previous step [get-vulnerabilities] failed: $file is empty.\"\n  else\n    /usr/bin/conftest test --no-fail $file \\\n    --policy /project/clair/vulnerabilities-check.rego --namespace required_checks \\\n    --output=json | tee /tekton/home/clair-vulnerabilities-$file_suffix.json || true\n  fi\n\n  #check for missing \"clair-vulnerabilities-\u003carch\u003e/image-index\" file and create a string\n  if [ ! -f \"/tekton/home/clair-vulnerabilities-$file_suffix.json\" ]; then\n    missing_vulnerabilities_files+=\"${missing_vulnerabilities_files:+, }/tekton/home/clair-vulnerabilities-$file_suffix.json\"\n  fi\ndone\n\nif [ -n \"$missing_vulnerabilities_files\" ]; then\n  note=\"Task clair-scan failed: $missing_vulnerabilities_files did not generate. For details, check Tekton task log.\"\n  TEST_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"$missing_vulnerabilities_files did not generate correctly. For details, check conftest command in Tekton task log.\"\n  echo \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n  exit 0\nfi\n\nscan_result='{\"vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}, \"unpatched_vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}}'\nfor file in /tekton/home/clair-vulnerabilities-*.json; do\n    result=$(jq -rce \\\n        '{\n            vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            },\n            unpatched_vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            }\n        }' \"$file\")\n\n    scan_result=$(jq -s -rce \\\n          '.[0].vulnerabilities.critical += .[1].vulnerabilities.critical |\n          .[0].vulnerabilities.high += .[1].vulnerabilities.high |\n          .[0].vulnerabilities.medium += .[1].vulnerabilities.medium |\n          .[0].vulnerabilities.low += .[1].vulnerabilities.low |\n          .[0].vulnerabilities.unknown += .[1].vulnerabilities.unknown |\n          .[0].unpatched_vulnerabilities.critical += .[1].unpatched_vulnerabilities.critical |\n          .[0].unpatched_vulnerabilities.high += .[1].unpatched_vulnerabilities.high |\n          .[0].unpatched_vulnerabilities.medium += .[1].unpatched_vulnerabilities.medium |\n          .[0].unpatched_vulnerabilities.low += .[1].unpatched_vulnerabilities.low |\n          .[0].unpatched_vulnerabilities.unknown += .[1].unpatched_vulnerabilities.unknown |\n          .[0]' \u003c\u003c\u003c\"$scan_result $result\")\ndone\n\necho \"$scan_result\" | tee \"/tekton/results/SCAN_OUTPUT\"\n\ncat /tekton/home/images-processed.json | tee /tekton/results/IMAGES_PROCESSED\n# shellcheck disable=SC2154\ncat /tekton/home/reports.json \u003e \"/tekton/results/REPORTS\"\n\nnote=\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\"\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"$note\")\necho \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/51f7024b-3e36-4d46-997e-514e7f072094",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "virus, konflux",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:12:46Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "clamav-scan",
                    "tekton.dev/task": "clamav-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-29jvp-clamav-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "34876",
                "uid": "51f7024b-3e36-4d46-997e-514e7f072094"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clamav-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:14:34Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:14:34Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-pull-request-29jvp-clamav-scan-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        "entryPoint": "clamav-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\", \"digests\": [\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"timestamp\":\"1782922470\",\"namespace\":\"required_checks\",\"successes\":2,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\",\"note\":\"All checks passed successfully\"}\n"
                    }
                ],
                "startTime": "2026-07-01T16:12:48Z",
                "steps": [
                    {
                        "container": "step-extract-and-scan-image",
                        "imageID": "quay.io/konflux-ci/clamav-db@sha256:2da6c1a37fef998b68b675505fb654b1123e3cd889c190c59b4527d11621e8fc",
                        "name": "extract-and-scan-image",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://0bb8cd772827a8862caad61efcc1fc44486aabfe4f9b3d4cf19d94be516c8a68",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:30Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\\\", \\\"digests\\\": [\\\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782922470\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:13:16Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://3b0332d2459ac6ad1485b6ca3a3e271dd31e3ff95930170d5de570fd86c941ed",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:33Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\\\", \\\"digests\\\": [\\\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782922470\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:14:31Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans the content of container images and OCI artifacts for viruses, malware, and other malicious content using ClamAV antivirus scanner.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image arch.",
                            "name": "image-arch",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "8",
                            "description": "Maximum number of threads clamd runs.",
                            "name": "clamd-max-threads",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-upload",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                },
                                "requests": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/work"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                                },
                                {
                                    "name": "IMAGE_ARCH"
                                },
                                {
                                    "name": "MAX_THREADS",
                                    "value": "8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clamav-db:latest",
                            "name": "extract-and-scan-image",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Start clamd in background\n/start-clamd.sh\n\n# Bootstrap .docker config in overridden HOME.\n# This prevents 'oc' CLI failures in clean environments where ~/.docker does not exist.\nif [ ! -d ~/.docker ]; then\n    mkdir -p ~/.docker\n    echo '{}' \u003e ~/.docker/config.json\nfi\n\nimagewithouttag=$(echo $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\" | tr -d '\\n')\n\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\n\n# check if image is attestation one, skip the clamav scan in such case\nif [[ $imageanddigest == *.att ]]\nthen\n    echo \"$imageanddigest is an attestation image. Skipping ClamAV scan.\"\n    exit 0\nfi\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\nmkdir logs\nmkdir content\ncd content\necho \"Detecting artifact type for ${imageanddigest}.\"\necho '{\"artifact\":{\"pullspec\":\"'\"${imageanddigest}\"'\",\"type\":\"unknown\",\"mediaType\":\"\"}}' \u003e /work/logs/artifact-meta.json\n\n# Function to scan content and process results with ClamAV and EC\n# Parameters:\n#   $1: destination - path to the content to scan\n#   $2: suffix - suffix for log file names (e.g., \"oci\", \"amd64\")\n#   $3: digest - digest to add to digests_processed array\n#   $4: scan_message - optional message describing what is being scanned\nscan_and_process() {\n  local destination=\"$1\"\n  local suffix=\"$2\"\n  local digest=\"$3\"\n  local scan_message=\"${4:-Scanning content}\"\n\n  db_version=$(clamdscan --version | sed 's|.*/\\(.*\\)/.*|\\1|')\n\n  echo \"$scan_message. This operation may take a while.\"\n  clamdscan \"${destination}\" -vi --multiscan --fdpass \\\n    | tee \"/work/logs/clamscan-result-${suffix}.log\" || true\n\n  echo \"Executed-on: Scan was executed on clamsdcan version - $(clamdscan --version) Database version: $db_version\" | tee -a \"/work/logs/clamscan-result-${suffix}.log\"\n\n  digests_processed+=(\"\\\"$digest\\\"\")\n\n  if [[ -e \"/work/logs/clamscan-result-${suffix}.log\" ]]; then\n    # OPA/EC requires structured data input, add clamAV log into json\n    jq -Rs '{ output: . }' \"/work/logs/clamscan-result-${suffix}.log\" \u003e \"/work/logs/clamscan-result-log-${suffix}.json\"\n\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o json \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" || true\n\n    # workaround: due to a bug in ec-cli, we cannot generate json and appstudio output at the same time, running it again\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o appstudio \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" | tee \"/work/logs/clamscan-ec-test-${suffix}.json\" || true\n\n    cat \"/work/logs/clamscan-ec-test-${suffix}.json\"\n  fi\n}\n\n# Detect artifact type: container image vs OCI artifact\n# First, try to get image manifests (works for container images)\n# Use subshell to prevent get_image_manifests() from exiting the main script if it fails\n# (get_image_manifests uses exit 1 when Architecture field is missing, which happens for OCI artifacts)\nimage_manifests=$(bash -c '. /utils.sh; get_image_manifests -i \"'\"${imageanddigest}\"'\"' 2\u003e/dev/null || echo \"\")\n\n# If get_image_manifests failed, check if it's an OCI artifact by inspecting manifest media type\nif [ -z \"$image_manifests\" ]; then\n  echo \"get_image_manifests returned empty, checking if this is an OCI artifact...\"\n  raw_manifest=$(skopeo inspect --raw --authfile ~/.docker/config.json \"docker://${imageanddigest}\" 2\u003e/dev/null || true)\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"inspected\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n\n  if [ -n \"$raw_manifest\" ]; then\n    media_type=$(echo \"$raw_manifest\" | jq -r '.mediaType // .config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n    artifact_type=$(echo \"$raw_manifest\" | jq -r '.artifactType // empty' 2\u003e/dev/null || echo \"\")\n    config_media_type=$(echo \"$raw_manifest\" | jq -r '.config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n\n    # Determine if this is an OCI artifact (not a container image)\n    # OCI artifacts typically have:\n    # - An empty/scratch config (config.mediaType contains \"empty\" or \"scratch\")\n    # - An explicit artifactType field that is not a container image type\n    is_oci_artifact=false\n\n    # Check if config is empty/scratch (typical for OCI artifacts like python wheels, helm charts, etc.)\n    if echo \"$config_media_type\" | grep -qiE \"(empty|scratch)\"; then\n      is_oci_artifact=true\n    fi\n\n    # Check if artifactType is set and is not a container image type\n    if [ -n \"$artifact_type\" ] \u0026\u0026 ! echo \"$artifact_type\" | grep -qE \"application/vnd\\.(oci|docker)\\.(image|container)\"; then\n      is_oci_artifact=true\n    fi\n\n    if [ \"$is_oci_artifact\" = true ]; then\n      # This is an OCI artifact (e.g., python wheels, helm charts, etc.)\n      echo \"Detected OCI artifact (artifactType: ${artifact_type:-unset}, config.mediaType: ${config_media_type:-unset}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.artifactType = '\"\\\"${artifact_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    elif echo \"$media_type\" | grep -qE \"(application/vnd\\.(docker|oci)\\.(distribution|image)\\.manifest|application/vnd\\.docker\\.distribution\\.manifest)\"; then\n      # This looks like a container image manifest, but get_image_manifests failed\n      echo \"Detected container image manifest type: $media_type, but get_image_manifests failed. This may indicate an error.\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"$media_type\\\"\"' | .artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      note=\"Task clamav-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n      ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n      echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n      exit 0\n    else\n      # Likely an OCI artifact with non-standard media type\n      echo \"Detected OCI artifact (media type: ${media_type:-unknown}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    fi\n  else\n    echo \"Failed to inspect artifact \\\"$imageanddigest\\\". Unable to determine type.\"\n    note=\"Task clamav-scan failed: Failed to inspect artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 0\n  fi\nfi\n\n# Process container images (existing logic)\nif [ -n \"$image_manifests\" ]; then\n  echo \"Detected container image. Processing image manifests.\"\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n  # Proceed only if a specific arch is provided.\n  # This typically occurs when using Tekton Matrix to launch multiple TaskRuns to scan all architectures of a multi-arch image in parallel.\n  if [ -n \"$IMAGE_ARCH\" ]; then\n    arch=\"${IMAGE_ARCH#*/}\"\n    if [ \"${arch}\" = \"x86_64\" ]; then\n      arch=\"amd64\"\n    fi\n\n    # Check if arch is supported; if not (e.g., it's 'local', see link below), default to amd64.\n    # https://github.com/redhat-appstudio/infra-deployments/blob/main/components/multi-platform-controller/production/stone-prd-rh01/host-config.yaml#L9-L14\n    case \"$arch\" in\n      amd64|ppc64le|arm64|s390x)\n        ;;\n      *)\n        arch=\"amd64\"\n        ;;\n    esac\n\n    image_manifests=$(echo \"$image_manifests\" | jq -c --arg arch \"$arch\" '{($arch): .[$arch]}')\n  fi\n\n  while read -r arch arch_sha; do\n    destination=$(echo content-$arch)\n    mkdir -p \"$destination\"\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    echo \"Running \\\"oc image extract\\\" on image of arch $arch\"\n    retry oc image extract --only-files=true --registry-config ~/.docker/config.json \"$arch_imageanddigest\" --path=\"/:${destination}\" --filter-by-os=\"linux/${arch}\"\n    if [ $? -ne 0 ]; then\n      echo \"Unable to extract image for arch $arch. Skipping ClamAV scan!\"\n      exit 0\n    fi\n\n    # Scan and process container image for this architecture\n    scan_and_process \"${destination}\" \"$arch\" \"$arch_sha\" \"Scanning image for arch $arch\"\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nfi\n\njq -s -rce '\n  reduce .[] as $item ({\"timestamp\":\"0\",\"namespace\":\"\",\"successes\":0,\"failures\":0,\"warnings\":0,\"result\":\"\",\"note\":\"\"};\n    {\n    \"timestamp\" : (if .timestamp \u003c $item.timestamp then $item.timestamp else .timestamp end),\n    \"namespace\" : $item.namespace,\n    \"successes\" : (.successes + $item.successes),\n    \"failures\" : (.failures + $item.failures),\n    \"warnings\" : (.warnings + $item.warnings),\n    \"result\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.result else .result end),\n    \"note\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.note else .note end)\n    })' /work/logs/clamscan-ec-test-*.json | tee /tekton/results/TEST_OUTPUT\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_UPLOAD",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\n# Skip upload if requested e.g. read-only CI tests where push access is denied\nif [ \"$SKIP_UPLOAD\" == \"true\" ]; then\n  echo \"Upload skipped by parameter.\"\n  exit 0\nfi\n\n# Don't return a glob expression when no matches are found\nshopt -s nullglob\n\ncd logs\n\nfor UPLOAD_FILE in clamscan-result*.log; do\n  MEDIA_TYPE=text/vnd.clamav\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\nfor UPLOAD_FILE in clamscan-ec-test*.json; do\n  MEDIA_TYPE=application/vnd.konflux.test_output+json\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\n\nif [ -z \"${args}\" ]; then\n  echo \"No files found. Skipping upload.\"\n  exit 0;\nfi\n\necho \"Selecting auth\"\nselect-oci-auth $IMAGE_URL \u003e $HOME/auth.json\necho \"Attaching to ${IMAGE_URL}\"\n retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type application/vnd.clamav \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${args[@]}\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "dbfolder"
                        },
                        {
                            "emptyDir": {},
                            "name": "work"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-cc0121c13a",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/868fd137-4991-409a-bf01-92d54d662345",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/categories": "Git",
                    "tekton.dev/displayName": "git clone",
                    "tekton.dev/pipelines.minVersion": "0.21.0",
                    "tekton.dev/platforms": "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64",
                    "tekton.dev/tags": "git",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:08:27Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "clone-repository",
                    "tekton.dev/task": "git-clone",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-29jvp-clone-repository",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "29398",
                "uid": "868fd137-4991-409a-bf01-92d54d662345"
            },
            "spec": {
                "params": [
                    {
                        "name": "url",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    },
                    {
                        "name": "revision",
                        "value": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "git-clone"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:7db7ad9653dccc771407cb0294487cf4be9064fa782ffad7e983db1a8ba57e21"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "output",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-626b0c735f"
                        }
                    },
                    {
                        "name": "basic-auth",
                        "secret": {
                            "secretName": "pac-gitauth-ckslpa"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:08:35Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:08:35Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-7a57393ef7dae54df2db53bf84df32a5-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "7db7ad9653dccc771407cb0294487cf4be9064fa782ffad7e983db1a8ba57e21"
                        },
                        "entryPoint": "git-clone",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-git-clone"
                    }
                },
                "results": [
                    {
                        "name": "CHAINS-GIT_COMMIT",
                        "type": "string",
                        "value": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    },
                    {
                        "name": "CHAINS-GIT_URL",
                        "type": "string",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    },
                    {
                        "name": "commit",
                        "type": "string",
                        "value": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    },
                    {
                        "name": "commit-timestamp",
                        "type": "string",
                        "value": "1782922066"
                    },
                    {
                        "name": "short-commit",
                        "type": "string",
                        "value": "ace9d7f"
                    },
                    {
                        "name": "url",
                        "type": "string",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    }
                ],
                "startTime": "2026-07-01T16:08:28Z",
                "steps": [
                    {
                        "container": "step-clone",
                        "imageID": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                        "name": "clone",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://c13a88026f9681915936f3b14b95ccb0412bc3fc5ad1c3d5e48fe69fccdcde6c",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:33Z",
                            "message": "[{\"key\":\"CHAINS-GIT_COMMIT\",\"value\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"type\":1},{\"key\":\"CHAINS-GIT_URL\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1},{\"key\":\"commit\",\"value\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"type\":1},{\"key\":\"commit-timestamp\",\"value\":\"1782922066\",\"type\":1},{\"key\":\"short-commit\",\"value\":\"ace9d7f\",\"type\":1},{\"key\":\"url\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:08:33Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-symlink-check",
                        "imageID": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                        "name": "symlink-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://c1c28b8129e350eb9142910ed435ded1a7d7cddae102ad274cd4bfd339e181b6",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:34Z",
                            "message": "[{\"key\":\"CHAINS-GIT_COMMIT\",\"value\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"type\":1},{\"key\":\"CHAINS-GIT_URL\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1},{\"key\":\"commit\",\"value\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"type\":1},{\"key\":\"commit-timestamp\",\"value\":\"1782922066\",\"type\":1},{\"key\":\"short-commit\",\"value\":\"ace9d7f\",\"type\":1},{\"key\":\"url\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:08:34Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "The git-clone Task will clone a repo from the provided url into the output Workspace. By default the repo will be cloned into the root of your Workspace.",
                    "params": [
                        {
                            "description": "Repository URL to clone from.",
                            "name": "url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Revision to checkout. (branch, tag, sha, ref, etc...)",
                            "name": "revision",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Refspec to fetch before checking out revision.",
                            "name": "refspec",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Initialize and fetch git submodules.",
                            "name": "submodules",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma-separated list of specific submodule paths to initialize and fetch. Only submodules in the specified directories and their subdirectories will be fetched.\nEmpty string fetches all submodules. Parameter \"submodules\" must be set to \"true\" to make this parameter applicable.\n",
                            "name": "submodulePaths",
                            "type": "string"
                        },
                        {
                            "default": "1",
                            "description": "Perform a shallow clone, fetching only the most recent N commits.",
                            "name": "depth",
                            "type": "string"
                        },
                        {
                            "default": "7",
                            "description": "Length of short commit SHA",
                            "name": "shortCommitLength",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.",
                            "name": "sslVerify",
                            "type": "string"
                        },
                        {
                            "default": "source",
                            "description": "Subdirectory inside the `output` Workspace to clone the repo into.",
                            "name": "subdirectory",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Define the directory patterns to match or exclude when performing a sparse checkout.",
                            "name": "sparseCheckoutDirectories",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Clean out the contents of the destination directory if it already exists before cloning.",
                            "name": "deleteExisting",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTP proxy server for non-SSL requests.",
                            "name": "httpProxy",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTPS proxy server for SSL requests.",
                            "name": "httpsProxy",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Opt out of proxying HTTP/HTTPS requests.",
                            "name": "noProxy",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Log the commands that are executed during `git-clone`'s operation.",
                            "name": "verbose",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Deprecated. Has no effect. Will be removed in the future.",
                            "name": "gitInitImage",
                            "type": "string"
                        },
                        {
                            "default": "/tekton/home",
                            "description": "Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user.\n",
                            "name": "userHome",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Check symlinks in the repo. If they're pointing outside of the repo, the build will fail.\n",
                            "name": "enableSymlinkCheck",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Fetch all tags for the repo.",
                            "name": "fetchTags",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Set to \"true\" to merge the targetBranch into the checked-out revision.",
                            "name": "mergeTargetBranch",
                            "type": "string"
                        },
                        {
                            "default": "main",
                            "description": "The target branch to merge into the revision (if mergeTargetBranch is true).",
                            "name": "targetBranch",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "URL of the repository to fetch the target branch from when mergeTargetBranch is true.\nIf empty, uses the same repository (origin). This allows merging a branch from a different repository.\n",
                            "name": "mergeSourceRepoUrl",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Perform a shallow fetch of the target branch, fetching only the most recent N commits.\nIf empty, fetches the full history of the target branch.\n",
                            "name": "mergeSourceDepth",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "The precise commit SHA that was fetched by this Task.",
                            "name": "commit",
                            "type": "string"
                        },
                        {
                            "description": "The commit SHA that was fetched by this Task limited to params.shortCommitLength number of characters",
                            "name": "short-commit",
                            "type": "string"
                        },
                        {
                            "description": "The precise URL that was fetched by this Task.",
                            "name": "url",
                            "type": "string"
                        },
                        {
                            "description": "The commit timestamp of the checkout",
                            "name": "commit-timestamp",
                            "type": "string"
                        },
                        {
                            "description": "The precise URL that was fetched by this Task. This result uses Chains type hinting to include in the provenance.",
                            "name": "CHAINS-GIT_URL",
                            "type": "string"
                        },
                        {
                            "description": "The precise commit SHA that was fetched by this Task. This result uses Chains type hinting to include in the provenance.",
                            "name": "CHAINS-GIT_COMMIT",
                            "type": "string"
                        },
                        {
                            "description": "The SHA of the commit after merging the target branch (if the param mergeTargetBranch is true).",
                            "name": "merged_sha",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/tekton/home"
                                },
                                {
                                    "name": "PARAM_URL",
                                    "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                                },
                                {
                                    "name": "PARAM_REVISION",
                                    "value": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                },
                                {
                                    "name": "PARAM_REFSPEC"
                                },
                                {
                                    "name": "PARAM_SUBMODULES",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBMODULE_PATHS"
                                },
                                {
                                    "name": "PARAM_DEPTH",
                                    "value": "1"
                                },
                                {
                                    "name": "PARAM_SHORT_COMMIT_LENGTH",
                                    "value": "7"
                                },
                                {
                                    "name": "PARAM_SSL_VERIFY",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBDIRECTORY",
                                    "value": "source"
                                },
                                {
                                    "name": "PARAM_DELETE_EXISTING",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_HTTP_PROXY"
                                },
                                {
                                    "name": "PARAM_HTTPS_PROXY"
                                },
                                {
                                    "name": "PARAM_NO_PROXY"
                                },
                                {
                                    "name": "PARAM_VERBOSE",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_SPARSE_CHECKOUT_DIRECTORIES"
                                },
                                {
                                    "name": "PARAM_USER_HOME",
                                    "value": "/tekton/home"
                                },
                                {
                                    "name": "PARAM_FETCH_TAGS",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_GIT_INIT_IMAGE"
                                },
                                {
                                    "name": "PARAM_MERGE_TARGET_BRANCH",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_TARGET_BRANCH",
                                    "value": "main"
                                },
                                {
                                    "name": "PARAM_MERGE_SOURCE_REPO_URL"
                                },
                                {
                                    "name": "PARAM_MERGE_SOURCE_DEPTH"
                                },
                                {
                                    "name": "WORKSPACE_OUTPUT_PATH",
                                    "value": "/workspace/output"
                                },
                                {
                                    "name": "WORKSPACE_SSH_DIRECTORY_BOUND",
                                    "value": "false"
                                },
                                {
                                    "name": "WORKSPACE_SSH_DIRECTORY_PATH"
                                },
                                {
                                    "name": "WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND",
                                    "value": "true"
                                },
                                {
                                    "name": "WORKSPACE_BASIC_AUTH_DIRECTORY_PATH",
                                    "value": "/workspace/basic-auth"
                                }
                            ],
                            "image": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                            "name": "clone",
                            "script": "#!/usr/bin/env sh\nset -eu\n\nif [ \"${PARAM_VERBOSE}\" = \"true\" ] ; then\n  set -x\nfi\n\nif [ -n \"${PARAM_GIT_INIT_IMAGE}\" ]; then\n  echo \"WARNING: provided deprecated gitInitImage parameter has no effect.\"\nfi\n\nif [ \"${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}\" = \"true\" ] ; then\n  if [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials\" ] \u0026\u0026 [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig\" ]; then\n    cp \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials\" \"${PARAM_USER_HOME}/.git-credentials\"\n    cp \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig\" \"${PARAM_USER_HOME}/.gitconfig\"\n  # Compatibility with kubernetes.io/basic-auth secrets\n  elif [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/username\" ] \u0026\u0026 [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/password\" ]; then\n    HOSTNAME=$(echo $PARAM_URL | awk -F/ '{print $3}')\n    echo \"https://$(cat ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/username):$(cat ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/password)@$HOSTNAME\" \u003e \"${PARAM_USER_HOME}/.git-credentials\"\n    echo -e \"[credential \\\"https://$HOSTNAME\\\"]\\n  helper = store\" \u003e \"${PARAM_USER_HOME}/.gitconfig\"\n  else\n    echo \"Unknown basic-auth workspace format\"\n    exit 1\n  fi\n  chmod 400 \"${PARAM_USER_HOME}/.git-credentials\"\n  chmod 400 \"${PARAM_USER_HOME}/.gitconfig\"\nfi\n\n# Should be called after the gitconfig is copied from the repository secret\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  git config --global http.sslCAInfo \"$ca_bundle\"\nfi\n\nif [ \"${WORKSPACE_SSH_DIRECTORY_BOUND}\" = \"true\" ] ; then\n  cp -R \"${WORKSPACE_SSH_DIRECTORY_PATH}\" \"${PARAM_USER_HOME}\"/.ssh\n  chmod 700 \"${PARAM_USER_HOME}\"/.ssh\n  chmod -R 400 \"${PARAM_USER_HOME}\"/.ssh/*\nfi\n\nCHECKOUT_DIR=\"${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}\"\n\ncleandir() {\n  # Delete any existing contents of the repo directory if it exists.\n  #\n  # We don't just \"rm -rf ${CHECKOUT_DIR}\" because ${CHECKOUT_DIR} might be \"/\"\n  # or the root of a mounted volume.\n  if [ -d \"${CHECKOUT_DIR}\" ] ; then\n    # Delete non-hidden files and directories\n    rm -rf \"${CHECKOUT_DIR:?}\"/*\n    # Delete files and directories starting with . but excluding ..\n    rm -rf \"${CHECKOUT_DIR}\"/.[!.]*\n    # Delete files and directories starting with .. plus any other character\n    rm -rf \"${CHECKOUT_DIR}\"/..?*\n  fi\n}\n\nif [ \"${PARAM_DELETE_EXISTING}\" = \"true\" ] ; then\n  cleandir\nfi\n\ntest -z \"${PARAM_HTTP_PROXY}\" || export HTTP_PROXY=\"${PARAM_HTTP_PROXY}\"\ntest -z \"${PARAM_HTTPS_PROXY}\" || export HTTPS_PROXY=\"${PARAM_HTTPS_PROXY}\"\ntest -z \"${PARAM_NO_PROXY}\" || export NO_PROXY=\"${PARAM_NO_PROXY}\"\n\n/ko-app/git-init \\\n  -url=\"${PARAM_URL}\" \\\n  -revision=\"${PARAM_REVISION}\" \\\n  -refspec=\"${PARAM_REFSPEC}\" \\\n  -path=\"${CHECKOUT_DIR}\" \\\n  -sslVerify=\"${PARAM_SSL_VERIFY}\" \\\n  -submodules=\"${PARAM_SUBMODULES}\" \\\n  -submodulePaths=\"${PARAM_SUBMODULE_PATHS}\" \\\n  -depth=\"${PARAM_DEPTH}\" \\\n  -sparseCheckoutDirectories=\"${PARAM_SPARSE_CHECKOUT_DIRECTORIES}\" \\\n  -retryMaxAttempts=10\ncd \"${CHECKOUT_DIR}\"\nRESULT_SHA=\"$(git rev-parse HEAD)\"\nRESULT_SHA_SHORT=\"$(git rev-parse --short=\"${PARAM_SHORT_COMMIT_LENGTH}\" HEAD)\"\n\nif [ \"${PARAM_MERGE_TARGET_BRANCH}\" = \"true\" ]; then\n  echo \"Merge option enabled. Attempting to merge target branch '${PARAM_TARGET_BRANCH}' into HEAD (${RESULT_SHA}).\"\n\n  if [ \"${PARAM_DEPTH}\" = \"1\" ]; then\n    echo \"WARNING: Shallow clone with depth=1 may cause merge conflicts due to insufficient commit history.\" \u003e\u00262\n  fi\n\n  if [ \"${PARAM_MERGE_SOURCE_DEPTH}\" = \"1\" ]; then\n    echo \"WARNING: Shallow fetch with mergeSourceDepth=1 may cause merge conflicts due to insufficient commit history.\" \u003e\u00262\n  fi\n\n  # Determine if merging from a different repository or the same one\n  if [ -n \"${PARAM_MERGE_SOURCE_REPO_URL}\" ]; then\n    # Normalize URLs for comparison (remove trailing slashes and .git suffix)\n    normalize_url() {\n      echo \"$1\" | sed -e 's#/$##' -e 's#\\.git$##'\n    }\n\n    NORMALIZED_ORIGIN_URL=$(normalize_url \"${PARAM_URL}\")\n    NORMALIZED_MERGE_URL=$(normalize_url \"${PARAM_MERGE_SOURCE_REPO_URL}\")\n\n    if [ \"${NORMALIZED_ORIGIN_URL}\" = \"${NORMALIZED_MERGE_URL}\" ]; then\n      echo \"Merge source URL is the same as origin. Using existing 'origin' remote.\"\n      MERGE_REMOTE=\"origin\"\n    else\n      echo \"Merging from different repository: ${PARAM_MERGE_SOURCE_REPO_URL}\"\n      echo \"Adding remote 'merge-source'...\"\n      git remote add merge-source \"${PARAM_MERGE_SOURCE_REPO_URL}\"\n      MERGE_REMOTE=\"merge-source\"\n    fi\n  else\n    echo \"Merging from the same repository (origin)\"\n    MERGE_REMOTE=\"origin\"\n  fi\n\n  echo \"Fetching target branch '${PARAM_TARGET_BRANCH}' from ${MERGE_REMOTE}...\"\n  if [ -n \"${PARAM_MERGE_SOURCE_DEPTH}\" ]; then\n    retry git fetch --depth=\"${PARAM_MERGE_SOURCE_DEPTH}\" ${MERGE_REMOTE} \"${PARAM_TARGET_BRANCH}\"\n  else\n    retry git fetch ${MERGE_REMOTE} \"${PARAM_TARGET_BRANCH}\"\n  fi\n\n\n  echo \"Merging ${MERGE_REMOTE}/${PARAM_TARGET_BRANCH} into current HEAD...\"\n  git config --global user.email \"tekton-git-clone@tekton.dev\"\n  git config --global user.name \"Tekton Git Clone Task\"\n\nif ! git merge FETCH_HEAD --no-commit --no-ff --allow-unrelated-histories; then\n  echo \"ERROR: Merge conflict detected or merge failed before commit.\" \u003e\u00262\n  echo \"--- Git Status ---\"\n  git status\n  echo \"------------------\"\n  exit 1\nfi\n\n# Check if there are changes staged for commit\nif git diff --staged --quiet; then\n  echo \"No diff was found, skipping merge...\" \u003e\u00262\nelse\n  echo \"Merge successful (no conflicts found), committing...\"\nif ! git commit -m \"Merge branch '${PARAM_TARGET_BRANCH}' from ${MERGE_REMOTE} into ${RESULT_SHA}\"; then\n  echo \"ERROR: Failed to commit merge.\" \u003e\u00262\n  exit 1\nfi\n  MERGED_SHA=$(git rev-parse HEAD)\n  echo \"New HEAD after merge: ${MERGED_SHA}\"\n  echo \"${MERGED_SHA}\" \u003e \"/tekton/results/merged_sha\"\nfi\n\nelse\n  echo \"Merge option disabled. Using checked-out revision ${RESULT_SHA} directly.\"\nfi\nprintf \"%s\" \"${RESULT_SHA}\" \u003e \"/tekton/results/commit\"\nprintf \"%s\" \"${RESULT_SHA}\" \u003e \"/tekton/results/CHAINS-GIT_COMMIT\"\nprintf \"%s\" \"${RESULT_SHA_SHORT}\" \u003e \"/tekton/results/short-commit\"\nprintf \"%s\" \"${PARAM_URL}\" \u003e \"/tekton/results/url\"\nprintf \"%s\" \"${PARAM_URL}\" \u003e \"/tekton/results/CHAINS-GIT_URL\"\nprintf \"%s\" \"$(git log -1 --pretty=%ct)\" \u003e \"/tekton/results/commit-timestamp\"\n\nif [ \"${PARAM_FETCH_TAGS}\" = \"true\" ] ; then\n  echo \"Fetching tags\"\n  retry git fetch --tags\nfi\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ]
                        },
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "PARAM_ENABLE_SYMLINK_CHECK",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBDIRECTORY",
                                    "value": "source"
                                },
                                {
                                    "name": "WORKSPACE_OUTPUT_PATH",
                                    "value": "/workspace/output"
                                }
                            ],
                            "image": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                            "name": "symlink-check",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n\nCHECKOUT_DIR=\"${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}\"\ncheck_symlinks() {\n  FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO=false\n  while read -r symlink\n  do\n    target=$(readlink -m \"$symlink\")\n    if ! [[ \"$target\" =~ ^$CHECKOUT_DIR ]]; then\n      echo \"The cloned repository contains symlink pointing outside of the cloned repository: $symlink\"\n      FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO=true\n    fi\n  done \u003c \u003c(find $CHECKOUT_DIR -type l -print)\n  if [ \"$FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO\" = true ] ; then\n    return 1\n  fi\n}\n\nif [ \"${PARAM_ENABLE_SYMLINK_CHECK}\" = \"true\" ] ; then\n  echo \"Running symlink check\"\n  check_symlinks\nfi\n"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "The git repo will be cloned onto the volume backing this Workspace.",
                            "name": "output"
                        },
                        {
                            "description": "A .ssh directory with private key, known_hosts, config, etc. Copied to\nthe user's home before git commands are executed. Used to authenticate\nwith the git remote when performing the clone. Binding a Secret to this\nWorkspace is strongly recommended over other volume types.\n",
                            "name": "ssh-directory",
                            "optional": true
                        },
                        {
                            "description": "A Workspace containing a .gitconfig and .git-credentials file or username and password.\nThese will be copied to the user's home before any git commands are run. Any\nother files in this Workspace are ignored. It is strongly recommended\nto use ssh-directory over basic-auth whenever possible and to bind a\nSecret to this Workspace over other volume types.\n",
                            "name": "basic-auth",
                            "optional": true
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/6ed10c58-c930-43fd-9c19-87fd512c905d",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:08:20Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "init",
                    "tekton.dev/task": "init",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-29jvp-init",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "29234",
                "uid": "6ed10c58-c930-43fd-9c19-87fd512c905d"
            },
            "spec": {
                "params": [
                    {
                        "name": "enable-cache-proxy",
                        "value": "false"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "init"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:08:24Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:08:24Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-pull-request-29jvp-init-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19"
                        },
                        "entryPoint": "init",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-init"
                    }
                },
                "results": [
                    {
                        "name": "http-proxy",
                        "type": "string",
                        "value": ""
                    },
                    {
                        "name": "no-proxy",
                        "type": "string",
                        "value": ""
                    }
                ],
                "startTime": "2026-07-01T16:08:21Z",
                "steps": [
                    {
                        "container": "step-init",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:59f2ea93fa4d47342b54acb434422ee07ebccd927a06a00d3f3eca70f8356ddf",
                        "name": "init",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://1bd965144211cb81dea419a2bac929df8c8e8e5aa43a23ba96c84f89fb6c1421",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:24Z",
                            "message": "[{\"key\":\"http-proxy\",\"value\":\"\",\"type\":1},{\"key\":\"no-proxy\",\"value\":\"\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:08:23Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Initialize Pipeline Task, enables configuration for cache-proxy if required during the PipelineRun.",
                    "params": [
                        {
                            "default": "false",
                            "description": "Enable cache proxy configuration",
                            "name": "enable-cache-proxy",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "HTTP proxy URL for cache proxy (when enable-cache-proxy is true)",
                            "name": "http-proxy",
                            "type": "string"
                        },
                        {
                            "description": "NO_PROXY value for cache proxy (when enable-cache-proxy is true)",
                            "name": "no-proxy",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "args": [
                                "--enable",
                                "false"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "config",
                                "cache-proxy"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                },
                                {
                                    "name": "DEFAULT_HTTP_PROXY",
                                    "value": "squid.caching.svc.cluster.local:3128"
                                },
                                {
                                    "name": "DEFAULT_NO_PROXY",
                                    "value": "brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai"
                                },
                                {
                                    "name": "HTTP_PROXY_RESULTS_PATH",
                                    "value": "/tekton/results/http-proxy"
                                },
                                {
                                    "name": "NO_PROXY_RESULTS_PATH",
                                    "value": "/tekton/results/no-proxy"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:59f2ea93fa4d47342b54acb434422ee07ebccd927a06a00d3f3eca70f8356ddf",
                            "name": "init"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-cc0121c13a",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/ee745bd0-7e18-44f3-8d86-51557dc0d784",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, appstudio",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:12:47Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "push-dockerfile",
                    "tekton.dev/task": "push-dockerfile",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-29jvp-push-dockerfile",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "35247",
                "uid": "ee745bd0-7e18-44f3-8d86-51557dc0d784"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                    },
                    {
                        "name": "DOCKERFILE",
                        "value": "docker/Dockerfile"
                    },
                    {
                        "name": "CONTEXT",
                        "value": "python-component"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "push-dockerfile"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.3@sha256:64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-626b0c735f"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:14:04Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:14:04Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-49335c968d57313c2b4f676b09175826-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        "entryPoint": "push-dockerfile",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile"
                    }
                },
                "results": [
                    {
                        "name": "IMAGE_REF",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:1872ab8ee5ad2b64a7de1d5ac5c686e24903af4bbe396c877fbfed5ea800a875"
                    }
                ],
                "startTime": "2026-07-01T16:12:51Z",
                "steps": [
                    {
                        "container": "step-push",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                        "name": "push",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://44f841d9861e0d8d9dfb9465955d22938390238091146ef0b568a2016386f38a",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:01Z",
                            "message": "[{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:1872ab8ee5ad2b64a7de1d5ac5c686e24903af4bbe396c877fbfed5ea800a875\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:14:00Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Discover Dockerfile from source code and push it to registry as an OCI artifact.",
                    "params": [
                        {
                            "description": "The built binary image. The Dockerfile is pushed to the same image repository alongside.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "description": "The built binary image digest, which is used to construct the tag of Dockerfile image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "./Dockerfile",
                            "description": "Path to the Dockerfile.",
                            "name": "DOCKERFILE",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Path to the directory to use as context.",
                            "name": "CONTEXT",
                            "type": "string"
                        },
                        {
                            "default": ".dockerfile",
                            "description": "Suffix of the Dockerfile image tag.",
                            "name": "TAG_SUFFIX",
                            "type": "string"
                        },
                        {
                            "default": "application/vnd.konflux.dockerfile",
                            "description": "Artifact type of the Dockerfile image.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest-pinned image reference to the Dockerfile image.",
                            "name": "IMAGE_REF",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--source",
                                "source",
                                "--context",
                                "python-component",
                                "--containerfile",
                                "docker/Dockerfile",
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                                "--image-digest",
                                "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5",
                                "--artifact-type",
                                "application/vnd.konflux.dockerfile",
                                "--tag-suffix",
                                ".dockerfile",
                                "--result-path-image-ref",
                                "/tekton/results/IMAGE_REF",
                                "--alternative-filename",
                                "Dockerfile"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "push-containerfile"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                            "name": "push",
                            "workingDir": "/workspace/workspace"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace containing the source code from where the Dockerfile is discovered.",
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-cc0121c13a",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/0a0c43f6-768d-4c2e-a897-579d6f50ddd6",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:12:46Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "sast-shell-check",
                    "tekton.dev/task": "sast-shell-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-29jvp-sast-shell-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "35001",
                "uid": "0a0c43f6-768d-4c2e-a897-579d6f50ddd6"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-shell-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-626b0c735f"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:14:09Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:14:09Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-b5640c649ccc109d267110f84124b90c-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        "entryPoint": "sast-shell-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:14:04+00:00\",\"note\":\"For details, check Tekton task log.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:12:49Z",
                "steps": [
                    {
                        "container": "step-sast-shell-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-shell-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://3ecb2002fe1b51ba5379cef299bd9568862b5bc3c93f09affd52f025807e80b6",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:04Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:14:04+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:14:01Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://6ae5c7890ac08581da87660a7d4b8545bf8a0bd55a868809d52929573cd6694e",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:07Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:14:04+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:14:05Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "The sast-shell-check task uses [shellcheck](https://www.shellcheck.net/) tool to perform Static Application Security Testing (SAST), a popular cloud-native application security platform. This task leverages the shellcheck wrapper (csmock-plugin-shellcheck-core) to run shellcheck on a directory tree.\nShellCheck is a static analysis tool, gives warnings and suggestions for bash/sh shell scripts. This task can run on x86 and arm.",
                    "params": [
                        {
                            "default": "",
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image digest to report findings for.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (default to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to include important findings only",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "8",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-shell-check",
                            "script": "#!/usr/bin/env bash\nset -x\n# shellcheck source=/dev/null\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nPACKAGE_VERSION=$(rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\\n' ShellCheck)\n\nOUTPUT_FILE=\"shellcheck-results.json\"\nSOURCE_CODE_DIR=/workspace/workspace/source\n\n# generate full path for each dirname separated by comma\ndeclare -a ALL_TARGETS\nIFS=\",\" read -ra TARGET_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGET_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    ALL_TARGETS+=(\"$resolved_path\")\n  else\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\ndone\n\n# determine number of available CPU cores for shellcheck based on container cgroup v2 CPU limits\n# this calculates the ceiling, so if the cpu limit is 0.5, the number of jobs will be 1.\nif [ -z \"$SC_JOBS\" ] \u0026\u0026 [ -r \"/sys/fs/cgroup/cpu.max\" ]; then\n    read -r quota period \u003c /sys/fs/cgroup/cpu.max\n    if [ \"$quota\" != \"max\" ] \u0026\u0026 [ -n \"$period\" ] \u0026\u0026 [ \"$period\" -gt 0 ]; then\n        export SC_JOBS=$(((quota + period - 1) / period))\n        echo \"INFO: Setting SC_JOBS=${SC_JOBS} based on cgroups v2 max for run-shellcheck.sh\"\n    fi\nfi\n\n# generate all shellcheck result JSON files to $SC_RESULTS_DIR, which defaults to ./shellcheck-results/\n/usr/share/csmock/scripts/run-shellcheck.sh \"${ALL_TARGETS[@]}\"\n\nCSGREP_OPTS=(\n    --mode=json\n    --strip-path-prefix=\"$SOURCE_CODE_DIR\"/\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"ShellCheck:${PACKAGE_VERSION}\"\n)\nif [[ \"$IMP_FINDINGS_ONLY\" == \"true\" ]]; then\n    # predefined list of shellcheck important findings\n    CSGREP_EVENT_FILTER='\\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|'\n    CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|'\n    CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\\]$'\n    CSGREP_OPTS+=(\n        --event=\"$CSGREP_EVENT_FILTER\"\n    )\nelse\n    CSGREP_OPTS+=(\n        --event=\"error|warning\"\n    )\nfi\n\nif ! csgrep \"${CSGREP_OPTS[@]}\" ./shellcheck-results/*.json \u003e \"$OUTPUT_FILE\"; then\n    echo \"Error occurred while running 'run-shellcheck.sh'\"\n    note=\"Task sast-shell-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" \"${OUTPUT_FILE}\" \u003e \"${OUTPUT_FILE}.filtered\" 2\u003e \"${OUTPUT_FILE}.error\"\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n        mv \"${OUTPUT_FILE}.filtered\" \"$OUTPUT_FILE\"\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\necho \"ShellCheck results have been saved to $OUTPUT_FILE\"\n\ncsgrep --mode=evtstat \"$OUTPUT_FILE\"\ncsgrep --mode=sarif \"$OUTPUT_FILE\" \u003e shellcheck-results.sarif\n\nTEST_OUTPUT=\nparse_test_output \"sast-shell-check\" sarif shellcheck-results.sarif || true\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\nif [ -z \"${IMAGE_URL}\" ] || [ -z \"${IMAGE_DIGEST}\" ]; then\n    echo 'No image-url or image-digest param provided. Skipping upload.'\n    exit 0\nfi\n\nUPLOAD_FILES=\"shellcheck-results.sarif excluded-findings.json\"\n\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n        echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n        continue\n    fi\n\n    # Determine the media type based on the file extension\n    if [[ \"${UPLOAD_FILE}\" == *.json ]]; then\n        MEDIA_TYPE=\"application/json\"\n    else\n        MEDIA_TYPE=\"application/sarif+json\"\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach ${UPLOAD_FILE} to ${IMAGE_URL}\"\n      exit 1\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-cc0121c13a",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/b197e10b-478f-4f55-a313-158aa7399794",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:12:46Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "sast-snyk-check",
                    "tekton.dev/task": "sast-snyk-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-29jvp-sast-snyk-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "34685",
                "uid": "b197e10b-478f-4f55-a313-158aa7399794"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-snyk-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-626b0c735f"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:13:55Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:13:55Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-6492da0ffa8137b142f329af499264b2-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        "entryPoint": "sast-snyk-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SKIPPED\",\"timestamp\":\"2026-07-01T16:13:20+00:00\",\"note\":\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:12:47Z",
                "steps": [
                    {
                        "container": "step-sast-snyk-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-snyk-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://fcd2c921bfb3a74a897862fa468209d50df38183a9f4c409fdbbd56fd1037754",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:13:20Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T16:13:20+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:13:18Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://95cd56bf1f7ae921f27fb8d115f7f95e4e9f565fb16975aad78471164a9de742",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:13:20Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T16:13:20+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:13:20Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for security vulnerabilities, including common issues such as SQL injection, cross-site scripting (XSS), and code injection attacks using Snyk Code, a Static Application Security Testing (SAST) tool.\n\nFollow the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/) to obtain a snyk-token and to enable the snyk task in a Pipeline.\n\nThe snyk binary used in this Task comes from a container image defined in https://github.com/konflux-ci/konflux-test\n\nSee https://snyk.io/product/snyk-code/ and https://snyk.io/ for more information about the snyk tool.",
                    "params": [
                        {
                            "default": "snyk-secret",
                            "description": "Name of secret which contains Snyk token.",
                            "name": "SNYK_SECRET",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Append arguments.",
                            "name": "ARGS",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Digest of the image to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Report only important findings in task result. Default is \"true\". To report all findings in task result, specify \"false\". Uploaded SARIF report to remote registry always includes all findings, regardless of severity level.",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Write excluded records in file. Useful for auditing (defaults to false).",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Directories or files to be excluded from Snyk scan (Comma-separated). Useful to split the directories of a git repo across multiple components.",
                            "name": "IGNORE_FILE_PATHS",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "6Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "6Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SNYK_SECRET",
                                    "value": "snyk-secret"
                                },
                                {
                                    "name": "ARGS"
                                },
                                {
                                    "name": "IGNORE_FILE_PATHS"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-snyk-check",
                            "script": "#!/usr/bin/env bash\n\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\n# Installation of Red Hat certificates for cloning Red Hat internal repositories\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSNYK_TOKEN_PATH=\"/etc/secrets/snyk_token\"\nif [ -f \"${SNYK_TOKEN_PATH}\" ] \u0026\u0026 [ -s \"${SNYK_TOKEN_PATH}\" ]; then\n  # SNYK token is provided\n  SNYK_TOKEN=\"$(cat ${SNYK_TOKEN_PATH})\"\n  export SNYK_TOKEN\nelse\n  # According to shellcheck documentation, the following error can be ignored as it is ignored through indirection: https://www.shellcheck.net/wiki/SC2034\n  # shellcheck disable=SC2034\n  to_enable_snyk='[here](https://konflux-ci.dev/docs/testing/build/snyk/)'\n  note=\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given ${to_enable_snyk}\"\n  TEST_OUTPUT=$(make_result_json -r SKIPPED -t \"$note\")\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nSNYK_EXIT_CODE=0\nSOURCE_CODE_DIR=/workspace/workspace\n\n# We ignore files using snyk ignore if the user set up the IGNORE_FILE_PATHS variable.\n(cd \"${SOURCE_CODE_DIR}\" \u0026\u0026 IFS=\",\" \u0026\u0026 for path in $IGNORE_FILE_PATHS; do\n  snyk ignore --file-path=\"source/${path}\"\ndone)\n\nset +e\necho \"INFO: Running 'snyk code test'..\"\n# We do want to expand ARGS (it can be multiple CLI flags, not just one)\n# shellcheck disable=SC2086\n\n# Generate full paths for each directory in TARGET_DIRS\nIFS=\",\" read -ra TARGETS_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGETS_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # Ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ ! \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\n\n  # Ensure directory exists\n  if [ ! -d \"$resolved_path\" ]; then\n    echo \"Warning: Directory $resolved_path does not exist, skipping\"\n    continue\n  fi\n\n  echo \"INFO: Scanning directory: $resolved_path\"\n  # We do want to expand ARGS (it can be multiple CLI flags, not just one)\n  # shellcheck disable=SC2086\n  snyk code test $ARGS \"$resolved_path\" --max-depth=1 --sarif-file-output=\"${resolved_path}/sast_snyk_check_out_${d//\\//_}.json\" 1\u003e\u00262\u003e\u003e stdout.txt\n  cmd_exit_code=$?\n  # Track the exit code: if any snyk command fails, preserve the failure\n  # Exit codes: 0 = success, 1 = vulnerabilities found, 2 = error, 3 = no supported files\n  # Error codes (2+) always override, warning codes (1,3) only if no previous error\n  if [[ \"$cmd_exit_code\" -ne 0 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 1 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 3 ]]; then\n    SNYK_EXIT_CODE=$cmd_exit_code\n  fi\n\ndone\n\n# Merge all SARIF outputs\nfind \"$SOURCE_CODE_DIR\" -name \"sast_snyk_check_out_*.json\" -exec cat {} + \u003e \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\nset -e\ntest_not_skipped=0\nSKIP_MSG=\"We found 0 supported files\"\ngrep -q \"$SKIP_MSG\" stdout.txt || test_not_skipped=$?\n\nif [[ \"$SNYK_EXIT_CODE\" -eq 0 ]] || [[ \"$SNYK_EXIT_CODE\" -eq 1 ]]; then\n  # Check if the merged SARIF file has content - this could happen if the snyk scan found no findings\n  if [ ! -s \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\" ]; then\n    echo \"WARN: No JSON output files were generated by snyk scan\"\n    # Get snyk version for proper SARIF metadata\n    SNYK_VERSION=$(snyk --version 2\u003e/dev/null | head -1 | tr -d '\\n' || echo \"unknown\")\n    # Create a valid minimal SARIF structure using jq\n    # Note: coverage array is required even when empty because downstream jq commands expect it\n    jq -n --arg version \"$SNYK_VERSION\" '{\n      \"$schema\": \"https://json.schemastore.org/sarif-2.1.0.json\",\n      \"version\": \"2.1.0\",\n      \"runs\": [{\n        \"tool\": {\n          \"driver\": {\n            \"name\": \"snyk\",\n            \"version\": $version,\n            \"informationUri\": \"https://snyk.io\"\n          }\n        },\n        \"results\": [],\n        \"properties\": {\n          \"coverage\": []\n        }\n      }]\n    }' \u003e\"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\n  fi\n\n  # In order to generate csdiff/v1, we need to add the whole path of the source code as Snyk only provides an URI to embed the context\n  (cd  \"${SOURCE_CODE_DIR}\" \u0026\u0026 csgrep --mode=json --embed-context=3 \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json) \\\n    | csgrep --mode=json --strip-path-prefix=\"source/\"  \\\n    \u003e sast_snyk_check_out_all_findings.json\n\n  echo \"INFO: Initial results:\"\n  csgrep --mode=evtstat sast_snyk_check_out_all_findings.json\n\n  if [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\n  fi\n  PROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n  # create the KFP clone directory regardless\n  KFP_DIR=\"known-false-positives\"\n  KFP_CLONED=\"0\"\n  mkdir \"${KFP_DIR}\"\n\n  # We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\n  if [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n      echo \"INFO: Trying to clone known-false-positives..\"\n      git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\n  fi\n\n  if [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone know-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv sast_snyk_check_out_all_findings.json filtered_sast_snyk_check_out.json\n  else\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    CMD=(\n      csfilter-kfp\n      --verbose\n      --kfp-dir=\"${KFP_DIR}\"\n      --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [ \"${RECORD_EXCLUDED}\" == \"true\" ]; then\n      CMD+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    set +e\n    \"${CMD[@]}\" sast_snyk_check_out_all_findings.json \u003e filtered_sast_snyk_check_out.json\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n      echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n      echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\n    echo \"INFO: Results after filtering:\"\n    (set -x \u0026\u0026 csgrep --mode=evtstat filtered_sast_snyk_check_out.json)\n  fi\n\n  # Generation of scan stats\n\n  total_files=$(jq '[.runs[0].properties.coverage[].files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n  supported_files=$(jq '[.runs[0].properties.coverage[] | select(.type == \"SUPPORTED\") | .files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n\n  # We make sure the values are 0 if no supported/total files are found\n  if [ \"$total_files\" = \"null\" ] || [ -z \"$total_files\" ]; then\n    total_files=0\n  fi\n\n  if [ \"$supported_files\" = \"null\" ] || [ -z \"$supported_files\" ]; then\n    supported_files=0\n  fi\n\n  coverage_ratio=0\n  if (( total_files \u003e 0 )); then\n      coverage_ratio=$((supported_files * 100 / total_files))\n  fi\n\n  # embed stats in results file and convert to SARIF\n  csgrep --mode=sarif --set-scan-prop snyk-scanned-files-coverage:\"${coverage_ratio}\" \\\n                      --set-scan-prop snyk-scanned-files-success:\"${supported_files}\"  \\\n                      --set-scan-prop snyk-scanned-files-total:\"${total_files}\" \\\n                      filtered_sast_snyk_check_out.json  \u003e sast_snyk_check_out.sarif\n\n  # Create filtered SARIF for Tekton task result based on IMP_FINDINGS_ONLY parameter\n  if [ \"${IMP_FINDINGS_ONLY}\" == \"true\" ]; then\n    # Filter to only \"error\" level or higher (high/critical severity) for Tekton task result\n    # In SARIF, defects are given a level like \"error\" or \"warning\". Snyk maps \"high\" level findings to \"error\".\n    # - \"error\" → importance level 1\n    # - \"warning\" (or missing level) → importance level 0\n    RESULT_SARIF=\"result_sast_snyk_check_out.sarif\"\n    csgrep --mode=sarif --imp-level 1 sast_snyk_check_out.sarif \u003e \"$RESULT_SARIF\"\n  else\n    # Use all findings for Tekton task result\n    RESULT_SARIF=\"sast_snyk_check_out.sarif\"\n  fi\n\n  TEST_OUTPUT=\n  parse_test_output \"sast-snyk-check\" sarif \"$RESULT_SARIF\"  || true\n\n# When the test is skipped, the \"SNYK_EXIT_CODE\" is 3 and it can also be 3 in some other situation\nelif [[ \"$test_not_skipped\" -eq 0 ]]; then\n  note=\"Task sast-snyk-check success: Snyk code test found zero supported files.\"\n  ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n  echo \"sast-snyk-check test failed because of the following issues:\"\n  cat stdout.txt\n  note=\"Task sast-snyk-check failed: For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets",
                                    "name": "snyk-secret",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url provided. Skipping upload.'\n  exit 0\nfi\n\nUPLOAD_FILES=\"sast_snyk_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n    if [ \"${UPLOAD_FILES}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach to ${IMAGE_URL}\"\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        }
                    ],
                    "volumes": [
                        {
                            "name": "snyk-secret",
                            "secret": {
                                "optional": true,
                                "secretName": "snyk-secret"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/fce72f7d-611c-400f-abff-80de0f50ebba",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:19:48Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "apply-tags",
                    "tekton.dev/task": "apply-tags",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-k59b5-apply-tags",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "40106",
                "uid": "fce72f7d-611c-400f-abff-80de0f50ebba"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "apply-tags"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:20:06Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:20:06Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-pull-request-k59b5-apply-tags-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        "entryPoint": "apply-tags",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-apply-tags"
                    }
                },
                "startTime": "2026-07-01T16:19:51Z",
                "steps": [
                    {
                        "container": "step-apply-additional-tags",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                        "name": "apply-additional-tags",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://e3bf2c6f691f821647bd1e08f2c504554981cb57ecfc4248a1565446072e0f18",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:05Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:04Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Applies additional tags to the built image.",
                    "params": [
                        {
                            "description": "Image repository and tag reference of the the built image.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest of the built image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional tags that will be applied to the image in the registry.",
                            "name": "ADDITIONAL_TAGS",
                            "type": "array"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64",
                                "--digest",
                                "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42",
                                "--tags",
                                "--tags-from-image-label",
                                "konflux.additional-tags"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "apply-tags"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                            "name": "apply-additional-tags"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-9d0756f48f",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/9111fdd8-5a79-4da4-9737-b253734e0194",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:16:07Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "build-container",
                    "tekton.dev/task": "buildah",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-k59b5-build-container",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "38620",
                "uid": "9111fdd8-5a79-4da4-9737-b253734e0194"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    },
                    {
                        "name": "DOCKERFILE",
                        "value": "docker/Dockerfile"
                    },
                    {
                        "name": "CONTEXT",
                        "value": "python-component"
                    },
                    {
                        "name": "HERMETIC",
                        "value": "false"
                    },
                    {
                        "name": "PREFETCH_INPUT",
                        "value": ""
                    },
                    {
                        "name": "IMAGE_EXPIRES_AFTER",
                        "value": "5d"
                    },
                    {
                        "name": "COMMIT_SHA",
                        "value": "39ef48556ec93aa12b053ba607494e01170bab64"
                    },
                    {
                        "name": "BUILD_ARGS",
                        "value": []
                    },
                    {
                        "name": "BUILD_ARGS_FILE",
                        "value": ""
                    },
                    {
                        "name": "PRIVILEGED_NESTED",
                        "value": "false"
                    },
                    {
                        "name": "SOURCE_URL",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    },
                    {
                        "name": "BUILDAH_FORMAT",
                        "value": "docker"
                    },
                    {
                        "name": "HTTP_PROXY",
                        "value": ""
                    },
                    {
                        "name": "NO_PROXY",
                        "value": ""
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "buildah"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:b68244eb0d68eff71861384ae73f5e93b11fd3da77a0381f14fb52604310d8c5"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "source",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-4942403eef"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:19:31Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:19:31Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-0dbcd027ded6663042c5e9eda8d6bb4c-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "b68244eb0d68eff71861384ae73f5e93b11fd3da77a0381f14fb52604310d8c5"
                        },
                        "entryPoint": "buildah",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-buildah"
                    }
                },
                "results": [
                    {
                        "name": "IMAGE_DIGEST",
                        "type": "string",
                        "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                    },
                    {
                        "name": "IMAGE_REF",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64@sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                    },
                    {
                        "name": "IMAGE_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    },
                    {
                        "name": "SBOM_BLOB_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:a42cca3913791f1b324bfbe2ae43cf361930a4bf85eb98007fb1b40c5ecab677"
                    }
                ],
                "startTime": "2026-07-01T16:16:07Z",
                "steps": [
                    {
                        "container": "step-build",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "build",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://5ac0abaf5a1c8f6c2660386c9d4986009b4045033daf6279e12b4dfd608598a2",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:16:54Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:16:16Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-push",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "push",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://5ec76dc89a3c69c8d341b8982d81e2075e5da409b3af64a5b44cf23d0535f6cf",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:17:45Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64@sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:16:55Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-sbom-syft-generate",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "sbom-syft-generate",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d93651b58449405f186e2136b4242193e95d5dea3f4c4e00725eed2ac9559a46",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:18:16Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64@sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:17:45Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-prepare-sboms",
                        "imageID": "quay.io/konflux-ci/mobster@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                        "name": "prepare-sboms",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://6e7e64d28d5b3fb56402c18da452a4537922289ce98c309f43dd3c5ad06be2d4",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:18:48Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64@sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:18:17Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload-sbom",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "upload-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://9d52032afa3b2174631b50e39d7051fea19586fe79bcc6273a158936ac2a0767",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:19:30Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64@sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\",\"type\":1},{\"key\":\"SBOM_BLOB_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:a42cca3913791f1b324bfbe2ae43cf361930a4bf85eb98007fb1b40c5ecab677\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:18:49Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Buildah task builds source code into a container image and pushes the image into container registry using buildah tool.\nIn addition, it generates a SBOM file, injects the SBOM file into final container image and pushes the SBOM file as separate image using cosign tool.\nWhen prefetch-dependencies task is activated it is using its artifacts to run build in hermetic environment.",
                    "params": [
                        {
                            "description": "Reference of the image buildah will produce.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "default": "./Dockerfile",
                            "description": "Path to the Dockerfile to build.",
                            "name": "DOCKERFILE",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Path to the directory to use as context.",
                            "name": "CONTEXT",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)",
                            "name": "TLSVERIFY",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Determines if build will be executed without network access.",
                            "name": "HERMETIC",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "In case it is not empty, the prefetched content should be made available to the build.",
                            "name": "PREFETCH_INPUT",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Delete image tag after specified time. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.",
                            "name": "IMAGE_EXPIRES_AFTER",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The image is built from this commit.",
                            "name": "COMMIT_SHA",
                            "type": "string"
                        },
                        {
                            "default": "repos.d",
                            "description": "Path in the git repository in which yum repository files are stored",
                            "name": "YUM_REPOS_D_SRC",
                            "type": "string"
                        },
                        {
                            "default": "fetched.repos.d",
                            "description": "Path in source workspace where dynamically-fetched repos are present",
                            "name": "YUM_REPOS_D_FETCHED",
                            "type": "string"
                        },
                        {
                            "default": "/etc/yum.repos.d",
                            "description": "Target path on the container in which yum repository files should be made available",
                            "name": "YUM_REPOS_D_TARGET",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Target stage in Dockerfile to build. If not specified, the Dockerfile is processed entirely to (and including) its last stage.",
                            "name": "TARGET_STAGE",
                            "type": "string"
                        },
                        {
                            "default": "etc-pki-entitlement",
                            "description": "Name of secret which contains the entitlement certificates",
                            "name": "ENTITLEMENT_SECRET",
                            "type": "string"
                        },
                        {
                            "default": "activation-key",
                            "description": "Name of secret which contains subscription activation key",
                            "name": "ACTIVATION_KEY",
                            "type": "string"
                        },
                        {
                            "default": "does-not-exist",
                            "description": "Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET",
                            "name": "ADDITIONAL_SECRET",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Array of --build-arg values (\"arg=value\" strings)",
                            "name": "BUILD_ARGS",
                            "type": "array"
                        },
                        {
                            "default": [],
                            "description": "Array of --env values (\"env=value\" strings)",
                            "name": "ENV_VARS",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file",
                            "name": "BUILD_ARGS_FILE",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to keep compatibility location at /root/buildinfo/ for ICM injection",
                            "name": "ICM_KEEP_COMPAT_LOCATION",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma separated list of extra capabilities to add when running 'buildah build'",
                            "name": "ADD_CAPABILITIES",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Squash all new and previous layers added as a part of this build, as per --squash",
                            "name": "SQUASH",
                            "type": "string"
                        },
                        {
                            "default": "overlay",
                            "description": "Storage driver to configure for buildah",
                            "name": "STORAGE_DRIVER",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to skip stages in Containerfile that seem unused by subsequent stages",
                            "name": "SKIP_UNUSED_STAGES",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional key=value labels that should be applied to the image",
                            "name": "LABELS",
                            "type": "array"
                        },
                        {
                            "default": [],
                            "description": "Additional key=value annotations that should be applied to the image",
                            "name": "ANNOTATIONS",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Path to a file with additional key=value annotations that should be applied to the image",
                            "name": "ANNOTATIONS_FILE",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to enable privileged mode, should be used only with remote VMs",
                            "name": "PRIVILEGED_NESTED",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Skip SBOM-related operations. This will likely cause EC policies to fail if enabled",
                            "name": "SKIP_SBOM_GENERATION",
                            "type": "string"
                        },
                        {
                            "default": "spdx",
                            "description": "Select the SBOM format to generate. Valid values: spdx, cyclonedx. Note: the SBOM from the prefetch task - if there is one - must be in the same format.",
                            "name": "SBOM_TYPE",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Extra option to customize Syft's default catalogers when generating SBOMs. The value corresponds to Syft's CLI flag --select-catalogers. The details about available catalogers can be found here: https://github.com/anchore/syft/wiki/Package-Cataloger-Selection",
                            "name": "SBOM_SYFT_SELECT_CATALOGERS",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Flag to enable or disable SBOM generation from source code. The scanner of the source code is enabled only for non-hermetic builds and can be disabled if the SBOM_SYFT_SELECT_CATALOGERS can't turn off catalogers that cause false positives on source code scanning.",
                            "name": "SBOM_SOURCE_SCAN_ENABLED",
                            "type": "string"
                        },
                        {
                            "default": "oci",
                            "description": "The format for the resulting image's mediaType. Valid values are oci (default) or docker.",
                            "name": "BUILDAH_FORMAT",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional base image references to include to the SBOM. Array of image_reference_with_digest strings",
                            "name": "ADDITIONAL_BASE_IMAGES",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Mount the current working directory into the build using --volume $PWD:/$WORKINGDIR_MOUNT. Note that the $PWD will be the context directory for the build (see the CONTEXT param).",
                            "name": "WORKINGDIR_MOUNT",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Determines if the image inherits the base image labels.",
                            "name": "INHERIT_BASE_IMAGE_LABELS",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTP/HTTPS proxy to use for the buildah pull and build operations. Will not be passed through to the container during the build process.",
                            "name": "HTTP_PROXY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma separated list of hosts or domains which should bypass the HTTP/HTTPS proxy.",
                            "name": "NO_PROXY",
                            "type": "string"
                        },
                        {
                            "default": "caching-ca-bundle",
                            "description": "The name of the ConfigMap to read proxy CA bundle data from.",
                            "name": "PROXY_CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the proxy CA bundle data.",
                            "name": "PROXY_CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Defines the single build time for all buildah builds in seconds since UNIX epoch. Conflicts with SOURCE_DATE_EPOCH.",
                            "name": "BUILD_TIMESTAMP",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The image is built from this URL.",
                            "name": "SOURCE_URL",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Determines if SBOM will be contextualized.",
                            "name": "CONTEXTUALIZE_SBOM",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Flag to enable or disable SBOM validation before save. Validation is optional - use this if you are experiencing performance issues.",
                            "name": "SBOM_SKIP_VALIDATION",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Omit build history information from the resulting image. Improves reproducibility by excluding timestamps and layer metadata.",
                            "name": "OMIT_HISTORY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Timestamp in seconds since Unix epoch for reproducible builds. Sets image created time and SOURCE_DATE_EPOCH build arg. Conflicts with BUILD_TIMESTAMP.",
                            "name": "SOURCE_DATE_EPOCH",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Clamp mtime of all files to at most SOURCE_DATE_EPOCH. Does nothing if SOURCE_DATE_EPOCH is not defined.",
                            "name": "REWRITE_TIMESTAMP",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Don't inject a content-sets.json or a labels.json file. This requires that the canonical Containerfile takes care of this itself.",
                            "name": "SKIP_INJECTIONS",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest of the image just built",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "description": "Image repository and tag where the built image was pushed",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image reference of the built image",
                            "name": "IMAGE_REF",
                            "type": "string"
                        },
                        {
                            "description": "Reference of SBOM blob digest to enable digest-based verification from provenance",
                            "name": "SBOM_BLOB_URL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {
                            "limits": {
                                "memory": "4Gi"
                            },
                            "requests": {
                                "cpu": "1",
                                "memory": "4Gi"
                            }
                        },
                        "env": [
                            {
                                "name": "STORAGE_DRIVER",
                                "value": "overlay"
                            },
                            {
                                "name": "HERMETIC",
                                "value": "false"
                            },
                            {
                                "name": "SOURCE_CODE_DIR",
                                "value": "source"
                            },
                            {
                                "name": "CONTEXT",
                                "value": "python-component"
                            },
                            {
                                "name": "IMAGE",
                                "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                            },
                            {
                                "name": "TLSVERIFY",
                                "value": "true"
                            },
                            {
                                "name": "IMAGE_EXPIRES_AFTER",
                                "value": "5d"
                            },
                            {
                                "name": "YUM_REPOS_D_SRC",
                                "value": "repos.d"
                            },
                            {
                                "name": "YUM_REPOS_D_FETCHED",
                                "value": "fetched.repos.d"
                            },
                            {
                                "name": "YUM_REPOS_D_TARGET",
                                "value": "/etc/yum.repos.d"
                            },
                            {
                                "name": "TARGET_STAGE"
                            },
                            {
                                "name": "ENTITLEMENT_SECRET",
                                "value": "etc-pki-entitlement"
                            },
                            {
                                "name": "ACTIVATION_KEY",
                                "value": "activation-key"
                            },
                            {
                                "name": "ADDITIONAL_SECRET",
                                "value": "does-not-exist"
                            },
                            {
                                "name": "BUILD_ARGS_FILE"
                            },
                            {
                                "name": "ADD_CAPABILITIES"
                            },
                            {
                                "name": "SQUASH",
                                "value": "false"
                            },
                            {
                                "name": "SKIP_UNUSED_STAGES",
                                "value": "true"
                            },
                            {
                                "name": "PRIVILEGED_NESTED",
                                "value": "false"
                            },
                            {
                                "name": "SKIP_SBOM_GENERATION",
                                "value": "false"
                            },
                            {
                                "name": "SBOM_TYPE",
                                "value": "spdx"
                            },
                            {
                                "name": "SBOM_SYFT_SELECT_CATALOGERS"
                            },
                            {
                                "name": "SBOM_SOURCE_SCAN_ENABLED",
                                "value": "true"
                            },
                            {
                                "name": "ANNOTATIONS_FILE"
                            },
                            {
                                "name": "WORKINGDIR_MOUNT"
                            },
                            {
                                "name": "INHERIT_BASE_IMAGE_LABELS",
                                "value": "true"
                            },
                            {
                                "name": "BUILD_TIMESTAMP"
                            },
                            {
                                "name": "CONTEXTUALIZE_SBOM",
                                "value": "true"
                            },
                            {
                                "name": "SBOM_SKIP_VALIDATION",
                                "value": "true"
                            },
                            {
                                "name": "SKIP_INJECTIONS",
                                "value": "false"
                            }
                        ],
                        "imagePullPolicy": "IfNotPresent",
                        "volumeMounts": [
                            {
                                "mountPath": "/shared",
                                "name": "shared"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--build-args",
                                "--env",
                                "--labels",
                                "--annotations"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "4600m",
                                    "memory": "8Gi"
                                },
                                "requests": {
                                    "cpu": "4600m",
                                    "memory": "8Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/root"
                                },
                                {
                                    "name": "COMMIT_SHA",
                                    "value": "39ef48556ec93aa12b053ba607494e01170bab64"
                                },
                                {
                                    "name": "SOURCE_URL",
                                    "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                                },
                                {
                                    "name": "DOCKERFILE",
                                    "value": "docker/Dockerfile"
                                },
                                {
                                    "name": "BUILDAH_HTTP_PROXY"
                                },
                                {
                                    "name": "BUILDAH_NO_PROXY"
                                },
                                {
                                    "name": "ICM_KEEP_COMPAT_LOCATION",
                                    "value": "true"
                                },
                                {
                                    "name": "BUILDAH_OMIT_HISTORY",
                                    "value": "false"
                                },
                                {
                                    "name": "BUILDAH_SOURCE_DATE_EPOCH"
                                },
                                {
                                    "name": "BUILDAH_REWRITE_TIMESTAMP",
                                    "value": "false"
                                }
                            ],
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "build",
                            "script": "#!/bin/bash\nset -euo pipefail\n\nfunction set_proxy {\n  if [ -n \"${BUILDAH_HTTP_PROXY}\" ]; then\n    echo \"[$(date --utc -Ins)] Setting proxy to ${BUILDAH_HTTP_PROXY}\"\n    export HTTP_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    export HTTPS_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    export ALL_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    if [ -n \"${BUILDAH_NO_PROXY}\" ]; then\n      echo \"[$(date --utc -Ins)] Bypassing proxy for ${BUILDAH_NO_PROXY}\"\n      export NO_PROXY=\"${BUILDAH_NO_PROXY}\"\n    fi\n  fi\n}\n\nfunction unset_proxy {\n  echo \"[$(date --utc -Ins)] Unsetting proxy\"\n  unset HTTP_PROXY HTTPS_PROXY ALL_PROXY NO_PROXY\n}\n\necho \"[$(date --utc -Ins)] Validate context path\"\n\nif [ -z \"$CONTEXT\" ]; then\n  echo \"WARNING: CONTEXT is empty. Defaulting to '.' (the source directory).\" \u003e\u00262\n  CONTEXT=\".\"\nfi\n\nsource_dir_path=$(realpath \"$SOURCE_CODE_DIR\")\ncontext_dir_path=$(realpath \"$SOURCE_CODE_DIR/$CONTEXT\")\n\ncase \"$context_dir_path\" in\n  \"$source_dir_path\" | \"$source_dir_path/\"*)\n    # path is valid, do nothing\n    ;;\n  *)\n    echo \"ERROR: The CONTEXT parameter ('$CONTEXT') is invalid because it escapes the source directory.\" \u003e\u00262\n    echo \"Source path: $source_dir_path\" \u003e\u00262\n    echo \"Resolved path: $context_dir_path\" \u003e\u00262\n    exit 1\n    ;;\nesac\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nproxy_ca_bundle=/mnt/proxy-ca-bundle/ca-bundle.crt\nupdate_ca_trust=false\n\nif [ -f \"$ca_bundle\" ]; then\n  echo \"[$(date --utc -Ins)] Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors/ca-bundle.crt\n  update_ca_trust=true\nfi\n\nif [ -f \"$proxy_ca_bundle\" ] \u0026\u0026 [ -n \"${BUILDAH_HTTP_PROXY}\" ]; then\n  echo \"[$(date --utc -Ins)] Using mounted proxy CA bundle: $proxy_ca_bundle\"\n  cp -vf $proxy_ca_bundle /etc/pki/ca-trust/source/anchors/proxy-ca-bundle.crt\n  update_ca_trust=true\nfi\n\nif [ \"$update_ca_trust\" = \"true\" ]; then\n  update-ca-trust\nfi\n\necho \"[$(date --utc -Ins)] Prepare Dockerfile\"\n\nif [ -e \"$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE\" ]; then\n  dockerfile_path=\"$(pwd)/$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE\"\nelif [ -e \"$SOURCE_CODE_DIR/$DOCKERFILE\" ]; then\n  dockerfile_path=\"$(pwd)/$SOURCE_CODE_DIR/$DOCKERFILE\"\nelif [ -e \"$DOCKERFILE\" ]; then\n  # Instrumented builds (SAST) use this custom dockerfile step as their base\n  dockerfile_path=\"$DOCKERFILE\"\nelse\n  echo \"Cannot find Dockerfile $DOCKERFILE\"\n  exit 1\nfi\n\ndockerfile_copy=$(mktemp --tmpdir \"$(basename \"$dockerfile_path\").XXXXXX\")\ncp \"$dockerfile_path\" \"$dockerfile_copy\"\n\n# Inject the image content manifest into the container we are producing.\n# This will generate the content-sets.json file and copy it by appending a COPY\n# instruction to the Containerfile.\nicm_opts=()\nif [ \"${ICM_KEEP_COMPAT_LOCATION}\" = \"true\" ]; then\n  icm_opts+=(-c)\nfi\nif [ \"${SKIP_INJECTIONS}\" = \"false\" ]; then\n  inject-icm-to-containerfile \"${icm_opts[@]}\" \"$dockerfile_copy\" \"/var/workdir/cachi2/output/bom.json\" \"$SOURCE_CODE_DIR/$CONTEXT\"\nfi\n\necho \"[$(date --utc -Ins)] Prepare system (architecture: $(uname -m))\"\n\n# Fixing group permission on /var/lib/containers\nchown root:root /var/lib/containers\n\nsed -i 's/^\\s*short-name-mode\\s*=\\s*.*/short-name-mode = \"disabled\"/' /etc/containers/registries.conf\n\n# Setting new namespace to run buildah - 2^32-2\necho 'root:1:4294967294' | tee -a /etc/subuid \u003e\u003e /etc/subgid\n\nbuild_args=()\nenv_vars=()\n\nLABELS=()\nANNOTATIONS=()\n# Append any annotations from the specified file\nif [ -n \"${ANNOTATIONS_FILE}\" ] \u0026\u0026 [ -f \"${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\" ]; then\n  echo \"Reading annotations from file: ${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\"\n  while IFS= read -r line || [[ -n \"$line\" ]]; do\n    # Skip empty lines and comments\n    if [[ -n \"$line\" \u0026\u0026 ! \"$line\" =~ ^[[:space:]]*# ]]; then\n      ANNOTATIONS+=(\"--annotation\" \"$line\")\n    fi\n  done \u003c \"${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\"\nfi\n\n# Split `args` into two sets of arguments.\nwhile [[ $# -gt 0 ]]; do\n    case $1 in\n        --build-args)\n            shift\n            # Note: this may result in multiple --build-arg=KEY=value flags with the same KEY being\n            # passed to buildah. In that case, the *last* occurrence takes precedence. This is why\n            # we append BUILD_ARGS after the content of the BUILD_ARGS_FILE\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do build_args+=(\"$1\"); shift; done\n            ;;\n        --env)\n            shift\n            # Collect env entries of the form KEY=value\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do env_vars+=(\"$1\"); shift; done\n            ;;\n        --labels)\n            shift\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do LABELS+=(\"--label\" \"$1\"); shift; done\n            ;;\n        --annotations)\n            shift\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do ANNOTATIONS+=(\"--annotation\" \"$1\"); shift; done\n            ;;\n        *)\n            echo \"unexpected argument: $1\" \u003e\u00262\n            exit 2\n            ;;\n    esac\ndone\n\nBUILD_ARG_FLAGS=()\nfor build_arg in \"${build_args[@]}\"; do\n  BUILD_ARG_FLAGS+=(\"--build-arg=$build_arg\")\ndone\n\nENV_FLAGS=()\nfor env_var in \"${env_vars[@]}\"; do\n  ENV_FLAGS+=(\"--env=$env_var\")\ndone\n\nDOCKERFILE_ARG_FLAGS=()\nDOCKERFILE_ARG_FLAGS+=(\"${BUILD_ARG_FLAGS[@]}\")\nDOCKERFILE_ARG_FLAGS+=(\"${ENV_FLAGS[@]}\")\n\nif [ -n \"${BUILD_ARGS_FILE}\" ]; then\n  DOCKERFILE_ARG_FLAGS+=(\"--build-arg-file=${SOURCE_CODE_DIR}/${BUILD_ARGS_FILE}\")\nfi\n\ndockerfile-json \"${DOCKERFILE_ARG_FLAGS[@]}\" \"$dockerfile_copy\" \u003e /shared/parsed_dockerfile.json\nBASE_IMAGES=$(\n    jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName | select(test(\"^oci-archive:\") | not)' /shared/parsed_dockerfile.json |\n      tr -d '\"' |\n      tr -d \"'\"\n)\n\nBUILDAH_ARGS=()\nUNSHARE_ARGS=()\n\nif [ \"${HERMETIC}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--pull=never\")\n  UNSHARE_ARGS+=(\"--net\")\n  buildah_retries=3\n\n  set_proxy\n\n  for image in $BASE_IMAGES; do\n    if ! retry unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 --mount -- buildah pull --retry \"$buildah_retries\" \"$image\"\n    then\n      echo \"Failed to pull base image ${image}\"\n      exit 1\n    fi\n  done\n\n  unset_proxy\n\n  echo \"Build will be executed with network isolation\"\nfi\n\nif [ -n \"${TARGET_STAGE}\" ]; then\n  BUILDAH_ARGS+=(\"--target=${TARGET_STAGE}\")\nfi\n\nBUILDAH_ARGS+=(\"${BUILD_ARG_FLAGS[@]}\")\nBUILDAH_ARGS+=(\"${ENV_FLAGS[@]}\")\n\nif [ -n \"${BUILD_ARGS_FILE}\" ]; then\n  BUILDAH_ARGS+=(\"--build-arg-file=$(realpath \"${SOURCE_CODE_DIR}/${BUILD_ARGS_FILE}\")\")\nfi\n\n# Necessary for newer version of buildah if the host system does not contain up to date version of container-selinux\n# TODO remove the option once all hosts were updated\nBUILDAH_ARGS+=(\"--security-opt=unmask=/proc/interrupts\")\n\nif [ \"${PRIVILEGED_NESTED}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--security-opt=label=disable\")\n  BUILDAH_ARGS+=(\"--cap-add=all\")\n  BUILDAH_ARGS+=(\"--device=/dev/fuse\")\nfi\n\nif [ -n \"${ADD_CAPABILITIES}\" ]; then\n  BUILDAH_ARGS+=(\"--cap-add=${ADD_CAPABILITIES}\")\nfi\n\nif [ \"${SQUASH}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--squash\")\nfi\n\nif [ \"${SKIP_UNUSED_STAGES}\" != \"true\" ] ; then\n  BUILDAH_ARGS+=(\"--skip-unused-stages=false\")\nfi\n\nif [ \"${INHERIT_BASE_IMAGE_LABELS}\" != \"true\" ] ; then\n  BUILDAH_ARGS+=(\"--inherit-labels=false\")\nfi\n\nif [ -n \"${BUILDAH_SOURCE_DATE_EPOCH}\" ]; then\n  BUILDAH_ARGS+=(\"--source-date-epoch=${BUILDAH_SOURCE_DATE_EPOCH}\")\n  if [ \"${BUILDAH_REWRITE_TIMESTAMP}\" = \"true\" ]; then\n    BUILDAH_ARGS+=(\"--rewrite-timestamp\")\n  fi\n  if [ -n \"$BUILD_TIMESTAMP\" ]; then\n    echo \"ERROR: cannot use both BUILD_TIMESTAMP and SOURCE_DATE_EPOCH\"\n    exit 1\n  fi\n  # but do set it so that we get all the labels/annotations associated with it\n  BUILD_TIMESTAMP=\"$BUILDAH_SOURCE_DATE_EPOCH\"\nfi\n\nif [ \"${BUILDAH_OMIT_HISTORY}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--omit-history\")\nfi\n\nVOLUME_MOUNTS=()\n\necho \"[$(date --utc -Ins)] Setup prefetched\"\n\nif [ -f \"/workspace/source/cachi2/cachi2.env\" ]; then\n  # Identify the current arch to filter the prefetched content\n  PREFETCH_ARCH=\"$(uname -m)\"\n  echo \"$PREFETCH_ARCH\" \u003e /shared/prefetch-arch\n\n  echo \"Prefetched content will be made available\"\n\n  cp -r \"/workspace/source/cachi2\" /tmp/\n  chmod -R go+rwX /tmp/cachi2\n\n  # In case RPMs were prefetched and this is a multi-arch build,\n  # clean up the packages that do not match the architecture being built\n  RPM_PREFETCH_DIR=\"/tmp/cachi2/output/deps/rpm\"\n  if [ -d \"$RPM_PREFETCH_DIR\" ] \u0026\u0026 [ \"$(find $RPM_PREFETCH_DIR | wc -l)\" -gt 1 ]; then\n    echo \"Removing prefetched RPMs from non-matching architectures\"\n    PREFETCH_ARCH=\"$(uname -m)\"\n    for path in \"$RPM_PREFETCH_DIR\"/*; do\n      if [ \"$(basename \"$path\")\" != \"$PREFETCH_ARCH\" ]; then\n        echo \"Removing: $path\"\n        rm -rf \"$path\"\n      else\n        echo \"Keeping: $path\"\n      fi\n    done\n  fi\n\n  VOLUME_MOUNTS+=(--volume /tmp/cachi2:/cachi2)\n  # Read in the whole file (https://unix.stackexchange.com/questions/533277), then\n  # for each RUN ... line insert the cachi2.env command *after* any options like --mount\n  sed -E -i \\\n      -e 'H;1h;$!d;x' \\\n      -e 's@^\\s*(run((\\s|\\\\\\n)+-\\S+)*(\\s|\\\\\\n)+)@\\1. /cachi2/cachi2.env \\\u0026\\\u0026 \\\\\\n    @igM' \\\n      \"$dockerfile_copy\"\n\n  prefetched_repo_for_my_arch=\"/tmp/cachi2/output/deps/rpm/$(uname -m)/repos.d/cachi2.repo\"\n  if [ -f \"$prefetched_repo_for_my_arch\" ]; then\n    echo \"Adding $prefetched_repo_for_my_arch to $YUM_REPOS_D_FETCHED\"\n    mkdir -p \"$YUM_REPOS_D_FETCHED\"\n    if [ ! -f \"${YUM_REPOS_D_FETCHED}/cachi2.repo\" ]; then\n      cp \"$prefetched_repo_for_my_arch\" \"$YUM_REPOS_D_FETCHED\"\n    fi\n  fi\nfi\n\n# if yum repofiles stored in git, copy them to mount point outside the source dir\nif [ -d \"${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}\" ]; then\n  mkdir -p \"${YUM_REPOS_D_FETCHED}\"\n  cp -r \"${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}\"/* \"${YUM_REPOS_D_FETCHED}\"\nfi\n\n# if anything in the repofiles mount point (either fetched or from git), mount it\nif [ -d \"${YUM_REPOS_D_FETCHED}\" ]; then\n  chmod -R go+rwX \"${YUM_REPOS_D_FETCHED}\"\n  mount_point=$(realpath \"${YUM_REPOS_D_FETCHED}\")\n  VOLUME_MOUNTS+=(--volume \"${mount_point}:${YUM_REPOS_D_TARGET}\")\nfi\n\nDEFAULT_LABELS=(\n  \"--label\" \"architecture=$(uname -m)\"\n  \"--label\" \"vcs-type=git\"\n)\nif [ -n \"$COMMIT_SHA\" ]; then\n  DEFAULT_LABELS+=(\"--label\" \"vcs-ref=${COMMIT_SHA}\" \"--label\" \"org.opencontainers.image.revision=${COMMIT_SHA}\")\n  ANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.revision=${COMMIT_SHA}\")\nfi\nif [ -n \"$SOURCE_URL\" ]; then\n  DEFAULT_LABELS+=(\"--label\" \"org.opencontainers.image.source=${SOURCE_URL}\")\n  ANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.source=${SOURCE_URL}\")\nfi\n[ -n \"$IMAGE_EXPIRES_AFTER\" ] \u0026\u0026 DEFAULT_LABELS+=(\"--label\" \"quay.expires-after=$IMAGE_EXPIRES_AFTER\")\n\nBUILD_TIMESTAMP_RFC3339=\"\"\nif [ -n \"$BUILD_TIMESTAMP\" ]; then\n  BUILD_TIMESTAMP_RFC3339=$(date -u -d \"@$BUILD_TIMESTAMP\" +'%Y-%m-%dT%H:%M:%SZ')\nelse\n  BUILD_TIMESTAMP_RFC3339=$(date -u +'%Y-%m-%dT%H:%M:%SZ')\nfi\n\nDEFAULT_LABELS+=(\"--label\" \"build-date=${BUILD_TIMESTAMP_RFC3339}\")\nDEFAULT_LABELS+=(\"--label\" \"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\nANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\n\nlabel_pairs=()\n# If INHERIT_BASE_IMAGE_LABELS is true, get the labels from the final base image only\ntouch base_images_labels.json\nif [[ \"$INHERIT_BASE_IMAGE_LABELS\" == \"true\" ]] \u0026\u0026 [[ -n \"$BASE_IMAGES\" ]]; then\n  FINAL_BASE_IMAGE=$(\n    # Get the base image of the final stage\n    # The final stage can refer to a previous `FROM xxx AS yyy` stage, for example 'FROM bar AS foo; ... ; FROM foo; ...'\n    # Define a function that keeps nesting recursively into the parent stages until it finds the original base image\n    # Run the find_root_stage() function on the final stage\n    # If the final stage is scratch or oci-archive, return empty\n    jq -r '.Stages as $all_stages |\n      def find_root_stage($stage):\n        if $stage.From.Stage then\n          find_root_stage($all_stages[$stage.From.Stage.Index])\n        else\n          $stage\n        end;\n\n        find_root_stage(.Stages[-1]) |\n        if .From.Scratch or (.BaseName | test(\"^oci-archive:\")) then\n          empty\n        else\n          .BaseName\n        end' /shared/parsed_dockerfile.json |\n      tr -d '\"' |\n      tr -d \"'\"\n  )\n  if [[ -n \"$FINAL_BASE_IMAGE\" ]]; then\n    set_proxy\n    buildah pull \"$FINAL_BASE_IMAGE\" \u003e/dev/null` `\n    unset_proxy\n    buildah inspect \"$FINAL_BASE_IMAGE\" | jq '.OCIv1.config.Labels' \u003e\"base_images_labels.json\"\n  fi\nfi\n\n# Concatenate defaults and explicit labels. If a label appears twice, the last one wins.\nLABELS=(\"${DEFAULT_LABELS[@]}\" \"${LABELS[@]}\")\n\n# Get all the default and explicit labels so that they can be written into labels.json\nfor label in \"${LABELS[@]}\"; do\n  if [[ \"$label\" != \"--label\" ]]; then\n    label_pairs+=(\"$label\")\n  fi\ndone\n\n# Labels that we explicitly add to the image\nlabel_pairs+=(\"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\nlabel_pairs+=(\"io.buildah.version=$(buildah version --json | jq -r '.version')\")\n\nwhile IFS= read -r label; do\n  label_pairs+=(\"$label\")\ndone \u003c \u003c(jq -r '.Stages[].Commands[] | select(.Name == \"LABEL\") | .Labels[] | \"\\(.Key)=\\(.Value)\"' /shared/parsed_dockerfile.json | sed 's/\"//g')\n\nprintf '%s\\n' \"${label_pairs[@]}\" | jq -Rn '\n  [ inputs | select(length\u003e0) ]\n| map( split(\"=\") | {(.[0]): (.[1] // \"\")} )\n  | add' \u003e\"image_labels.json\"\n\njq -s '(.[0] // {}) * (.[1] // {})' \"base_images_labels.json\" \"image_labels.json\" \u003e\"$SOURCE_CODE_DIR/$CONTEXT/labels.json\"\n\njq '.' \"$SOURCE_CODE_DIR/$CONTEXT/labels.json\"\n\nif [ \"${SKIP_INJECTIONS}\" = \"false\" ]; then\n  echo \"\" \u003e\u003e\"$dockerfile_copy\"\n  # Always write labels.json to the new standard location\n  echo 'COPY labels.json /usr/share/buildinfo/labels.json' \u003e\u003e\"$dockerfile_copy\"\n  # Conditionally write to the old location for backward compatibility\n  if [ \"${ICM_KEEP_COMPAT_LOCATION}\" = \"true\" ]; then\n    echo 'COPY labels.json /root/buildinfo/labels.json' \u003e\u003e\"$dockerfile_copy\"\n  fi\nfi\n\n# Make sure our labels.json file isn't filtered out\ncontainerignore=\"\"\nif [ -f \"$SOURCE_CODE_DIR/$CONTEXT/.containerignore\" ]; then\n  containerignore=\"$SOURCE_CODE_DIR/$CONTEXT/.containerignore\"\nelif [ -f \"$SOURCE_CODE_DIR/$CONTEXT/.dockerignore\" ]; then\n  containerignore=\"$SOURCE_CODE_DIR/$CONTEXT/.dockerignore\"\nfi\n\nif [ -n \"$containerignore\" ]; then\n  ignorefile_copy=$(mktemp --tmpdir \"$(basename \"$containerignore\").XXXXXX\")\n  cp \"$containerignore\" \"$ignorefile_copy\"\n  {\n    echo \"\"\n    echo \"!/labels.json\"\n    echo \"!/content-sets.json\"\n  } \u003e\u003e \"$ignorefile_copy\"\n  BUILDAH_ARGS+=(--ignorefile \"$ignorefile_copy\")\nfi\n\necho \"[$(date --utc -Ins)] Register sub-man\"\n\nACTIVATION_KEY_PATH=\"/activation-key\"\nENTITLEMENT_PATH=\"/entitlement\"\n\n# 0. if hermetic=true, skip all subscription related stuff\n# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.\n# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.\n# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.\n# 3. If the Dockerfile contains the string \"subcription-manager register\", add the activation-keys volume\n#    to buildah but don't pre-register for backwards compatibility. Mount an empty directory on\n#    shared emptydir volume to \"/etc/pki/entitlement\" to prevent certificates from being included\n\nif [ \"${HERMETIC}\" != \"true\" ] \u0026\u0026 [ -e /activation-key/org ]; then\n  cp -r --preserve=mode \"$ACTIVATION_KEY_PATH\" /tmp/activation-key\n  mkdir -p /shared/rhsm/etc/pki/entitlement\n  mkdir -p /shared/rhsm/etc/pki/consumer\n\n  VOLUME_MOUNTS+=(-v /tmp/activation-key:/activation-key \\\n                  -v /shared/rhsm/etc/pki/entitlement:/etc/pki/entitlement:Z \\\n                  -v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z)\n  echo \"Adding activation key to the build\"\n\n  if ! grep -E \"^[^#]*subscription-manager.[^#]*register\" \"$dockerfile_path\"; then\n    # user is not running registration in the Containerfile: pre-register.\n    echo \"Pre-registering with subscription manager.\"\n    export RETRY_MAX_TRIES=6\n    if ! retry subscription-manager register --org \"$(cat /tmp/activation-key/org)\" --activationkey \"$(cat /tmp/activation-key/activationkey)\"\n    then\n      echo \"Subscription-manager register failed\"\n      exit 1\n    fi\n    unset RETRY_MAX_TRIES\n    trap 'subscription-manager unregister || true' EXIT\n\n    # copy generated certificates to /shared volume\n    cp /etc/pki/entitlement/*.pem /shared/rhsm/etc/pki/entitlement\n    cp /etc/pki/consumer/*.pem /shared/rhsm/etc/pki/consumer\n\n    # and then mount get /etc/rhsm/ca/redhat-uep.pem into /run/secrets/rhsm/ca\n    VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)\n  fi\n\nelif [ \"${HERMETIC}\" != \"true\" ] \u0026\u0026 find /entitlement -name \"*.pem\" \u003e /dev/null; then\n  cp -r --preserve=mode \"$ENTITLEMENT_PATH\" /tmp/entitlement\n  VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)\n  echo \"Adding the entitlement to the build\"\nfi\n\nif [ -n \"$WORKINGDIR_MOUNT\" ]; then\n  if [[ \"$WORKINGDIR_MOUNT\" == *:* ]]; then\n    echo \"WORKINGDIR_MOUNT contains ':'\" \u003e\u00262\n    echo \"Refusing to proceed in case this is an attempt to set unexpected mount options.\" \u003e\u00262\n    exit 1\n  fi\n  # ${SOURCE_CODE_DIR}/${CONTEXT} will be the $PWD when we call 'buildah build'\n  # (we set the workdir using 'unshare -w')\n  context_dir=$(realpath \"${SOURCE_CODE_DIR}/${CONTEXT}\")\n  VOLUME_MOUNTS+=(--volume \"$context_dir:${WORKINGDIR_MOUNT}\")\nfi\n\nif [ -n \"${ADDITIONAL_VOLUME_MOUNTS-}\" ]; then\n  # ADDITIONAL_VOLUME_MOUNTS allows to specify more volumes for the build.\n  # Instrumented builds (SAST) use this step as their base and add some other tools.\n  while read -r volume_mount; do\n    VOLUME_MOUNTS+=(\"--volume=$volume_mount\")\n  done \u003c\u003c\u003c \"$ADDITIONAL_VOLUME_MOUNTS\"\nfi\n\necho \"[$(date --utc -Ins)] Add secrets\"\n\nADDITIONAL_SECRET_PATH=\"/additional-secret\"\nADDITIONAL_SECRET_TMP=\"/tmp/additional-secret\"\nif [ -d \"$ADDITIONAL_SECRET_PATH\" ]; then\n  cp -r --preserve=mode -L \"$ADDITIONAL_SECRET_PATH\" $ADDITIONAL_SECRET_TMP\n  while read -r filename; do\n    echo \"Adding the secret ${ADDITIONAL_SECRET}/${filename} to the build, available at /run/secrets/${ADDITIONAL_SECRET}/${filename}\"\n    BUILDAH_ARGS+=(\"--secret=id=${ADDITIONAL_SECRET}/${filename},src=$ADDITIONAL_SECRET_TMP/${filename}\")\n  done \u003c \u003c(find $ADDITIONAL_SECRET_TMP -maxdepth 1 -type f -exec basename {} \\;)\nfi\n\n# Prevent ShellCheck from giving a warning because 'image' is defined and 'IMAGE' is not.\ndeclare IMAGE\n\nbuildah_cmd_array=(\n    buildah build\n    \"${VOLUME_MOUNTS[@]}\"\n    \"${BUILDAH_ARGS[@]}\"\n    \"${LABELS[@]}\"\n    \"${ANNOTATIONS[@]}\"\n    --tls-verify=\"$TLSVERIFY\" --no-cache\n    --ulimit nofile=4096:4096\n    --http-proxy=false\n    -f \"$dockerfile_copy\" -t \"$IMAGE\" .\n)\nbuildah_cmd=$(printf \"%q \" \"${buildah_cmd_array[@]}\")\n\nif [ \"${HERMETIC}\" == \"true\" ]; then\n  # enabling loopback adapter enables Bazel builds to work in hermetic mode.\n  command=\"ip link set lo up \u0026\u0026 $buildah_cmd\"\nelse\n  command=\"$buildah_cmd\"\nfi\n\n# disable host subcription manager integration\nfind /usr/share/rhel/secrets -type l -exec unlink {} \\;\n\nset_proxy\n\necho \"[$(date --utc -Ins)] Run buildah build\"\necho \"[$(date --utc -Ins)] ${command}\"\n\nunshare -Uf \"${UNSHARE_ARGS[@]}\" --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w \"${SOURCE_CODE_DIR}/$CONTEXT\" --mount -- sh -c \"$command\"\n\nunset_proxy\n\necho \"[$(date --utc -Ins)] Add metadata\"\n\n# Save the SBOM produced in prefetch so it can be merged into the final SBOM later\nif [ -f \"/tmp/cachi2/output/bom.json\" ]; then\n  echo \"Making copy of sbom-prefetch.json\"\n  cp /tmp/cachi2/output/bom.json ./sbom-prefetch.json\nfi\n\ntouch /shared/base_images_digests\necho \"Recording base image digests used\"\nfor image in $BASE_IMAGES; do\n  # Get the image pullspec and filter out a tag if it is not set\n  # Use head -n 1 to ensure we only get one result even if multiple images match the filter\n  base_image_digest=$(buildah images --format '{{ .Name }}{{ if ne .Tag \"\u003cnone\u003e\" }}:{{ .Tag }}{{ end }}@{{ .Digest }}' --filter reference=\"$image\" | head -n 1)\n  # In some cases, there might be BASE_IMAGES, but not any associated digest. This happens\n  # if buildah did not use that particular image during build because it was skipped\n  if [ -n \"$base_image_digest\" ]; then\n    echo \"$image $base_image_digest\" | tee -a /shared/base_images_digests\n  fi\ndone\n\nimage_name=$(echo \"${IMAGE##*/}\" | tr ':' '-')\nbuildah push \"$IMAGE\" oci:\"/shared/$image_name.oci\"\necho \"/shared/$image_name.oci\" \u003e /shared/container_path\n\necho \"[$(date --utc -Ins)] End build\"\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/entitlement",
                                    "name": "etc-pki-entitlement"
                                },
                                {
                                    "mountPath": "/activation-key",
                                    "name": "activation-key"
                                },
                                {
                                    "mountPath": "/additional-secret",
                                    "name": "additional-secret"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/mnt/proxy-ca-bundle",
                                    "name": "proxy-ca-bundle",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "600m",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "600m",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/root"
                                },
                                {
                                    "name": "BUILDAH_FORMAT",
                                    "value": "docker"
                                },
                                {
                                    "name": "TASKRUN_NAME",
                                    "value": "python-component-bcqjpf-on-pull-request-k59b5-build-container"
                                }
                            ],
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "push",
                            "script": "#!/bin/bash\nset -e\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\necho \"[$(date --utc -Ins)] Convert image\"\n\n# While we can build images with the desired format, we will simplify any local\n# and remote build differences by just performing any necessary conversions at\n# push time.\npush_format=oci\nif [ \"${BUILDAH_FORMAT}\" == \"docker\" ]; then\n  push_format=docker\nfi\n\necho \"[$(date --utc -Ins)] Push image with unique tag\"\n\nbuildah_retries=3\n\n# Push to a unique tag based on the TaskRun name to avoid race conditions\necho \"Pushing to ${IMAGE%:*}:${TASKRUN_NAME}\"\nif ! retry buildah push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:${TASKRUN_NAME}\"\nthen\n  echo \"Failed to push sbom image to ${IMAGE%:*}:${TASKRUN_NAME}\"\n  exit 1\nfi\n\necho \"[$(date --utc -Ins)] Push image with git revision\"\n\n# Push to a tag based on the git revision\necho \"Pushing to ${IMAGE}\"\nif ! retry buildah push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile \"/workspace/source/image-digest\" \"$IMAGE\" \\\n  \"docker://$IMAGE\"\nthen\n  echo \"Failed to push sbom image to $IMAGE\"\n  exit 1\nfi\n\ntee \"/tekton/results/IMAGE_DIGEST\" \u003c \"/workspace/source\"/image-digest\necho -n \"$IMAGE\" | tee /tekton/results/IMAGE_URL\n{\n  echo -n \"${IMAGE}@\"\n  cat \"/workspace/source/image-digest\"\n} \u003e \"/tekton/results/IMAGE_REF\"\necho\n\n# detect if keyless signing is required\nSIGNING_CONFIG='{}'\nKFLX_CONFIG_PATH='/tmp/konflux_config.json'\nif ! RETRY_STOP_IF_STDERR_MATCHES='configmaps \"cluster-config\" not found' retry kubectl get configmap cluster-config -n konflux-info -o json \u003e\"${KFLX_CONFIG_PATH}\"\nthen\n  echo \"Failed to fetch konflux cluster-config, default values will be used\" \u003e\u00262\nelse\n  SIGNING_CONFIG=\"$(cat ${KFLX_CONFIG_PATH})\"\nfi\n\n# configmap key -\u003e variable name mapping\ndeclare -A SIGNING_KEY_MAP=(\n  [defaultOIDCIssuer]=SIGSTORE_OIDC_ISSUER\n  [rekorInternalUrl]=REKOR_URL\n  [fulcioInternalUrl]=SIGSTORE_FULCIO_URL\n  [tufInternalUrl]=TUF_URL\n)\n\n# fallback keys when internal URL is not available\ndeclare -A SIGNING_FALLBACK_MAP=(\n  [rekorInternalUrl]=rekorExternalUrl\n  [fulcioInternalUrl]=fulcioExternalUrl\n  [tufInternalUrl]=tufExternalUrl\n)\n\nmissing=\"\"\nconfigured=0\nfor key in \"${!SIGNING_KEY_MAP[@]}\"; do\n  val=$(echo \"${SIGNING_CONFIG}\" | jq -r \".data.${key} // empty\")\n  if [ -z \"${val}\" ] \u0026\u0026 [ -n \"${SIGNING_FALLBACK_MAP[$key]+x}\" ]; then\n    fallback_key=\"${SIGNING_FALLBACK_MAP[$key]}\"\n    val=$(echo \"${SIGNING_CONFIG}\" | jq -r \".data.${fallback_key} // empty\")\n    if [ -n \"${val}\" ]; then\n      echo \"Using fallback ${fallback_key} instead of ${key}\"\n    fi\n  fi\n  if [ -z \"${val}\" ]; then\n    missing=\"${missing:+${missing}, }${key}\"\n  else\n    declare \"${SIGNING_KEY_MAP[$key]}=${val}\"\n    configured=$((configured + 1))\n  fi\ndone\n\nif [ \"${configured}\" -eq \"${#SIGNING_KEY_MAP[@]}\" ]; then\n  echo \"Keyless signing is enabled\"\n\n  # Save signing config for upload-sbom step\n  for key in \"${!SIGNING_KEY_MAP[@]}\"; do\n    envvar=\"${SIGNING_KEY_MAP[$key]}\"\n    printf '%s=%q\\n' \"${envvar}\" \"${!envvar}\"\n  done \u003e /shared/signing-config.env\n\n  echo \"Using Rekor URL: ${REKOR_URL}\"\n  echo \"Using Fulcio URL: ${SIGSTORE_FULCIO_URL}\"\n  echo \"Using OIDC issuer: ${SIGSTORE_OIDC_ISSUER}\"\n\n  echo \"Initializing TUF root from ${TUF_URL}\"\n  if ! retry cosign initialize --root \"${TUF_URL}/root.json\" --mirror \"${TUF_URL}\"\n  then\n    echo \"Failed to initialize TUF root\" \u003e\u00262\n    exit 1\n  fi\n\n  # env var consumed by cosign\n  SIGSTORE_ID_TOKEN=\"$(cat /var/run/sigstore/cosign/oidc-token)\"\n  export SIGSTORE_ID_TOKEN\n\n  IMAGE_REF=\"$(cat \"/tekton/results/IMAGE_REF\")\"\n\n  # Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\n  mkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"${IMAGE_REF}\" \u003e /tmp/auth/config.json\n  export DOCKER_CONFIG=/tmp/auth\n\n  echo \"[$(date --utc -Ins)] Sign image\"\n  echo \"Signing image ${IMAGE_REF} using keyless signing\"\n  if ! retry cosign sign -y \\\n    --rekor-url=\"${REKOR_URL}\" \\\n    --fulcio-url=\"${SIGSTORE_FULCIO_URL}\" \\\n    --oidc-issuer=\"${SIGSTORE_OIDC_ISSUER}\" \\\n    \"${IMAGE_REF}\"\n  then\n    echo \"Failed to sign image\" \u003e\u00262\n    exit 1\n  fi\nelif [ \"${configured}\" -eq 0 ]; then\n  echo \"Keyless signing is disabled (none of ${missing} are configured in the konflux-info/cluster-config configmap)\"\nelse\n  echo \"ERROR: Incomplete keyless signing configuration in konflux-info/cluster-config configmap. Missing: ${missing}\" \u003e\u00262\n  exit 1\nfi\n\necho \"[$(date --utc -Ins)] End push\"\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                },
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/var/run/sigstore/cosign",
                                    "name": "oidc-token",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "1100m",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1100m",
                                    "memory": "4Gi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "sbom-syft-generate",
                            "script": "#!/bin/bash\nset -euo pipefail\necho \"[$(date --utc -Ins)] Generate SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\ncase $SBOM_TYPE in\n  cyclonedx)\n    syft_sbom_type=cyclonedx-json@1.5 ;;\n  spdx)\n    syft_sbom_type=spdx-json@2.3 ;;\n  *)\n    echo \"Invalid SBOM type: $SBOM_TYPE. Valid: cyclonedx, spdx\" \u003e\u00262\n    exit 1\n    ;;\nesac\n\nOCI_DIR=\"$(cat /shared/container_path)\"\n\nsyft_oci_args=(\n  oci-dir:\"${OCI_DIR}\"\n  --output \"$syft_sbom_type=/workspace/source/sbom-image.json\"\n)\nsyft_source_args=(\n  dir:\"/workspace/source/$SOURCE_CODE_DIR/$CONTEXT\"\n  --output \"$syft_sbom_type=/workspace/source/sbom-source.json\"\n)\n\nif [ \"${SBOM_SYFT_SELECT_CATALOGERS}\" != \"\" ]; then\n  syft_oci_args+=(--select-catalogers \"${SBOM_SYFT_SELECT_CATALOGERS}\")\n  syft_source_args+=(--select-catalogers \"${SBOM_SYFT_SELECT_CATALOGERS}\")\nfi\n\necho \"Running syft on the image\"\nsyft \"${syft_oci_args[@]}\"\nif [[ \"${HERMETIC}\" == \"false\" \u0026\u0026 \"${SBOM_SOURCE_SCAN_ENABLED}\" == \"true\" ]]; then\n  echo \"Running syft on the source code\"\n  syft \"${syft_source_args[@]}\"\nelse\n  echo \"Skipping syft on source code.\"\nfi\n\necho \"[$(date --utc -Ins)] End sbom-syft-generate\"\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/shared",
                                    "name": "shared"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/source/source"
                        },
                        {
                            "args": [
                                "--additional-base-images"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/mobster:1.1.0-1770046049@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                            "name": "prepare-sboms",
                            "script": "#!/bin/bash\nset -euo pipefail\n\necho \"[$(date --utc -Ins)] Prepare SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\n# Convert Tekton array params into Mobster params\nADDITIONAL_BASE_IMAGES=()\nwhile [[ $# -gt 0 ]]; do\n  case $1 in\n    --additional-base-images)\n      shift\n      while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do ADDITIONAL_BASE_IMAGES+=(\"$1\"); shift; done\n      ;;\n    *)\n      echo \"unexpected argument: $1\" \u003e\u00262\n      exit 2\n      ;;\n  esac\ndone\n\nIMAGE_URL=\"$(cat \"/tekton/results/IMAGE_URL\")\"\nIMAGE_DIGEST=\"$(cat \"/tekton/results/IMAGE_DIGEST\")\"\n\necho \"[$(date --utc -Ins)] Generate SBOM with mobster\"\n\nmobster_args=(\n  generate\n  --output sbom.json\n)\n\n# Validation is a flag for `generate`, not `oci-image`, so we need to\n# handle it before the oci-image arguments\nif [ \"${SBOM_SKIP_VALIDATION}\" == \"true\" ]; then\n  echo \"Skipping SBOM validation\"\n  mobster_args+=(--skip-validation)\nfi\n\nmobster_args+=(\n  oci-image\n  --from-syft \"/workspace/source/sbom-image.json\"\n  --image-pullspec \"$IMAGE_URL\"\n  --image-digest \"$IMAGE_DIGEST\"\n  --parsed-dockerfile-path \"/shared/parsed_dockerfile.json\"\n  --base-image-digest-file \"/shared/base_images_digests\"\n)\n\nif [ -f \"/workspace/source/sbom-source.json\" ]; then\n  mobster_args+=(--from-syft \"/workspace/source/sbom-source.json\")\nfi\n\nif [ -f \"/workspace/source/sbom-prefetch.json\" ]; then\n  mobster_args+=(--from-hermeto \"/workspace/source/sbom-prefetch.json\")\nfi\n\nif [ -n \"${TARGET_STAGE}\" ]; then\n  mobster_args+=(--dockerfile-target \"${TARGET_STAGE}\")\nfi\n\nfor ADDITIONAL_BASE_IMAGE in \"${ADDITIONAL_BASE_IMAGES[@]}\"; do\n  mobster_args+=(--additional-base-image \"$ADDITIONAL_BASE_IMAGE\")\ndone\n\nif [ \"${CONTEXTUALIZE_SBOM}\" == \"true\" ] \u0026\u0026 [ \"${HERMETIC}\" == \"false\" ]; then\n  mobster_args+=(--contextualize)\nfi\n\nif [ -f \"/shared/prefetch-arch\" ]; then\n  mobster_args+=(--arch \"$(cat /shared/prefetch-arch)\")\nfi\n\nmobster \"${mobster_args[@]}\"\n\necho \"[$(date --utc -Ins)] End prepare-sboms\"\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "upload-sbom",
                            "script": "#!/bin/bash\nset -euo pipefail\n\necho \"[$(date --utc -Ins)] Upload SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\n# Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\nmkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"$(cat \"/tekton/results/IMAGE_REF\")\" \u003e /tmp/auth/config.json\nexport DOCKER_CONFIG=/tmp/auth\necho \"Pushing sbom to registry\"\nif ! retry cosign attach sbom --sbom sbom.json --type \"$SBOM_TYPE\" \"$(cat \"/tekton/results/IMAGE_REF\")\"\nthen\n    echo \"Failed to push sbom to registry\"\n    exit 1\nfi\n\n# Remove tag from IMAGE while allowing registry to contain a port number.\nsbom_repo=\"${IMAGE%:*}\"\nsbom_digest=\"$(sha256sum sbom.json | cut -d' ' -f1)\"\n# The SBOM_BLOB_URL is created by `cosign attach sbom`.\necho -n \"${sbom_repo}@sha256:${sbom_digest}\" | tee \"/tekton/results/SBOM_BLOB_URL\"\n\nif [ -f \"/shared/signing-config.env\" ]; then\n  # shellcheck source=/dev/null\n  source /shared/signing-config.env\n\n  echo \"Initializing TUF root from ${TUF_URL}\"\n  if ! retry cosign initialize --root \"${TUF_URL}/root.json\" --mirror \"${TUF_URL}\"\n  then\n    echo \"Failed to initialize TUF root\" \u003e\u00262\n    exit 1\n  fi\n\n  # env var consumed by cosign\n  SIGSTORE_ID_TOKEN=\"$(cat /var/run/sigstore/cosign/oidc-token)\"\n  export SIGSTORE_ID_TOKEN\n\n  IMAGE_REF=\"$(cat \"/tekton/results/IMAGE_REF\")\"\n\n  ATT_SBOM_TYPE=\"${SBOM_TYPE}\"\n  if [ \"${ATT_SBOM_TYPE}\" = \"spdx\" ]; then\n    # for format cossistency with cyclonedx format, we want to use spdxjson instad of spdx\n    # spdx export data as rawstring, we want structured json as cyclonedx\n    ATT_SBOM_TYPE=\"spdxjson\"\n  fi\n\n  echo \"[$(date --utc -Ins)] Sign SBOM\"\n  echo \"Signing and attaching SBOM to ${IMAGE_REF} using keyless signing\"\n  if ! retry cosign attest -y --type \"${ATT_SBOM_TYPE}\" --predicate sbom.json \\\n    --rekor-url=\"${REKOR_URL}\" \\\n    --fulcio-url=\"${SIGSTORE_FULCIO_URL}\" \\\n    --oidc-issuer=\"${SIGSTORE_OIDC_ISSUER}\" \\\n    \"${IMAGE_REF}\"\n  then\n    echo \"Failed to sign SBOM\" \u003e\u00262\n    exit 1\n  fi\nfi\n\necho\necho \"[$(date --utc -Ins)] End upload-sbom\"\n",
                            "securityContext": {
                                "runAsNonRoot": false,
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/var/run/sigstore/cosign",
                                    "name": "oidc-token",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "varlibcontainers"
                        },
                        {
                            "emptyDir": {},
                            "name": "shared"
                        },
                        {
                            "name": "etc-pki-entitlement",
                            "secret": {
                                "optional": true,
                                "secretName": "etc-pki-entitlement"
                            }
                        },
                        {
                            "name": "activation-key",
                            "secret": {
                                "optional": true,
                                "secretName": "activation-key"
                            }
                        },
                        {
                            "name": "additional-secret",
                            "secret": {
                                "optional": true,
                                "secretName": "does-not-exist"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "caching-ca-bundle",
                                "optional": true
                            },
                            "name": "proxy-ca-bundle"
                        },
                        {
                            "name": "oidc-token",
                            "projected": {
                                "sources": [
                                    {
                                        "serviceAccountToken": {
                                            "audience": "sigstore",
                                            "expirationSeconds": 600,
                                            "path": "oidc-token"
                                        }
                                    }
                                ]
                            }
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace containing the source code to build.",
                            "name": "source"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/7bb062aa-6825-43a1-b2f8-214b2dd4bfc8",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:19:31Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "build-image-index",
                    "tekton.dev/task": "build-image-index",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-k59b5-build-image-index",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "39593",
                "uid": "7bb062aa-6825-43a1-b2f8-214b2dd4bfc8"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    },
                    {
                        "name": "COMMIT_SHA",
                        "value": "39ef48556ec93aa12b053ba607494e01170bab64"
                    },
                    {
                        "name": "IMAGE_EXPIRES_AFTER",
                        "value": "5d"
                    },
                    {
                        "name": "ALWAYS_BUILD_INDEX",
                        "value": "false"
                    },
                    {
                        "name": "IMAGES",
                        "value": [
                            "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64@sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                        ]
                    },
                    {
                        "name": "BUILDAH_FORMAT",
                        "value": "docker"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "build-image-index"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:19:46Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:19:46Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-8fe6baa9557b5f16221d3094fe0c8b52-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        "entryPoint": "build-image-index",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-build-image-index"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "type": "string",
                        "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                    },
                    {
                        "name": "IMAGE_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    }
                ],
                "startTime": "2026-07-01T16:19:31Z",
                "steps": [
                    {
                        "container": "step-build",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "build",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://3146e2a7e2d4f9a4aecfbc96a5e982db5dc577458371b62f0c806a2a5b8710c6",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:19:39Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:19:35Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-create-sbom",
                        "imageID": "quay.io/konflux-ci/mobster@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                        "name": "create-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://3d3f4fa5c9c04c9b7cd01777eb219219fe288a8e6bb7cbd10e6ab6105217dc91",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:19:39Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:19:39Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload-sbom",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "upload-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f517614f2644522ccca78f44fddbea8114576cc303086ab78808e176d3b630fe",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:19:44Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:19:39Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This takes existing Image Manifests and combines them in an Image Index.",
                    "params": [
                        {
                            "description": "The target image and tag where the image will be pushed to.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)",
                            "name": "TLSVERIFY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The commit the image is built from.",
                            "name": "COMMIT_SHA",
                            "type": "string"
                        },
                        {
                            "description": "List of Image Manifests to be referenced by the Image Index",
                            "name": "IMAGES",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Delete image tag after specified time resulting in garbage collection of the digest. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.",
                            "name": "IMAGE_EXPIRES_AFTER",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Build an image index even if IMAGES is of length 1. Default true. If the image index generation is skipped, the task will forward values for params.IMAGES[0] to results.IMAGE_*. In order to properly set all results, use the repository:tag@sha256:digest format for the IMAGES parameter.",
                            "name": "ALWAYS_BUILD_INDEX",
                            "type": "string"
                        },
                        {
                            "default": "vfs",
                            "description": "Storage driver to configure for buildah",
                            "name": "STORAGE_DRIVER",
                            "type": "string"
                        },
                        {
                            "default": "oci",
                            "description": "The format for the resulting image's mediaType. Valid values are oci (default) or docker.",
                            "name": "BUILDAH_FORMAT",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Flag to enable or disable SBOM validation before save. Validation is optional - use this if you are experiencing performance issues.",
                            "name": "SBOM_SKIP_VALIDATION",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest of the image just built",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "description": "Image repository and tag where the built image was pushed",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "List of all referenced image manifests",
                            "name": "IMAGES",
                            "type": "string"
                        },
                        {
                            "description": "Image reference of the built image containing both the repository and the digest",
                            "name": "IMAGE_REF",
                            "type": "string"
                        },
                        {
                            "description": "Reference of SBOM blob digest to enable digest-based verification from provenance",
                            "name": "SBOM_BLOB_URL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "env": [
                            {
                                "name": "BUILDAH_FORMAT",
                                "value": "docker"
                            },
                            {
                                "name": "COMMIT_SHA",
                                "value": "39ef48556ec93aa12b053ba607494e01170bab64"
                            },
                            {
                                "name": "IMAGE",
                                "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                            },
                            {
                                "name": "TLSVERIFY",
                                "value": "true"
                            },
                            {
                                "name": "ALWAYS_BUILD_INDEX",
                                "value": "false"
                            },
                            {
                                "name": "STORAGE_DRIVER",
                                "value": "vfs"
                            }
                        ],
                        "volumeMounts": [
                            {
                                "mountPath": "/index-build-data",
                                "name": "shared-dir"
                            },
                            {
                                "mountPath": "/mnt/trusted-ca",
                                "name": "trusted-ca",
                                "readOnly": true
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64@sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "250m",
                                    "memory": "4Gi"
                                }
                            },
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "build",
                            "script": "#!/bin/bash\n# Fixing group permission on /var/lib/containers\nset -eu\nset -o pipefail\nchown root:root /var/lib/containers\n\nsed -i 's/^\\s*short-name-mode\\s*=\\s*.*/short-name-mode = \"disabled\"/' /etc/containers/registries.conf\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [[ $# -ne 1 \u0026\u0026 \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n  echo \"Skipping image index generation while supplying multiple image inputs is unsupported.\"\n  exit 2\nfi\n\nbuildah manifest create \"$IMAGE\"\nfor i in $@\ndo\n  TOADD=\"$i\"\n  TOADD_URL=\"$(echo \"$i\" | cut -d@ -f1)\"\n  TOADD_DIGEST=\"$(echo \"$i\" | cut -d@ -f2)\"\n  if [[ $(echo \"$i\" | tr -cd \":\" | wc -c) == 2 ]]; then\n    #format is repository:tag@sha256:digest\n    #we need to remove the tag, and just reference the digest\n    #as tag + digest is not supported\n    TOADD_REPOSITORY=\"$(echo \"$i\" | cut -d: -f1)\"\n    TOADD=\"${TOADD_REPOSITORY}@${TOADD_DIGEST}\"\n  fi\n  if [[ \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n    echo \"Skipping image index generation. Returning results for $TOADD.\"\n    echo -n \"${TOADD_URL}\" \u003e \"/tekton/results/IMAGE_URL\"\n    echo -n \"${TOADD_DIGEST}\" \u003e \"/tekton/results/IMAGE_DIGEST\"\n    echo -n \"${TOADD}\" \u003e \"/tekton/results/IMAGES\"\n    exit 0\n  fi\n\n  echo \"Adding $TOADD\"\n  buildah manifest add $IMAGE \"docker://$TOADD\" --all\ndone\n\necho \"Validating format consistency\"\nINCOMPATIBLE_STRING=\"vnd.oci.image.manifest\"\nINCOMPATIBLE_NAME=\"oci\"\nif [ \"$BUILDAH_FORMAT\" == \"oci\" ]; then\n  INCOMPATIBLE_STRING=\"vnd.docker.distribution.manifest\"\n  INCOMPATIBLE_NAME=\"docker\"\nfi\n\n# If mismatched formats (e.g., Docker manifests within an OCI index) exist locally, 'buildah push'\n# converts the inner manifests to match the target BUILDAH_FORMAT.\n# This alters the digests and breaks the link to the attached SBOMs.\nMANIFEST_MEDIA_TYPES=$(buildah manifest inspect \"$IMAGE\" | jq -er '.manifests[].mediaType')\nif echo \"$MANIFEST_MEDIA_TYPES\" | grep -q \"$INCOMPATIBLE_STRING\"; then\n  echo \"ERROR: Platform image contains $INCOMPATIBLE_NAME format, but index will be $BUILDAH_FORMAT\"\n  echo \"This will cause digest changes and break SBOM accessibility.\"\n  echo \"Ensure all platform images are built with buildah-format: $BUILDAH_FORMAT\"\n  exit 1\nfi\n\n# While the BUILDAH_FORMAT environment variable can define the push\n# format, lets be explicit about the format that we want when we push.\npush_format=oci\nif [ \"${BUILDAH_FORMAT}\" == \"docker\" ]; then\n  push_format=docker\nfi\n\nbuildah_retries=3\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://$IMAGE\"\nthen\n    echo \"Failed to push image ${IMAGE} to registry\"\n    exit 1\nfi\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:python-component-bcqjpf-on-pull-request-k59b5-build-image-index\"\nthen\n    echo \"Failed to push image ${IMAGE%:*}:python-component-bcqjpf-on-pull-request-k59b5-build-image-index to registry\"\n    exit 1\nfi\n\nINDEX_REPOSITORY=\"$(echo \"$IMAGE\" | cut -d@ -f1 | cut -d: -f1)\"\nMANIFEST_DIGESTS=$(buildah manifest inspect \"$IMAGE\" | jq -er \".manifests[].digest\")\nimage_manifests=\"\"\nfor i in $MANIFEST_DIGESTS\ndo\n  image_manifests=\"${image_manifests} ${INDEX_REPOSITORY}@${i},\"\ndone\n\ntee \"/tekton/results/IMAGE_DIGEST\" \u003c image-digest\necho -n \"$IMAGE\" | tee \"/tekton/results/IMAGE_URL\"\n{\n  echo -n \"${IMAGE}@\"\n  cat \"image-digest\"\n} \u003e \"/tekton/results/IMAGE_REF\"\necho -n \"${image_manifests:1:-1}\" \u003e \"/tekton/results/IMAGES\"\n\n# buildah manifest inspect will always give precedence to the local image.\n# Since we built this image in the same place as we are inspecting it, we can\n# just inspect it instead of finding the digest and inspecting the remote image.\nbuildah manifest inspect \"$IMAGE\" \u003e /index-build-data/manifest_data.json\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/mobster:1.1.0-1770046049@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                            "name": "create-sbom",
                            "script": "#!/bin/bash\nset -e\n\nMANIFEST_DATA_FILE=\"/index-build-data/manifest_data.json\"\nif [ ! -f \"$MANIFEST_DATA_FILE\" ]; then\n  echo \"The manifest_data.json file does not exist. Skipping the SBOM creation...\"\n  exit 0\nfi\n\nIMAGE_URL=\"$(cat \"/tekton/results/IMAGE_URL\")\"\nIMAGE_DIGEST=\"$(cat \"/tekton/results/IMAGE_DIGEST\")\"\necho \"Creating SBOM result file...\"\nmobster_args=(generate --output /index-build-data/index.spdx.json)\n\nif [ \"${SBOM_SKIP_VALIDATION}\" == \"true\" ]; then\n  echo \"Skipping SBOM validation\"\n  mobster_args+=(--skip-validation)\nfi\n\nmobster_args+=(\n  oci-index\n  --index-image-pullspec \"$IMAGE_URL\"\n  --index-image-digest \"$IMAGE_DIGEST\"\n  --index-manifest-path \"$MANIFEST_DATA_FILE\"\n)\nmobster \"${mobster_args[@]}\"\n"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "upload-sbom",
                            "script": "#!/bin/bash\nset -e\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSBOM_RESULT_FILE=\"/index-build-data/index.spdx.json\"\nif [ ! -f \"$SBOM_RESULT_FILE\" ]; then\n  echo \"The index.spdx.json file does not exists. Skipping the SBOM upload...\"\n  exit 0\nfi\n\n# Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\nmkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"$(cat \"/tekton/results/IMAGE_REF\")\" \u003e /tmp/auth/config.json\nexport DOCKER_CONFIG=/tmp/auth\n\necho \"Pushing sbom to registry\"\nif ! retry cosign attach sbom --sbom \"$SBOM_RESULT_FILE\" --type spdx \"$(cat \"/tekton/results/IMAGE_REF\")\"\nthen\n    echo \"Failed to push sbom to registry\"\n    exit 1\nfi\n\n# Remove tag from IMAGE while allowing registry to contain a port number.\nsbom_repo=\"${IMAGE%:*}\"\nsbom_digest=\"$(sha256sum \"$SBOM_RESULT_FILE\" | cut -d' ' -f1)\"\n# The SBOM_BLOB_URL is created by `cosign attach sbom`.\necho -n \"${sbom_repo}@sha256:${sbom_digest}\" | tee \"/tekton/results/SBOM_BLOB_URL\"\n",
                            "securityContext": {
                                "runAsNonRoot": false,
                                "runAsUser": 0
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "shared-dir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/a6e4a9fa-336a-447a-aa3a-1ec4b8585ac8",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:19:47Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "clair-scan",
                    "tekton.dev/task": "clair-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-k59b5-clair-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "41017",
                "uid": "a6e4a9fa-336a-447a-aa3a-1ec4b8585ac8"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clair-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:21:41Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:21:41Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-pull-request-k59b5-clair-scan-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        "entryPoint": "clair-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clair-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\", \"digests\": [\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\"]}}\n"
                    },
                    {
                        "name": "REPORTS",
                        "type": "string",
                        "value": "{\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\":\"sha256:2e5ca0cc096f1a3e11e77fb7c965fed4b2b835a7978a4da6cef7ad56f0cdeca7\"}\n"
                    },
                    {
                        "name": "SCAN_OUTPUT",
                        "type": "string",
                        "value": "{\"vulnerabilities\":{\"critical\":0,\"high\":331,\"medium\":873,\"low\":241,\"unknown\":2},\"unpatched_vulnerabilities\":{\"critical\":0,\"high\":4,\"medium\":489,\"low\":633,\"unknown\":0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:21:40+00:00\",\"note\":\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:19:47Z",
                "steps": [
                    {
                        "container": "step-get-image-manifests",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "get-image-manifests",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://4af869a8671c5b61400b0e562721aceb63dc5e9d0cd7592bcd2bd690b7ef8efd",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:13Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:07Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-get-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/clair-in-ci@sha256:e030a6094b6d88b430ed049a6a59808f4b795e9d8293d72a4bbab44da8cc429f",
                        "name": "get-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://8cb5b1adeddf6c64607fe81e6c47da01dcff8246a5db834ebe63d2f315a788b6",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:58Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:13Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-oci-attach-report",
                        "imageID": "quay.io/konflux-ci/oras@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                        "name": "oci-attach-report",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://9d7aca839bb80db75cea945504c42c7679ada11a82a6bd73e33fdea566b8c2b1",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:21:03Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:59Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-conftest-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "conftest-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://9d161d2268f4e8d58287c1619e1a63cb7fbcddfe45ab4d5f7256862ebdddeaf4",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:21:40Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\\\", \\\"digests\\\": [\\\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\\\"]}}\\n\",\"type\":1},{\"key\":\"REPORTS\",\"value\":\"{\\\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\\\":\\\"sha256:2e5ca0cc096f1a3e11e77fb7c965fed4b2b835a7978a4da6cef7ad56f0cdeca7\\\"}\\n\",\"type\":1},{\"key\":\"SCAN_OUTPUT\",\"value\":\"{\\\"vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":331,\\\"medium\\\":873,\\\"low\\\":241,\\\"unknown\\\":2},\\\"unpatched_vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":4,\\\"medium\\\":489,\\\"low\\\":633,\\\"unknown\\\":0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:21:40+00:00\\\",\\\"note\\\":\\\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:21:04Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for vulnerabilities using Clair, by comparing the components of container image against Clair's vulnerability databases.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform built by.",
                            "name": "image-platform",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused, should be removed in next task version.",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-oci-attach-report",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Clair scan result.",
                            "name": "SCAN_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        },
                        {
                            "description": "Mapping of image digests to report digests",
                            "name": "REPORTS",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "get-image-manifests",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\necho \"Inspecting raw image manifest $imageanddigest.\"\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"' | while read -r arch arch_sha; do\n    echo \"$arch_sha\" \u003e /tekton/home/image-manifest-$arch.sha\n  done\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task clair-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                },
                                "requests": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                                },
                                {
                                    "name": "IMAGE_PLATFORM"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clair-in-ci:v1",
                            "imagePullPolicy": "Always",
                            "name": "get-vulnerabilities",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n# shellcheck source=/utils.sh\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\n# the quay report format used by the Conftest rules in the\n# conftest-vulnerabilities step doesn't contain the \"issued\" date which\n# we require in the policy rules, so we resort to running clair-action\n# twice to produce both quay and clair formatted output\nclair_report() {\n  { retry clair-action report --image-ref=\"$1\" --db-path=/tmp/matcher.db --format=clair | tee  \"clair-report-$2.json\"; } \u0026\u0026 \\\n  { retry clair-action convert  --file-path=\"clair-report-$2.json\" --format=quay \u003e \"clair-result-$2.json\"; }\n}\n\nrun_clair_on_arch() {\n  local arch=\"$1\"\n  local sha_file=\"image-manifest-$arch.sha\"\n\n  if [ -e \"$sha_file\" ]; then\n    local arch_sha\n    arch_sha=$(\u003c\"$sha_file\")\n    local digest=\"${imagewithouttag}@${arch_sha}\"\n\n    echo \"Running clair-action on $arch image manifest...\"\n    clair_report \"$digest\" \"$arch\" || true\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n   fi\n}\n\nplatform=\"${IMAGE_PLATFORM}\"\n\n# If a platform is specified, extract the architecture and run clair-action on the corresponding image manifest\nif [ -n \"$platform\" ]; then\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n  # Validate against supported arch list. If it's not a known arch, fallback to amd64\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  run_clair_on_arch \"$arch\"\n\n# If no platform is specified, run clair-action on all available image manifests\nelse\n  for sha_file in image-manifest-*.sha; do\n    if [ -e \"$sha_file\" ]; then\n      arch=$(basename \"$sha_file\" | sed 's/image-manifest-//;s/.sha//')\n      run_clair_on_arch \"$arch\"\n    fi\n  done\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nimages_processed=$(echo \"${images_processed_template/\\[%s]/[$digests_processed_string]}\")\necho \"$images_processed\" \u003e images-processed.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_OCI_ATTACH_REPORT",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                            "name": "oci-attach-report",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nif [ \"$SKIP_OCI_ATTACH_REPORT\" = \"true\" ]; then\n  echo 'OCI attach report skipped by parameter.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\nif ! compgen -G \"clair-report-*.json\" \u003e /dev/null; then\n  echo 'No Clair reports generated. Skipping upload.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\necho \"Selecting auth\"\nselect-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n\nrepository=\"${IMAGE_URL/:*/}\"\n\narch() {\n  report_file=\"$1\"\n  arch=\"${report_file/*-}\"\n  echo \"${arch/.json/}\"\n}\n\nMEDIA_TYPE='application/vnd.redhat.clair-report+json'\n\nreports_json=\"\"\nfor f in clair-report-*.json; do\n  digest=$(cat \"image-manifest-$(arch \"$f\").sha\")\n  image_ref=\"${repository}@${digest}\"\n  echo \"Attaching $f to ${image_ref}\"\n  if ! report_digest=\"$(retry oras attach --no-tty --format go-template='{{.digest}}' --registry-config \\\n    \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${image_ref}\" \"$f:${MEDIA_TYPE}\")\"\n  then\n    echo \"Failed to attach ${f} to ${image_ref}\"\n    exit 1\n  fi\n  # shellcheck disable=SC2016\n  reports_json=\"$(yq --output-format json --indent=0 eval-all '. as $i ireduce ({}; . * $i)' \u003c(echo \"${reports_json}\") \u003c(echo \"${digest}: ${report_digest}\"))\"\ndone\necho \"${reports_json}\" \u003e reports.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "conftest-vulnerabilities",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nclair_result_files=$(ls /tekton/home/clair-result-*.json)\nif [ -z \"$clair_result_files\" ]; then\n  echo \"Previous step [get-vulnerabilities] failed: No clair-result files found in /tekton/home.\"\nfi\n\nmissing_vulnerabilities_files=\"\"\nfor file in $clair_result_files; do\n  file_suffix=$(basename \"$file\" | sed 's/clair-result-//;s/.json//')\n  if [ ! -s \"$file\" ]; then\n    echo \"Previous step [get-vulnerabilities] failed: $file is empty.\"\n  else\n    /usr/bin/conftest test --no-fail $file \\\n    --policy /project/clair/vulnerabilities-check.rego --namespace required_checks \\\n    --output=json | tee /tekton/home/clair-vulnerabilities-$file_suffix.json || true\n  fi\n\n  #check for missing \"clair-vulnerabilities-\u003carch\u003e/image-index\" file and create a string\n  if [ ! -f \"/tekton/home/clair-vulnerabilities-$file_suffix.json\" ]; then\n    missing_vulnerabilities_files+=\"${missing_vulnerabilities_files:+, }/tekton/home/clair-vulnerabilities-$file_suffix.json\"\n  fi\ndone\n\nif [ -n \"$missing_vulnerabilities_files\" ]; then\n  note=\"Task clair-scan failed: $missing_vulnerabilities_files did not generate. For details, check Tekton task log.\"\n  TEST_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"$missing_vulnerabilities_files did not generate correctly. For details, check conftest command in Tekton task log.\"\n  echo \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n  exit 0\nfi\n\nscan_result='{\"vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}, \"unpatched_vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}}'\nfor file in /tekton/home/clair-vulnerabilities-*.json; do\n    result=$(jq -rce \\\n        '{\n            vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            },\n            unpatched_vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            }\n        }' \"$file\")\n\n    scan_result=$(jq -s -rce \\\n          '.[0].vulnerabilities.critical += .[1].vulnerabilities.critical |\n          .[0].vulnerabilities.high += .[1].vulnerabilities.high |\n          .[0].vulnerabilities.medium += .[1].vulnerabilities.medium |\n          .[0].vulnerabilities.low += .[1].vulnerabilities.low |\n          .[0].vulnerabilities.unknown += .[1].vulnerabilities.unknown |\n          .[0].unpatched_vulnerabilities.critical += .[1].unpatched_vulnerabilities.critical |\n          .[0].unpatched_vulnerabilities.high += .[1].unpatched_vulnerabilities.high |\n          .[0].unpatched_vulnerabilities.medium += .[1].unpatched_vulnerabilities.medium |\n          .[0].unpatched_vulnerabilities.low += .[1].unpatched_vulnerabilities.low |\n          .[0].unpatched_vulnerabilities.unknown += .[1].unpatched_vulnerabilities.unknown |\n          .[0]' \u003c\u003c\u003c\"$scan_result $result\")\ndone\n\necho \"$scan_result\" | tee \"/tekton/results/SCAN_OUTPUT\"\n\ncat /tekton/home/images-processed.json | tee /tekton/results/IMAGES_PROCESSED\n# shellcheck disable=SC2154\ncat /tekton/home/reports.json \u003e \"/tekton/results/REPORTS\"\n\nnote=\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\"\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"$note\")\necho \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/d31f34c3-e56d-438f-867a-801a984b7dbb",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "virus, konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:19:48Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "clamav-scan",
                    "tekton.dev/task": "clamav-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-k59b5-clamav-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "40807",
                "uid": "d31f34c3-e56d-438f-867a-801a984b7dbb"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clamav-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:21:35Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:21:35Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-pull-request-k59b5-clamav-scan-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        "entryPoint": "clamav-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\", \"digests\": [\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"timestamp\":\"1782922890\",\"namespace\":\"required_checks\",\"successes\":2,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\",\"note\":\"All checks passed successfully\"}\n"
                    }
                ],
                "startTime": "2026-07-01T16:19:49Z",
                "steps": [
                    {
                        "container": "step-extract-and-scan-image",
                        "imageID": "quay.io/konflux-ci/clamav-db@sha256:2da6c1a37fef998b68b675505fb654b1123e3cd889c190c59b4527d11621e8fc",
                        "name": "extract-and-scan-image",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://70b5a2281815bc0d5475ddd9e440bf92577d996a8e5df006ee89c35ce0178b4a",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:21:30Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\\\", \\\"digests\\\": [\\\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782922890\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:05Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://3bd6805e76b09ea37dc4e4ad430ef2f82f080075b2c6375e3b37b970edd3c33e",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:21:33Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\\\", \\\"digests\\\": [\\\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782922890\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:21:30Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans the content of container images and OCI artifacts for viruses, malware, and other malicious content using ClamAV antivirus scanner.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image arch.",
                            "name": "image-arch",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "8",
                            "description": "Maximum number of threads clamd runs.",
                            "name": "clamd-max-threads",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-upload",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                },
                                "requests": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/work"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                                },
                                {
                                    "name": "IMAGE_ARCH"
                                },
                                {
                                    "name": "MAX_THREADS",
                                    "value": "8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clamav-db:latest",
                            "name": "extract-and-scan-image",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Start clamd in background\n/start-clamd.sh\n\n# Bootstrap .docker config in overridden HOME.\n# This prevents 'oc' CLI failures in clean environments where ~/.docker does not exist.\nif [ ! -d ~/.docker ]; then\n    mkdir -p ~/.docker\n    echo '{}' \u003e ~/.docker/config.json\nfi\n\nimagewithouttag=$(echo $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\" | tr -d '\\n')\n\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\n\n# check if image is attestation one, skip the clamav scan in such case\nif [[ $imageanddigest == *.att ]]\nthen\n    echo \"$imageanddigest is an attestation image. Skipping ClamAV scan.\"\n    exit 0\nfi\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\nmkdir logs\nmkdir content\ncd content\necho \"Detecting artifact type for ${imageanddigest}.\"\necho '{\"artifact\":{\"pullspec\":\"'\"${imageanddigest}\"'\",\"type\":\"unknown\",\"mediaType\":\"\"}}' \u003e /work/logs/artifact-meta.json\n\n# Function to scan content and process results with ClamAV and EC\n# Parameters:\n#   $1: destination - path to the content to scan\n#   $2: suffix - suffix for log file names (e.g., \"oci\", \"amd64\")\n#   $3: digest - digest to add to digests_processed array\n#   $4: scan_message - optional message describing what is being scanned\nscan_and_process() {\n  local destination=\"$1\"\n  local suffix=\"$2\"\n  local digest=\"$3\"\n  local scan_message=\"${4:-Scanning content}\"\n\n  db_version=$(clamdscan --version | sed 's|.*/\\(.*\\)/.*|\\1|')\n\n  echo \"$scan_message. This operation may take a while.\"\n  clamdscan \"${destination}\" -vi --multiscan --fdpass \\\n    | tee \"/work/logs/clamscan-result-${suffix}.log\" || true\n\n  echo \"Executed-on: Scan was executed on clamsdcan version - $(clamdscan --version) Database version: $db_version\" | tee -a \"/work/logs/clamscan-result-${suffix}.log\"\n\n  digests_processed+=(\"\\\"$digest\\\"\")\n\n  if [[ -e \"/work/logs/clamscan-result-${suffix}.log\" ]]; then\n    # OPA/EC requires structured data input, add clamAV log into json\n    jq -Rs '{ output: . }' \"/work/logs/clamscan-result-${suffix}.log\" \u003e \"/work/logs/clamscan-result-log-${suffix}.json\"\n\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o json \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" || true\n\n    # workaround: due to a bug in ec-cli, we cannot generate json and appstudio output at the same time, running it again\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o appstudio \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" | tee \"/work/logs/clamscan-ec-test-${suffix}.json\" || true\n\n    cat \"/work/logs/clamscan-ec-test-${suffix}.json\"\n  fi\n}\n\n# Detect artifact type: container image vs OCI artifact\n# First, try to get image manifests (works for container images)\n# Use subshell to prevent get_image_manifests() from exiting the main script if it fails\n# (get_image_manifests uses exit 1 when Architecture field is missing, which happens for OCI artifacts)\nimage_manifests=$(bash -c '. /utils.sh; get_image_manifests -i \"'\"${imageanddigest}\"'\"' 2\u003e/dev/null || echo \"\")\n\n# If get_image_manifests failed, check if it's an OCI artifact by inspecting manifest media type\nif [ -z \"$image_manifests\" ]; then\n  echo \"get_image_manifests returned empty, checking if this is an OCI artifact...\"\n  raw_manifest=$(skopeo inspect --raw --authfile ~/.docker/config.json \"docker://${imageanddigest}\" 2\u003e/dev/null || true)\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"inspected\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n\n  if [ -n \"$raw_manifest\" ]; then\n    media_type=$(echo \"$raw_manifest\" | jq -r '.mediaType // .config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n    artifact_type=$(echo \"$raw_manifest\" | jq -r '.artifactType // empty' 2\u003e/dev/null || echo \"\")\n    config_media_type=$(echo \"$raw_manifest\" | jq -r '.config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n\n    # Determine if this is an OCI artifact (not a container image)\n    # OCI artifacts typically have:\n    # - An empty/scratch config (config.mediaType contains \"empty\" or \"scratch\")\n    # - An explicit artifactType field that is not a container image type\n    is_oci_artifact=false\n\n    # Check if config is empty/scratch (typical for OCI artifacts like python wheels, helm charts, etc.)\n    if echo \"$config_media_type\" | grep -qiE \"(empty|scratch)\"; then\n      is_oci_artifact=true\n    fi\n\n    # Check if artifactType is set and is not a container image type\n    if [ -n \"$artifact_type\" ] \u0026\u0026 ! echo \"$artifact_type\" | grep -qE \"application/vnd\\.(oci|docker)\\.(image|container)\"; then\n      is_oci_artifact=true\n    fi\n\n    if [ \"$is_oci_artifact\" = true ]; then\n      # This is an OCI artifact (e.g., python wheels, helm charts, etc.)\n      echo \"Detected OCI artifact (artifactType: ${artifact_type:-unset}, config.mediaType: ${config_media_type:-unset}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.artifactType = '\"\\\"${artifact_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    elif echo \"$media_type\" | grep -qE \"(application/vnd\\.(docker|oci)\\.(distribution|image)\\.manifest|application/vnd\\.docker\\.distribution\\.manifest)\"; then\n      # This looks like a container image manifest, but get_image_manifests failed\n      echo \"Detected container image manifest type: $media_type, but get_image_manifests failed. This may indicate an error.\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"$media_type\\\"\"' | .artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      note=\"Task clamav-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n      ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n      echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n      exit 0\n    else\n      # Likely an OCI artifact with non-standard media type\n      echo \"Detected OCI artifact (media type: ${media_type:-unknown}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    fi\n  else\n    echo \"Failed to inspect artifact \\\"$imageanddigest\\\". Unable to determine type.\"\n    note=\"Task clamav-scan failed: Failed to inspect artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 0\n  fi\nfi\n\n# Process container images (existing logic)\nif [ -n \"$image_manifests\" ]; then\n  echo \"Detected container image. Processing image manifests.\"\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n  # Proceed only if a specific arch is provided.\n  # This typically occurs when using Tekton Matrix to launch multiple TaskRuns to scan all architectures of a multi-arch image in parallel.\n  if [ -n \"$IMAGE_ARCH\" ]; then\n    arch=\"${IMAGE_ARCH#*/}\"\n    if [ \"${arch}\" = \"x86_64\" ]; then\n      arch=\"amd64\"\n    fi\n\n    # Check if arch is supported; if not (e.g., it's 'local', see link below), default to amd64.\n    # https://github.com/redhat-appstudio/infra-deployments/blob/main/components/multi-platform-controller/production/stone-prd-rh01/host-config.yaml#L9-L14\n    case \"$arch\" in\n      amd64|ppc64le|arm64|s390x)\n        ;;\n      *)\n        arch=\"amd64\"\n        ;;\n    esac\n\n    image_manifests=$(echo \"$image_manifests\" | jq -c --arg arch \"$arch\" '{($arch): .[$arch]}')\n  fi\n\n  while read -r arch arch_sha; do\n    destination=$(echo content-$arch)\n    mkdir -p \"$destination\"\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    echo \"Running \\\"oc image extract\\\" on image of arch $arch\"\n    retry oc image extract --only-files=true --registry-config ~/.docker/config.json \"$arch_imageanddigest\" --path=\"/:${destination}\" --filter-by-os=\"linux/${arch}\"\n    if [ $? -ne 0 ]; then\n      echo \"Unable to extract image for arch $arch. Skipping ClamAV scan!\"\n      exit 0\n    fi\n\n    # Scan and process container image for this architecture\n    scan_and_process \"${destination}\" \"$arch\" \"$arch_sha\" \"Scanning image for arch $arch\"\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nfi\n\njq -s -rce '\n  reduce .[] as $item ({\"timestamp\":\"0\",\"namespace\":\"\",\"successes\":0,\"failures\":0,\"warnings\":0,\"result\":\"\",\"note\":\"\"};\n    {\n    \"timestamp\" : (if .timestamp \u003c $item.timestamp then $item.timestamp else .timestamp end),\n    \"namespace\" : $item.namespace,\n    \"successes\" : (.successes + $item.successes),\n    \"failures\" : (.failures + $item.failures),\n    \"warnings\" : (.warnings + $item.warnings),\n    \"result\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.result else .result end),\n    \"note\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.note else .note end)\n    })' /work/logs/clamscan-ec-test-*.json | tee /tekton/results/TEST_OUTPUT\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_UPLOAD",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\n# Skip upload if requested e.g. read-only CI tests where push access is denied\nif [ \"$SKIP_UPLOAD\" == \"true\" ]; then\n  echo \"Upload skipped by parameter.\"\n  exit 0\nfi\n\n# Don't return a glob expression when no matches are found\nshopt -s nullglob\n\ncd logs\n\nfor UPLOAD_FILE in clamscan-result*.log; do\n  MEDIA_TYPE=text/vnd.clamav\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\nfor UPLOAD_FILE in clamscan-ec-test*.json; do\n  MEDIA_TYPE=application/vnd.konflux.test_output+json\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\n\nif [ -z \"${args}\" ]; then\n  echo \"No files found. Skipping upload.\"\n  exit 0;\nfi\n\necho \"Selecting auth\"\nselect-oci-auth $IMAGE_URL \u003e $HOME/auth.json\necho \"Attaching to ${IMAGE_URL}\"\n retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type application/vnd.clamav \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${args[@]}\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "dbfolder"
                        },
                        {
                            "emptyDir": {},
                            "name": "work"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-9d0756f48f",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/4174087e-b2fb-4cb8-8611-2929e62de353",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/categories": "Git",
                    "tekton.dev/displayName": "git clone",
                    "tekton.dev/pipelines.minVersion": "0.21.0",
                    "tekton.dev/platforms": "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64",
                    "tekton.dev/tags": "git",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:15:45Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "clone-repository",
                    "tekton.dev/task": "git-clone",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-k59b5-clone-repository",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "36987",
                "uid": "4174087e-b2fb-4cb8-8611-2929e62de353"
            },
            "spec": {
                "params": [
                    {
                        "name": "url",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    },
                    {
                        "name": "revision",
                        "value": "39ef48556ec93aa12b053ba607494e01170bab64"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "git-clone"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:7db7ad9653dccc771407cb0294487cf4be9064fa782ffad7e983db1a8ba57e21"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "output",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-4942403eef"
                        }
                    },
                    {
                        "name": "basic-auth",
                        "secret": {
                            "secretName": "pac-gitauth-jvoyri"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:15:52Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:15:52Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-84b8a1cf816f8355aab1832534da7f97-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "7db7ad9653dccc771407cb0294487cf4be9064fa782ffad7e983db1a8ba57e21"
                        },
                        "entryPoint": "git-clone",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-git-clone"
                    }
                },
                "results": [
                    {
                        "name": "CHAINS-GIT_COMMIT",
                        "type": "string",
                        "value": "39ef48556ec93aa12b053ba607494e01170bab64"
                    },
                    {
                        "name": "CHAINS-GIT_URL",
                        "type": "string",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    },
                    {
                        "name": "commit",
                        "type": "string",
                        "value": "39ef48556ec93aa12b053ba607494e01170bab64"
                    },
                    {
                        "name": "commit-timestamp",
                        "type": "string",
                        "value": "1782922511"
                    },
                    {
                        "name": "short-commit",
                        "type": "string",
                        "value": "39ef485"
                    },
                    {
                        "name": "url",
                        "type": "string",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    }
                ],
                "startTime": "2026-07-01T16:15:46Z",
                "steps": [
                    {
                        "container": "step-clone",
                        "imageID": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                        "name": "clone",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://5921611f817a4a0bc891e118a3718610be468705a27ae13daf87e0dc5142f829",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:15:51Z",
                            "message": "[{\"key\":\"CHAINS-GIT_COMMIT\",\"value\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"type\":1},{\"key\":\"CHAINS-GIT_URL\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1},{\"key\":\"commit\",\"value\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"type\":1},{\"key\":\"commit-timestamp\",\"value\":\"1782922511\",\"type\":1},{\"key\":\"short-commit\",\"value\":\"39ef485\",\"type\":1},{\"key\":\"url\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:15:50Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-symlink-check",
                        "imageID": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                        "name": "symlink-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d84354aaa2721822605361893ce9283ce20d126e6de5402f1e7e5639613393ac",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:15:51Z",
                            "message": "[{\"key\":\"CHAINS-GIT_COMMIT\",\"value\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"type\":1},{\"key\":\"CHAINS-GIT_URL\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1},{\"key\":\"commit\",\"value\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"type\":1},{\"key\":\"commit-timestamp\",\"value\":\"1782922511\",\"type\":1},{\"key\":\"short-commit\",\"value\":\"39ef485\",\"type\":1},{\"key\":\"url\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:15:51Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "The git-clone Task will clone a repo from the provided url into the output Workspace. By default the repo will be cloned into the root of your Workspace.",
                    "params": [
                        {
                            "description": "Repository URL to clone from.",
                            "name": "url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Revision to checkout. (branch, tag, sha, ref, etc...)",
                            "name": "revision",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Refspec to fetch before checking out revision.",
                            "name": "refspec",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Initialize and fetch git submodules.",
                            "name": "submodules",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma-separated list of specific submodule paths to initialize and fetch. Only submodules in the specified directories and their subdirectories will be fetched.\nEmpty string fetches all submodules. Parameter \"submodules\" must be set to \"true\" to make this parameter applicable.\n",
                            "name": "submodulePaths",
                            "type": "string"
                        },
                        {
                            "default": "1",
                            "description": "Perform a shallow clone, fetching only the most recent N commits.",
                            "name": "depth",
                            "type": "string"
                        },
                        {
                            "default": "7",
                            "description": "Length of short commit SHA",
                            "name": "shortCommitLength",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.",
                            "name": "sslVerify",
                            "type": "string"
                        },
                        {
                            "default": "source",
                            "description": "Subdirectory inside the `output` Workspace to clone the repo into.",
                            "name": "subdirectory",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Define the directory patterns to match or exclude when performing a sparse checkout.",
                            "name": "sparseCheckoutDirectories",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Clean out the contents of the destination directory if it already exists before cloning.",
                            "name": "deleteExisting",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTP proxy server for non-SSL requests.",
                            "name": "httpProxy",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTPS proxy server for SSL requests.",
                            "name": "httpsProxy",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Opt out of proxying HTTP/HTTPS requests.",
                            "name": "noProxy",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Log the commands that are executed during `git-clone`'s operation.",
                            "name": "verbose",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Deprecated. Has no effect. Will be removed in the future.",
                            "name": "gitInitImage",
                            "type": "string"
                        },
                        {
                            "default": "/tekton/home",
                            "description": "Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user.\n",
                            "name": "userHome",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Check symlinks in the repo. If they're pointing outside of the repo, the build will fail.\n",
                            "name": "enableSymlinkCheck",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Fetch all tags for the repo.",
                            "name": "fetchTags",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Set to \"true\" to merge the targetBranch into the checked-out revision.",
                            "name": "mergeTargetBranch",
                            "type": "string"
                        },
                        {
                            "default": "main",
                            "description": "The target branch to merge into the revision (if mergeTargetBranch is true).",
                            "name": "targetBranch",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "URL of the repository to fetch the target branch from when mergeTargetBranch is true.\nIf empty, uses the same repository (origin). This allows merging a branch from a different repository.\n",
                            "name": "mergeSourceRepoUrl",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Perform a shallow fetch of the target branch, fetching only the most recent N commits.\nIf empty, fetches the full history of the target branch.\n",
                            "name": "mergeSourceDepth",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "The precise commit SHA that was fetched by this Task.",
                            "name": "commit",
                            "type": "string"
                        },
                        {
                            "description": "The commit SHA that was fetched by this Task limited to params.shortCommitLength number of characters",
                            "name": "short-commit",
                            "type": "string"
                        },
                        {
                            "description": "The precise URL that was fetched by this Task.",
                            "name": "url",
                            "type": "string"
                        },
                        {
                            "description": "The commit timestamp of the checkout",
                            "name": "commit-timestamp",
                            "type": "string"
                        },
                        {
                            "description": "The precise URL that was fetched by this Task. This result uses Chains type hinting to include in the provenance.",
                            "name": "CHAINS-GIT_URL",
                            "type": "string"
                        },
                        {
                            "description": "The precise commit SHA that was fetched by this Task. This result uses Chains type hinting to include in the provenance.",
                            "name": "CHAINS-GIT_COMMIT",
                            "type": "string"
                        },
                        {
                            "description": "The SHA of the commit after merging the target branch (if the param mergeTargetBranch is true).",
                            "name": "merged_sha",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/tekton/home"
                                },
                                {
                                    "name": "PARAM_URL",
                                    "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                                },
                                {
                                    "name": "PARAM_REVISION",
                                    "value": "39ef48556ec93aa12b053ba607494e01170bab64"
                                },
                                {
                                    "name": "PARAM_REFSPEC"
                                },
                                {
                                    "name": "PARAM_SUBMODULES",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBMODULE_PATHS"
                                },
                                {
                                    "name": "PARAM_DEPTH",
                                    "value": "1"
                                },
                                {
                                    "name": "PARAM_SHORT_COMMIT_LENGTH",
                                    "value": "7"
                                },
                                {
                                    "name": "PARAM_SSL_VERIFY",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBDIRECTORY",
                                    "value": "source"
                                },
                                {
                                    "name": "PARAM_DELETE_EXISTING",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_HTTP_PROXY"
                                },
                                {
                                    "name": "PARAM_HTTPS_PROXY"
                                },
                                {
                                    "name": "PARAM_NO_PROXY"
                                },
                                {
                                    "name": "PARAM_VERBOSE",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_SPARSE_CHECKOUT_DIRECTORIES"
                                },
                                {
                                    "name": "PARAM_USER_HOME",
                                    "value": "/tekton/home"
                                },
                                {
                                    "name": "PARAM_FETCH_TAGS",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_GIT_INIT_IMAGE"
                                },
                                {
                                    "name": "PARAM_MERGE_TARGET_BRANCH",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_TARGET_BRANCH",
                                    "value": "main"
                                },
                                {
                                    "name": "PARAM_MERGE_SOURCE_REPO_URL"
                                },
                                {
                                    "name": "PARAM_MERGE_SOURCE_DEPTH"
                                },
                                {
                                    "name": "WORKSPACE_OUTPUT_PATH",
                                    "value": "/workspace/output"
                                },
                                {
                                    "name": "WORKSPACE_SSH_DIRECTORY_BOUND",
                                    "value": "false"
                                },
                                {
                                    "name": "WORKSPACE_SSH_DIRECTORY_PATH"
                                },
                                {
                                    "name": "WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND",
                                    "value": "true"
                                },
                                {
                                    "name": "WORKSPACE_BASIC_AUTH_DIRECTORY_PATH",
                                    "value": "/workspace/basic-auth"
                                }
                            ],
                            "image": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                            "name": "clone",
                            "script": "#!/usr/bin/env sh\nset -eu\n\nif [ \"${PARAM_VERBOSE}\" = \"true\" ] ; then\n  set -x\nfi\n\nif [ -n \"${PARAM_GIT_INIT_IMAGE}\" ]; then\n  echo \"WARNING: provided deprecated gitInitImage parameter has no effect.\"\nfi\n\nif [ \"${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}\" = \"true\" ] ; then\n  if [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials\" ] \u0026\u0026 [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig\" ]; then\n    cp \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials\" \"${PARAM_USER_HOME}/.git-credentials\"\n    cp \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig\" \"${PARAM_USER_HOME}/.gitconfig\"\n  # Compatibility with kubernetes.io/basic-auth secrets\n  elif [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/username\" ] \u0026\u0026 [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/password\" ]; then\n    HOSTNAME=$(echo $PARAM_URL | awk -F/ '{print $3}')\n    echo \"https://$(cat ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/username):$(cat ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/password)@$HOSTNAME\" \u003e \"${PARAM_USER_HOME}/.git-credentials\"\n    echo -e \"[credential \\\"https://$HOSTNAME\\\"]\\n  helper = store\" \u003e \"${PARAM_USER_HOME}/.gitconfig\"\n  else\n    echo \"Unknown basic-auth workspace format\"\n    exit 1\n  fi\n  chmod 400 \"${PARAM_USER_HOME}/.git-credentials\"\n  chmod 400 \"${PARAM_USER_HOME}/.gitconfig\"\nfi\n\n# Should be called after the gitconfig is copied from the repository secret\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  git config --global http.sslCAInfo \"$ca_bundle\"\nfi\n\nif [ \"${WORKSPACE_SSH_DIRECTORY_BOUND}\" = \"true\" ] ; then\n  cp -R \"${WORKSPACE_SSH_DIRECTORY_PATH}\" \"${PARAM_USER_HOME}\"/.ssh\n  chmod 700 \"${PARAM_USER_HOME}\"/.ssh\n  chmod -R 400 \"${PARAM_USER_HOME}\"/.ssh/*\nfi\n\nCHECKOUT_DIR=\"${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}\"\n\ncleandir() {\n  # Delete any existing contents of the repo directory if it exists.\n  #\n  # We don't just \"rm -rf ${CHECKOUT_DIR}\" because ${CHECKOUT_DIR} might be \"/\"\n  # or the root of a mounted volume.\n  if [ -d \"${CHECKOUT_DIR}\" ] ; then\n    # Delete non-hidden files and directories\n    rm -rf \"${CHECKOUT_DIR:?}\"/*\n    # Delete files and directories starting with . but excluding ..\n    rm -rf \"${CHECKOUT_DIR}\"/.[!.]*\n    # Delete files and directories starting with .. plus any other character\n    rm -rf \"${CHECKOUT_DIR}\"/..?*\n  fi\n}\n\nif [ \"${PARAM_DELETE_EXISTING}\" = \"true\" ] ; then\n  cleandir\nfi\n\ntest -z \"${PARAM_HTTP_PROXY}\" || export HTTP_PROXY=\"${PARAM_HTTP_PROXY}\"\ntest -z \"${PARAM_HTTPS_PROXY}\" || export HTTPS_PROXY=\"${PARAM_HTTPS_PROXY}\"\ntest -z \"${PARAM_NO_PROXY}\" || export NO_PROXY=\"${PARAM_NO_PROXY}\"\n\n/ko-app/git-init \\\n  -url=\"${PARAM_URL}\" \\\n  -revision=\"${PARAM_REVISION}\" \\\n  -refspec=\"${PARAM_REFSPEC}\" \\\n  -path=\"${CHECKOUT_DIR}\" \\\n  -sslVerify=\"${PARAM_SSL_VERIFY}\" \\\n  -submodules=\"${PARAM_SUBMODULES}\" \\\n  -submodulePaths=\"${PARAM_SUBMODULE_PATHS}\" \\\n  -depth=\"${PARAM_DEPTH}\" \\\n  -sparseCheckoutDirectories=\"${PARAM_SPARSE_CHECKOUT_DIRECTORIES}\" \\\n  -retryMaxAttempts=10\ncd \"${CHECKOUT_DIR}\"\nRESULT_SHA=\"$(git rev-parse HEAD)\"\nRESULT_SHA_SHORT=\"$(git rev-parse --short=\"${PARAM_SHORT_COMMIT_LENGTH}\" HEAD)\"\n\nif [ \"${PARAM_MERGE_TARGET_BRANCH}\" = \"true\" ]; then\n  echo \"Merge option enabled. Attempting to merge target branch '${PARAM_TARGET_BRANCH}' into HEAD (${RESULT_SHA}).\"\n\n  if [ \"${PARAM_DEPTH}\" = \"1\" ]; then\n    echo \"WARNING: Shallow clone with depth=1 may cause merge conflicts due to insufficient commit history.\" \u003e\u00262\n  fi\n\n  if [ \"${PARAM_MERGE_SOURCE_DEPTH}\" = \"1\" ]; then\n    echo \"WARNING: Shallow fetch with mergeSourceDepth=1 may cause merge conflicts due to insufficient commit history.\" \u003e\u00262\n  fi\n\n  # Determine if merging from a different repository or the same one\n  if [ -n \"${PARAM_MERGE_SOURCE_REPO_URL}\" ]; then\n    # Normalize URLs for comparison (remove trailing slashes and .git suffix)\n    normalize_url() {\n      echo \"$1\" | sed -e 's#/$##' -e 's#\\.git$##'\n    }\n\n    NORMALIZED_ORIGIN_URL=$(normalize_url \"${PARAM_URL}\")\n    NORMALIZED_MERGE_URL=$(normalize_url \"${PARAM_MERGE_SOURCE_REPO_URL}\")\n\n    if [ \"${NORMALIZED_ORIGIN_URL}\" = \"${NORMALIZED_MERGE_URL}\" ]; then\n      echo \"Merge source URL is the same as origin. Using existing 'origin' remote.\"\n      MERGE_REMOTE=\"origin\"\n    else\n      echo \"Merging from different repository: ${PARAM_MERGE_SOURCE_REPO_URL}\"\n      echo \"Adding remote 'merge-source'...\"\n      git remote add merge-source \"${PARAM_MERGE_SOURCE_REPO_URL}\"\n      MERGE_REMOTE=\"merge-source\"\n    fi\n  else\n    echo \"Merging from the same repository (origin)\"\n    MERGE_REMOTE=\"origin\"\n  fi\n\n  echo \"Fetching target branch '${PARAM_TARGET_BRANCH}' from ${MERGE_REMOTE}...\"\n  if [ -n \"${PARAM_MERGE_SOURCE_DEPTH}\" ]; then\n    retry git fetch --depth=\"${PARAM_MERGE_SOURCE_DEPTH}\" ${MERGE_REMOTE} \"${PARAM_TARGET_BRANCH}\"\n  else\n    retry git fetch ${MERGE_REMOTE} \"${PARAM_TARGET_BRANCH}\"\n  fi\n\n\n  echo \"Merging ${MERGE_REMOTE}/${PARAM_TARGET_BRANCH} into current HEAD...\"\n  git config --global user.email \"tekton-git-clone@tekton.dev\"\n  git config --global user.name \"Tekton Git Clone Task\"\n\nif ! git merge FETCH_HEAD --no-commit --no-ff --allow-unrelated-histories; then\n  echo \"ERROR: Merge conflict detected or merge failed before commit.\" \u003e\u00262\n  echo \"--- Git Status ---\"\n  git status\n  echo \"------------------\"\n  exit 1\nfi\n\n# Check if there are changes staged for commit\nif git diff --staged --quiet; then\n  echo \"No diff was found, skipping merge...\" \u003e\u00262\nelse\n  echo \"Merge successful (no conflicts found), committing...\"\nif ! git commit -m \"Merge branch '${PARAM_TARGET_BRANCH}' from ${MERGE_REMOTE} into ${RESULT_SHA}\"; then\n  echo \"ERROR: Failed to commit merge.\" \u003e\u00262\n  exit 1\nfi\n  MERGED_SHA=$(git rev-parse HEAD)\n  echo \"New HEAD after merge: ${MERGED_SHA}\"\n  echo \"${MERGED_SHA}\" \u003e \"/tekton/results/merged_sha\"\nfi\n\nelse\n  echo \"Merge option disabled. Using checked-out revision ${RESULT_SHA} directly.\"\nfi\nprintf \"%s\" \"${RESULT_SHA}\" \u003e \"/tekton/results/commit\"\nprintf \"%s\" \"${RESULT_SHA}\" \u003e \"/tekton/results/CHAINS-GIT_COMMIT\"\nprintf \"%s\" \"${RESULT_SHA_SHORT}\" \u003e \"/tekton/results/short-commit\"\nprintf \"%s\" \"${PARAM_URL}\" \u003e \"/tekton/results/url\"\nprintf \"%s\" \"${PARAM_URL}\" \u003e \"/tekton/results/CHAINS-GIT_URL\"\nprintf \"%s\" \"$(git log -1 --pretty=%ct)\" \u003e \"/tekton/results/commit-timestamp\"\n\nif [ \"${PARAM_FETCH_TAGS}\" = \"true\" ] ; then\n  echo \"Fetching tags\"\n  retry git fetch --tags\nfi\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ]
                        },
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "PARAM_ENABLE_SYMLINK_CHECK",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBDIRECTORY",
                                    "value": "source"
                                },
                                {
                                    "name": "WORKSPACE_OUTPUT_PATH",
                                    "value": "/workspace/output"
                                }
                            ],
                            "image": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                            "name": "symlink-check",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n\nCHECKOUT_DIR=\"${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}\"\ncheck_symlinks() {\n  FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO=false\n  while read -r symlink\n  do\n    target=$(readlink -m \"$symlink\")\n    if ! [[ \"$target\" =~ ^$CHECKOUT_DIR ]]; then\n      echo \"The cloned repository contains symlink pointing outside of the cloned repository: $symlink\"\n      FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO=true\n    fi\n  done \u003c \u003c(find $CHECKOUT_DIR -type l -print)\n  if [ \"$FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO\" = true ] ; then\n    return 1\n  fi\n}\n\nif [ \"${PARAM_ENABLE_SYMLINK_CHECK}\" = \"true\" ] ; then\n  echo \"Running symlink check\"\n  check_symlinks\nfi\n"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "The git repo will be cloned onto the volume backing this Workspace.",
                            "name": "output"
                        },
                        {
                            "description": "A .ssh directory with private key, known_hosts, config, etc. Copied to\nthe user's home before git commands are executed. Used to authenticate\nwith the git remote when performing the clone. Binding a Secret to this\nWorkspace is strongly recommended over other volume types.\n",
                            "name": "ssh-directory",
                            "optional": true
                        },
                        {
                            "description": "A Workspace containing a .gitconfig and .git-credentials file or username and password.\nThese will be copied to the user's home before any git commands are run. Any\nother files in this Workspace are ignored. It is strongly recommended\nto use ssh-directory over basic-auth whenever possible and to bind a\nSecret to this Workspace over other volume types.\n",
                            "name": "basic-auth",
                            "optional": true
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/1db0db9b-120b-461b-9888-731ffaee5584",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:15:36Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "init",
                    "tekton.dev/task": "init",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-k59b5-init",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "36957",
                "uid": "1db0db9b-120b-461b-9888-731ffaee5584"
            },
            "spec": {
                "params": [
                    {
                        "name": "enable-cache-proxy",
                        "value": "false"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "init"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:15:42Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:15:42Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-pull-request-k59b5-init-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19"
                        },
                        "entryPoint": "init",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-init"
                    }
                },
                "results": [
                    {
                        "name": "http-proxy",
                        "type": "string",
                        "value": ""
                    },
                    {
                        "name": "no-proxy",
                        "type": "string",
                        "value": ""
                    }
                ],
                "startTime": "2026-07-01T16:15:36Z",
                "steps": [
                    {
                        "container": "step-init",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:59f2ea93fa4d47342b54acb434422ee07ebccd927a06a00d3f3eca70f8356ddf",
                        "name": "init",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://bc2b76424926a9761529f8e74a8125391296211044d8d1d207538384746dbe04",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:15:41Z",
                            "message": "[{\"key\":\"http-proxy\",\"value\":\"\",\"type\":1},{\"key\":\"no-proxy\",\"value\":\"\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:15:41Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Initialize Pipeline Task, enables configuration for cache-proxy if required during the PipelineRun.",
                    "params": [
                        {
                            "default": "false",
                            "description": "Enable cache proxy configuration",
                            "name": "enable-cache-proxy",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "HTTP proxy URL for cache proxy (when enable-cache-proxy is true)",
                            "name": "http-proxy",
                            "type": "string"
                        },
                        {
                            "description": "NO_PROXY value for cache proxy (when enable-cache-proxy is true)",
                            "name": "no-proxy",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "args": [
                                "--enable",
                                "false"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "config",
                                "cache-proxy"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                },
                                {
                                    "name": "DEFAULT_HTTP_PROXY",
                                    "value": "squid.caching.svc.cluster.local:3128"
                                },
                                {
                                    "name": "DEFAULT_NO_PROXY",
                                    "value": "brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai"
                                },
                                {
                                    "name": "HTTP_PROXY_RESULTS_PATH",
                                    "value": "/tekton/results/http-proxy"
                                },
                                {
                                    "name": "NO_PROXY_RESULTS_PATH",
                                    "value": "/tekton/results/no-proxy"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:59f2ea93fa4d47342b54acb434422ee07ebccd927a06a00d3f3eca70f8356ddf",
                            "name": "init"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-9d0756f48f",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/5724d731-bce5-415a-bc34-7ccb94c3be64",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, appstudio",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:19:48Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "push-dockerfile",
                    "tekton.dev/task": "push-dockerfile",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-k59b5-push-dockerfile",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "40112",
                "uid": "5724d731-bce5-415a-bc34-7ccb94c3be64"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                    },
                    {
                        "name": "DOCKERFILE",
                        "value": "docker/Dockerfile"
                    },
                    {
                        "name": "CONTEXT",
                        "value": "python-component"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "push-dockerfile"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.3@sha256:64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-4942403eef"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:20:09Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:20:09Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-8ff09e7ceaacd66b28c0bbaecce1cc86-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        "entryPoint": "push-dockerfile",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile"
                    }
                },
                "results": [
                    {
                        "name": "IMAGE_REF",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:5f0c9d03e745d59f8358b8291e71eb6fc07c631febea292fbd3a6a3940ef4217"
                    }
                ],
                "startTime": "2026-07-01T16:19:51Z",
                "steps": [
                    {
                        "container": "step-push",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                        "name": "push",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://298a6a015fde77bfe74adc690ab41f2bdc9277a1a24ed75ff8429b81b9acbfcd",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:09Z",
                            "message": "[{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:5f0c9d03e745d59f8358b8291e71eb6fc07c631febea292fbd3a6a3940ef4217\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:08Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Discover Dockerfile from source code and push it to registry as an OCI artifact.",
                    "params": [
                        {
                            "description": "The built binary image. The Dockerfile is pushed to the same image repository alongside.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "description": "The built binary image digest, which is used to construct the tag of Dockerfile image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "./Dockerfile",
                            "description": "Path to the Dockerfile.",
                            "name": "DOCKERFILE",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Path to the directory to use as context.",
                            "name": "CONTEXT",
                            "type": "string"
                        },
                        {
                            "default": ".dockerfile",
                            "description": "Suffix of the Dockerfile image tag.",
                            "name": "TAG_SUFFIX",
                            "type": "string"
                        },
                        {
                            "default": "application/vnd.konflux.dockerfile",
                            "description": "Artifact type of the Dockerfile image.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest-pinned image reference to the Dockerfile image.",
                            "name": "IMAGE_REF",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--source",
                                "source",
                                "--context",
                                "python-component",
                                "--containerfile",
                                "docker/Dockerfile",
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64",
                                "--image-digest",
                                "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42",
                                "--artifact-type",
                                "application/vnd.konflux.dockerfile",
                                "--tag-suffix",
                                ".dockerfile",
                                "--result-path-image-ref",
                                "/tekton/results/IMAGE_REF",
                                "--alternative-filename",
                                "Dockerfile"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "push-containerfile"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                            "name": "push",
                            "workingDir": "/workspace/workspace"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace containing the source code from where the Dockerfile is discovered.",
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-9d0756f48f",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/fe17d398-8732-43bb-8f1b-8852bc69c884",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:19:48Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "sast-shell-check",
                    "tekton.dev/task": "sast-shell-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-k59b5-sast-shell-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "40315",
                "uid": "fe17d398-8732-43bb-8f1b-8852bc69c884"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-shell-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-4942403eef"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:20:46Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:20:46Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-a36d5041cfcae11b56d2c30fba4a5f54-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        "entryPoint": "sast-shell-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:20:09+00:00\",\"note\":\"For details, check Tekton task log.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:19:50Z",
                "steps": [
                    {
                        "container": "step-sast-shell-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-shell-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://4d7f091f25377e64f9848d41cb61330ad38ca0fb7f432385c0c4f56bd6927094",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:09Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:20:09+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:07Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://002f9f796dbf87dcffdd0ca002e47391a4693485f75c6584af4e608a10f5ca3f",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:12Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:20:09+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:10Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "The sast-shell-check task uses [shellcheck](https://www.shellcheck.net/) tool to perform Static Application Security Testing (SAST), a popular cloud-native application security platform. This task leverages the shellcheck wrapper (csmock-plugin-shellcheck-core) to run shellcheck on a directory tree.\nShellCheck is a static analysis tool, gives warnings and suggestions for bash/sh shell scripts. This task can run on x86 and arm.",
                    "params": [
                        {
                            "default": "",
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image digest to report findings for.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (default to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to include important findings only",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "8",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-shell-check",
                            "script": "#!/usr/bin/env bash\nset -x\n# shellcheck source=/dev/null\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nPACKAGE_VERSION=$(rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\\n' ShellCheck)\n\nOUTPUT_FILE=\"shellcheck-results.json\"\nSOURCE_CODE_DIR=/workspace/workspace/source\n\n# generate full path for each dirname separated by comma\ndeclare -a ALL_TARGETS\nIFS=\",\" read -ra TARGET_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGET_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    ALL_TARGETS+=(\"$resolved_path\")\n  else\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\ndone\n\n# determine number of available CPU cores for shellcheck based on container cgroup v2 CPU limits\n# this calculates the ceiling, so if the cpu limit is 0.5, the number of jobs will be 1.\nif [ -z \"$SC_JOBS\" ] \u0026\u0026 [ -r \"/sys/fs/cgroup/cpu.max\" ]; then\n    read -r quota period \u003c /sys/fs/cgroup/cpu.max\n    if [ \"$quota\" != \"max\" ] \u0026\u0026 [ -n \"$period\" ] \u0026\u0026 [ \"$period\" -gt 0 ]; then\n        export SC_JOBS=$(((quota + period - 1) / period))\n        echo \"INFO: Setting SC_JOBS=${SC_JOBS} based on cgroups v2 max for run-shellcheck.sh\"\n    fi\nfi\n\n# generate all shellcheck result JSON files to $SC_RESULTS_DIR, which defaults to ./shellcheck-results/\n/usr/share/csmock/scripts/run-shellcheck.sh \"${ALL_TARGETS[@]}\"\n\nCSGREP_OPTS=(\n    --mode=json\n    --strip-path-prefix=\"$SOURCE_CODE_DIR\"/\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"ShellCheck:${PACKAGE_VERSION}\"\n)\nif [[ \"$IMP_FINDINGS_ONLY\" == \"true\" ]]; then\n    # predefined list of shellcheck important findings\n    CSGREP_EVENT_FILTER='\\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|'\n    CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|'\n    CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\\]$'\n    CSGREP_OPTS+=(\n        --event=\"$CSGREP_EVENT_FILTER\"\n    )\nelse\n    CSGREP_OPTS+=(\n        --event=\"error|warning\"\n    )\nfi\n\nif ! csgrep \"${CSGREP_OPTS[@]}\" ./shellcheck-results/*.json \u003e \"$OUTPUT_FILE\"; then\n    echo \"Error occurred while running 'run-shellcheck.sh'\"\n    note=\"Task sast-shell-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" \"${OUTPUT_FILE}\" \u003e \"${OUTPUT_FILE}.filtered\" 2\u003e \"${OUTPUT_FILE}.error\"\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n        mv \"${OUTPUT_FILE}.filtered\" \"$OUTPUT_FILE\"\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\necho \"ShellCheck results have been saved to $OUTPUT_FILE\"\n\ncsgrep --mode=evtstat \"$OUTPUT_FILE\"\ncsgrep --mode=sarif \"$OUTPUT_FILE\" \u003e shellcheck-results.sarif\n\nTEST_OUTPUT=\nparse_test_output \"sast-shell-check\" sarif shellcheck-results.sarif || true\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\nif [ -z \"${IMAGE_URL}\" ] || [ -z \"${IMAGE_DIGEST}\" ]; then\n    echo 'No image-url or image-digest param provided. Skipping upload.'\n    exit 0\nfi\n\nUPLOAD_FILES=\"shellcheck-results.sarif excluded-findings.json\"\n\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n        echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n        continue\n    fi\n\n    # Determine the media type based on the file extension\n    if [[ \"${UPLOAD_FILE}\" == *.json ]]; then\n        MEDIA_TYPE=\"application/json\"\n    else\n        MEDIA_TYPE=\"application/sarif+json\"\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach ${UPLOAD_FILE} to ${IMAGE_URL}\"\n      exit 1\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-9d0756f48f",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/e3004120-ed12-40f4-9b4b-382b346e2019",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:19:48Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "sast-snyk-check",
                    "tekton.dev/task": "sast-snyk-check",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull-request-k59b5-sast-snyk-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "40008",
                "uid": "e3004120-ed12-40f4-9b4b-382b346e2019"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-snyk-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-4942403eef"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:20:09Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:20:09Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-fc04b5ce07ee5efbdd99a3fc2c9839a8-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        "entryPoint": "sast-snyk-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SKIPPED\",\"timestamp\":\"2026-07-01T16:20:08+00:00\",\"note\":\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:19:48Z",
                "steps": [
                    {
                        "container": "step-sast-snyk-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-snyk-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f18107c433fd20266081a24f248a08fd0410a110e7e95f8082c4dff51bb4313a",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:08Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T16:20:08+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:06Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://854b6a551d25e1878f965f581b1a9625e70a55cd2426362098c341a4408ac126",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:08Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T16:20:08+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:08Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for security vulnerabilities, including common issues such as SQL injection, cross-site scripting (XSS), and code injection attacks using Snyk Code, a Static Application Security Testing (SAST) tool.\n\nFollow the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/) to obtain a snyk-token and to enable the snyk task in a Pipeline.\n\nThe snyk binary used in this Task comes from a container image defined in https://github.com/konflux-ci/konflux-test\n\nSee https://snyk.io/product/snyk-code/ and https://snyk.io/ for more information about the snyk tool.",
                    "params": [
                        {
                            "default": "snyk-secret",
                            "description": "Name of secret which contains Snyk token.",
                            "name": "SNYK_SECRET",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Append arguments.",
                            "name": "ARGS",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Digest of the image to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Report only important findings in task result. Default is \"true\". To report all findings in task result, specify \"false\". Uploaded SARIF report to remote registry always includes all findings, regardless of severity level.",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Write excluded records in file. Useful for auditing (defaults to false).",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Directories or files to be excluded from Snyk scan (Comma-separated). Useful to split the directories of a git repo across multiple components.",
                            "name": "IGNORE_FILE_PATHS",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "6Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "6Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SNYK_SECRET",
                                    "value": "snyk-secret"
                                },
                                {
                                    "name": "ARGS"
                                },
                                {
                                    "name": "IGNORE_FILE_PATHS"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-snyk-check",
                            "script": "#!/usr/bin/env bash\n\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\n# Installation of Red Hat certificates for cloning Red Hat internal repositories\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSNYK_TOKEN_PATH=\"/etc/secrets/snyk_token\"\nif [ -f \"${SNYK_TOKEN_PATH}\" ] \u0026\u0026 [ -s \"${SNYK_TOKEN_PATH}\" ]; then\n  # SNYK token is provided\n  SNYK_TOKEN=\"$(cat ${SNYK_TOKEN_PATH})\"\n  export SNYK_TOKEN\nelse\n  # According to shellcheck documentation, the following error can be ignored as it is ignored through indirection: https://www.shellcheck.net/wiki/SC2034\n  # shellcheck disable=SC2034\n  to_enable_snyk='[here](https://konflux-ci.dev/docs/testing/build/snyk/)'\n  note=\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given ${to_enable_snyk}\"\n  TEST_OUTPUT=$(make_result_json -r SKIPPED -t \"$note\")\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nSNYK_EXIT_CODE=0\nSOURCE_CODE_DIR=/workspace/workspace\n\n# We ignore files using snyk ignore if the user set up the IGNORE_FILE_PATHS variable.\n(cd \"${SOURCE_CODE_DIR}\" \u0026\u0026 IFS=\",\" \u0026\u0026 for path in $IGNORE_FILE_PATHS; do\n  snyk ignore --file-path=\"source/${path}\"\ndone)\n\nset +e\necho \"INFO: Running 'snyk code test'..\"\n# We do want to expand ARGS (it can be multiple CLI flags, not just one)\n# shellcheck disable=SC2086\n\n# Generate full paths for each directory in TARGET_DIRS\nIFS=\",\" read -ra TARGETS_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGETS_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # Ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ ! \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\n\n  # Ensure directory exists\n  if [ ! -d \"$resolved_path\" ]; then\n    echo \"Warning: Directory $resolved_path does not exist, skipping\"\n    continue\n  fi\n\n  echo \"INFO: Scanning directory: $resolved_path\"\n  # We do want to expand ARGS (it can be multiple CLI flags, not just one)\n  # shellcheck disable=SC2086\n  snyk code test $ARGS \"$resolved_path\" --max-depth=1 --sarif-file-output=\"${resolved_path}/sast_snyk_check_out_${d//\\//_}.json\" 1\u003e\u00262\u003e\u003e stdout.txt\n  cmd_exit_code=$?\n  # Track the exit code: if any snyk command fails, preserve the failure\n  # Exit codes: 0 = success, 1 = vulnerabilities found, 2 = error, 3 = no supported files\n  # Error codes (2+) always override, warning codes (1,3) only if no previous error\n  if [[ \"$cmd_exit_code\" -ne 0 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 1 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 3 ]]; then\n    SNYK_EXIT_CODE=$cmd_exit_code\n  fi\n\ndone\n\n# Merge all SARIF outputs\nfind \"$SOURCE_CODE_DIR\" -name \"sast_snyk_check_out_*.json\" -exec cat {} + \u003e \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\nset -e\ntest_not_skipped=0\nSKIP_MSG=\"We found 0 supported files\"\ngrep -q \"$SKIP_MSG\" stdout.txt || test_not_skipped=$?\n\nif [[ \"$SNYK_EXIT_CODE\" -eq 0 ]] || [[ \"$SNYK_EXIT_CODE\" -eq 1 ]]; then\n  # Check if the merged SARIF file has content - this could happen if the snyk scan found no findings\n  if [ ! -s \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\" ]; then\n    echo \"WARN: No JSON output files were generated by snyk scan\"\n    # Get snyk version for proper SARIF metadata\n    SNYK_VERSION=$(snyk --version 2\u003e/dev/null | head -1 | tr -d '\\n' || echo \"unknown\")\n    # Create a valid minimal SARIF structure using jq\n    # Note: coverage array is required even when empty because downstream jq commands expect it\n    jq -n --arg version \"$SNYK_VERSION\" '{\n      \"$schema\": \"https://json.schemastore.org/sarif-2.1.0.json\",\n      \"version\": \"2.1.0\",\n      \"runs\": [{\n        \"tool\": {\n          \"driver\": {\n            \"name\": \"snyk\",\n            \"version\": $version,\n            \"informationUri\": \"https://snyk.io\"\n          }\n        },\n        \"results\": [],\n        \"properties\": {\n          \"coverage\": []\n        }\n      }]\n    }' \u003e\"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\n  fi\n\n  # In order to generate csdiff/v1, we need to add the whole path of the source code as Snyk only provides an URI to embed the context\n  (cd  \"${SOURCE_CODE_DIR}\" \u0026\u0026 csgrep --mode=json --embed-context=3 \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json) \\\n    | csgrep --mode=json --strip-path-prefix=\"source/\"  \\\n    \u003e sast_snyk_check_out_all_findings.json\n\n  echo \"INFO: Initial results:\"\n  csgrep --mode=evtstat sast_snyk_check_out_all_findings.json\n\n  if [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\n  fi\n  PROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n  # create the KFP clone directory regardless\n  KFP_DIR=\"known-false-positives\"\n  KFP_CLONED=\"0\"\n  mkdir \"${KFP_DIR}\"\n\n  # We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\n  if [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n      echo \"INFO: Trying to clone known-false-positives..\"\n      git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\n  fi\n\n  if [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone know-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv sast_snyk_check_out_all_findings.json filtered_sast_snyk_check_out.json\n  else\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    CMD=(\n      csfilter-kfp\n      --verbose\n      --kfp-dir=\"${KFP_DIR}\"\n      --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [ \"${RECORD_EXCLUDED}\" == \"true\" ]; then\n      CMD+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    set +e\n    \"${CMD[@]}\" sast_snyk_check_out_all_findings.json \u003e filtered_sast_snyk_check_out.json\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n      echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n      echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\n    echo \"INFO: Results after filtering:\"\n    (set -x \u0026\u0026 csgrep --mode=evtstat filtered_sast_snyk_check_out.json)\n  fi\n\n  # Generation of scan stats\n\n  total_files=$(jq '[.runs[0].properties.coverage[].files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n  supported_files=$(jq '[.runs[0].properties.coverage[] | select(.type == \"SUPPORTED\") | .files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n\n  # We make sure the values are 0 if no supported/total files are found\n  if [ \"$total_files\" = \"null\" ] || [ -z \"$total_files\" ]; then\n    total_files=0\n  fi\n\n  if [ \"$supported_files\" = \"null\" ] || [ -z \"$supported_files\" ]; then\n    supported_files=0\n  fi\n\n  coverage_ratio=0\n  if (( total_files \u003e 0 )); then\n      coverage_ratio=$((supported_files * 100 / total_files))\n  fi\n\n  # embed stats in results file and convert to SARIF\n  csgrep --mode=sarif --set-scan-prop snyk-scanned-files-coverage:\"${coverage_ratio}\" \\\n                      --set-scan-prop snyk-scanned-files-success:\"${supported_files}\"  \\\n                      --set-scan-prop snyk-scanned-files-total:\"${total_files}\" \\\n                      filtered_sast_snyk_check_out.json  \u003e sast_snyk_check_out.sarif\n\n  # Create filtered SARIF for Tekton task result based on IMP_FINDINGS_ONLY parameter\n  if [ \"${IMP_FINDINGS_ONLY}\" == \"true\" ]; then\n    # Filter to only \"error\" level or higher (high/critical severity) for Tekton task result\n    # In SARIF, defects are given a level like \"error\" or \"warning\". Snyk maps \"high\" level findings to \"error\".\n    # - \"error\" → importance level 1\n    # - \"warning\" (or missing level) → importance level 0\n    RESULT_SARIF=\"result_sast_snyk_check_out.sarif\"\n    csgrep --mode=sarif --imp-level 1 sast_snyk_check_out.sarif \u003e \"$RESULT_SARIF\"\n  else\n    # Use all findings for Tekton task result\n    RESULT_SARIF=\"sast_snyk_check_out.sarif\"\n  fi\n\n  TEST_OUTPUT=\n  parse_test_output \"sast-snyk-check\" sarif \"$RESULT_SARIF\"  || true\n\n# When the test is skipped, the \"SNYK_EXIT_CODE\" is 3 and it can also be 3 in some other situation\nelif [[ \"$test_not_skipped\" -eq 0 ]]; then\n  note=\"Task sast-snyk-check success: Snyk code test found zero supported files.\"\n  ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n  echo \"sast-snyk-check test failed because of the following issues:\"\n  cat stdout.txt\n  note=\"Task sast-snyk-check failed: For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets",
                                    "name": "snyk-secret",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url provided. Skipping upload.'\n  exit 0\nfi\n\nUPLOAD_FILES=\"sast_snyk_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n    if [ \"${UPLOAD_FILES}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach to ${IMAGE_URL}\"\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        }
                    ],
                    "volumes": [
                        {
                            "name": "snyk-secret",
                            "secret": {
                                "optional": true,
                                "secretName": "snyk-secret"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/96bc6287-b986-49ac-a4f4-4777754afed5",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:59:43Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "apply-tags",
                    "tekton.dev/task": "apply-tags",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-component-bcqjpf-on-pull-request-zsqq6-apply-tags",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "20798",
                "uid": "96bc6287-b986-49ac-a4f4-4777754afed5"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "apply-tags"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:00:11Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:00:11Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-pull-request-zsqq6-apply-tags-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        "entryPoint": "apply-tags",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-apply-tags"
                    }
                },
                "startTime": "2026-07-01T15:59:46Z",
                "steps": [
                    {
                        "container": "step-apply-additional-tags",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                        "name": "apply-additional-tags",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://38cfe29ca88b31b1f7e25145a6fe0e2d2655695c54e589dee1c23455b51100ee",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:09Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:08Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Applies additional tags to the built image.",
                    "params": [
                        {
                            "description": "Image repository and tag reference of the the built image.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest of the built image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional tags that will be applied to the image in the registry.",
                            "name": "ADDITIONAL_TAGS",
                            "type": "array"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                                "--digest",
                                "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605",
                                "--tags",
                                "--tags-from-image-label",
                                "konflux.additional-tags"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "apply-tags"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                            "name": "apply-additional-tags"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-177c6218cd",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/0d930c80-d0db-4a28-9006-4c4cec4b729f",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:55:47Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "build-container",
                    "tekton.dev/task": "buildah",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-component-bcqjpf-on-pull-request-zsqq6-build-container",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "19770",
                "uid": "0d930c80-d0db-4a28-9006-4c4cec4b729f"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    },
                    {
                        "name": "DOCKERFILE",
                        "value": "docker/Dockerfile"
                    },
                    {
                        "name": "CONTEXT",
                        "value": "python-component"
                    },
                    {
                        "name": "HERMETIC",
                        "value": "false"
                    },
                    {
                        "name": "PREFETCH_INPUT",
                        "value": ""
                    },
                    {
                        "name": "IMAGE_EXPIRES_AFTER",
                        "value": "5d"
                    },
                    {
                        "name": "COMMIT_SHA",
                        "value": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    },
                    {
                        "name": "BUILD_ARGS",
                        "value": []
                    },
                    {
                        "name": "BUILD_ARGS_FILE",
                        "value": ""
                    },
                    {
                        "name": "PRIVILEGED_NESTED",
                        "value": "false"
                    },
                    {
                        "name": "SOURCE_URL",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    },
                    {
                        "name": "BUILDAH_FORMAT",
                        "value": "docker"
                    },
                    {
                        "name": "HTTP_PROXY",
                        "value": ""
                    },
                    {
                        "name": "NO_PROXY",
                        "value": ""
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "buildah"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:b68244eb0d68eff71861384ae73f5e93b11fd3da77a0381f14fb52604310d8c5"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "source",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-5be0da5124"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T15:59:22Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T15:59:22Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-f5cf30cfaa869f73f91cd3a3c6e0cc2a-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "b68244eb0d68eff71861384ae73f5e93b11fd3da77a0381f14fb52604310d8c5"
                        },
                        "entryPoint": "buildah",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-buildah"
                    }
                },
                "results": [
                    {
                        "name": "IMAGE_DIGEST",
                        "type": "string",
                        "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                    },
                    {
                        "name": "IMAGE_REF",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d@sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                    },
                    {
                        "name": "IMAGE_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    },
                    {
                        "name": "SBOM_BLOB_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:c5bb38f9d533a89add2eac4d18b9873216f3406ff93b5a3684386dc5c276440c"
                    }
                ],
                "startTime": "2026-07-01T15:55:48Z",
                "steps": [
                    {
                        "container": "step-build",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "build",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://9d75d6e0c98719e330f98febd5eb5735b7746799db851b621287030b5a3ef18b",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T15:56:38Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T15:55:55Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-push",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "push",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f2686f45bdc39eb3ae4fe474753f4210e2bc7ee9acb758580e137adcb9d03f28",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T15:57:31Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d@sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T15:56:38Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-sbom-syft-generate",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "sbom-syft-generate",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://667b5f07138eb82fe46fc4e9bd48afa151f7c61c930b4afd8bb19fb42ed8f5f6",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T15:58:02Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d@sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T15:57:32Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-prepare-sboms",
                        "imageID": "quay.io/konflux-ci/mobster@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                        "name": "prepare-sboms",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://626e13097fa28c6765beba4bdc9d79f28ce526a027696a334f29b462a1b17e28",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T15:58:32Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d@sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T15:58:02Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload-sbom",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "upload-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://b28325e81f617a7e81eca313f20228bf01e6ec7ab8e131bab76c2c85b563f64f",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T15:59:17Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d@sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"type\":1},{\"key\":\"SBOM_BLOB_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:c5bb38f9d533a89add2eac4d18b9873216f3406ff93b5a3684386dc5c276440c\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T15:58:33Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Buildah task builds source code into a container image and pushes the image into container registry using buildah tool.\nIn addition, it generates a SBOM file, injects the SBOM file into final container image and pushes the SBOM file as separate image using cosign tool.\nWhen prefetch-dependencies task is activated it is using its artifacts to run build in hermetic environment.",
                    "params": [
                        {
                            "description": "Reference of the image buildah will produce.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "default": "./Dockerfile",
                            "description": "Path to the Dockerfile to build.",
                            "name": "DOCKERFILE",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Path to the directory to use as context.",
                            "name": "CONTEXT",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)",
                            "name": "TLSVERIFY",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Determines if build will be executed without network access.",
                            "name": "HERMETIC",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "In case it is not empty, the prefetched content should be made available to the build.",
                            "name": "PREFETCH_INPUT",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Delete image tag after specified time. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.",
                            "name": "IMAGE_EXPIRES_AFTER",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The image is built from this commit.",
                            "name": "COMMIT_SHA",
                            "type": "string"
                        },
                        {
                            "default": "repos.d",
                            "description": "Path in the git repository in which yum repository files are stored",
                            "name": "YUM_REPOS_D_SRC",
                            "type": "string"
                        },
                        {
                            "default": "fetched.repos.d",
                            "description": "Path in source workspace where dynamically-fetched repos are present",
                            "name": "YUM_REPOS_D_FETCHED",
                            "type": "string"
                        },
                        {
                            "default": "/etc/yum.repos.d",
                            "description": "Target path on the container in which yum repository files should be made available",
                            "name": "YUM_REPOS_D_TARGET",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Target stage in Dockerfile to build. If not specified, the Dockerfile is processed entirely to (and including) its last stage.",
                            "name": "TARGET_STAGE",
                            "type": "string"
                        },
                        {
                            "default": "etc-pki-entitlement",
                            "description": "Name of secret which contains the entitlement certificates",
                            "name": "ENTITLEMENT_SECRET",
                            "type": "string"
                        },
                        {
                            "default": "activation-key",
                            "description": "Name of secret which contains subscription activation key",
                            "name": "ACTIVATION_KEY",
                            "type": "string"
                        },
                        {
                            "default": "does-not-exist",
                            "description": "Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET",
                            "name": "ADDITIONAL_SECRET",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Array of --build-arg values (\"arg=value\" strings)",
                            "name": "BUILD_ARGS",
                            "type": "array"
                        },
                        {
                            "default": [],
                            "description": "Array of --env values (\"env=value\" strings)",
                            "name": "ENV_VARS",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file",
                            "name": "BUILD_ARGS_FILE",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to keep compatibility location at /root/buildinfo/ for ICM injection",
                            "name": "ICM_KEEP_COMPAT_LOCATION",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma separated list of extra capabilities to add when running 'buildah build'",
                            "name": "ADD_CAPABILITIES",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Squash all new and previous layers added as a part of this build, as per --squash",
                            "name": "SQUASH",
                            "type": "string"
                        },
                        {
                            "default": "overlay",
                            "description": "Storage driver to configure for buildah",
                            "name": "STORAGE_DRIVER",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to skip stages in Containerfile that seem unused by subsequent stages",
                            "name": "SKIP_UNUSED_STAGES",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional key=value labels that should be applied to the image",
                            "name": "LABELS",
                            "type": "array"
                        },
                        {
                            "default": [],
                            "description": "Additional key=value annotations that should be applied to the image",
                            "name": "ANNOTATIONS",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Path to a file with additional key=value annotations that should be applied to the image",
                            "name": "ANNOTATIONS_FILE",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to enable privileged mode, should be used only with remote VMs",
                            "name": "PRIVILEGED_NESTED",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Skip SBOM-related operations. This will likely cause EC policies to fail if enabled",
                            "name": "SKIP_SBOM_GENERATION",
                            "type": "string"
                        },
                        {
                            "default": "spdx",
                            "description": "Select the SBOM format to generate. Valid values: spdx, cyclonedx. Note: the SBOM from the prefetch task - if there is one - must be in the same format.",
                            "name": "SBOM_TYPE",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Extra option to customize Syft's default catalogers when generating SBOMs. The value corresponds to Syft's CLI flag --select-catalogers. The details about available catalogers can be found here: https://github.com/anchore/syft/wiki/Package-Cataloger-Selection",
                            "name": "SBOM_SYFT_SELECT_CATALOGERS",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Flag to enable or disable SBOM generation from source code. The scanner of the source code is enabled only for non-hermetic builds and can be disabled if the SBOM_SYFT_SELECT_CATALOGERS can't turn off catalogers that cause false positives on source code scanning.",
                            "name": "SBOM_SOURCE_SCAN_ENABLED",
                            "type": "string"
                        },
                        {
                            "default": "oci",
                            "description": "The format for the resulting image's mediaType. Valid values are oci (default) or docker.",
                            "name": "BUILDAH_FORMAT",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional base image references to include to the SBOM. Array of image_reference_with_digest strings",
                            "name": "ADDITIONAL_BASE_IMAGES",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Mount the current working directory into the build using --volume $PWD:/$WORKINGDIR_MOUNT. Note that the $PWD will be the context directory for the build (see the CONTEXT param).",
                            "name": "WORKINGDIR_MOUNT",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Determines if the image inherits the base image labels.",
                            "name": "INHERIT_BASE_IMAGE_LABELS",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTP/HTTPS proxy to use for the buildah pull and build operations. Will not be passed through to the container during the build process.",
                            "name": "HTTP_PROXY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma separated list of hosts or domains which should bypass the HTTP/HTTPS proxy.",
                            "name": "NO_PROXY",
                            "type": "string"
                        },
                        {
                            "default": "caching-ca-bundle",
                            "description": "The name of the ConfigMap to read proxy CA bundle data from.",
                            "name": "PROXY_CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the proxy CA bundle data.",
                            "name": "PROXY_CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Defines the single build time for all buildah builds in seconds since UNIX epoch. Conflicts with SOURCE_DATE_EPOCH.",
                            "name": "BUILD_TIMESTAMP",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The image is built from this URL.",
                            "name": "SOURCE_URL",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Determines if SBOM will be contextualized.",
                            "name": "CONTEXTUALIZE_SBOM",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Flag to enable or disable SBOM validation before save. Validation is optional - use this if you are experiencing performance issues.",
                            "name": "SBOM_SKIP_VALIDATION",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Omit build history information from the resulting image. Improves reproducibility by excluding timestamps and layer metadata.",
                            "name": "OMIT_HISTORY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Timestamp in seconds since Unix epoch for reproducible builds. Sets image created time and SOURCE_DATE_EPOCH build arg. Conflicts with BUILD_TIMESTAMP.",
                            "name": "SOURCE_DATE_EPOCH",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Clamp mtime of all files to at most SOURCE_DATE_EPOCH. Does nothing if SOURCE_DATE_EPOCH is not defined.",
                            "name": "REWRITE_TIMESTAMP",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Don't inject a content-sets.json or a labels.json file. This requires that the canonical Containerfile takes care of this itself.",
                            "name": "SKIP_INJECTIONS",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest of the image just built",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "description": "Image repository and tag where the built image was pushed",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image reference of the built image",
                            "name": "IMAGE_REF",
                            "type": "string"
                        },
                        {
                            "description": "Reference of SBOM blob digest to enable digest-based verification from provenance",
                            "name": "SBOM_BLOB_URL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {
                            "limits": {
                                "memory": "4Gi"
                            },
                            "requests": {
                                "cpu": "1",
                                "memory": "4Gi"
                            }
                        },
                        "env": [
                            {
                                "name": "STORAGE_DRIVER",
                                "value": "overlay"
                            },
                            {
                                "name": "HERMETIC",
                                "value": "false"
                            },
                            {
                                "name": "SOURCE_CODE_DIR",
                                "value": "source"
                            },
                            {
                                "name": "CONTEXT",
                                "value": "python-component"
                            },
                            {
                                "name": "IMAGE",
                                "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                            },
                            {
                                "name": "TLSVERIFY",
                                "value": "true"
                            },
                            {
                                "name": "IMAGE_EXPIRES_AFTER",
                                "value": "5d"
                            },
                            {
                                "name": "YUM_REPOS_D_SRC",
                                "value": "repos.d"
                            },
                            {
                                "name": "YUM_REPOS_D_FETCHED",
                                "value": "fetched.repos.d"
                            },
                            {
                                "name": "YUM_REPOS_D_TARGET",
                                "value": "/etc/yum.repos.d"
                            },
                            {
                                "name": "TARGET_STAGE"
                            },
                            {
                                "name": "ENTITLEMENT_SECRET",
                                "value": "etc-pki-entitlement"
                            },
                            {
                                "name": "ACTIVATION_KEY",
                                "value": "activation-key"
                            },
                            {
                                "name": "ADDITIONAL_SECRET",
                                "value": "does-not-exist"
                            },
                            {
                                "name": "BUILD_ARGS_FILE"
                            },
                            {
                                "name": "ADD_CAPABILITIES"
                            },
                            {
                                "name": "SQUASH",
                                "value": "false"
                            },
                            {
                                "name": "SKIP_UNUSED_STAGES",
                                "value": "true"
                            },
                            {
                                "name": "PRIVILEGED_NESTED",
                                "value": "false"
                            },
                            {
                                "name": "SKIP_SBOM_GENERATION",
                                "value": "false"
                            },
                            {
                                "name": "SBOM_TYPE",
                                "value": "spdx"
                            },
                            {
                                "name": "SBOM_SYFT_SELECT_CATALOGERS"
                            },
                            {
                                "name": "SBOM_SOURCE_SCAN_ENABLED",
                                "value": "true"
                            },
                            {
                                "name": "ANNOTATIONS_FILE"
                            },
                            {
                                "name": "WORKINGDIR_MOUNT"
                            },
                            {
                                "name": "INHERIT_BASE_IMAGE_LABELS",
                                "value": "true"
                            },
                            {
                                "name": "BUILD_TIMESTAMP"
                            },
                            {
                                "name": "CONTEXTUALIZE_SBOM",
                                "value": "true"
                            },
                            {
                                "name": "SBOM_SKIP_VALIDATION",
                                "value": "true"
                            },
                            {
                                "name": "SKIP_INJECTIONS",
                                "value": "false"
                            }
                        ],
                        "imagePullPolicy": "IfNotPresent",
                        "volumeMounts": [
                            {
                                "mountPath": "/shared",
                                "name": "shared"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--build-args",
                                "--env",
                                "--labels",
                                "--annotations"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "4600m",
                                    "memory": "8Gi"
                                },
                                "requests": {
                                    "cpu": "4600m",
                                    "memory": "8Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/root"
                                },
                                {
                                    "name": "COMMIT_SHA",
                                    "value": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                },
                                {
                                    "name": "SOURCE_URL",
                                    "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                                },
                                {
                                    "name": "DOCKERFILE",
                                    "value": "docker/Dockerfile"
                                },
                                {
                                    "name": "BUILDAH_HTTP_PROXY"
                                },
                                {
                                    "name": "BUILDAH_NO_PROXY"
                                },
                                {
                                    "name": "ICM_KEEP_COMPAT_LOCATION",
                                    "value": "true"
                                },
                                {
                                    "name": "BUILDAH_OMIT_HISTORY",
                                    "value": "false"
                                },
                                {
                                    "name": "BUILDAH_SOURCE_DATE_EPOCH"
                                },
                                {
                                    "name": "BUILDAH_REWRITE_TIMESTAMP",
                                    "value": "false"
                                }
                            ],
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "build",
                            "script": "#!/bin/bash\nset -euo pipefail\n\nfunction set_proxy {\n  if [ -n \"${BUILDAH_HTTP_PROXY}\" ]; then\n    echo \"[$(date --utc -Ins)] Setting proxy to ${BUILDAH_HTTP_PROXY}\"\n    export HTTP_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    export HTTPS_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    export ALL_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    if [ -n \"${BUILDAH_NO_PROXY}\" ]; then\n      echo \"[$(date --utc -Ins)] Bypassing proxy for ${BUILDAH_NO_PROXY}\"\n      export NO_PROXY=\"${BUILDAH_NO_PROXY}\"\n    fi\n  fi\n}\n\nfunction unset_proxy {\n  echo \"[$(date --utc -Ins)] Unsetting proxy\"\n  unset HTTP_PROXY HTTPS_PROXY ALL_PROXY NO_PROXY\n}\n\necho \"[$(date --utc -Ins)] Validate context path\"\n\nif [ -z \"$CONTEXT\" ]; then\n  echo \"WARNING: CONTEXT is empty. Defaulting to '.' (the source directory).\" \u003e\u00262\n  CONTEXT=\".\"\nfi\n\nsource_dir_path=$(realpath \"$SOURCE_CODE_DIR\")\ncontext_dir_path=$(realpath \"$SOURCE_CODE_DIR/$CONTEXT\")\n\ncase \"$context_dir_path\" in\n  \"$source_dir_path\" | \"$source_dir_path/\"*)\n    # path is valid, do nothing\n    ;;\n  *)\n    echo \"ERROR: The CONTEXT parameter ('$CONTEXT') is invalid because it escapes the source directory.\" \u003e\u00262\n    echo \"Source path: $source_dir_path\" \u003e\u00262\n    echo \"Resolved path: $context_dir_path\" \u003e\u00262\n    exit 1\n    ;;\nesac\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nproxy_ca_bundle=/mnt/proxy-ca-bundle/ca-bundle.crt\nupdate_ca_trust=false\n\nif [ -f \"$ca_bundle\" ]; then\n  echo \"[$(date --utc -Ins)] Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors/ca-bundle.crt\n  update_ca_trust=true\nfi\n\nif [ -f \"$proxy_ca_bundle\" ] \u0026\u0026 [ -n \"${BUILDAH_HTTP_PROXY}\" ]; then\n  echo \"[$(date --utc -Ins)] Using mounted proxy CA bundle: $proxy_ca_bundle\"\n  cp -vf $proxy_ca_bundle /etc/pki/ca-trust/source/anchors/proxy-ca-bundle.crt\n  update_ca_trust=true\nfi\n\nif [ \"$update_ca_trust\" = \"true\" ]; then\n  update-ca-trust\nfi\n\necho \"[$(date --utc -Ins)] Prepare Dockerfile\"\n\nif [ -e \"$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE\" ]; then\n  dockerfile_path=\"$(pwd)/$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE\"\nelif [ -e \"$SOURCE_CODE_DIR/$DOCKERFILE\" ]; then\n  dockerfile_path=\"$(pwd)/$SOURCE_CODE_DIR/$DOCKERFILE\"\nelif [ -e \"$DOCKERFILE\" ]; then\n  # Instrumented builds (SAST) use this custom dockerfile step as their base\n  dockerfile_path=\"$DOCKERFILE\"\nelse\n  echo \"Cannot find Dockerfile $DOCKERFILE\"\n  exit 1\nfi\n\ndockerfile_copy=$(mktemp --tmpdir \"$(basename \"$dockerfile_path\").XXXXXX\")\ncp \"$dockerfile_path\" \"$dockerfile_copy\"\n\n# Inject the image content manifest into the container we are producing.\n# This will generate the content-sets.json file and copy it by appending a COPY\n# instruction to the Containerfile.\nicm_opts=()\nif [ \"${ICM_KEEP_COMPAT_LOCATION}\" = \"true\" ]; then\n  icm_opts+=(-c)\nfi\nif [ \"${SKIP_INJECTIONS}\" = \"false\" ]; then\n  inject-icm-to-containerfile \"${icm_opts[@]}\" \"$dockerfile_copy\" \"/var/workdir/cachi2/output/bom.json\" \"$SOURCE_CODE_DIR/$CONTEXT\"\nfi\n\necho \"[$(date --utc -Ins)] Prepare system (architecture: $(uname -m))\"\n\n# Fixing group permission on /var/lib/containers\nchown root:root /var/lib/containers\n\nsed -i 's/^\\s*short-name-mode\\s*=\\s*.*/short-name-mode = \"disabled\"/' /etc/containers/registries.conf\n\n# Setting new namespace to run buildah - 2^32-2\necho 'root:1:4294967294' | tee -a /etc/subuid \u003e\u003e /etc/subgid\n\nbuild_args=()\nenv_vars=()\n\nLABELS=()\nANNOTATIONS=()\n# Append any annotations from the specified file\nif [ -n \"${ANNOTATIONS_FILE}\" ] \u0026\u0026 [ -f \"${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\" ]; then\n  echo \"Reading annotations from file: ${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\"\n  while IFS= read -r line || [[ -n \"$line\" ]]; do\n    # Skip empty lines and comments\n    if [[ -n \"$line\" \u0026\u0026 ! \"$line\" =~ ^[[:space:]]*# ]]; then\n      ANNOTATIONS+=(\"--annotation\" \"$line\")\n    fi\n  done \u003c \"${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\"\nfi\n\n# Split `args` into two sets of arguments.\nwhile [[ $# -gt 0 ]]; do\n    case $1 in\n        --build-args)\n            shift\n            # Note: this may result in multiple --build-arg=KEY=value flags with the same KEY being\n            # passed to buildah. In that case, the *last* occurrence takes precedence. This is why\n            # we append BUILD_ARGS after the content of the BUILD_ARGS_FILE\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do build_args+=(\"$1\"); shift; done\n            ;;\n        --env)\n            shift\n            # Collect env entries of the form KEY=value\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do env_vars+=(\"$1\"); shift; done\n            ;;\n        --labels)\n            shift\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do LABELS+=(\"--label\" \"$1\"); shift; done\n            ;;\n        --annotations)\n            shift\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do ANNOTATIONS+=(\"--annotation\" \"$1\"); shift; done\n            ;;\n        *)\n            echo \"unexpected argument: $1\" \u003e\u00262\n            exit 2\n            ;;\n    esac\ndone\n\nBUILD_ARG_FLAGS=()\nfor build_arg in \"${build_args[@]}\"; do\n  BUILD_ARG_FLAGS+=(\"--build-arg=$build_arg\")\ndone\n\nENV_FLAGS=()\nfor env_var in \"${env_vars[@]}\"; do\n  ENV_FLAGS+=(\"--env=$env_var\")\ndone\n\nDOCKERFILE_ARG_FLAGS=()\nDOCKERFILE_ARG_FLAGS+=(\"${BUILD_ARG_FLAGS[@]}\")\nDOCKERFILE_ARG_FLAGS+=(\"${ENV_FLAGS[@]}\")\n\nif [ -n \"${BUILD_ARGS_FILE}\" ]; then\n  DOCKERFILE_ARG_FLAGS+=(\"--build-arg-file=${SOURCE_CODE_DIR}/${BUILD_ARGS_FILE}\")\nfi\n\ndockerfile-json \"${DOCKERFILE_ARG_FLAGS[@]}\" \"$dockerfile_copy\" \u003e /shared/parsed_dockerfile.json\nBASE_IMAGES=$(\n    jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName | select(test(\"^oci-archive:\") | not)' /shared/parsed_dockerfile.json |\n      tr -d '\"' |\n      tr -d \"'\"\n)\n\nBUILDAH_ARGS=()\nUNSHARE_ARGS=()\n\nif [ \"${HERMETIC}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--pull=never\")\n  UNSHARE_ARGS+=(\"--net\")\n  buildah_retries=3\n\n  set_proxy\n\n  for image in $BASE_IMAGES; do\n    if ! retry unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 --mount -- buildah pull --retry \"$buildah_retries\" \"$image\"\n    then\n      echo \"Failed to pull base image ${image}\"\n      exit 1\n    fi\n  done\n\n  unset_proxy\n\n  echo \"Build will be executed with network isolation\"\nfi\n\nif [ -n \"${TARGET_STAGE}\" ]; then\n  BUILDAH_ARGS+=(\"--target=${TARGET_STAGE}\")\nfi\n\nBUILDAH_ARGS+=(\"${BUILD_ARG_FLAGS[@]}\")\nBUILDAH_ARGS+=(\"${ENV_FLAGS[@]}\")\n\nif [ -n \"${BUILD_ARGS_FILE}\" ]; then\n  BUILDAH_ARGS+=(\"--build-arg-file=$(realpath \"${SOURCE_CODE_DIR}/${BUILD_ARGS_FILE}\")\")\nfi\n\n# Necessary for newer version of buildah if the host system does not contain up to date version of container-selinux\n# TODO remove the option once all hosts were updated\nBUILDAH_ARGS+=(\"--security-opt=unmask=/proc/interrupts\")\n\nif [ \"${PRIVILEGED_NESTED}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--security-opt=label=disable\")\n  BUILDAH_ARGS+=(\"--cap-add=all\")\n  BUILDAH_ARGS+=(\"--device=/dev/fuse\")\nfi\n\nif [ -n \"${ADD_CAPABILITIES}\" ]; then\n  BUILDAH_ARGS+=(\"--cap-add=${ADD_CAPABILITIES}\")\nfi\n\nif [ \"${SQUASH}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--squash\")\nfi\n\nif [ \"${SKIP_UNUSED_STAGES}\" != \"true\" ] ; then\n  BUILDAH_ARGS+=(\"--skip-unused-stages=false\")\nfi\n\nif [ \"${INHERIT_BASE_IMAGE_LABELS}\" != \"true\" ] ; then\n  BUILDAH_ARGS+=(\"--inherit-labels=false\")\nfi\n\nif [ -n \"${BUILDAH_SOURCE_DATE_EPOCH}\" ]; then\n  BUILDAH_ARGS+=(\"--source-date-epoch=${BUILDAH_SOURCE_DATE_EPOCH}\")\n  if [ \"${BUILDAH_REWRITE_TIMESTAMP}\" = \"true\" ]; then\n    BUILDAH_ARGS+=(\"--rewrite-timestamp\")\n  fi\n  if [ -n \"$BUILD_TIMESTAMP\" ]; then\n    echo \"ERROR: cannot use both BUILD_TIMESTAMP and SOURCE_DATE_EPOCH\"\n    exit 1\n  fi\n  # but do set it so that we get all the labels/annotations associated with it\n  BUILD_TIMESTAMP=\"$BUILDAH_SOURCE_DATE_EPOCH\"\nfi\n\nif [ \"${BUILDAH_OMIT_HISTORY}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--omit-history\")\nfi\n\nVOLUME_MOUNTS=()\n\necho \"[$(date --utc -Ins)] Setup prefetched\"\n\nif [ -f \"/workspace/source/cachi2/cachi2.env\" ]; then\n  # Identify the current arch to filter the prefetched content\n  PREFETCH_ARCH=\"$(uname -m)\"\n  echo \"$PREFETCH_ARCH\" \u003e /shared/prefetch-arch\n\n  echo \"Prefetched content will be made available\"\n\n  cp -r \"/workspace/source/cachi2\" /tmp/\n  chmod -R go+rwX /tmp/cachi2\n\n  # In case RPMs were prefetched and this is a multi-arch build,\n  # clean up the packages that do not match the architecture being built\n  RPM_PREFETCH_DIR=\"/tmp/cachi2/output/deps/rpm\"\n  if [ -d \"$RPM_PREFETCH_DIR\" ] \u0026\u0026 [ \"$(find $RPM_PREFETCH_DIR | wc -l)\" -gt 1 ]; then\n    echo \"Removing prefetched RPMs from non-matching architectures\"\n    PREFETCH_ARCH=\"$(uname -m)\"\n    for path in \"$RPM_PREFETCH_DIR\"/*; do\n      if [ \"$(basename \"$path\")\" != \"$PREFETCH_ARCH\" ]; then\n        echo \"Removing: $path\"\n        rm -rf \"$path\"\n      else\n        echo \"Keeping: $path\"\n      fi\n    done\n  fi\n\n  VOLUME_MOUNTS+=(--volume /tmp/cachi2:/cachi2)\n  # Read in the whole file (https://unix.stackexchange.com/questions/533277), then\n  # for each RUN ... line insert the cachi2.env command *after* any options like --mount\n  sed -E -i \\\n      -e 'H;1h;$!d;x' \\\n      -e 's@^\\s*(run((\\s|\\\\\\n)+-\\S+)*(\\s|\\\\\\n)+)@\\1. /cachi2/cachi2.env \\\u0026\\\u0026 \\\\\\n    @igM' \\\n      \"$dockerfile_copy\"\n\n  prefetched_repo_for_my_arch=\"/tmp/cachi2/output/deps/rpm/$(uname -m)/repos.d/cachi2.repo\"\n  if [ -f \"$prefetched_repo_for_my_arch\" ]; then\n    echo \"Adding $prefetched_repo_for_my_arch to $YUM_REPOS_D_FETCHED\"\n    mkdir -p \"$YUM_REPOS_D_FETCHED\"\n    if [ ! -f \"${YUM_REPOS_D_FETCHED}/cachi2.repo\" ]; then\n      cp \"$prefetched_repo_for_my_arch\" \"$YUM_REPOS_D_FETCHED\"\n    fi\n  fi\nfi\n\n# if yum repofiles stored in git, copy them to mount point outside the source dir\nif [ -d \"${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}\" ]; then\n  mkdir -p \"${YUM_REPOS_D_FETCHED}\"\n  cp -r \"${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}\"/* \"${YUM_REPOS_D_FETCHED}\"\nfi\n\n# if anything in the repofiles mount point (either fetched or from git), mount it\nif [ -d \"${YUM_REPOS_D_FETCHED}\" ]; then\n  chmod -R go+rwX \"${YUM_REPOS_D_FETCHED}\"\n  mount_point=$(realpath \"${YUM_REPOS_D_FETCHED}\")\n  VOLUME_MOUNTS+=(--volume \"${mount_point}:${YUM_REPOS_D_TARGET}\")\nfi\n\nDEFAULT_LABELS=(\n  \"--label\" \"architecture=$(uname -m)\"\n  \"--label\" \"vcs-type=git\"\n)\nif [ -n \"$COMMIT_SHA\" ]; then\n  DEFAULT_LABELS+=(\"--label\" \"vcs-ref=${COMMIT_SHA}\" \"--label\" \"org.opencontainers.image.revision=${COMMIT_SHA}\")\n  ANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.revision=${COMMIT_SHA}\")\nfi\nif [ -n \"$SOURCE_URL\" ]; then\n  DEFAULT_LABELS+=(\"--label\" \"org.opencontainers.image.source=${SOURCE_URL}\")\n  ANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.source=${SOURCE_URL}\")\nfi\n[ -n \"$IMAGE_EXPIRES_AFTER\" ] \u0026\u0026 DEFAULT_LABELS+=(\"--label\" \"quay.expires-after=$IMAGE_EXPIRES_AFTER\")\n\nBUILD_TIMESTAMP_RFC3339=\"\"\nif [ -n \"$BUILD_TIMESTAMP\" ]; then\n  BUILD_TIMESTAMP_RFC3339=$(date -u -d \"@$BUILD_TIMESTAMP\" +'%Y-%m-%dT%H:%M:%SZ')\nelse\n  BUILD_TIMESTAMP_RFC3339=$(date -u +'%Y-%m-%dT%H:%M:%SZ')\nfi\n\nDEFAULT_LABELS+=(\"--label\" \"build-date=${BUILD_TIMESTAMP_RFC3339}\")\nDEFAULT_LABELS+=(\"--label\" \"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\nANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\n\nlabel_pairs=()\n# If INHERIT_BASE_IMAGE_LABELS is true, get the labels from the final base image only\ntouch base_images_labels.json\nif [[ \"$INHERIT_BASE_IMAGE_LABELS\" == \"true\" ]] \u0026\u0026 [[ -n \"$BASE_IMAGES\" ]]; then\n  FINAL_BASE_IMAGE=$(\n    # Get the base image of the final stage\n    # The final stage can refer to a previous `FROM xxx AS yyy` stage, for example 'FROM bar AS foo; ... ; FROM foo; ...'\n    # Define a function that keeps nesting recursively into the parent stages until it finds the original base image\n    # Run the find_root_stage() function on the final stage\n    # If the final stage is scratch or oci-archive, return empty\n    jq -r '.Stages as $all_stages |\n      def find_root_stage($stage):\n        if $stage.From.Stage then\n          find_root_stage($all_stages[$stage.From.Stage.Index])\n        else\n          $stage\n        end;\n\n        find_root_stage(.Stages[-1]) |\n        if .From.Scratch or (.BaseName | test(\"^oci-archive:\")) then\n          empty\n        else\n          .BaseName\n        end' /shared/parsed_dockerfile.json |\n      tr -d '\"' |\n      tr -d \"'\"\n  )\n  if [[ -n \"$FINAL_BASE_IMAGE\" ]]; then\n    set_proxy\n    buildah pull \"$FINAL_BASE_IMAGE\" \u003e/dev/null` `\n    unset_proxy\n    buildah inspect \"$FINAL_BASE_IMAGE\" | jq '.OCIv1.config.Labels' \u003e\"base_images_labels.json\"\n  fi\nfi\n\n# Concatenate defaults and explicit labels. If a label appears twice, the last one wins.\nLABELS=(\"${DEFAULT_LABELS[@]}\" \"${LABELS[@]}\")\n\n# Get all the default and explicit labels so that they can be written into labels.json\nfor label in \"${LABELS[@]}\"; do\n  if [[ \"$label\" != \"--label\" ]]; then\n    label_pairs+=(\"$label\")\n  fi\ndone\n\n# Labels that we explicitly add to the image\nlabel_pairs+=(\"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\nlabel_pairs+=(\"io.buildah.version=$(buildah version --json | jq -r '.version')\")\n\nwhile IFS= read -r label; do\n  label_pairs+=(\"$label\")\ndone \u003c \u003c(jq -r '.Stages[].Commands[] | select(.Name == \"LABEL\") | .Labels[] | \"\\(.Key)=\\(.Value)\"' /shared/parsed_dockerfile.json | sed 's/\"//g')\n\nprintf '%s\\n' \"${label_pairs[@]}\" | jq -Rn '\n  [ inputs | select(length\u003e0) ]\n| map( split(\"=\") | {(.[0]): (.[1] // \"\")} )\n  | add' \u003e\"image_labels.json\"\n\njq -s '(.[0] // {}) * (.[1] // {})' \"base_images_labels.json\" \"image_labels.json\" \u003e\"$SOURCE_CODE_DIR/$CONTEXT/labels.json\"\n\njq '.' \"$SOURCE_CODE_DIR/$CONTEXT/labels.json\"\n\nif [ \"${SKIP_INJECTIONS}\" = \"false\" ]; then\n  echo \"\" \u003e\u003e\"$dockerfile_copy\"\n  # Always write labels.json to the new standard location\n  echo 'COPY labels.json /usr/share/buildinfo/labels.json' \u003e\u003e\"$dockerfile_copy\"\n  # Conditionally write to the old location for backward compatibility\n  if [ \"${ICM_KEEP_COMPAT_LOCATION}\" = \"true\" ]; then\n    echo 'COPY labels.json /root/buildinfo/labels.json' \u003e\u003e\"$dockerfile_copy\"\n  fi\nfi\n\n# Make sure our labels.json file isn't filtered out\ncontainerignore=\"\"\nif [ -f \"$SOURCE_CODE_DIR/$CONTEXT/.containerignore\" ]; then\n  containerignore=\"$SOURCE_CODE_DIR/$CONTEXT/.containerignore\"\nelif [ -f \"$SOURCE_CODE_DIR/$CONTEXT/.dockerignore\" ]; then\n  containerignore=\"$SOURCE_CODE_DIR/$CONTEXT/.dockerignore\"\nfi\n\nif [ -n \"$containerignore\" ]; then\n  ignorefile_copy=$(mktemp --tmpdir \"$(basename \"$containerignore\").XXXXXX\")\n  cp \"$containerignore\" \"$ignorefile_copy\"\n  {\n    echo \"\"\n    echo \"!/labels.json\"\n    echo \"!/content-sets.json\"\n  } \u003e\u003e \"$ignorefile_copy\"\n  BUILDAH_ARGS+=(--ignorefile \"$ignorefile_copy\")\nfi\n\necho \"[$(date --utc -Ins)] Register sub-man\"\n\nACTIVATION_KEY_PATH=\"/activation-key\"\nENTITLEMENT_PATH=\"/entitlement\"\n\n# 0. if hermetic=true, skip all subscription related stuff\n# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.\n# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.\n# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.\n# 3. If the Dockerfile contains the string \"subcription-manager register\", add the activation-keys volume\n#    to buildah but don't pre-register for backwards compatibility. Mount an empty directory on\n#    shared emptydir volume to \"/etc/pki/entitlement\" to prevent certificates from being included\n\nif [ \"${HERMETIC}\" != \"true\" ] \u0026\u0026 [ -e /activation-key/org ]; then\n  cp -r --preserve=mode \"$ACTIVATION_KEY_PATH\" /tmp/activation-key\n  mkdir -p /shared/rhsm/etc/pki/entitlement\n  mkdir -p /shared/rhsm/etc/pki/consumer\n\n  VOLUME_MOUNTS+=(-v /tmp/activation-key:/activation-key \\\n                  -v /shared/rhsm/etc/pki/entitlement:/etc/pki/entitlement:Z \\\n                  -v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z)\n  echo \"Adding activation key to the build\"\n\n  if ! grep -E \"^[^#]*subscription-manager.[^#]*register\" \"$dockerfile_path\"; then\n    # user is not running registration in the Containerfile: pre-register.\n    echo \"Pre-registering with subscription manager.\"\n    export RETRY_MAX_TRIES=6\n    if ! retry subscription-manager register --org \"$(cat /tmp/activation-key/org)\" --activationkey \"$(cat /tmp/activation-key/activationkey)\"\n    then\n      echo \"Subscription-manager register failed\"\n      exit 1\n    fi\n    unset RETRY_MAX_TRIES\n    trap 'subscription-manager unregister || true' EXIT\n\n    # copy generated certificates to /shared volume\n    cp /etc/pki/entitlement/*.pem /shared/rhsm/etc/pki/entitlement\n    cp /etc/pki/consumer/*.pem /shared/rhsm/etc/pki/consumer\n\n    # and then mount get /etc/rhsm/ca/redhat-uep.pem into /run/secrets/rhsm/ca\n    VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)\n  fi\n\nelif [ \"${HERMETIC}\" != \"true\" ] \u0026\u0026 find /entitlement -name \"*.pem\" \u003e /dev/null; then\n  cp -r --preserve=mode \"$ENTITLEMENT_PATH\" /tmp/entitlement\n  VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)\n  echo \"Adding the entitlement to the build\"\nfi\n\nif [ -n \"$WORKINGDIR_MOUNT\" ]; then\n  if [[ \"$WORKINGDIR_MOUNT\" == *:* ]]; then\n    echo \"WORKINGDIR_MOUNT contains ':'\" \u003e\u00262\n    echo \"Refusing to proceed in case this is an attempt to set unexpected mount options.\" \u003e\u00262\n    exit 1\n  fi\n  # ${SOURCE_CODE_DIR}/${CONTEXT} will be the $PWD when we call 'buildah build'\n  # (we set the workdir using 'unshare -w')\n  context_dir=$(realpath \"${SOURCE_CODE_DIR}/${CONTEXT}\")\n  VOLUME_MOUNTS+=(--volume \"$context_dir:${WORKINGDIR_MOUNT}\")\nfi\n\nif [ -n \"${ADDITIONAL_VOLUME_MOUNTS-}\" ]; then\n  # ADDITIONAL_VOLUME_MOUNTS allows to specify more volumes for the build.\n  # Instrumented builds (SAST) use this step as their base and add some other tools.\n  while read -r volume_mount; do\n    VOLUME_MOUNTS+=(\"--volume=$volume_mount\")\n  done \u003c\u003c\u003c \"$ADDITIONAL_VOLUME_MOUNTS\"\nfi\n\necho \"[$(date --utc -Ins)] Add secrets\"\n\nADDITIONAL_SECRET_PATH=\"/additional-secret\"\nADDITIONAL_SECRET_TMP=\"/tmp/additional-secret\"\nif [ -d \"$ADDITIONAL_SECRET_PATH\" ]; then\n  cp -r --preserve=mode -L \"$ADDITIONAL_SECRET_PATH\" $ADDITIONAL_SECRET_TMP\n  while read -r filename; do\n    echo \"Adding the secret ${ADDITIONAL_SECRET}/${filename} to the build, available at /run/secrets/${ADDITIONAL_SECRET}/${filename}\"\n    BUILDAH_ARGS+=(\"--secret=id=${ADDITIONAL_SECRET}/${filename},src=$ADDITIONAL_SECRET_TMP/${filename}\")\n  done \u003c \u003c(find $ADDITIONAL_SECRET_TMP -maxdepth 1 -type f -exec basename {} \\;)\nfi\n\n# Prevent ShellCheck from giving a warning because 'image' is defined and 'IMAGE' is not.\ndeclare IMAGE\n\nbuildah_cmd_array=(\n    buildah build\n    \"${VOLUME_MOUNTS[@]}\"\n    \"${BUILDAH_ARGS[@]}\"\n    \"${LABELS[@]}\"\n    \"${ANNOTATIONS[@]}\"\n    --tls-verify=\"$TLSVERIFY\" --no-cache\n    --ulimit nofile=4096:4096\n    --http-proxy=false\n    -f \"$dockerfile_copy\" -t \"$IMAGE\" .\n)\nbuildah_cmd=$(printf \"%q \" \"${buildah_cmd_array[@]}\")\n\nif [ \"${HERMETIC}\" == \"true\" ]; then\n  # enabling loopback adapter enables Bazel builds to work in hermetic mode.\n  command=\"ip link set lo up \u0026\u0026 $buildah_cmd\"\nelse\n  command=\"$buildah_cmd\"\nfi\n\n# disable host subcription manager integration\nfind /usr/share/rhel/secrets -type l -exec unlink {} \\;\n\nset_proxy\n\necho \"[$(date --utc -Ins)] Run buildah build\"\necho \"[$(date --utc -Ins)] ${command}\"\n\nunshare -Uf \"${UNSHARE_ARGS[@]}\" --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w \"${SOURCE_CODE_DIR}/$CONTEXT\" --mount -- sh -c \"$command\"\n\nunset_proxy\n\necho \"[$(date --utc -Ins)] Add metadata\"\n\n# Save the SBOM produced in prefetch so it can be merged into the final SBOM later\nif [ -f \"/tmp/cachi2/output/bom.json\" ]; then\n  echo \"Making copy of sbom-prefetch.json\"\n  cp /tmp/cachi2/output/bom.json ./sbom-prefetch.json\nfi\n\ntouch /shared/base_images_digests\necho \"Recording base image digests used\"\nfor image in $BASE_IMAGES; do\n  # Get the image pullspec and filter out a tag if it is not set\n  # Use head -n 1 to ensure we only get one result even if multiple images match the filter\n  base_image_digest=$(buildah images --format '{{ .Name }}{{ if ne .Tag \"\u003cnone\u003e\" }}:{{ .Tag }}{{ end }}@{{ .Digest }}' --filter reference=\"$image\" | head -n 1)\n  # In some cases, there might be BASE_IMAGES, but not any associated digest. This happens\n  # if buildah did not use that particular image during build because it was skipped\n  if [ -n \"$base_image_digest\" ]; then\n    echo \"$image $base_image_digest\" | tee -a /shared/base_images_digests\n  fi\ndone\n\nimage_name=$(echo \"${IMAGE##*/}\" | tr ':' '-')\nbuildah push \"$IMAGE\" oci:\"/shared/$image_name.oci\"\necho \"/shared/$image_name.oci\" \u003e /shared/container_path\n\necho \"[$(date --utc -Ins)] End build\"\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/entitlement",
                                    "name": "etc-pki-entitlement"
                                },
                                {
                                    "mountPath": "/activation-key",
                                    "name": "activation-key"
                                },
                                {
                                    "mountPath": "/additional-secret",
                                    "name": "additional-secret"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/mnt/proxy-ca-bundle",
                                    "name": "proxy-ca-bundle",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "600m",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "600m",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/root"
                                },
                                {
                                    "name": "BUILDAH_FORMAT",
                                    "value": "docker"
                                },
                                {
                                    "name": "TASKRUN_NAME",
                                    "value": "python-component-bcqjpf-on-pull-request-zsqq6-build-container"
                                }
                            ],
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "push",
                            "script": "#!/bin/bash\nset -e\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\necho \"[$(date --utc -Ins)] Convert image\"\n\n# While we can build images with the desired format, we will simplify any local\n# and remote build differences by just performing any necessary conversions at\n# push time.\npush_format=oci\nif [ \"${BUILDAH_FORMAT}\" == \"docker\" ]; then\n  push_format=docker\nfi\n\necho \"[$(date --utc -Ins)] Push image with unique tag\"\n\nbuildah_retries=3\n\n# Push to a unique tag based on the TaskRun name to avoid race conditions\necho \"Pushing to ${IMAGE%:*}:${TASKRUN_NAME}\"\nif ! retry buildah push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:${TASKRUN_NAME}\"\nthen\n  echo \"Failed to push sbom image to ${IMAGE%:*}:${TASKRUN_NAME}\"\n  exit 1\nfi\n\necho \"[$(date --utc -Ins)] Push image with git revision\"\n\n# Push to a tag based on the git revision\necho \"Pushing to ${IMAGE}\"\nif ! retry buildah push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile \"/workspace/source/image-digest\" \"$IMAGE\" \\\n  \"docker://$IMAGE\"\nthen\n  echo \"Failed to push sbom image to $IMAGE\"\n  exit 1\nfi\n\ntee \"/tekton/results/IMAGE_DIGEST\" \u003c \"/workspace/source\"/image-digest\necho -n \"$IMAGE\" | tee /tekton/results/IMAGE_URL\n{\n  echo -n \"${IMAGE}@\"\n  cat \"/workspace/source/image-digest\"\n} \u003e \"/tekton/results/IMAGE_REF\"\necho\n\n# detect if keyless signing is required\nSIGNING_CONFIG='{}'\nKFLX_CONFIG_PATH='/tmp/konflux_config.json'\nif ! RETRY_STOP_IF_STDERR_MATCHES='configmaps \"cluster-config\" not found' retry kubectl get configmap cluster-config -n konflux-info -o json \u003e\"${KFLX_CONFIG_PATH}\"\nthen\n  echo \"Failed to fetch konflux cluster-config, default values will be used\" \u003e\u00262\nelse\n  SIGNING_CONFIG=\"$(cat ${KFLX_CONFIG_PATH})\"\nfi\n\n# configmap key -\u003e variable name mapping\ndeclare -A SIGNING_KEY_MAP=(\n  [defaultOIDCIssuer]=SIGSTORE_OIDC_ISSUER\n  [rekorInternalUrl]=REKOR_URL\n  [fulcioInternalUrl]=SIGSTORE_FULCIO_URL\n  [tufInternalUrl]=TUF_URL\n)\n\n# fallback keys when internal URL is not available\ndeclare -A SIGNING_FALLBACK_MAP=(\n  [rekorInternalUrl]=rekorExternalUrl\n  [fulcioInternalUrl]=fulcioExternalUrl\n  [tufInternalUrl]=tufExternalUrl\n)\n\nmissing=\"\"\nconfigured=0\nfor key in \"${!SIGNING_KEY_MAP[@]}\"; do\n  val=$(echo \"${SIGNING_CONFIG}\" | jq -r \".data.${key} // empty\")\n  if [ -z \"${val}\" ] \u0026\u0026 [ -n \"${SIGNING_FALLBACK_MAP[$key]+x}\" ]; then\n    fallback_key=\"${SIGNING_FALLBACK_MAP[$key]}\"\n    val=$(echo \"${SIGNING_CONFIG}\" | jq -r \".data.${fallback_key} // empty\")\n    if [ -n \"${val}\" ]; then\n      echo \"Using fallback ${fallback_key} instead of ${key}\"\n    fi\n  fi\n  if [ -z \"${val}\" ]; then\n    missing=\"${missing:+${missing}, }${key}\"\n  else\n    declare \"${SIGNING_KEY_MAP[$key]}=${val}\"\n    configured=$((configured + 1))\n  fi\ndone\n\nif [ \"${configured}\" -eq \"${#SIGNING_KEY_MAP[@]}\" ]; then\n  echo \"Keyless signing is enabled\"\n\n  # Save signing config for upload-sbom step\n  for key in \"${!SIGNING_KEY_MAP[@]}\"; do\n    envvar=\"${SIGNING_KEY_MAP[$key]}\"\n    printf '%s=%q\\n' \"${envvar}\" \"${!envvar}\"\n  done \u003e /shared/signing-config.env\n\n  echo \"Using Rekor URL: ${REKOR_URL}\"\n  echo \"Using Fulcio URL: ${SIGSTORE_FULCIO_URL}\"\n  echo \"Using OIDC issuer: ${SIGSTORE_OIDC_ISSUER}\"\n\n  echo \"Initializing TUF root from ${TUF_URL}\"\n  if ! retry cosign initialize --root \"${TUF_URL}/root.json\" --mirror \"${TUF_URL}\"\n  then\n    echo \"Failed to initialize TUF root\" \u003e\u00262\n    exit 1\n  fi\n\n  # env var consumed by cosign\n  SIGSTORE_ID_TOKEN=\"$(cat /var/run/sigstore/cosign/oidc-token)\"\n  export SIGSTORE_ID_TOKEN\n\n  IMAGE_REF=\"$(cat \"/tekton/results/IMAGE_REF\")\"\n\n  # Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\n  mkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"${IMAGE_REF}\" \u003e /tmp/auth/config.json\n  export DOCKER_CONFIG=/tmp/auth\n\n  echo \"[$(date --utc -Ins)] Sign image\"\n  echo \"Signing image ${IMAGE_REF} using keyless signing\"\n  if ! retry cosign sign -y \\\n    --rekor-url=\"${REKOR_URL}\" \\\n    --fulcio-url=\"${SIGSTORE_FULCIO_URL}\" \\\n    --oidc-issuer=\"${SIGSTORE_OIDC_ISSUER}\" \\\n    \"${IMAGE_REF}\"\n  then\n    echo \"Failed to sign image\" \u003e\u00262\n    exit 1\n  fi\nelif [ \"${configured}\" -eq 0 ]; then\n  echo \"Keyless signing is disabled (none of ${missing} are configured in the konflux-info/cluster-config configmap)\"\nelse\n  echo \"ERROR: Incomplete keyless signing configuration in konflux-info/cluster-config configmap. Missing: ${missing}\" \u003e\u00262\n  exit 1\nfi\n\necho \"[$(date --utc -Ins)] End push\"\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                },
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/var/run/sigstore/cosign",
                                    "name": "oidc-token",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "1100m",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1100m",
                                    "memory": "4Gi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "sbom-syft-generate",
                            "script": "#!/bin/bash\nset -euo pipefail\necho \"[$(date --utc -Ins)] Generate SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\ncase $SBOM_TYPE in\n  cyclonedx)\n    syft_sbom_type=cyclonedx-json@1.5 ;;\n  spdx)\n    syft_sbom_type=spdx-json@2.3 ;;\n  *)\n    echo \"Invalid SBOM type: $SBOM_TYPE. Valid: cyclonedx, spdx\" \u003e\u00262\n    exit 1\n    ;;\nesac\n\nOCI_DIR=\"$(cat /shared/container_path)\"\n\nsyft_oci_args=(\n  oci-dir:\"${OCI_DIR}\"\n  --output \"$syft_sbom_type=/workspace/source/sbom-image.json\"\n)\nsyft_source_args=(\n  dir:\"/workspace/source/$SOURCE_CODE_DIR/$CONTEXT\"\n  --output \"$syft_sbom_type=/workspace/source/sbom-source.json\"\n)\n\nif [ \"${SBOM_SYFT_SELECT_CATALOGERS}\" != \"\" ]; then\n  syft_oci_args+=(--select-catalogers \"${SBOM_SYFT_SELECT_CATALOGERS}\")\n  syft_source_args+=(--select-catalogers \"${SBOM_SYFT_SELECT_CATALOGERS}\")\nfi\n\necho \"Running syft on the image\"\nsyft \"${syft_oci_args[@]}\"\nif [[ \"${HERMETIC}\" == \"false\" \u0026\u0026 \"${SBOM_SOURCE_SCAN_ENABLED}\" == \"true\" ]]; then\n  echo \"Running syft on the source code\"\n  syft \"${syft_source_args[@]}\"\nelse\n  echo \"Skipping syft on source code.\"\nfi\n\necho \"[$(date --utc -Ins)] End sbom-syft-generate\"\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/shared",
                                    "name": "shared"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/source/source"
                        },
                        {
                            "args": [
                                "--additional-base-images"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/mobster:1.1.0-1770046049@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                            "name": "prepare-sboms",
                            "script": "#!/bin/bash\nset -euo pipefail\n\necho \"[$(date --utc -Ins)] Prepare SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\n# Convert Tekton array params into Mobster params\nADDITIONAL_BASE_IMAGES=()\nwhile [[ $# -gt 0 ]]; do\n  case $1 in\n    --additional-base-images)\n      shift\n      while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do ADDITIONAL_BASE_IMAGES+=(\"$1\"); shift; done\n      ;;\n    *)\n      echo \"unexpected argument: $1\" \u003e\u00262\n      exit 2\n      ;;\n  esac\ndone\n\nIMAGE_URL=\"$(cat \"/tekton/results/IMAGE_URL\")\"\nIMAGE_DIGEST=\"$(cat \"/tekton/results/IMAGE_DIGEST\")\"\n\necho \"[$(date --utc -Ins)] Generate SBOM with mobster\"\n\nmobster_args=(\n  generate\n  --output sbom.json\n)\n\n# Validation is a flag for `generate`, not `oci-image`, so we need to\n# handle it before the oci-image arguments\nif [ \"${SBOM_SKIP_VALIDATION}\" == \"true\" ]; then\n  echo \"Skipping SBOM validation\"\n  mobster_args+=(--skip-validation)\nfi\n\nmobster_args+=(\n  oci-image\n  --from-syft \"/workspace/source/sbom-image.json\"\n  --image-pullspec \"$IMAGE_URL\"\n  --image-digest \"$IMAGE_DIGEST\"\n  --parsed-dockerfile-path \"/shared/parsed_dockerfile.json\"\n  --base-image-digest-file \"/shared/base_images_digests\"\n)\n\nif [ -f \"/workspace/source/sbom-source.json\" ]; then\n  mobster_args+=(--from-syft \"/workspace/source/sbom-source.json\")\nfi\n\nif [ -f \"/workspace/source/sbom-prefetch.json\" ]; then\n  mobster_args+=(--from-hermeto \"/workspace/source/sbom-prefetch.json\")\nfi\n\nif [ -n \"${TARGET_STAGE}\" ]; then\n  mobster_args+=(--dockerfile-target \"${TARGET_STAGE}\")\nfi\n\nfor ADDITIONAL_BASE_IMAGE in \"${ADDITIONAL_BASE_IMAGES[@]}\"; do\n  mobster_args+=(--additional-base-image \"$ADDITIONAL_BASE_IMAGE\")\ndone\n\nif [ \"${CONTEXTUALIZE_SBOM}\" == \"true\" ] \u0026\u0026 [ \"${HERMETIC}\" == \"false\" ]; then\n  mobster_args+=(--contextualize)\nfi\n\nif [ -f \"/shared/prefetch-arch\" ]; then\n  mobster_args+=(--arch \"$(cat /shared/prefetch-arch)\")\nfi\n\nmobster \"${mobster_args[@]}\"\n\necho \"[$(date --utc -Ins)] End prepare-sboms\"\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "upload-sbom",
                            "script": "#!/bin/bash\nset -euo pipefail\n\necho \"[$(date --utc -Ins)] Upload SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\n# Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\nmkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"$(cat \"/tekton/results/IMAGE_REF\")\" \u003e /tmp/auth/config.json\nexport DOCKER_CONFIG=/tmp/auth\necho \"Pushing sbom to registry\"\nif ! retry cosign attach sbom --sbom sbom.json --type \"$SBOM_TYPE\" \"$(cat \"/tekton/results/IMAGE_REF\")\"\nthen\n    echo \"Failed to push sbom to registry\"\n    exit 1\nfi\n\n# Remove tag from IMAGE while allowing registry to contain a port number.\nsbom_repo=\"${IMAGE%:*}\"\nsbom_digest=\"$(sha256sum sbom.json | cut -d' ' -f1)\"\n# The SBOM_BLOB_URL is created by `cosign attach sbom`.\necho -n \"${sbom_repo}@sha256:${sbom_digest}\" | tee \"/tekton/results/SBOM_BLOB_URL\"\n\nif [ -f \"/shared/signing-config.env\" ]; then\n  # shellcheck source=/dev/null\n  source /shared/signing-config.env\n\n  echo \"Initializing TUF root from ${TUF_URL}\"\n  if ! retry cosign initialize --root \"${TUF_URL}/root.json\" --mirror \"${TUF_URL}\"\n  then\n    echo \"Failed to initialize TUF root\" \u003e\u00262\n    exit 1\n  fi\n\n  # env var consumed by cosign\n  SIGSTORE_ID_TOKEN=\"$(cat /var/run/sigstore/cosign/oidc-token)\"\n  export SIGSTORE_ID_TOKEN\n\n  IMAGE_REF=\"$(cat \"/tekton/results/IMAGE_REF\")\"\n\n  ATT_SBOM_TYPE=\"${SBOM_TYPE}\"\n  if [ \"${ATT_SBOM_TYPE}\" = \"spdx\" ]; then\n    # for format cossistency with cyclonedx format, we want to use spdxjson instad of spdx\n    # spdx export data as rawstring, we want structured json as cyclonedx\n    ATT_SBOM_TYPE=\"spdxjson\"\n  fi\n\n  echo \"[$(date --utc -Ins)] Sign SBOM\"\n  echo \"Signing and attaching SBOM to ${IMAGE_REF} using keyless signing\"\n  if ! retry cosign attest -y --type \"${ATT_SBOM_TYPE}\" --predicate sbom.json \\\n    --rekor-url=\"${REKOR_URL}\" \\\n    --fulcio-url=\"${SIGSTORE_FULCIO_URL}\" \\\n    --oidc-issuer=\"${SIGSTORE_OIDC_ISSUER}\" \\\n    \"${IMAGE_REF}\"\n  then\n    echo \"Failed to sign SBOM\" \u003e\u00262\n    exit 1\n  fi\nfi\n\necho\necho \"[$(date --utc -Ins)] End upload-sbom\"\n",
                            "securityContext": {
                                "runAsNonRoot": false,
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/var/run/sigstore/cosign",
                                    "name": "oidc-token",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "varlibcontainers"
                        },
                        {
                            "emptyDir": {},
                            "name": "shared"
                        },
                        {
                            "name": "etc-pki-entitlement",
                            "secret": {
                                "optional": true,
                                "secretName": "etc-pki-entitlement"
                            }
                        },
                        {
                            "name": "activation-key",
                            "secret": {
                                "optional": true,
                                "secretName": "activation-key"
                            }
                        },
                        {
                            "name": "additional-secret",
                            "secret": {
                                "optional": true,
                                "secretName": "does-not-exist"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "caching-ca-bundle",
                                "optional": true
                            },
                            "name": "proxy-ca-bundle"
                        },
                        {
                            "name": "oidc-token",
                            "projected": {
                                "sources": [
                                    {
                                        "serviceAccountToken": {
                                            "audience": "sigstore",
                                            "expirationSeconds": 600,
                                            "path": "oidc-token"
                                        }
                                    }
                                ]
                            }
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace containing the source code to build.",
                            "name": "source"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/573f545c-c75d-441d-813f-fea418755088",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:59:24Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "build-image-index",
                    "tekton.dev/task": "build-image-index",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-component-bcqjpf-on-pull-request-zsqq6-build-image-index",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "19993",
                "uid": "573f545c-c75d-441d-813f-fea418755088"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    },
                    {
                        "name": "COMMIT_SHA",
                        "value": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    },
                    {
                        "name": "IMAGE_EXPIRES_AFTER",
                        "value": "5d"
                    },
                    {
                        "name": "ALWAYS_BUILD_INDEX",
                        "value": "false"
                    },
                    {
                        "name": "IMAGES",
                        "value": [
                            "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d@sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                        ]
                    },
                    {
                        "name": "BUILDAH_FORMAT",
                        "value": "docker"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "build-image-index"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T15:59:42Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T15:59:42Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-a83810ad11843a3783342716f36be794-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        "entryPoint": "build-image-index",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-build-image-index"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "type": "string",
                        "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                    },
                    {
                        "name": "IMAGE_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    }
                ],
                "startTime": "2026-07-01T15:59:25Z",
                "steps": [
                    {
                        "container": "step-build",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "build",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://abf9c5a437251a660c75fba896f7834dfc13bb617f74f1d59b2ab1faf9a34480",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T15:59:35Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T15:59:31Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-create-sbom",
                        "imageID": "quay.io/konflux-ci/mobster@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                        "name": "create-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://20ba639f07b86d876a66541d691f609b647bc99094645f7c8fd35e8a0dfaed06",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T15:59:35Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T15:59:35Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload-sbom",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "upload-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://50bad0b04d54efecb46bb50cdde285bb6e4a20328ab07bf7487f187ce3de7bb4",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T15:59:39Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T15:59:35Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This takes existing Image Manifests and combines them in an Image Index.",
                    "params": [
                        {
                            "description": "The target image and tag where the image will be pushed to.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)",
                            "name": "TLSVERIFY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The commit the image is built from.",
                            "name": "COMMIT_SHA",
                            "type": "string"
                        },
                        {
                            "description": "List of Image Manifests to be referenced by the Image Index",
                            "name": "IMAGES",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Delete image tag after specified time resulting in garbage collection of the digest. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.",
                            "name": "IMAGE_EXPIRES_AFTER",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Build an image index even if IMAGES is of length 1. Default true. If the image index generation is skipped, the task will forward values for params.IMAGES[0] to results.IMAGE_*. In order to properly set all results, use the repository:tag@sha256:digest format for the IMAGES parameter.",
                            "name": "ALWAYS_BUILD_INDEX",
                            "type": "string"
                        },
                        {
                            "default": "vfs",
                            "description": "Storage driver to configure for buildah",
                            "name": "STORAGE_DRIVER",
                            "type": "string"
                        },
                        {
                            "default": "oci",
                            "description": "The format for the resulting image's mediaType. Valid values are oci (default) or docker.",
                            "name": "BUILDAH_FORMAT",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Flag to enable or disable SBOM validation before save. Validation is optional - use this if you are experiencing performance issues.",
                            "name": "SBOM_SKIP_VALIDATION",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest of the image just built",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "description": "Image repository and tag where the built image was pushed",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "List of all referenced image manifests",
                            "name": "IMAGES",
                            "type": "string"
                        },
                        {
                            "description": "Image reference of the built image containing both the repository and the digest",
                            "name": "IMAGE_REF",
                            "type": "string"
                        },
                        {
                            "description": "Reference of SBOM blob digest to enable digest-based verification from provenance",
                            "name": "SBOM_BLOB_URL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "env": [
                            {
                                "name": "BUILDAH_FORMAT",
                                "value": "docker"
                            },
                            {
                                "name": "COMMIT_SHA",
                                "value": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                            },
                            {
                                "name": "IMAGE",
                                "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                            },
                            {
                                "name": "TLSVERIFY",
                                "value": "true"
                            },
                            {
                                "name": "ALWAYS_BUILD_INDEX",
                                "value": "false"
                            },
                            {
                                "name": "STORAGE_DRIVER",
                                "value": "vfs"
                            }
                        ],
                        "volumeMounts": [
                            {
                                "mountPath": "/index-build-data",
                                "name": "shared-dir"
                            },
                            {
                                "mountPath": "/mnt/trusted-ca",
                                "name": "trusted-ca",
                                "readOnly": true
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d@sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "250m",
                                    "memory": "4Gi"
                                }
                            },
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "build",
                            "script": "#!/bin/bash\n# Fixing group permission on /var/lib/containers\nset -eu\nset -o pipefail\nchown root:root /var/lib/containers\n\nsed -i 's/^\\s*short-name-mode\\s*=\\s*.*/short-name-mode = \"disabled\"/' /etc/containers/registries.conf\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [[ $# -ne 1 \u0026\u0026 \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n  echo \"Skipping image index generation while supplying multiple image inputs is unsupported.\"\n  exit 2\nfi\n\nbuildah manifest create \"$IMAGE\"\nfor i in $@\ndo\n  TOADD=\"$i\"\n  TOADD_URL=\"$(echo \"$i\" | cut -d@ -f1)\"\n  TOADD_DIGEST=\"$(echo \"$i\" | cut -d@ -f2)\"\n  if [[ $(echo \"$i\" | tr -cd \":\" | wc -c) == 2 ]]; then\n    #format is repository:tag@sha256:digest\n    #we need to remove the tag, and just reference the digest\n    #as tag + digest is not supported\n    TOADD_REPOSITORY=\"$(echo \"$i\" | cut -d: -f1)\"\n    TOADD=\"${TOADD_REPOSITORY}@${TOADD_DIGEST}\"\n  fi\n  if [[ \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n    echo \"Skipping image index generation. Returning results for $TOADD.\"\n    echo -n \"${TOADD_URL}\" \u003e \"/tekton/results/IMAGE_URL\"\n    echo -n \"${TOADD_DIGEST}\" \u003e \"/tekton/results/IMAGE_DIGEST\"\n    echo -n \"${TOADD}\" \u003e \"/tekton/results/IMAGES\"\n    exit 0\n  fi\n\n  echo \"Adding $TOADD\"\n  buildah manifest add $IMAGE \"docker://$TOADD\" --all\ndone\n\necho \"Validating format consistency\"\nINCOMPATIBLE_STRING=\"vnd.oci.image.manifest\"\nINCOMPATIBLE_NAME=\"oci\"\nif [ \"$BUILDAH_FORMAT\" == \"oci\" ]; then\n  INCOMPATIBLE_STRING=\"vnd.docker.distribution.manifest\"\n  INCOMPATIBLE_NAME=\"docker\"\nfi\n\n# If mismatched formats (e.g., Docker manifests within an OCI index) exist locally, 'buildah push'\n# converts the inner manifests to match the target BUILDAH_FORMAT.\n# This alters the digests and breaks the link to the attached SBOMs.\nMANIFEST_MEDIA_TYPES=$(buildah manifest inspect \"$IMAGE\" | jq -er '.manifests[].mediaType')\nif echo \"$MANIFEST_MEDIA_TYPES\" | grep -q \"$INCOMPATIBLE_STRING\"; then\n  echo \"ERROR: Platform image contains $INCOMPATIBLE_NAME format, but index will be $BUILDAH_FORMAT\"\n  echo \"This will cause digest changes and break SBOM accessibility.\"\n  echo \"Ensure all platform images are built with buildah-format: $BUILDAH_FORMAT\"\n  exit 1\nfi\n\n# While the BUILDAH_FORMAT environment variable can define the push\n# format, lets be explicit about the format that we want when we push.\npush_format=oci\nif [ \"${BUILDAH_FORMAT}\" == \"docker\" ]; then\n  push_format=docker\nfi\n\nbuildah_retries=3\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://$IMAGE\"\nthen\n    echo \"Failed to push image ${IMAGE} to registry\"\n    exit 1\nfi\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:python-component-bcqjpf-on-pull-request-zsqq6-build-image-index\"\nthen\n    echo \"Failed to push image ${IMAGE%:*}:python-component-bcqjpf-on-pull-request-zsqq6-build-image-index to registry\"\n    exit 1\nfi\n\nINDEX_REPOSITORY=\"$(echo \"$IMAGE\" | cut -d@ -f1 | cut -d: -f1)\"\nMANIFEST_DIGESTS=$(buildah manifest inspect \"$IMAGE\" | jq -er \".manifests[].digest\")\nimage_manifests=\"\"\nfor i in $MANIFEST_DIGESTS\ndo\n  image_manifests=\"${image_manifests} ${INDEX_REPOSITORY}@${i},\"\ndone\n\ntee \"/tekton/results/IMAGE_DIGEST\" \u003c image-digest\necho -n \"$IMAGE\" | tee \"/tekton/results/IMAGE_URL\"\n{\n  echo -n \"${IMAGE}@\"\n  cat \"image-digest\"\n} \u003e \"/tekton/results/IMAGE_REF\"\necho -n \"${image_manifests:1:-1}\" \u003e \"/tekton/results/IMAGES\"\n\n# buildah manifest inspect will always give precedence to the local image.\n# Since we built this image in the same place as we are inspecting it, we can\n# just inspect it instead of finding the digest and inspecting the remote image.\nbuildah manifest inspect \"$IMAGE\" \u003e /index-build-data/manifest_data.json\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/mobster:1.1.0-1770046049@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                            "name": "create-sbom",
                            "script": "#!/bin/bash\nset -e\n\nMANIFEST_DATA_FILE=\"/index-build-data/manifest_data.json\"\nif [ ! -f \"$MANIFEST_DATA_FILE\" ]; then\n  echo \"The manifest_data.json file does not exist. Skipping the SBOM creation...\"\n  exit 0\nfi\n\nIMAGE_URL=\"$(cat \"/tekton/results/IMAGE_URL\")\"\nIMAGE_DIGEST=\"$(cat \"/tekton/results/IMAGE_DIGEST\")\"\necho \"Creating SBOM result file...\"\nmobster_args=(generate --output /index-build-data/index.spdx.json)\n\nif [ \"${SBOM_SKIP_VALIDATION}\" == \"true\" ]; then\n  echo \"Skipping SBOM validation\"\n  mobster_args+=(--skip-validation)\nfi\n\nmobster_args+=(\n  oci-index\n  --index-image-pullspec \"$IMAGE_URL\"\n  --index-image-digest \"$IMAGE_DIGEST\"\n  --index-manifest-path \"$MANIFEST_DATA_FILE\"\n)\nmobster \"${mobster_args[@]}\"\n"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "upload-sbom",
                            "script": "#!/bin/bash\nset -e\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSBOM_RESULT_FILE=\"/index-build-data/index.spdx.json\"\nif [ ! -f \"$SBOM_RESULT_FILE\" ]; then\n  echo \"The index.spdx.json file does not exists. Skipping the SBOM upload...\"\n  exit 0\nfi\n\n# Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\nmkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"$(cat \"/tekton/results/IMAGE_REF\")\" \u003e /tmp/auth/config.json\nexport DOCKER_CONFIG=/tmp/auth\n\necho \"Pushing sbom to registry\"\nif ! retry cosign attach sbom --sbom \"$SBOM_RESULT_FILE\" --type spdx \"$(cat \"/tekton/results/IMAGE_REF\")\"\nthen\n    echo \"Failed to push sbom to registry\"\n    exit 1\nfi\n\n# Remove tag from IMAGE while allowing registry to contain a port number.\nsbom_repo=\"${IMAGE%:*}\"\nsbom_digest=\"$(sha256sum \"$SBOM_RESULT_FILE\" | cut -d' ' -f1)\"\n# The SBOM_BLOB_URL is created by `cosign attach sbom`.\necho -n \"${sbom_repo}@sha256:${sbom_digest}\" | tee \"/tekton/results/SBOM_BLOB_URL\"\n",
                            "securityContext": {
                                "runAsNonRoot": false,
                                "runAsUser": 0
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "shared-dir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/a2661c5a-8ff9-431c-8687-0396b116c309",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:59:43Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "clair-scan",
                    "tekton.dev/task": "clair-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-component-bcqjpf-on-pull-request-zsqq6-clair-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "21659",
                "uid": "a2661c5a-8ff9-431c-8687-0396b116c309"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clair-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:01:39Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:01:39Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-pull-request-zsqq6-clair-scan-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        "entryPoint": "clair-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clair-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\", \"digests\": [\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\"]}}\n"
                    },
                    {
                        "name": "REPORTS",
                        "type": "string",
                        "value": "{\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\":\"sha256:9052b60fdb6bcb1947865ad967bb1e45b4698a2a4672c8158666ffeea3a6dcbe\"}\n"
                    },
                    {
                        "name": "SCAN_OUTPUT",
                        "type": "string",
                        "value": "{\"vulnerabilities\":{\"critical\":0,\"high\":331,\"medium\":873,\"low\":241,\"unknown\":2},\"unpatched_vulnerabilities\":{\"critical\":0,\"high\":4,\"medium\":489,\"low\":633,\"unknown\":0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:01:38+00:00\",\"note\":\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T15:59:43Z",
                "steps": [
                    {
                        "container": "step-get-image-manifests",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "get-image-manifests",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://ea330eab37ce3301d6aa14756697d65d63ed8d725187b348426b9fb0307a231e",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:20Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:14Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-get-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/clair-in-ci@sha256:e030a6094b6d88b430ed049a6a59808f4b795e9d8293d72a4bbab44da8cc429f",
                        "name": "get-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://4b6060e4805a12504eebddfdb69fee2501235eecdfd896a88ce9fe5ac383e0a8",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:01:01Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:21Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-oci-attach-report",
                        "imageID": "quay.io/konflux-ci/oras@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                        "name": "oci-attach-report",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://426a755d464124b9be642b7cdd190f4bfcac80a72501d26a9431294bcba2d496",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:01:06Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:01:01Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-conftest-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "conftest-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://b47bdf938962aec87cd6e28d04c398bd6bb3eeaf6531f0c4d11c19667c305a61",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:01:38Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\\\", \\\"digests\\\": [\\\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\\\"]}}\\n\",\"type\":1},{\"key\":\"REPORTS\",\"value\":\"{\\\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\\\":\\\"sha256:9052b60fdb6bcb1947865ad967bb1e45b4698a2a4672c8158666ffeea3a6dcbe\\\"}\\n\",\"type\":1},{\"key\":\"SCAN_OUTPUT\",\"value\":\"{\\\"vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":331,\\\"medium\\\":873,\\\"low\\\":241,\\\"unknown\\\":2},\\\"unpatched_vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":4,\\\"medium\\\":489,\\\"low\\\":633,\\\"unknown\\\":0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:01:38+00:00\\\",\\\"note\\\":\\\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:01:06Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for vulnerabilities using Clair, by comparing the components of container image against Clair's vulnerability databases.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform built by.",
                            "name": "image-platform",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused, should be removed in next task version.",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-oci-attach-report",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Clair scan result.",
                            "name": "SCAN_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        },
                        {
                            "description": "Mapping of image digests to report digests",
                            "name": "REPORTS",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "get-image-manifests",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\necho \"Inspecting raw image manifest $imageanddigest.\"\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"' | while read -r arch arch_sha; do\n    echo \"$arch_sha\" \u003e /tekton/home/image-manifest-$arch.sha\n  done\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task clair-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                },
                                "requests": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                                },
                                {
                                    "name": "IMAGE_PLATFORM"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clair-in-ci:v1",
                            "imagePullPolicy": "Always",
                            "name": "get-vulnerabilities",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n# shellcheck source=/utils.sh\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\n# the quay report format used by the Conftest rules in the\n# conftest-vulnerabilities step doesn't contain the \"issued\" date which\n# we require in the policy rules, so we resort to running clair-action\n# twice to produce both quay and clair formatted output\nclair_report() {\n  { retry clair-action report --image-ref=\"$1\" --db-path=/tmp/matcher.db --format=clair | tee  \"clair-report-$2.json\"; } \u0026\u0026 \\\n  { retry clair-action convert  --file-path=\"clair-report-$2.json\" --format=quay \u003e \"clair-result-$2.json\"; }\n}\n\nrun_clair_on_arch() {\n  local arch=\"$1\"\n  local sha_file=\"image-manifest-$arch.sha\"\n\n  if [ -e \"$sha_file\" ]; then\n    local arch_sha\n    arch_sha=$(\u003c\"$sha_file\")\n    local digest=\"${imagewithouttag}@${arch_sha}\"\n\n    echo \"Running clair-action on $arch image manifest...\"\n    clair_report \"$digest\" \"$arch\" || true\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n   fi\n}\n\nplatform=\"${IMAGE_PLATFORM}\"\n\n# If a platform is specified, extract the architecture and run clair-action on the corresponding image manifest\nif [ -n \"$platform\" ]; then\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n  # Validate against supported arch list. If it's not a known arch, fallback to amd64\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  run_clair_on_arch \"$arch\"\n\n# If no platform is specified, run clair-action on all available image manifests\nelse\n  for sha_file in image-manifest-*.sha; do\n    if [ -e \"$sha_file\" ]; then\n      arch=$(basename \"$sha_file\" | sed 's/image-manifest-//;s/.sha//')\n      run_clair_on_arch \"$arch\"\n    fi\n  done\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nimages_processed=$(echo \"${images_processed_template/\\[%s]/[$digests_processed_string]}\")\necho \"$images_processed\" \u003e images-processed.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_OCI_ATTACH_REPORT",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                            "name": "oci-attach-report",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nif [ \"$SKIP_OCI_ATTACH_REPORT\" = \"true\" ]; then\n  echo 'OCI attach report skipped by parameter.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\nif ! compgen -G \"clair-report-*.json\" \u003e /dev/null; then\n  echo 'No Clair reports generated. Skipping upload.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\necho \"Selecting auth\"\nselect-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n\nrepository=\"${IMAGE_URL/:*/}\"\n\narch() {\n  report_file=\"$1\"\n  arch=\"${report_file/*-}\"\n  echo \"${arch/.json/}\"\n}\n\nMEDIA_TYPE='application/vnd.redhat.clair-report+json'\n\nreports_json=\"\"\nfor f in clair-report-*.json; do\n  digest=$(cat \"image-manifest-$(arch \"$f\").sha\")\n  image_ref=\"${repository}@${digest}\"\n  echo \"Attaching $f to ${image_ref}\"\n  if ! report_digest=\"$(retry oras attach --no-tty --format go-template='{{.digest}}' --registry-config \\\n    \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${image_ref}\" \"$f:${MEDIA_TYPE}\")\"\n  then\n    echo \"Failed to attach ${f} to ${image_ref}\"\n    exit 1\n  fi\n  # shellcheck disable=SC2016\n  reports_json=\"$(yq --output-format json --indent=0 eval-all '. as $i ireduce ({}; . * $i)' \u003c(echo \"${reports_json}\") \u003c(echo \"${digest}: ${report_digest}\"))\"\ndone\necho \"${reports_json}\" \u003e reports.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "conftest-vulnerabilities",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nclair_result_files=$(ls /tekton/home/clair-result-*.json)\nif [ -z \"$clair_result_files\" ]; then\n  echo \"Previous step [get-vulnerabilities] failed: No clair-result files found in /tekton/home.\"\nfi\n\nmissing_vulnerabilities_files=\"\"\nfor file in $clair_result_files; do\n  file_suffix=$(basename \"$file\" | sed 's/clair-result-//;s/.json//')\n  if [ ! -s \"$file\" ]; then\n    echo \"Previous step [get-vulnerabilities] failed: $file is empty.\"\n  else\n    /usr/bin/conftest test --no-fail $file \\\n    --policy /project/clair/vulnerabilities-check.rego --namespace required_checks \\\n    --output=json | tee /tekton/home/clair-vulnerabilities-$file_suffix.json || true\n  fi\n\n  #check for missing \"clair-vulnerabilities-\u003carch\u003e/image-index\" file and create a string\n  if [ ! -f \"/tekton/home/clair-vulnerabilities-$file_suffix.json\" ]; then\n    missing_vulnerabilities_files+=\"${missing_vulnerabilities_files:+, }/tekton/home/clair-vulnerabilities-$file_suffix.json\"\n  fi\ndone\n\nif [ -n \"$missing_vulnerabilities_files\" ]; then\n  note=\"Task clair-scan failed: $missing_vulnerabilities_files did not generate. For details, check Tekton task log.\"\n  TEST_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"$missing_vulnerabilities_files did not generate correctly. For details, check conftest command in Tekton task log.\"\n  echo \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n  exit 0\nfi\n\nscan_result='{\"vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}, \"unpatched_vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}}'\nfor file in /tekton/home/clair-vulnerabilities-*.json; do\n    result=$(jq -rce \\\n        '{\n            vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            },\n            unpatched_vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            }\n        }' \"$file\")\n\n    scan_result=$(jq -s -rce \\\n          '.[0].vulnerabilities.critical += .[1].vulnerabilities.critical |\n          .[0].vulnerabilities.high += .[1].vulnerabilities.high |\n          .[0].vulnerabilities.medium += .[1].vulnerabilities.medium |\n          .[0].vulnerabilities.low += .[1].vulnerabilities.low |\n          .[0].vulnerabilities.unknown += .[1].vulnerabilities.unknown |\n          .[0].unpatched_vulnerabilities.critical += .[1].unpatched_vulnerabilities.critical |\n          .[0].unpatched_vulnerabilities.high += .[1].unpatched_vulnerabilities.high |\n          .[0].unpatched_vulnerabilities.medium += .[1].unpatched_vulnerabilities.medium |\n          .[0].unpatched_vulnerabilities.low += .[1].unpatched_vulnerabilities.low |\n          .[0].unpatched_vulnerabilities.unknown += .[1].unpatched_vulnerabilities.unknown |\n          .[0]' \u003c\u003c\u003c\"$scan_result $result\")\ndone\n\necho \"$scan_result\" | tee \"/tekton/results/SCAN_OUTPUT\"\n\ncat /tekton/home/images-processed.json | tee /tekton/results/IMAGES_PROCESSED\n# shellcheck disable=SC2154\ncat /tekton/home/reports.json \u003e \"/tekton/results/REPORTS\"\n\nnote=\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\"\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"$note\")\necho \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/057ca1eb-b5a6-48da-beba-c28e2a535a3e",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "virus, konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:59:43Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "clamav-scan",
                    "tekton.dev/task": "clamav-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-component-bcqjpf-on-pull-request-zsqq6-clamav-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "21568",
                "uid": "057ca1eb-b5a6-48da-beba-c28e2a535a3e"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clamav-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:01:35Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:01:35Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-pull-request-zsqq6-clamav-scan-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        "entryPoint": "clamav-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\", \"digests\": [\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"timestamp\":\"1782921689\",\"namespace\":\"required_checks\",\"successes\":2,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\",\"note\":\"All checks passed successfully\"}\n"
                    }
                ],
                "startTime": "2026-07-01T15:59:45Z",
                "steps": [
                    {
                        "container": "step-extract-and-scan-image",
                        "imageID": "quay.io/konflux-ci/clamav-db@sha256:2da6c1a37fef998b68b675505fb654b1123e3cd889c190c59b4527d11621e8fc",
                        "name": "extract-and-scan-image",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://66605fdc3f84982edb2b661f8418c6e1f7ca1eb8306cf65b945d72566e56d604",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:01:29Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\\\", \\\"digests\\\": [\\\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782921689\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:13Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://da90be5262a814b267ff822461b5755f076a9800807a037c98b34381f24f4230",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:01:34Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\\\", \\\"digests\\\": [\\\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782921689\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:01:29Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans the content of container images and OCI artifacts for viruses, malware, and other malicious content using ClamAV antivirus scanner.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image arch.",
                            "name": "image-arch",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "8",
                            "description": "Maximum number of threads clamd runs.",
                            "name": "clamd-max-threads",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-upload",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                },
                                "requests": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/work"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                                },
                                {
                                    "name": "IMAGE_ARCH"
                                },
                                {
                                    "name": "MAX_THREADS",
                                    "value": "8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clamav-db:latest",
                            "name": "extract-and-scan-image",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Start clamd in background\n/start-clamd.sh\n\n# Bootstrap .docker config in overridden HOME.\n# This prevents 'oc' CLI failures in clean environments where ~/.docker does not exist.\nif [ ! -d ~/.docker ]; then\n    mkdir -p ~/.docker\n    echo '{}' \u003e ~/.docker/config.json\nfi\n\nimagewithouttag=$(echo $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\" | tr -d '\\n')\n\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\n\n# check if image is attestation one, skip the clamav scan in such case\nif [[ $imageanddigest == *.att ]]\nthen\n    echo \"$imageanddigest is an attestation image. Skipping ClamAV scan.\"\n    exit 0\nfi\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\nmkdir logs\nmkdir content\ncd content\necho \"Detecting artifact type for ${imageanddigest}.\"\necho '{\"artifact\":{\"pullspec\":\"'\"${imageanddigest}\"'\",\"type\":\"unknown\",\"mediaType\":\"\"}}' \u003e /work/logs/artifact-meta.json\n\n# Function to scan content and process results with ClamAV and EC\n# Parameters:\n#   $1: destination - path to the content to scan\n#   $2: suffix - suffix for log file names (e.g., \"oci\", \"amd64\")\n#   $3: digest - digest to add to digests_processed array\n#   $4: scan_message - optional message describing what is being scanned\nscan_and_process() {\n  local destination=\"$1\"\n  local suffix=\"$2\"\n  local digest=\"$3\"\n  local scan_message=\"${4:-Scanning content}\"\n\n  db_version=$(clamdscan --version | sed 's|.*/\\(.*\\)/.*|\\1|')\n\n  echo \"$scan_message. This operation may take a while.\"\n  clamdscan \"${destination}\" -vi --multiscan --fdpass \\\n    | tee \"/work/logs/clamscan-result-${suffix}.log\" || true\n\n  echo \"Executed-on: Scan was executed on clamsdcan version - $(clamdscan --version) Database version: $db_version\" | tee -a \"/work/logs/clamscan-result-${suffix}.log\"\n\n  digests_processed+=(\"\\\"$digest\\\"\")\n\n  if [[ -e \"/work/logs/clamscan-result-${suffix}.log\" ]]; then\n    # OPA/EC requires structured data input, add clamAV log into json\n    jq -Rs '{ output: . }' \"/work/logs/clamscan-result-${suffix}.log\" \u003e \"/work/logs/clamscan-result-log-${suffix}.json\"\n\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o json \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" || true\n\n    # workaround: due to a bug in ec-cli, we cannot generate json and appstudio output at the same time, running it again\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o appstudio \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" | tee \"/work/logs/clamscan-ec-test-${suffix}.json\" || true\n\n    cat \"/work/logs/clamscan-ec-test-${suffix}.json\"\n  fi\n}\n\n# Detect artifact type: container image vs OCI artifact\n# First, try to get image manifests (works for container images)\n# Use subshell to prevent get_image_manifests() from exiting the main script if it fails\n# (get_image_manifests uses exit 1 when Architecture field is missing, which happens for OCI artifacts)\nimage_manifests=$(bash -c '. /utils.sh; get_image_manifests -i \"'\"${imageanddigest}\"'\"' 2\u003e/dev/null || echo \"\")\n\n# If get_image_manifests failed, check if it's an OCI artifact by inspecting manifest media type\nif [ -z \"$image_manifests\" ]; then\n  echo \"get_image_manifests returned empty, checking if this is an OCI artifact...\"\n  raw_manifest=$(skopeo inspect --raw --authfile ~/.docker/config.json \"docker://${imageanddigest}\" 2\u003e/dev/null || true)\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"inspected\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n\n  if [ -n \"$raw_manifest\" ]; then\n    media_type=$(echo \"$raw_manifest\" | jq -r '.mediaType // .config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n    artifact_type=$(echo \"$raw_manifest\" | jq -r '.artifactType // empty' 2\u003e/dev/null || echo \"\")\n    config_media_type=$(echo \"$raw_manifest\" | jq -r '.config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n\n    # Determine if this is an OCI artifact (not a container image)\n    # OCI artifacts typically have:\n    # - An empty/scratch config (config.mediaType contains \"empty\" or \"scratch\")\n    # - An explicit artifactType field that is not a container image type\n    is_oci_artifact=false\n\n    # Check if config is empty/scratch (typical for OCI artifacts like python wheels, helm charts, etc.)\n    if echo \"$config_media_type\" | grep -qiE \"(empty|scratch)\"; then\n      is_oci_artifact=true\n    fi\n\n    # Check if artifactType is set and is not a container image type\n    if [ -n \"$artifact_type\" ] \u0026\u0026 ! echo \"$artifact_type\" | grep -qE \"application/vnd\\.(oci|docker)\\.(image|container)\"; then\n      is_oci_artifact=true\n    fi\n\n    if [ \"$is_oci_artifact\" = true ]; then\n      # This is an OCI artifact (e.g., python wheels, helm charts, etc.)\n      echo \"Detected OCI artifact (artifactType: ${artifact_type:-unset}, config.mediaType: ${config_media_type:-unset}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.artifactType = '\"\\\"${artifact_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    elif echo \"$media_type\" | grep -qE \"(application/vnd\\.(docker|oci)\\.(distribution|image)\\.manifest|application/vnd\\.docker\\.distribution\\.manifest)\"; then\n      # This looks like a container image manifest, but get_image_manifests failed\n      echo \"Detected container image manifest type: $media_type, but get_image_manifests failed. This may indicate an error.\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"$media_type\\\"\"' | .artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      note=\"Task clamav-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n      ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n      echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n      exit 0\n    else\n      # Likely an OCI artifact with non-standard media type\n      echo \"Detected OCI artifact (media type: ${media_type:-unknown}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    fi\n  else\n    echo \"Failed to inspect artifact \\\"$imageanddigest\\\". Unable to determine type.\"\n    note=\"Task clamav-scan failed: Failed to inspect artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 0\n  fi\nfi\n\n# Process container images (existing logic)\nif [ -n \"$image_manifests\" ]; then\n  echo \"Detected container image. Processing image manifests.\"\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n  # Proceed only if a specific arch is provided.\n  # This typically occurs when using Tekton Matrix to launch multiple TaskRuns to scan all architectures of a multi-arch image in parallel.\n  if [ -n \"$IMAGE_ARCH\" ]; then\n    arch=\"${IMAGE_ARCH#*/}\"\n    if [ \"${arch}\" = \"x86_64\" ]; then\n      arch=\"amd64\"\n    fi\n\n    # Check if arch is supported; if not (e.g., it's 'local', see link below), default to amd64.\n    # https://github.com/redhat-appstudio/infra-deployments/blob/main/components/multi-platform-controller/production/stone-prd-rh01/host-config.yaml#L9-L14\n    case \"$arch\" in\n      amd64|ppc64le|arm64|s390x)\n        ;;\n      *)\n        arch=\"amd64\"\n        ;;\n    esac\n\n    image_manifests=$(echo \"$image_manifests\" | jq -c --arg arch \"$arch\" '{($arch): .[$arch]}')\n  fi\n\n  while read -r arch arch_sha; do\n    destination=$(echo content-$arch)\n    mkdir -p \"$destination\"\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    echo \"Running \\\"oc image extract\\\" on image of arch $arch\"\n    retry oc image extract --only-files=true --registry-config ~/.docker/config.json \"$arch_imageanddigest\" --path=\"/:${destination}\" --filter-by-os=\"linux/${arch}\"\n    if [ $? -ne 0 ]; then\n      echo \"Unable to extract image for arch $arch. Skipping ClamAV scan!\"\n      exit 0\n    fi\n\n    # Scan and process container image for this architecture\n    scan_and_process \"${destination}\" \"$arch\" \"$arch_sha\" \"Scanning image for arch $arch\"\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nfi\n\njq -s -rce '\n  reduce .[] as $item ({\"timestamp\":\"0\",\"namespace\":\"\",\"successes\":0,\"failures\":0,\"warnings\":0,\"result\":\"\",\"note\":\"\"};\n    {\n    \"timestamp\" : (if .timestamp \u003c $item.timestamp then $item.timestamp else .timestamp end),\n    \"namespace\" : $item.namespace,\n    \"successes\" : (.successes + $item.successes),\n    \"failures\" : (.failures + $item.failures),\n    \"warnings\" : (.warnings + $item.warnings),\n    \"result\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.result else .result end),\n    \"note\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.note else .note end)\n    })' /work/logs/clamscan-ec-test-*.json | tee /tekton/results/TEST_OUTPUT\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_UPLOAD",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\n# Skip upload if requested e.g. read-only CI tests where push access is denied\nif [ \"$SKIP_UPLOAD\" == \"true\" ]; then\n  echo \"Upload skipped by parameter.\"\n  exit 0\nfi\n\n# Don't return a glob expression when no matches are found\nshopt -s nullglob\n\ncd logs\n\nfor UPLOAD_FILE in clamscan-result*.log; do\n  MEDIA_TYPE=text/vnd.clamav\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\nfor UPLOAD_FILE in clamscan-ec-test*.json; do\n  MEDIA_TYPE=application/vnd.konflux.test_output+json\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\n\nif [ -z \"${args}\" ]; then\n  echo \"No files found. Skipping upload.\"\n  exit 0;\nfi\n\necho \"Selecting auth\"\nselect-oci-auth $IMAGE_URL \u003e $HOME/auth.json\necho \"Attaching to ${IMAGE_URL}\"\n retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type application/vnd.clamav \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${args[@]}\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "dbfolder"
                        },
                        {
                            "emptyDir": {},
                            "name": "work"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-177c6218cd",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/1b93bdea-187b-4b44-af5f-a7a78408e1e8",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/categories": "Git",
                    "tekton.dev/displayName": "git clone",
                    "tekton.dev/pipelines.minVersion": "0.21.0",
                    "tekton.dev/platforms": "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64",
                    "tekton.dev/tags": "git",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:55:23Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "clone-repository",
                    "tekton.dev/task": "git-clone",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-component-bcqjpf-on-pull-request-zsqq6-clone-repository",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "17012",
                "uid": "1b93bdea-187b-4b44-af5f-a7a78408e1e8"
            },
            "spec": {
                "params": [
                    {
                        "name": "url",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    },
                    {
                        "name": "revision",
                        "value": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "git-clone"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:7db7ad9653dccc771407cb0294487cf4be9064fa782ffad7e983db1a8ba57e21"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "output",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-5be0da5124"
                        }
                    },
                    {
                        "name": "basic-auth",
                        "secret": {
                            "secretName": "pac-gitauth-uhmncu"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T15:55:29Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T15:55:29Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-8f21d642eb1b9934c927699202a213db-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "7db7ad9653dccc771407cb0294487cf4be9064fa782ffad7e983db1a8ba57e21"
                        },
                        "entryPoint": "git-clone",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-git-clone"
                    }
                },
                "results": [
                    {
                        "name": "CHAINS-GIT_COMMIT",
                        "type": "string",
                        "value": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    },
                    {
                        "name": "CHAINS-GIT_URL",
                        "type": "string",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    },
                    {
                        "name": "commit",
                        "type": "string",
                        "value": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    },
                    {
                        "name": "commit-timestamp",
                        "type": "string",
                        "value": "1782921286"
                    },
                    {
                        "name": "short-commit",
                        "type": "string",
                        "value": "f978258"
                    },
                    {
                        "name": "url",
                        "type": "string",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    }
                ],
                "startTime": "2026-07-01T15:55:24Z",
                "steps": [
                    {
                        "container": "step-clone",
                        "imageID": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                        "name": "clone",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d4da3bee201fb2070a1fbba681ed853f34ac1ee94d4f9c88465542da79e67b9c",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T15:55:27Z",
                            "message": "[{\"key\":\"CHAINS-GIT_COMMIT\",\"value\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"type\":1},{\"key\":\"CHAINS-GIT_URL\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1},{\"key\":\"commit\",\"value\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"type\":1},{\"key\":\"commit-timestamp\",\"value\":\"1782921286\",\"type\":1},{\"key\":\"short-commit\",\"value\":\"f978258\",\"type\":1},{\"key\":\"url\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T15:55:27Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-symlink-check",
                        "imageID": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                        "name": "symlink-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://7278809210157a8e9a16e447fc3a579d738ca87a2c90ef90f3580a58b7966acf",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T15:55:28Z",
                            "message": "[{\"key\":\"CHAINS-GIT_COMMIT\",\"value\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"type\":1},{\"key\":\"CHAINS-GIT_URL\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1},{\"key\":\"commit\",\"value\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"type\":1},{\"key\":\"commit-timestamp\",\"value\":\"1782921286\",\"type\":1},{\"key\":\"short-commit\",\"value\":\"f978258\",\"type\":1},{\"key\":\"url\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T15:55:28Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "The git-clone Task will clone a repo from the provided url into the output Workspace. By default the repo will be cloned into the root of your Workspace.",
                    "params": [
                        {
                            "description": "Repository URL to clone from.",
                            "name": "url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Revision to checkout. (branch, tag, sha, ref, etc...)",
                            "name": "revision",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Refspec to fetch before checking out revision.",
                            "name": "refspec",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Initialize and fetch git submodules.",
                            "name": "submodules",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma-separated list of specific submodule paths to initialize and fetch. Only submodules in the specified directories and their subdirectories will be fetched.\nEmpty string fetches all submodules. Parameter \"submodules\" must be set to \"true\" to make this parameter applicable.\n",
                            "name": "submodulePaths",
                            "type": "string"
                        },
                        {
                            "default": "1",
                            "description": "Perform a shallow clone, fetching only the most recent N commits.",
                            "name": "depth",
                            "type": "string"
                        },
                        {
                            "default": "7",
                            "description": "Length of short commit SHA",
                            "name": "shortCommitLength",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.",
                            "name": "sslVerify",
                            "type": "string"
                        },
                        {
                            "default": "source",
                            "description": "Subdirectory inside the `output` Workspace to clone the repo into.",
                            "name": "subdirectory",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Define the directory patterns to match or exclude when performing a sparse checkout.",
                            "name": "sparseCheckoutDirectories",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Clean out the contents of the destination directory if it already exists before cloning.",
                            "name": "deleteExisting",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTP proxy server for non-SSL requests.",
                            "name": "httpProxy",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTPS proxy server for SSL requests.",
                            "name": "httpsProxy",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Opt out of proxying HTTP/HTTPS requests.",
                            "name": "noProxy",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Log the commands that are executed during `git-clone`'s operation.",
                            "name": "verbose",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Deprecated. Has no effect. Will be removed in the future.",
                            "name": "gitInitImage",
                            "type": "string"
                        },
                        {
                            "default": "/tekton/home",
                            "description": "Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user.\n",
                            "name": "userHome",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Check symlinks in the repo. If they're pointing outside of the repo, the build will fail.\n",
                            "name": "enableSymlinkCheck",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Fetch all tags for the repo.",
                            "name": "fetchTags",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Set to \"true\" to merge the targetBranch into the checked-out revision.",
                            "name": "mergeTargetBranch",
                            "type": "string"
                        },
                        {
                            "default": "main",
                            "description": "The target branch to merge into the revision (if mergeTargetBranch is true).",
                            "name": "targetBranch",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "URL of the repository to fetch the target branch from when mergeTargetBranch is true.\nIf empty, uses the same repository (origin). This allows merging a branch from a different repository.\n",
                            "name": "mergeSourceRepoUrl",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Perform a shallow fetch of the target branch, fetching only the most recent N commits.\nIf empty, fetches the full history of the target branch.\n",
                            "name": "mergeSourceDepth",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "The precise commit SHA that was fetched by this Task.",
                            "name": "commit",
                            "type": "string"
                        },
                        {
                            "description": "The commit SHA that was fetched by this Task limited to params.shortCommitLength number of characters",
                            "name": "short-commit",
                            "type": "string"
                        },
                        {
                            "description": "The precise URL that was fetched by this Task.",
                            "name": "url",
                            "type": "string"
                        },
                        {
                            "description": "The commit timestamp of the checkout",
                            "name": "commit-timestamp",
                            "type": "string"
                        },
                        {
                            "description": "The precise URL that was fetched by this Task. This result uses Chains type hinting to include in the provenance.",
                            "name": "CHAINS-GIT_URL",
                            "type": "string"
                        },
                        {
                            "description": "The precise commit SHA that was fetched by this Task. This result uses Chains type hinting to include in the provenance.",
                            "name": "CHAINS-GIT_COMMIT",
                            "type": "string"
                        },
                        {
                            "description": "The SHA of the commit after merging the target branch (if the param mergeTargetBranch is true).",
                            "name": "merged_sha",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/tekton/home"
                                },
                                {
                                    "name": "PARAM_URL",
                                    "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                                },
                                {
                                    "name": "PARAM_REVISION",
                                    "value": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                },
                                {
                                    "name": "PARAM_REFSPEC"
                                },
                                {
                                    "name": "PARAM_SUBMODULES",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBMODULE_PATHS"
                                },
                                {
                                    "name": "PARAM_DEPTH",
                                    "value": "1"
                                },
                                {
                                    "name": "PARAM_SHORT_COMMIT_LENGTH",
                                    "value": "7"
                                },
                                {
                                    "name": "PARAM_SSL_VERIFY",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBDIRECTORY",
                                    "value": "source"
                                },
                                {
                                    "name": "PARAM_DELETE_EXISTING",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_HTTP_PROXY"
                                },
                                {
                                    "name": "PARAM_HTTPS_PROXY"
                                },
                                {
                                    "name": "PARAM_NO_PROXY"
                                },
                                {
                                    "name": "PARAM_VERBOSE",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_SPARSE_CHECKOUT_DIRECTORIES"
                                },
                                {
                                    "name": "PARAM_USER_HOME",
                                    "value": "/tekton/home"
                                },
                                {
                                    "name": "PARAM_FETCH_TAGS",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_GIT_INIT_IMAGE"
                                },
                                {
                                    "name": "PARAM_MERGE_TARGET_BRANCH",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_TARGET_BRANCH",
                                    "value": "main"
                                },
                                {
                                    "name": "PARAM_MERGE_SOURCE_REPO_URL"
                                },
                                {
                                    "name": "PARAM_MERGE_SOURCE_DEPTH"
                                },
                                {
                                    "name": "WORKSPACE_OUTPUT_PATH",
                                    "value": "/workspace/output"
                                },
                                {
                                    "name": "WORKSPACE_SSH_DIRECTORY_BOUND",
                                    "value": "false"
                                },
                                {
                                    "name": "WORKSPACE_SSH_DIRECTORY_PATH"
                                },
                                {
                                    "name": "WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND",
                                    "value": "true"
                                },
                                {
                                    "name": "WORKSPACE_BASIC_AUTH_DIRECTORY_PATH",
                                    "value": "/workspace/basic-auth"
                                }
                            ],
                            "image": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                            "name": "clone",
                            "script": "#!/usr/bin/env sh\nset -eu\n\nif [ \"${PARAM_VERBOSE}\" = \"true\" ] ; then\n  set -x\nfi\n\nif [ -n \"${PARAM_GIT_INIT_IMAGE}\" ]; then\n  echo \"WARNING: provided deprecated gitInitImage parameter has no effect.\"\nfi\n\nif [ \"${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}\" = \"true\" ] ; then\n  if [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials\" ] \u0026\u0026 [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig\" ]; then\n    cp \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials\" \"${PARAM_USER_HOME}/.git-credentials\"\n    cp \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig\" \"${PARAM_USER_HOME}/.gitconfig\"\n  # Compatibility with kubernetes.io/basic-auth secrets\n  elif [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/username\" ] \u0026\u0026 [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/password\" ]; then\n    HOSTNAME=$(echo $PARAM_URL | awk -F/ '{print $3}')\n    echo \"https://$(cat ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/username):$(cat ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/password)@$HOSTNAME\" \u003e \"${PARAM_USER_HOME}/.git-credentials\"\n    echo -e \"[credential \\\"https://$HOSTNAME\\\"]\\n  helper = store\" \u003e \"${PARAM_USER_HOME}/.gitconfig\"\n  else\n    echo \"Unknown basic-auth workspace format\"\n    exit 1\n  fi\n  chmod 400 \"${PARAM_USER_HOME}/.git-credentials\"\n  chmod 400 \"${PARAM_USER_HOME}/.gitconfig\"\nfi\n\n# Should be called after the gitconfig is copied from the repository secret\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  git config --global http.sslCAInfo \"$ca_bundle\"\nfi\n\nif [ \"${WORKSPACE_SSH_DIRECTORY_BOUND}\" = \"true\" ] ; then\n  cp -R \"${WORKSPACE_SSH_DIRECTORY_PATH}\" \"${PARAM_USER_HOME}\"/.ssh\n  chmod 700 \"${PARAM_USER_HOME}\"/.ssh\n  chmod -R 400 \"${PARAM_USER_HOME}\"/.ssh/*\nfi\n\nCHECKOUT_DIR=\"${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}\"\n\ncleandir() {\n  # Delete any existing contents of the repo directory if it exists.\n  #\n  # We don't just \"rm -rf ${CHECKOUT_DIR}\" because ${CHECKOUT_DIR} might be \"/\"\n  # or the root of a mounted volume.\n  if [ -d \"${CHECKOUT_DIR}\" ] ; then\n    # Delete non-hidden files and directories\n    rm -rf \"${CHECKOUT_DIR:?}\"/*\n    # Delete files and directories starting with . but excluding ..\n    rm -rf \"${CHECKOUT_DIR}\"/.[!.]*\n    # Delete files and directories starting with .. plus any other character\n    rm -rf \"${CHECKOUT_DIR}\"/..?*\n  fi\n}\n\nif [ \"${PARAM_DELETE_EXISTING}\" = \"true\" ] ; then\n  cleandir\nfi\n\ntest -z \"${PARAM_HTTP_PROXY}\" || export HTTP_PROXY=\"${PARAM_HTTP_PROXY}\"\ntest -z \"${PARAM_HTTPS_PROXY}\" || export HTTPS_PROXY=\"${PARAM_HTTPS_PROXY}\"\ntest -z \"${PARAM_NO_PROXY}\" || export NO_PROXY=\"${PARAM_NO_PROXY}\"\n\n/ko-app/git-init \\\n  -url=\"${PARAM_URL}\" \\\n  -revision=\"${PARAM_REVISION}\" \\\n  -refspec=\"${PARAM_REFSPEC}\" \\\n  -path=\"${CHECKOUT_DIR}\" \\\n  -sslVerify=\"${PARAM_SSL_VERIFY}\" \\\n  -submodules=\"${PARAM_SUBMODULES}\" \\\n  -submodulePaths=\"${PARAM_SUBMODULE_PATHS}\" \\\n  -depth=\"${PARAM_DEPTH}\" \\\n  -sparseCheckoutDirectories=\"${PARAM_SPARSE_CHECKOUT_DIRECTORIES}\" \\\n  -retryMaxAttempts=10\ncd \"${CHECKOUT_DIR}\"\nRESULT_SHA=\"$(git rev-parse HEAD)\"\nRESULT_SHA_SHORT=\"$(git rev-parse --short=\"${PARAM_SHORT_COMMIT_LENGTH}\" HEAD)\"\n\nif [ \"${PARAM_MERGE_TARGET_BRANCH}\" = \"true\" ]; then\n  echo \"Merge option enabled. Attempting to merge target branch '${PARAM_TARGET_BRANCH}' into HEAD (${RESULT_SHA}).\"\n\n  if [ \"${PARAM_DEPTH}\" = \"1\" ]; then\n    echo \"WARNING: Shallow clone with depth=1 may cause merge conflicts due to insufficient commit history.\" \u003e\u00262\n  fi\n\n  if [ \"${PARAM_MERGE_SOURCE_DEPTH}\" = \"1\" ]; then\n    echo \"WARNING: Shallow fetch with mergeSourceDepth=1 may cause merge conflicts due to insufficient commit history.\" \u003e\u00262\n  fi\n\n  # Determine if merging from a different repository or the same one\n  if [ -n \"${PARAM_MERGE_SOURCE_REPO_URL}\" ]; then\n    # Normalize URLs for comparison (remove trailing slashes and .git suffix)\n    normalize_url() {\n      echo \"$1\" | sed -e 's#/$##' -e 's#\\.git$##'\n    }\n\n    NORMALIZED_ORIGIN_URL=$(normalize_url \"${PARAM_URL}\")\n    NORMALIZED_MERGE_URL=$(normalize_url \"${PARAM_MERGE_SOURCE_REPO_URL}\")\n\n    if [ \"${NORMALIZED_ORIGIN_URL}\" = \"${NORMALIZED_MERGE_URL}\" ]; then\n      echo \"Merge source URL is the same as origin. Using existing 'origin' remote.\"\n      MERGE_REMOTE=\"origin\"\n    else\n      echo \"Merging from different repository: ${PARAM_MERGE_SOURCE_REPO_URL}\"\n      echo \"Adding remote 'merge-source'...\"\n      git remote add merge-source \"${PARAM_MERGE_SOURCE_REPO_URL}\"\n      MERGE_REMOTE=\"merge-source\"\n    fi\n  else\n    echo \"Merging from the same repository (origin)\"\n    MERGE_REMOTE=\"origin\"\n  fi\n\n  echo \"Fetching target branch '${PARAM_TARGET_BRANCH}' from ${MERGE_REMOTE}...\"\n  if [ -n \"${PARAM_MERGE_SOURCE_DEPTH}\" ]; then\n    retry git fetch --depth=\"${PARAM_MERGE_SOURCE_DEPTH}\" ${MERGE_REMOTE} \"${PARAM_TARGET_BRANCH}\"\n  else\n    retry git fetch ${MERGE_REMOTE} \"${PARAM_TARGET_BRANCH}\"\n  fi\n\n\n  echo \"Merging ${MERGE_REMOTE}/${PARAM_TARGET_BRANCH} into current HEAD...\"\n  git config --global user.email \"tekton-git-clone@tekton.dev\"\n  git config --global user.name \"Tekton Git Clone Task\"\n\nif ! git merge FETCH_HEAD --no-commit --no-ff --allow-unrelated-histories; then\n  echo \"ERROR: Merge conflict detected or merge failed before commit.\" \u003e\u00262\n  echo \"--- Git Status ---\"\n  git status\n  echo \"------------------\"\n  exit 1\nfi\n\n# Check if there are changes staged for commit\nif git diff --staged --quiet; then\n  echo \"No diff was found, skipping merge...\" \u003e\u00262\nelse\n  echo \"Merge successful (no conflicts found), committing...\"\nif ! git commit -m \"Merge branch '${PARAM_TARGET_BRANCH}' from ${MERGE_REMOTE} into ${RESULT_SHA}\"; then\n  echo \"ERROR: Failed to commit merge.\" \u003e\u00262\n  exit 1\nfi\n  MERGED_SHA=$(git rev-parse HEAD)\n  echo \"New HEAD after merge: ${MERGED_SHA}\"\n  echo \"${MERGED_SHA}\" \u003e \"/tekton/results/merged_sha\"\nfi\n\nelse\n  echo \"Merge option disabled. Using checked-out revision ${RESULT_SHA} directly.\"\nfi\nprintf \"%s\" \"${RESULT_SHA}\" \u003e \"/tekton/results/commit\"\nprintf \"%s\" \"${RESULT_SHA}\" \u003e \"/tekton/results/CHAINS-GIT_COMMIT\"\nprintf \"%s\" \"${RESULT_SHA_SHORT}\" \u003e \"/tekton/results/short-commit\"\nprintf \"%s\" \"${PARAM_URL}\" \u003e \"/tekton/results/url\"\nprintf \"%s\" \"${PARAM_URL}\" \u003e \"/tekton/results/CHAINS-GIT_URL\"\nprintf \"%s\" \"$(git log -1 --pretty=%ct)\" \u003e \"/tekton/results/commit-timestamp\"\n\nif [ \"${PARAM_FETCH_TAGS}\" = \"true\" ] ; then\n  echo \"Fetching tags\"\n  retry git fetch --tags\nfi\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ]
                        },
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "PARAM_ENABLE_SYMLINK_CHECK",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBDIRECTORY",
                                    "value": "source"
                                },
                                {
                                    "name": "WORKSPACE_OUTPUT_PATH",
                                    "value": "/workspace/output"
                                }
                            ],
                            "image": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                            "name": "symlink-check",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n\nCHECKOUT_DIR=\"${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}\"\ncheck_symlinks() {\n  FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO=false\n  while read -r symlink\n  do\n    target=$(readlink -m \"$symlink\")\n    if ! [[ \"$target\" =~ ^$CHECKOUT_DIR ]]; then\n      echo \"The cloned repository contains symlink pointing outside of the cloned repository: $symlink\"\n      FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO=true\n    fi\n  done \u003c \u003c(find $CHECKOUT_DIR -type l -print)\n  if [ \"$FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO\" = true ] ; then\n    return 1\n  fi\n}\n\nif [ \"${PARAM_ENABLE_SYMLINK_CHECK}\" = \"true\" ] ; then\n  echo \"Running symlink check\"\n  check_symlinks\nfi\n"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "The git repo will be cloned onto the volume backing this Workspace.",
                            "name": "output"
                        },
                        {
                            "description": "A .ssh directory with private key, known_hosts, config, etc. Copied to\nthe user's home before git commands are executed. Used to authenticate\nwith the git remote when performing the clone. Binding a Secret to this\nWorkspace is strongly recommended over other volume types.\n",
                            "name": "ssh-directory",
                            "optional": true
                        },
                        {
                            "description": "A Workspace containing a .gitconfig and .git-credentials file or username and password.\nThese will be copied to the user's home before any git commands are run. Any\nother files in this Workspace are ignored. It is strongly recommended\nto use ssh-directory over basic-auth whenever possible and to bind a\nSecret to this Workspace over other volume types.\n",
                            "name": "basic-auth",
                            "optional": true
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/a6773716-6f0f-4db2-abf7-b5d3afebceb7",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:55:13Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "init",
                    "tekton.dev/task": "init",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-component-bcqjpf-on-pull-request-zsqq6-init",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "16768",
                "uid": "a6773716-6f0f-4db2-abf7-b5d3afebceb7"
            },
            "spec": {
                "params": [
                    {
                        "name": "enable-cache-proxy",
                        "value": "false"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "init"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T15:55:19Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T15:55:19Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-pull-request-zsqq6-init-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19"
                        },
                        "entryPoint": "init",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-init"
                    }
                },
                "results": [
                    {
                        "name": "http-proxy",
                        "type": "string",
                        "value": ""
                    },
                    {
                        "name": "no-proxy",
                        "type": "string",
                        "value": ""
                    }
                ],
                "startTime": "2026-07-01T15:55:14Z",
                "steps": [
                    {
                        "container": "step-init",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:59f2ea93fa4d47342b54acb434422ee07ebccd927a06a00d3f3eca70f8356ddf",
                        "name": "init",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://afbedc9df55ff4cb0c2fe2d359a0668c22d79dfd046dbe9ba56fcbd650df8355",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T15:55:18Z",
                            "message": "[{\"key\":\"http-proxy\",\"value\":\"\",\"type\":1},{\"key\":\"no-proxy\",\"value\":\"\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T15:55:18Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Initialize Pipeline Task, enables configuration for cache-proxy if required during the PipelineRun.",
                    "params": [
                        {
                            "default": "false",
                            "description": "Enable cache proxy configuration",
                            "name": "enable-cache-proxy",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "HTTP proxy URL for cache proxy (when enable-cache-proxy is true)",
                            "name": "http-proxy",
                            "type": "string"
                        },
                        {
                            "description": "NO_PROXY value for cache proxy (when enable-cache-proxy is true)",
                            "name": "no-proxy",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "args": [
                                "--enable",
                                "false"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "config",
                                "cache-proxy"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                },
                                {
                                    "name": "DEFAULT_HTTP_PROXY",
                                    "value": "squid.caching.svc.cluster.local:3128"
                                },
                                {
                                    "name": "DEFAULT_NO_PROXY",
                                    "value": "brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai"
                                },
                                {
                                    "name": "HTTP_PROXY_RESULTS_PATH",
                                    "value": "/tekton/results/http-proxy"
                                },
                                {
                                    "name": "NO_PROXY_RESULTS_PATH",
                                    "value": "/tekton/results/no-proxy"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:59f2ea93fa4d47342b54acb434422ee07ebccd927a06a00d3f3eca70f8356ddf",
                            "name": "init"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-177c6218cd",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/119c8730-c7c3-4046-83f0-587f187d3e76",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, appstudio",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:59:43Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "push-dockerfile",
                    "tekton.dev/task": "push-dockerfile",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-component-bcqjpf-on-pull-request-zsqq6-push-dockerfile",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "20854",
                "uid": "119c8730-c7c3-4046-83f0-587f187d3e76"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                    },
                    {
                        "name": "DOCKERFILE",
                        "value": "docker/Dockerfile"
                    },
                    {
                        "name": "CONTEXT",
                        "value": "python-component"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "push-dockerfile"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.3@sha256:64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-5be0da5124"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:00:14Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:00:14Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-18756e5331ee1027ade614a56fa8fc56-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        "entryPoint": "push-dockerfile",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile"
                    }
                },
                "results": [
                    {
                        "name": "IMAGE_REF",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:85111897741a657121149450cd7d09dd71f310032d6f1b7174bfa4a3a943a92a"
                    }
                ],
                "startTime": "2026-07-01T15:59:46Z",
                "steps": [
                    {
                        "container": "step-push",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                        "name": "push",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://332af0af5a669e92a344d6c5dfa2a0bf2f52bad8779d97ffc50b92287847f0ee",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:13Z",
                            "message": "[{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:85111897741a657121149450cd7d09dd71f310032d6f1b7174bfa4a3a943a92a\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:11Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Discover Dockerfile from source code and push it to registry as an OCI artifact.",
                    "params": [
                        {
                            "description": "The built binary image. The Dockerfile is pushed to the same image repository alongside.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "description": "The built binary image digest, which is used to construct the tag of Dockerfile image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "./Dockerfile",
                            "description": "Path to the Dockerfile.",
                            "name": "DOCKERFILE",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Path to the directory to use as context.",
                            "name": "CONTEXT",
                            "type": "string"
                        },
                        {
                            "default": ".dockerfile",
                            "description": "Suffix of the Dockerfile image tag.",
                            "name": "TAG_SUFFIX",
                            "type": "string"
                        },
                        {
                            "default": "application/vnd.konflux.dockerfile",
                            "description": "Artifact type of the Dockerfile image.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest-pinned image reference to the Dockerfile image.",
                            "name": "IMAGE_REF",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--source",
                                "source",
                                "--context",
                                "python-component",
                                "--containerfile",
                                "docker/Dockerfile",
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                                "--image-digest",
                                "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605",
                                "--artifact-type",
                                "application/vnd.konflux.dockerfile",
                                "--tag-suffix",
                                ".dockerfile",
                                "--result-path-image-ref",
                                "/tekton/results/IMAGE_REF",
                                "--alternative-filename",
                                "Dockerfile"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "push-containerfile"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                            "name": "push",
                            "workingDir": "/workspace/workspace"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace containing the source code from where the Dockerfile is discovered.",
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-177c6218cd",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/571a9a51-1ff2-4e75-a88e-08feee6ef190",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:59:43Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "sast-shell-check",
                    "tekton.dev/task": "sast-shell-check",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-component-bcqjpf-on-pull-request-zsqq6-sast-shell-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "20786",
                "uid": "571a9a51-1ff2-4e75-a88e-08feee6ef190"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-shell-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-5be0da5124"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:00:19Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:00:19Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-2ba49fded78cf1ea0d9051f8ab0ee9a7-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        "entryPoint": "sast-shell-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:00:15+00:00\",\"note\":\"For details, check Tekton task log.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T15:59:45Z",
                "steps": [
                    {
                        "container": "step-sast-shell-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-shell-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://ac9b39889837d811196d7f2e3171ef81d4f73fe2bdf17c05dc1443c64819c031",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:15Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:00:15+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:13Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://532832439e26b1c595e84d2f8be983f4c3da2b14bb3099182c543809db1064fa",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:18Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:00:15+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:16Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "The sast-shell-check task uses [shellcheck](https://www.shellcheck.net/) tool to perform Static Application Security Testing (SAST), a popular cloud-native application security platform. This task leverages the shellcheck wrapper (csmock-plugin-shellcheck-core) to run shellcheck on a directory tree.\nShellCheck is a static analysis tool, gives warnings and suggestions for bash/sh shell scripts. This task can run on x86 and arm.",
                    "params": [
                        {
                            "default": "",
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image digest to report findings for.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (default to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to include important findings only",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "8",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-shell-check",
                            "script": "#!/usr/bin/env bash\nset -x\n# shellcheck source=/dev/null\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nPACKAGE_VERSION=$(rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\\n' ShellCheck)\n\nOUTPUT_FILE=\"shellcheck-results.json\"\nSOURCE_CODE_DIR=/workspace/workspace/source\n\n# generate full path for each dirname separated by comma\ndeclare -a ALL_TARGETS\nIFS=\",\" read -ra TARGET_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGET_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    ALL_TARGETS+=(\"$resolved_path\")\n  else\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\ndone\n\n# determine number of available CPU cores for shellcheck based on container cgroup v2 CPU limits\n# this calculates the ceiling, so if the cpu limit is 0.5, the number of jobs will be 1.\nif [ -z \"$SC_JOBS\" ] \u0026\u0026 [ -r \"/sys/fs/cgroup/cpu.max\" ]; then\n    read -r quota period \u003c /sys/fs/cgroup/cpu.max\n    if [ \"$quota\" != \"max\" ] \u0026\u0026 [ -n \"$period\" ] \u0026\u0026 [ \"$period\" -gt 0 ]; then\n        export SC_JOBS=$(((quota + period - 1) / period))\n        echo \"INFO: Setting SC_JOBS=${SC_JOBS} based on cgroups v2 max for run-shellcheck.sh\"\n    fi\nfi\n\n# generate all shellcheck result JSON files to $SC_RESULTS_DIR, which defaults to ./shellcheck-results/\n/usr/share/csmock/scripts/run-shellcheck.sh \"${ALL_TARGETS[@]}\"\n\nCSGREP_OPTS=(\n    --mode=json\n    --strip-path-prefix=\"$SOURCE_CODE_DIR\"/\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"ShellCheck:${PACKAGE_VERSION}\"\n)\nif [[ \"$IMP_FINDINGS_ONLY\" == \"true\" ]]; then\n    # predefined list of shellcheck important findings\n    CSGREP_EVENT_FILTER='\\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|'\n    CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|'\n    CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\\]$'\n    CSGREP_OPTS+=(\n        --event=\"$CSGREP_EVENT_FILTER\"\n    )\nelse\n    CSGREP_OPTS+=(\n        --event=\"error|warning\"\n    )\nfi\n\nif ! csgrep \"${CSGREP_OPTS[@]}\" ./shellcheck-results/*.json \u003e \"$OUTPUT_FILE\"; then\n    echo \"Error occurred while running 'run-shellcheck.sh'\"\n    note=\"Task sast-shell-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" \"${OUTPUT_FILE}\" \u003e \"${OUTPUT_FILE}.filtered\" 2\u003e \"${OUTPUT_FILE}.error\"\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n        mv \"${OUTPUT_FILE}.filtered\" \"$OUTPUT_FILE\"\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\necho \"ShellCheck results have been saved to $OUTPUT_FILE\"\n\ncsgrep --mode=evtstat \"$OUTPUT_FILE\"\ncsgrep --mode=sarif \"$OUTPUT_FILE\" \u003e shellcheck-results.sarif\n\nTEST_OUTPUT=\nparse_test_output \"sast-shell-check\" sarif shellcheck-results.sarif || true\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\nif [ -z \"${IMAGE_URL}\" ] || [ -z \"${IMAGE_DIGEST}\" ]; then\n    echo 'No image-url or image-digest param provided. Skipping upload.'\n    exit 0\nfi\n\nUPLOAD_FILES=\"shellcheck-results.sarif excluded-findings.json\"\n\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n        echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n        continue\n    fi\n\n    # Determine the media type based on the file extension\n    if [[ \"${UPLOAD_FILE}\" == *.json ]]; then\n        MEDIA_TYPE=\"application/json\"\n    else\n        MEDIA_TYPE=\"application/sarif+json\"\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach ${UPLOAD_FILE} to ${IMAGE_URL}\"\n      exit 1\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-177c6218cd",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/fca57296-99f7-44d2-9cfb-e784dd8e98c9",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:59:43Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "sast-snyk-check",
                    "tekton.dev/task": "sast-snyk-check",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-component-bcqjpf-on-pull-request-zsqq6-sast-snyk-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "20771",
                "uid": "fca57296-99f7-44d2-9cfb-e784dd8e98c9"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-snyk-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-5be0da5124"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:00:16Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:00:16Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-46c359dbffca9323818f47efb8ef75ca-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        "entryPoint": "sast-snyk-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SKIPPED\",\"timestamp\":\"2026-07-01T16:00:14+00:00\",\"note\":\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T15:59:44Z",
                "steps": [
                    {
                        "container": "step-sast-snyk-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-snyk-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://b3615889c180bcea2acba69210723d7ea9e05cca87c0791f7318fed5b4c12e1d",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:14Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T16:00:14+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:13Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://8d4b3f1e295d33cfcda887f3f9fa9e59464ad821754df1a293e944a6464a3041",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:15Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T16:00:14+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:15Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for security vulnerabilities, including common issues such as SQL injection, cross-site scripting (XSS), and code injection attacks using Snyk Code, a Static Application Security Testing (SAST) tool.\n\nFollow the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/) to obtain a snyk-token and to enable the snyk task in a Pipeline.\n\nThe snyk binary used in this Task comes from a container image defined in https://github.com/konflux-ci/konflux-test\n\nSee https://snyk.io/product/snyk-code/ and https://snyk.io/ for more information about the snyk tool.",
                    "params": [
                        {
                            "default": "snyk-secret",
                            "description": "Name of secret which contains Snyk token.",
                            "name": "SNYK_SECRET",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Append arguments.",
                            "name": "ARGS",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Digest of the image to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Report only important findings in task result. Default is \"true\". To report all findings in task result, specify \"false\". Uploaded SARIF report to remote registry always includes all findings, regardless of severity level.",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Write excluded records in file. Useful for auditing (defaults to false).",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Directories or files to be excluded from Snyk scan (Comma-separated). Useful to split the directories of a git repo across multiple components.",
                            "name": "IGNORE_FILE_PATHS",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "6Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "6Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SNYK_SECRET",
                                    "value": "snyk-secret"
                                },
                                {
                                    "name": "ARGS"
                                },
                                {
                                    "name": "IGNORE_FILE_PATHS"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-snyk-check",
                            "script": "#!/usr/bin/env bash\n\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\n# Installation of Red Hat certificates for cloning Red Hat internal repositories\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSNYK_TOKEN_PATH=\"/etc/secrets/snyk_token\"\nif [ -f \"${SNYK_TOKEN_PATH}\" ] \u0026\u0026 [ -s \"${SNYK_TOKEN_PATH}\" ]; then\n  # SNYK token is provided\n  SNYK_TOKEN=\"$(cat ${SNYK_TOKEN_PATH})\"\n  export SNYK_TOKEN\nelse\n  # According to shellcheck documentation, the following error can be ignored as it is ignored through indirection: https://www.shellcheck.net/wiki/SC2034\n  # shellcheck disable=SC2034\n  to_enable_snyk='[here](https://konflux-ci.dev/docs/testing/build/snyk/)'\n  note=\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given ${to_enable_snyk}\"\n  TEST_OUTPUT=$(make_result_json -r SKIPPED -t \"$note\")\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nSNYK_EXIT_CODE=0\nSOURCE_CODE_DIR=/workspace/workspace\n\n# We ignore files using snyk ignore if the user set up the IGNORE_FILE_PATHS variable.\n(cd \"${SOURCE_CODE_DIR}\" \u0026\u0026 IFS=\",\" \u0026\u0026 for path in $IGNORE_FILE_PATHS; do\n  snyk ignore --file-path=\"source/${path}\"\ndone)\n\nset +e\necho \"INFO: Running 'snyk code test'..\"\n# We do want to expand ARGS (it can be multiple CLI flags, not just one)\n# shellcheck disable=SC2086\n\n# Generate full paths for each directory in TARGET_DIRS\nIFS=\",\" read -ra TARGETS_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGETS_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # Ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ ! \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\n\n  # Ensure directory exists\n  if [ ! -d \"$resolved_path\" ]; then\n    echo \"Warning: Directory $resolved_path does not exist, skipping\"\n    continue\n  fi\n\n  echo \"INFO: Scanning directory: $resolved_path\"\n  # We do want to expand ARGS (it can be multiple CLI flags, not just one)\n  # shellcheck disable=SC2086\n  snyk code test $ARGS \"$resolved_path\" --max-depth=1 --sarif-file-output=\"${resolved_path}/sast_snyk_check_out_${d//\\//_}.json\" 1\u003e\u00262\u003e\u003e stdout.txt\n  cmd_exit_code=$?\n  # Track the exit code: if any snyk command fails, preserve the failure\n  # Exit codes: 0 = success, 1 = vulnerabilities found, 2 = error, 3 = no supported files\n  # Error codes (2+) always override, warning codes (1,3) only if no previous error\n  if [[ \"$cmd_exit_code\" -ne 0 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 1 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 3 ]]; then\n    SNYK_EXIT_CODE=$cmd_exit_code\n  fi\n\ndone\n\n# Merge all SARIF outputs\nfind \"$SOURCE_CODE_DIR\" -name \"sast_snyk_check_out_*.json\" -exec cat {} + \u003e \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\nset -e\ntest_not_skipped=0\nSKIP_MSG=\"We found 0 supported files\"\ngrep -q \"$SKIP_MSG\" stdout.txt || test_not_skipped=$?\n\nif [[ \"$SNYK_EXIT_CODE\" -eq 0 ]] || [[ \"$SNYK_EXIT_CODE\" -eq 1 ]]; then\n  # Check if the merged SARIF file has content - this could happen if the snyk scan found no findings\n  if [ ! -s \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\" ]; then\n    echo \"WARN: No JSON output files were generated by snyk scan\"\n    # Get snyk version for proper SARIF metadata\n    SNYK_VERSION=$(snyk --version 2\u003e/dev/null | head -1 | tr -d '\\n' || echo \"unknown\")\n    # Create a valid minimal SARIF structure using jq\n    # Note: coverage array is required even when empty because downstream jq commands expect it\n    jq -n --arg version \"$SNYK_VERSION\" '{\n      \"$schema\": \"https://json.schemastore.org/sarif-2.1.0.json\",\n      \"version\": \"2.1.0\",\n      \"runs\": [{\n        \"tool\": {\n          \"driver\": {\n            \"name\": \"snyk\",\n            \"version\": $version,\n            \"informationUri\": \"https://snyk.io\"\n          }\n        },\n        \"results\": [],\n        \"properties\": {\n          \"coverage\": []\n        }\n      }]\n    }' \u003e\"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\n  fi\n\n  # In order to generate csdiff/v1, we need to add the whole path of the source code as Snyk only provides an URI to embed the context\n  (cd  \"${SOURCE_CODE_DIR}\" \u0026\u0026 csgrep --mode=json --embed-context=3 \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json) \\\n    | csgrep --mode=json --strip-path-prefix=\"source/\"  \\\n    \u003e sast_snyk_check_out_all_findings.json\n\n  echo \"INFO: Initial results:\"\n  csgrep --mode=evtstat sast_snyk_check_out_all_findings.json\n\n  if [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\n  fi\n  PROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n  # create the KFP clone directory regardless\n  KFP_DIR=\"known-false-positives\"\n  KFP_CLONED=\"0\"\n  mkdir \"${KFP_DIR}\"\n\n  # We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\n  if [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n      echo \"INFO: Trying to clone known-false-positives..\"\n      git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\n  fi\n\n  if [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone know-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv sast_snyk_check_out_all_findings.json filtered_sast_snyk_check_out.json\n  else\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    CMD=(\n      csfilter-kfp\n      --verbose\n      --kfp-dir=\"${KFP_DIR}\"\n      --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [ \"${RECORD_EXCLUDED}\" == \"true\" ]; then\n      CMD+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    set +e\n    \"${CMD[@]}\" sast_snyk_check_out_all_findings.json \u003e filtered_sast_snyk_check_out.json\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n      echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n      echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\n    echo \"INFO: Results after filtering:\"\n    (set -x \u0026\u0026 csgrep --mode=evtstat filtered_sast_snyk_check_out.json)\n  fi\n\n  # Generation of scan stats\n\n  total_files=$(jq '[.runs[0].properties.coverage[].files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n  supported_files=$(jq '[.runs[0].properties.coverage[] | select(.type == \"SUPPORTED\") | .files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n\n  # We make sure the values are 0 if no supported/total files are found\n  if [ \"$total_files\" = \"null\" ] || [ -z \"$total_files\" ]; then\n    total_files=0\n  fi\n\n  if [ \"$supported_files\" = \"null\" ] || [ -z \"$supported_files\" ]; then\n    supported_files=0\n  fi\n\n  coverage_ratio=0\n  if (( total_files \u003e 0 )); then\n      coverage_ratio=$((supported_files * 100 / total_files))\n  fi\n\n  # embed stats in results file and convert to SARIF\n  csgrep --mode=sarif --set-scan-prop snyk-scanned-files-coverage:\"${coverage_ratio}\" \\\n                      --set-scan-prop snyk-scanned-files-success:\"${supported_files}\"  \\\n                      --set-scan-prop snyk-scanned-files-total:\"${total_files}\" \\\n                      filtered_sast_snyk_check_out.json  \u003e sast_snyk_check_out.sarif\n\n  # Create filtered SARIF for Tekton task result based on IMP_FINDINGS_ONLY parameter\n  if [ \"${IMP_FINDINGS_ONLY}\" == \"true\" ]; then\n    # Filter to only \"error\" level or higher (high/critical severity) for Tekton task result\n    # In SARIF, defects are given a level like \"error\" or \"warning\". Snyk maps \"high\" level findings to \"error\".\n    # - \"error\" → importance level 1\n    # - \"warning\" (or missing level) → importance level 0\n    RESULT_SARIF=\"result_sast_snyk_check_out.sarif\"\n    csgrep --mode=sarif --imp-level 1 sast_snyk_check_out.sarif \u003e \"$RESULT_SARIF\"\n  else\n    # Use all findings for Tekton task result\n    RESULT_SARIF=\"sast_snyk_check_out.sarif\"\n  fi\n\n  TEST_OUTPUT=\n  parse_test_output \"sast-snyk-check\" sarif \"$RESULT_SARIF\"  || true\n\n# When the test is skipped, the \"SNYK_EXIT_CODE\" is 3 and it can also be 3 in some other situation\nelif [[ \"$test_not_skipped\" -eq 0 ]]; then\n  note=\"Task sast-snyk-check success: Snyk code test found zero supported files.\"\n  ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n  echo \"sast-snyk-check test failed because of the following issues:\"\n  cat stdout.txt\n  note=\"Task sast-snyk-check failed: For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets",
                                    "name": "snyk-secret",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url provided. Skipping upload.'\n  exit 0\nfi\n\nUPLOAD_FILES=\"sast_snyk_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n    if [ \"${UPLOAD_FILES}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach to ${IMAGE_URL}\"\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        }
                    ],
                    "volumes": [
                        {
                            "name": "snyk-secret",
                            "secret": {
                                "optional": true,
                                "secretName": "snyk-secret"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/commit_sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-jvoyri",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-k59b5",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6/records/ecf1071b-c0b6-4668-a421-95f34f550659",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"39ef48556ec93aa12b053ba607494e01170bab64\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:19:47Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84582393063",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "39ef48556ec93aa12b053ba607494e01170bab64",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-k59b5",
                    "tekton.dev/pipelineRunUID": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6",
                    "tekton.dev/pipelineTask": "ecosystem-cert-preflight-checks",
                    "tekton.dev/task": "ecosystem-cert-preflight-checks",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pull76e9172d68bd07919533b33772279c5b",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-k59b5",
                        "uid": "af8df96b-ad71-4b01-a46a-ad96aa0e78f6"
                    }
                ],
                "resourceVersion": "40678",
                "uid": "ecf1071b-c0b6-4668-a421-95f34f550659"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "ecosystem-cert-preflight-checks"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:21:31Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:21:31Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-941de5e5f7cadcf10f8172401a2df9e0-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        "entryPoint": "ecosystem-cert-preflight-checks",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks"
                    }
                },
                "results": [
                    {
                        "name": "ARTIFACT_TYPE",
                        "type": "string",
                        "value": "application"
                    },
                    {
                        "name": "ARTIFACT_TYPE_SET_BY",
                        "type": "string",
                        "value": "introspection"
                    },
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\", \"digests\": [\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\"]}}"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922887\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T16:19:48Z",
                "steps": [
                    {
                        "container": "step-introspect",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "introspect",
                        "provenance": {},
                        "results": [
                            {
                                "name": "artifact-type",
                                "type": "string",
                                "value": "application"
                            },
                            {
                                "name": "artifact-type-set-by",
                                "type": "string",
                                "value": "introspection"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://604e30118095dc1f772e6043187471a86025e39f0bbf9867a69e4a4eb617be25",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:08Z",
                            "message": "[{\"key\":\"artifact-type\",\"value\":\"application\",\"type\":4},{\"key\":\"artifact-type-set-by\",\"value\":\"introspection\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:07Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-generate-container-auth",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "generate-container-auth",
                        "provenance": {},
                        "results": [
                            {
                                "name": "auth-json-path",
                                "type": "string",
                                "value": "/auth/auth.json"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://4cfd2b9747c1d346c660618fcd8339fc4fb328c8b2cbaf0b659325491f2bd950",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:09Z",
                            "message": "[{\"key\":\"auth-json-path\",\"value\":\"/auth/auth.json\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:09Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-set-skip-for-bundles",
                        "imageID": "quay.io/redhat-appstudio/konflux-test@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                        "name": "set-skip-for-bundles",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f6ab7e5d73a7353c645e5644ec27b8297333cbb01edc5c7567e24dd157c47667",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:20:10Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:10Z"
                        },
                        "terminationReason": "Skipped"
                    },
                    {
                        "container": "step-app-check",
                        "imageID": "quay.io/opdev/preflight@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                        "name": "app-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://4120faee6cfe221739f53bc3ea68d6fc099afcf7dae8ad92765ee05826fd8e08",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:21:27Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:20:10Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-app-set-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "app-set-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "images-processed",
                                "type": "string",
                                "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\", \"digests\": [\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\"]}}"
                            },
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922887\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://fb9ffa18f0a07572061d97a4fea102f1bf061e381689ef75b95bdfe37ca5dbcf",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:21:27Z",
                            "message": "[{\"key\":\"images-processed\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64\\\", \\\"digests\\\": [\\\"sha256:8bdb29135b1e000f919e1033e669d9a3cc859032e9f072b8c9e3e78cb559ab42\\\"]}}\",\"type\":4},{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782922887\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:21:27Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-final-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "final-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922887\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://993303437750d7c696a60d35999d538a3df478661503018ab7c441557873e122",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:21:28Z",
                            "message": "[{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782922887\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:21:28Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for certification readiness. Note that running this against an operatorbundle will result in a skip, as bundle validation is not executed through this task.",
                    "params": [
                        {
                            "description": "Image url to scan.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "introspect",
                            "description": "The type of artifact. Select from application, operatorbundle, or introspect.",
                            "name": "artifact-type",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform the image is built on.",
                            "name": "platform",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Ecosystem checks pass or fail outcome.",
                            "name": "TEST_OUTPUT",
                            "type": "string",
                            "value": "$(steps.final-outcome.results.test-output)"
                        },
                        {
                            "description": "The artifact type, either introspected or set.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type)"
                        },
                        {
                            "description": "How the artifact type was set.",
                            "name": "ARTIFACT_TYPE_SET_BY",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type-set-by)"
                        },
                        {
                            "description": "Collected image digests",
                            "name": "IMAGES_PROCESSED",
                            "type": "string",
                            "value": "$(steps.app-set-outcome.results.images-processed)"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_ARTIFACT_TYPE",
                                    "value": "introspect"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "introspect",
                            "results": [
                                {
                                    "description": "The type of artifact this task is considering.",
                                    "name": "artifact-type"
                                },
                                {
                                    "description": "The process that sets the artifact type. Informational.\nValues from: introspection, parameter.\n",
                                    "name": "artifact-type-set-by"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n_SET_BY=parameter\n# If the parameter is invalid, we'll introspect\nif [[ \"${PARAM_ARTIFACT_TYPE}\" != \"application\" ]] \u0026\u0026 [[ \"${PARAM_ARTIFACT_TYPE}\" != \"operatorbundle\" ]]; then\n  echo \"Artifact type will be determined by introspection.\"\n  _SET_BY=introspection\nfi\nprintf \"%s\" \"${_SET_BY}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type-set-by\"\n\nif [[ \"${_SET_BY}\" == \"parameter\" ]]; then\n  # short circuit if the artifact type was set via parameter.\n  echo \"Skipping introspection because the artifact-type parameter is explicitly set to \\\"${PARAM_ARTIFACT_TYPE}\\\".\"\n  printf \"%s\" \"${PARAM_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\n  exit 0\nfi\n\n# If the image URL points to a manifest list (a multi-arch image), check the labels on any of the child\n# images (don't fail in the case where the list does not include an image for the arch of the system\n# where this pipeline is running).\n\ndeclare -a _SKOPEO_INSPECT_ARGS\n\nskopeo_retries=3\n\necho \"Checking the media type of the OCI artifact...\"\nif ! _RAW_IMAGE_MANIFEST=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\")\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n_IMAGE_MEDIA_TYPE=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.mediaType')\necho \"The media type of the OCI artifact is ${_IMAGE_MEDIA_TYPE}.\"\n\nif [[ \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.docker.distribution.manifest.list.v2+json\" || \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.oci.image.index.v1+json\" ]]; then\n  _CURRENT_ARCH=$(uname -m)\n  _CURRENT_OS=$(uname -s | tr '[:upper:]' '[:lower:]')\n\n  # The archs returned by uname are not always the same as the archs used by OCI manifests, so we need\n  # to map them.\n  case ${_CURRENT_ARCH} in\n    \"aarch64\")\n      _CURRENT_ARCH=\"arm64\"\n      ;;\n    \"x86_64\")\n      _CURRENT_ARCH=\"amd64\"\n      ;;\n    *)\n      ;;\n  esac\n\n  # If the manifest list contains an image for the current OS and architecture, prefer to test that.\n  _MATCHING_IMAGE_COUNT=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r \"[.manifests[] | select(.platform.os == \\\"${_CURRENT_OS}\\\" and .platform.architecture == \\\"${_CURRENT_ARCH}\\\")] | length\")\n  if [[ \"${_MATCHING_IMAGE_COUNT}\" -gt 0 ]]; then\n    echo \"Found an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}).\"\n  else\n    # If there is no image for the current OS and architecture, just use the first one in the list.\n    _INSPECT_OVERRIDE_IMAGE_OS=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.os')\n    _INSPECT_OVERRIDE_IMAGE_ARCH=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.architecture')\n    _SKOPEO_INSPECT_ARGS+=(\"--override-os=${_INSPECT_OVERRIDE_IMAGE_OS}\")\n    _SKOPEO_INSPECT_ARGS+=(\"--override-arch=${_INSPECT_OVERRIDE_IMAGE_ARCH}\")\n\n    echo \"Could not find an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}), inspecting the image for ${_INSPECT_OVERRIDE_IMAGE_OS}/${_INSPECT_OVERRIDE_IMAGE_ARCH} instead.\"\n  fi\nfi\n\n# Introspect based on minimum count of operator-framework related bundle labels.\necho \"Looking for image labels that indicate this might be an operator bundle...\"\n\n# We purposely do not quote the array elements here, so that they are expanded by the shell as separate args.\n# shellcheck disable=SC2068\nif ! retry skopeo inspect --retry-times \"$skopeo_retries\" ${_SKOPEO_INSPECT_ARGS[@]} \"docker://${PARAM_IMAGE_URL}\" \\\n  | jq '.Labels | keys | .[]' -r \\\n  | { grep operators.operatorframework.io.bundle || true ;} \\\n  | tee /tmp/ecosystem-image-labels\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n\n_OPFW_LABEL_COUNT=$(grep -c operators.operatorframework.io.bundle /tmp/ecosystem-image-labels || true)\n_MIN_LABELS=3\n\necho \"Found ${_OPFW_LABEL_COUNT} matching labels.\"\necho \"Expecting ${_MIN_LABELS} or more to identify this image as an operator bundle.\"\n\n# If the image has several labels, assume it is an operator\n_ARTIFACT_TYPE=application\n(( _OPFW_LABEL_COUNT \u003e= _MIN_LABELS )) \u0026\u0026 _ARTIFACT_TYPE=operatorbundle\n\nprintf \"%s\" \"${_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\necho \"Introspection concludes that this artifact is of type \\\"${_ARTIFACT_TYPE}\\\".\"\n"
                        },
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "generate-container-auth",
                            "results": [
                                {
                                    "description": "Path to auth.json",
                                    "name": "auth-json-path"
                                }
                            ],
                            "script": "_AUTH_JSON_PATH=\"/auth/auth.json\"\necho \"Selecting auth for $PARAM_IMAGE_URL\"\n# `select-oci-auth` here assumes the input credentials are at path ~/.docker/config.json\nselect-oci-auth \"$PARAM_IMAGE_URL\" \u003e \"${_AUTH_JSON_PATH}\"\n\nprintf \"%s\" \"${_AUTH_JSON_PATH}\" \u003e \"/tekton/steps/step-generate-container-auth/results/auth-json-path\"\necho \"Auth json written to \\\"${_AUTH_JSON_PATH}\\\".\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/auth",
                                    "name": "auth"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/redhat-appstudio/konflux-test:v1.4.31@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                            "name": "set-skip-for-bundles",
                            "results": [
                                {
                                    "description": "A skipped tekton result for bundles.",
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nNOTE=\"This ecosystem check is not executed for operatorbundles.\"\n\n# shellcheck source=/dev/null\n. /utils.sh # gives us the make_result_json helper used below.\n\n# Generate TEST_OUTPUT\n# We're skipping the test, but don't use status \"SKIPPED\" because\n# it produces unwanted Conforma violations\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"${NOTE}\")\n\nprintf \"%s\" \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-set-skip-for-bundles/results/test-output\" /bundle/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/bundle",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "operatorbundle"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PFLT_DOCKERCONFIG",
                                    "value": "$(steps.generate-container-auth.results.auth-json-path)"
                                },
                                {
                                    "name": "PFLT_KONFLUX",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                },
                                {
                                    "name": "PARAM_PLATFORM"
                                }
                            ],
                            "image": "quay.io/opdev/preflight:stable@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                            "name": "app-check",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nimage_url=\"${PARAM_IMAGE_URL}\"\nplatform=\"${PARAM_PLATFORM}\"\n\nif [ -n \"$platform\" ]; then\n  # Extract part after slash if present\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n\n  # Validate against supported arch list. If it's not a known arch, return an error result\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  /usr/local/bin/preflight check container \"$image_url\" --platform \"$arch\"\nelse\n  /usr/local/bin/preflight check container \"$image_url\"\nfi\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                },
                                {
                                    "mountPath": "/auth",
                                    "name": "auth",
                                    "readOnly": true
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-39ef48556ec93aa12b053ba607494e01170bab64"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "app-set-outcome",
                            "results": [
                                {
                                    "description": "The overall outcome of this task.",
                                    "name": "test-output"
                                },
                                {
                                    "description": "Processed image digests.",
                                    "name": "images-processed"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n# Declare Supported architectures\ndeclare -a SUPPORTED_ARCHES=(amd64 arm64 ppc64le s390x)\n\nskopeo_retries=3\n\n# Initialize result vars\nPFLT_PASS_COUNT=0\nPFLT_FAIL_COUNT=0\nPFLT_ERROR_COUNT=0\nPFLT_RESULT=\"SUCCESS\"\n\n# Loop over SUPPORTED_ARCHES and process results\nfor ARCH in \"${SUPPORTED_ARCHES[@]}\"\ndo\n    # Check if results directory exits\n    RESULT_JSON_PATH=/artifacts/${ARCH}/results.json\n    if ! [ -f \"${RESULT_JSON_PATH}\" ]; then\n        continue\n    fi\n    # Process results\n    if jq -e '.passed == false' \"${RESULT_JSON_PATH}\" \u003e /dev/null; then PFLT_RESULT=\"FAILURE\"; fi\n    PFLT_PASS_COUNT=$((PFLT_PASS_COUNT+$(jq -r '.results.passed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_FAIL_COUNT=$((PFLT_FAIL_COUNT+$(jq -r '.results.failed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_ERROR_COUNT=$((PFLT_ERROR_COUNT+$(jq -r '.results.errors | length' \"${RESULT_JSON_PATH}\")))\ndone\n\n# Mark as ERROR if no results were recorded, which can occur when an unsupported or malformed\n# architecture is parsed from the `platform` parameter.\nif [[ $PFLT_FAIL_COUNT -eq 0 ]] \u0026\u0026 [[ $PFLT_PASS_COUNT -eq 0 ]] ; then PFLT_RESULT=\"ERROR\" ; fi\n\nif [[ $PFLT_ERROR_COUNT -gt 0 ]]; then PFLT_RESULT=\"ERROR\" ; fi\nPFLT_NOTE=\"Task preflight is a ${PFLT_RESULT}: Refer to Tekton task logs for more information\"\n\n# Generate TEST_OUTPUT\nTEST_OUTPUT=$(jq -rce \\\n--arg date \"$(date +%s)\" \\\n--arg note \"${PFLT_NOTE}\" \\\n--arg result \"${PFLT_RESULT}\" \\\n--arg successes \"${PFLT_PASS_COUNT}\" \\\n--arg failures \"${PFLT_FAIL_COUNT}\" \\\n--arg warnings \"0\" \\\n--null-input \\\n'{  result: $result,\n    timestamp: $date,\n    note: $note,\n    successes: $successes|tonumber,\n    failures: $failures|tonumber,\n    warnings: $warnings|tonumber\n}')\necho -n \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-app-set-outcome/results/test-output\" /artifacts/konflux.results.json\n\n# Generate IMAGES_PROCESSED\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$PARAM_IMAGE_URL\"'\", \"digests\": [%s]}}'\ndeclare -a digests_processed=()\n\n# Extract processed image digests from \"/artifacts/$arch/cert-image.json\"\nwhile read -r cert_image_file; do\n  docker_image_digest=$(jq -r '.docker_image_digest' \"$cert_image_file\")\n  if [[ -n \"$docker_image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$docker_image_digest\\\" \"* ]]; then\n    digests_processed+=(\"\\\"$docker_image_digest\\\"\")\n  fi\ndone \u003c \u003c(find /artifacts -type f -name \"cert-image.json\")\n\nimage_digest=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\" | sha256sum | awk '{print \"sha256:\" $1}')\nif [[ -n \"$image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$image_digest\\\" \"* ]]; then\n  digests_processed+=(\"\\\"$image_digest\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\nfinal_output=\"${images_processed_template/\\[%s]/[$digests_processed_string]}\"\necho -n \"${final_output}\" \u003e \"/tekton/steps/step-app-set-outcome/results/images-processed\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "final-outcome",
                            "results": [
                                {
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\nset -o xtrace\n\nif [[ ! -f /mount/konflux.results.json ]]; then\n  printf \"Unable to populate the right test log output because the artifact's type is not recorded correctly. Please file a bug.\" | tee \"/tekton/steps/step-final-outcome/results/test-output\"\n  exit 91\nfi\n\ntee \"/tekton/steps/step-final-outcome/results/test-output\" \u003c /mount/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mount",
                                    "name": "pfltoutputdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "pfltoutputdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "auth"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/commit_sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "build.appstudio.redhat.com/pull_request_number": "22754",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-uhmncu",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-zsqq6",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba/records/57a86b76-5284-4db0-9b3f-b6ff2a5d38cc",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\",\"eventType\":\"pull_request\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/pr-group": "konflux-python-component-bcqjpf",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T15:59:43Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84578156722",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "f978258ecd7e18fd6c2ceb97d7bda13da4d7690d",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-zsqq6",
                    "tekton.dev/pipelineRunUID": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba",
                    "tekton.dev/pipelineTask": "ecosystem-cert-preflight-checks",
                    "tekton.dev/task": "ecosystem-cert-preflight-checks",
                    "test.appstudio.openshift.io/pr-group-sha": "81726fe29b87348cbc8f660cf53116b50bcbbe61162a408f1ab6e576aeaae4"
                },
                "name": "python-component-bcqjpf-on-pull7e635489373bb3d1558fd44f0f577cfb",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-zsqq6",
                        "uid": "cbbff017-0d5d-42a9-8d2b-99b8abf78dba"
                    }
                ],
                "resourceVersion": "21600",
                "uid": "57a86b76-5284-4db0-9b3f-b6ff2a5d38cc"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "ecosystem-cert-preflight-checks"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:01:37Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:01:37Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-fc60e386645fc1223414f19f9c5faf29-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        "entryPoint": "ecosystem-cert-preflight-checks",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks"
                    }
                },
                "results": [
                    {
                        "name": "ARTIFACT_TYPE",
                        "type": "string",
                        "value": "application"
                    },
                    {
                        "name": "ARTIFACT_TYPE_SET_BY",
                        "type": "string",
                        "value": "introspection"
                    },
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\", \"digests\": [\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\"]}}"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782921695\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T15:59:43Z",
                "steps": [
                    {
                        "container": "step-introspect",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "introspect",
                        "provenance": {},
                        "results": [
                            {
                                "name": "artifact-type",
                                "type": "string",
                                "value": "application"
                            },
                            {
                                "name": "artifact-type-set-by",
                                "type": "string",
                                "value": "introspection"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://ae0d867a0141fb8e49070f8f77d6ad095cd1636e3603dd8e951d491fd13faed7",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:16Z",
                            "message": "[{\"key\":\"artifact-type\",\"value\":\"application\",\"type\":4},{\"key\":\"artifact-type-set-by\",\"value\":\"introspection\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:14Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-generate-container-auth",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "generate-container-auth",
                        "provenance": {},
                        "results": [
                            {
                                "name": "auth-json-path",
                                "type": "string",
                                "value": "/auth/auth.json"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://dd3e6ba34cb348a7472ef72cd04640ee880281fbeac5f5d09a656ce9e341df92",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:17Z",
                            "message": "[{\"key\":\"auth-json-path\",\"value\":\"/auth/auth.json\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:17Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-set-skip-for-bundles",
                        "imageID": "quay.io/redhat-appstudio/konflux-test@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                        "name": "set-skip-for-bundles",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://ea4e9b7bbb052f0782514d76d52c017a321cf0c09de70a1d2f3409df417d76b7",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:00:18Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:18Z"
                        },
                        "terminationReason": "Skipped"
                    },
                    {
                        "container": "step-app-check",
                        "imageID": "quay.io/opdev/preflight@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                        "name": "app-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://6289d463f7eba20ce0c8cd69ec4e61009daf7fbc59c4db5d63e7364bb8864de0",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:01:35Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:00:18Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-app-set-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "app-set-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "images-processed",
                                "type": "string",
                                "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\", \"digests\": [\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\"]}}"
                            },
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782921695\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://8e15e7423716492c8ea8bcb0ac6a1eda226ca9cfba41c351be52cd47512758de",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:01:36Z",
                            "message": "[{\"key\":\"images-processed\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d\\\", \\\"digests\\\": [\\\"sha256:a07c0cc2f784f52fd5bedd7f001f420c4c6e7385e853a41c7cf0499351b4b605\\\"]}}\",\"type\":4},{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782921695\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:01:35Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-final-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "final-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782921695\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://5a0f4816bd33d8409a68d08f3750aaf6e5c425a82fdefe535ec406ed3131f74f",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:01:36Z",
                            "message": "[{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782921695\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:01:36Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for certification readiness. Note that running this against an operatorbundle will result in a skip, as bundle validation is not executed through this task.",
                    "params": [
                        {
                            "description": "Image url to scan.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "introspect",
                            "description": "The type of artifact. Select from application, operatorbundle, or introspect.",
                            "name": "artifact-type",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform the image is built on.",
                            "name": "platform",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Ecosystem checks pass or fail outcome.",
                            "name": "TEST_OUTPUT",
                            "type": "string",
                            "value": "$(steps.final-outcome.results.test-output)"
                        },
                        {
                            "description": "The artifact type, either introspected or set.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type)"
                        },
                        {
                            "description": "How the artifact type was set.",
                            "name": "ARTIFACT_TYPE_SET_BY",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type-set-by)"
                        },
                        {
                            "description": "Collected image digests",
                            "name": "IMAGES_PROCESSED",
                            "type": "string",
                            "value": "$(steps.app-set-outcome.results.images-processed)"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_ARTIFACT_TYPE",
                                    "value": "introspect"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "introspect",
                            "results": [
                                {
                                    "description": "The type of artifact this task is considering.",
                                    "name": "artifact-type"
                                },
                                {
                                    "description": "The process that sets the artifact type. Informational.\nValues from: introspection, parameter.\n",
                                    "name": "artifact-type-set-by"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n_SET_BY=parameter\n# If the parameter is invalid, we'll introspect\nif [[ \"${PARAM_ARTIFACT_TYPE}\" != \"application\" ]] \u0026\u0026 [[ \"${PARAM_ARTIFACT_TYPE}\" != \"operatorbundle\" ]]; then\n  echo \"Artifact type will be determined by introspection.\"\n  _SET_BY=introspection\nfi\nprintf \"%s\" \"${_SET_BY}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type-set-by\"\n\nif [[ \"${_SET_BY}\" == \"parameter\" ]]; then\n  # short circuit if the artifact type was set via parameter.\n  echo \"Skipping introspection because the artifact-type parameter is explicitly set to \\\"${PARAM_ARTIFACT_TYPE}\\\".\"\n  printf \"%s\" \"${PARAM_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\n  exit 0\nfi\n\n# If the image URL points to a manifest list (a multi-arch image), check the labels on any of the child\n# images (don't fail in the case where the list does not include an image for the arch of the system\n# where this pipeline is running).\n\ndeclare -a _SKOPEO_INSPECT_ARGS\n\nskopeo_retries=3\n\necho \"Checking the media type of the OCI artifact...\"\nif ! _RAW_IMAGE_MANIFEST=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\")\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n_IMAGE_MEDIA_TYPE=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.mediaType')\necho \"The media type of the OCI artifact is ${_IMAGE_MEDIA_TYPE}.\"\n\nif [[ \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.docker.distribution.manifest.list.v2+json\" || \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.oci.image.index.v1+json\" ]]; then\n  _CURRENT_ARCH=$(uname -m)\n  _CURRENT_OS=$(uname -s | tr '[:upper:]' '[:lower:]')\n\n  # The archs returned by uname are not always the same as the archs used by OCI manifests, so we need\n  # to map them.\n  case ${_CURRENT_ARCH} in\n    \"aarch64\")\n      _CURRENT_ARCH=\"arm64\"\n      ;;\n    \"x86_64\")\n      _CURRENT_ARCH=\"amd64\"\n      ;;\n    *)\n      ;;\n  esac\n\n  # If the manifest list contains an image for the current OS and architecture, prefer to test that.\n  _MATCHING_IMAGE_COUNT=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r \"[.manifests[] | select(.platform.os == \\\"${_CURRENT_OS}\\\" and .platform.architecture == \\\"${_CURRENT_ARCH}\\\")] | length\")\n  if [[ \"${_MATCHING_IMAGE_COUNT}\" -gt 0 ]]; then\n    echo \"Found an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}).\"\n  else\n    # If there is no image for the current OS and architecture, just use the first one in the list.\n    _INSPECT_OVERRIDE_IMAGE_OS=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.os')\n    _INSPECT_OVERRIDE_IMAGE_ARCH=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.architecture')\n    _SKOPEO_INSPECT_ARGS+=(\"--override-os=${_INSPECT_OVERRIDE_IMAGE_OS}\")\n    _SKOPEO_INSPECT_ARGS+=(\"--override-arch=${_INSPECT_OVERRIDE_IMAGE_ARCH}\")\n\n    echo \"Could not find an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}), inspecting the image for ${_INSPECT_OVERRIDE_IMAGE_OS}/${_INSPECT_OVERRIDE_IMAGE_ARCH} instead.\"\n  fi\nfi\n\n# Introspect based on minimum count of operator-framework related bundle labels.\necho \"Looking for image labels that indicate this might be an operator bundle...\"\n\n# We purposely do not quote the array elements here, so that they are expanded by the shell as separate args.\n# shellcheck disable=SC2068\nif ! retry skopeo inspect --retry-times \"$skopeo_retries\" ${_SKOPEO_INSPECT_ARGS[@]} \"docker://${PARAM_IMAGE_URL}\" \\\n  | jq '.Labels | keys | .[]' -r \\\n  | { grep operators.operatorframework.io.bundle || true ;} \\\n  | tee /tmp/ecosystem-image-labels\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n\n_OPFW_LABEL_COUNT=$(grep -c operators.operatorframework.io.bundle /tmp/ecosystem-image-labels || true)\n_MIN_LABELS=3\n\necho \"Found ${_OPFW_LABEL_COUNT} matching labels.\"\necho \"Expecting ${_MIN_LABELS} or more to identify this image as an operator bundle.\"\n\n# If the image has several labels, assume it is an operator\n_ARTIFACT_TYPE=application\n(( _OPFW_LABEL_COUNT \u003e= _MIN_LABELS )) \u0026\u0026 _ARTIFACT_TYPE=operatorbundle\n\nprintf \"%s\" \"${_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\necho \"Introspection concludes that this artifact is of type \\\"${_ARTIFACT_TYPE}\\\".\"\n"
                        },
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "generate-container-auth",
                            "results": [
                                {
                                    "description": "Path to auth.json",
                                    "name": "auth-json-path"
                                }
                            ],
                            "script": "_AUTH_JSON_PATH=\"/auth/auth.json\"\necho \"Selecting auth for $PARAM_IMAGE_URL\"\n# `select-oci-auth` here assumes the input credentials are at path ~/.docker/config.json\nselect-oci-auth \"$PARAM_IMAGE_URL\" \u003e \"${_AUTH_JSON_PATH}\"\n\nprintf \"%s\" \"${_AUTH_JSON_PATH}\" \u003e \"/tekton/steps/step-generate-container-auth/results/auth-json-path\"\necho \"Auth json written to \\\"${_AUTH_JSON_PATH}\\\".\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/auth",
                                    "name": "auth"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/redhat-appstudio/konflux-test:v1.4.31@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                            "name": "set-skip-for-bundles",
                            "results": [
                                {
                                    "description": "A skipped tekton result for bundles.",
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nNOTE=\"This ecosystem check is not executed for operatorbundles.\"\n\n# shellcheck source=/dev/null\n. /utils.sh # gives us the make_result_json helper used below.\n\n# Generate TEST_OUTPUT\n# We're skipping the test, but don't use status \"SKIPPED\" because\n# it produces unwanted Conforma violations\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"${NOTE}\")\n\nprintf \"%s\" \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-set-skip-for-bundles/results/test-output\" /bundle/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/bundle",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "operatorbundle"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PFLT_DOCKERCONFIG",
                                    "value": "$(steps.generate-container-auth.results.auth-json-path)"
                                },
                                {
                                    "name": "PFLT_KONFLUX",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                },
                                {
                                    "name": "PARAM_PLATFORM"
                                }
                            ],
                            "image": "quay.io/opdev/preflight:stable@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                            "name": "app-check",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nimage_url=\"${PARAM_IMAGE_URL}\"\nplatform=\"${PARAM_PLATFORM}\"\n\nif [ -n \"$platform\" ]; then\n  # Extract part after slash if present\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n\n  # Validate against supported arch list. If it's not a known arch, return an error result\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  /usr/local/bin/preflight check container \"$image_url\" --platform \"$arch\"\nelse\n  /usr/local/bin/preflight check container \"$image_url\"\nfi\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                },
                                {
                                    "mountPath": "/auth",
                                    "name": "auth",
                                    "readOnly": true
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-f978258ecd7e18fd6c2ceb97d7bda13da4d7690d"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "app-set-outcome",
                            "results": [
                                {
                                    "description": "The overall outcome of this task.",
                                    "name": "test-output"
                                },
                                {
                                    "description": "Processed image digests.",
                                    "name": "images-processed"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n# Declare Supported architectures\ndeclare -a SUPPORTED_ARCHES=(amd64 arm64 ppc64le s390x)\n\nskopeo_retries=3\n\n# Initialize result vars\nPFLT_PASS_COUNT=0\nPFLT_FAIL_COUNT=0\nPFLT_ERROR_COUNT=0\nPFLT_RESULT=\"SUCCESS\"\n\n# Loop over SUPPORTED_ARCHES and process results\nfor ARCH in \"${SUPPORTED_ARCHES[@]}\"\ndo\n    # Check if results directory exits\n    RESULT_JSON_PATH=/artifacts/${ARCH}/results.json\n    if ! [ -f \"${RESULT_JSON_PATH}\" ]; then\n        continue\n    fi\n    # Process results\n    if jq -e '.passed == false' \"${RESULT_JSON_PATH}\" \u003e /dev/null; then PFLT_RESULT=\"FAILURE\"; fi\n    PFLT_PASS_COUNT=$((PFLT_PASS_COUNT+$(jq -r '.results.passed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_FAIL_COUNT=$((PFLT_FAIL_COUNT+$(jq -r '.results.failed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_ERROR_COUNT=$((PFLT_ERROR_COUNT+$(jq -r '.results.errors | length' \"${RESULT_JSON_PATH}\")))\ndone\n\n# Mark as ERROR if no results were recorded, which can occur when an unsupported or malformed\n# architecture is parsed from the `platform` parameter.\nif [[ $PFLT_FAIL_COUNT -eq 0 ]] \u0026\u0026 [[ $PFLT_PASS_COUNT -eq 0 ]] ; then PFLT_RESULT=\"ERROR\" ; fi\n\nif [[ $PFLT_ERROR_COUNT -gt 0 ]]; then PFLT_RESULT=\"ERROR\" ; fi\nPFLT_NOTE=\"Task preflight is a ${PFLT_RESULT}: Refer to Tekton task logs for more information\"\n\n# Generate TEST_OUTPUT\nTEST_OUTPUT=$(jq -rce \\\n--arg date \"$(date +%s)\" \\\n--arg note \"${PFLT_NOTE}\" \\\n--arg result \"${PFLT_RESULT}\" \\\n--arg successes \"${PFLT_PASS_COUNT}\" \\\n--arg failures \"${PFLT_FAIL_COUNT}\" \\\n--arg warnings \"0\" \\\n--null-input \\\n'{  result: $result,\n    timestamp: $date,\n    note: $note,\n    successes: $successes|tonumber,\n    failures: $failures|tonumber,\n    warnings: $warnings|tonumber\n}')\necho -n \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-app-set-outcome/results/test-output\" /artifacts/konflux.results.json\n\n# Generate IMAGES_PROCESSED\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$PARAM_IMAGE_URL\"'\", \"digests\": [%s]}}'\ndeclare -a digests_processed=()\n\n# Extract processed image digests from \"/artifacts/$arch/cert-image.json\"\nwhile read -r cert_image_file; do\n  docker_image_digest=$(jq -r '.docker_image_digest' \"$cert_image_file\")\n  if [[ -n \"$docker_image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$docker_image_digest\\\" \"* ]]; then\n    digests_processed+=(\"\\\"$docker_image_digest\\\"\")\n  fi\ndone \u003c \u003c(find /artifacts -type f -name \"cert-image.json\")\n\nimage_digest=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\" | sha256sum | awk '{print \"sha256:\" $1}')\nif [[ -n \"$image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$image_digest\\\" \"* ]]; then\n  digests_processed+=(\"\\\"$image_digest\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\nfinal_output=\"${images_processed_template/\\[%s]/[$digests_processed_string]}\"\necho -n \"${final_output}\" \u003e \"/tekton/steps/step-app-set-outcome/results/images-processed\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "final-outcome",
                            "results": [
                                {
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\nset -o xtrace\n\nif [[ ! -f /mount/konflux.results.json ]]; then\n  printf \"Unable to populate the right test log output because the artifact's type is not recorded correctly. Please file a bug.\" | tee \"/tekton/steps/step-final-outcome/results/test-output\"\n  exit 91\nfi\n\ntee \"/tekton/steps/step-final-outcome/results/test-output\" \u003c /mount/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mount",
                                    "name": "pfltoutputdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "pfltoutputdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "auth"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/commit_sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "build.appstudio.redhat.com/pull_request_number": "22756",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-ckslpa",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-pull-request-29jvp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-pull-request.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/sha-title": "e2e test commit message",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/source-branch": "pr-branch-4nijvl",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed/records/7738b72b-b9f7-4f45-835d-4db1cb62cd79",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\",\"eventType\":\"pull_request\",\"pull_request-id\":22756}",
                    "results.tekton.dev/result": "group-7d3v/results/fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "a new build PLR konflux-test-integration-clone-ssamjs-on-pull-request-kpwlp is running for component konflux-test-integration-clone-ssamjs, waiting for it to create a new group Snapshot for PR group pr-branch-4nijvl",
                    "test.appstudio.openshift.io/pr-group": "pr-branch-4nijvl",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:12:46Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84580901303",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "22756",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-pull-request-29jvp",
                    "tekton.dev/pipelineRunUID": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed",
                    "tekton.dev/pipelineTask": "ecosystem-cert-preflight-checks",
                    "tekton.dev/task": "ecosystem-cert-preflight-checks",
                    "test.appstudio.openshift.io/pr-group-sha": "015067408ee38c7f03be03aefbd853e3b9950225ad35ee9105e4e24d665f5f"
                },
                "name": "python-component-bcqjpf-on-pullcfe83c37b5ce31f51a872b7c85829f2c",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-pull-request-29jvp",
                        "uid": "fd4ad25d-aef3-4f2b-9505-af7a7deb5eed"
                    }
                ],
                "resourceVersion": "34621",
                "uid": "7738b72b-b9f7-4f45-835d-4db1cb62cd79"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "ecosystem-cert-preflight-checks"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:14:38Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:14:38Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-ee065f9a3bedbe2da393db0829fa50e1-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        "entryPoint": "ecosystem-cert-preflight-checks",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks"
                    }
                },
                "results": [
                    {
                        "name": "ARTIFACT_TYPE",
                        "type": "string",
                        "value": "application"
                    },
                    {
                        "name": "ARTIFACT_TYPE_SET_BY",
                        "type": "string",
                        "value": "introspection"
                    },
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\", \"digests\": [\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\"]}}"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922476\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T16:12:47Z",
                "steps": [
                    {
                        "container": "step-introspect",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "introspect",
                        "provenance": {},
                        "results": [
                            {
                                "name": "artifact-type",
                                "type": "string",
                                "value": "application"
                            },
                            {
                                "name": "artifact-type-set-by",
                                "type": "string",
                                "value": "introspection"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://79f9699c58abb14687943b2e393048977525e63572261d0c9f0535d3ad490cce",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:13:21Z",
                            "message": "[{\"key\":\"artifact-type\",\"value\":\"application\",\"type\":4},{\"key\":\"artifact-type-set-by\",\"value\":\"introspection\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:13:20Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-generate-container-auth",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "generate-container-auth",
                        "provenance": {},
                        "results": [
                            {
                                "name": "auth-json-path",
                                "type": "string",
                                "value": "/auth/auth.json"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://8c7638dddff9c6e9a6b9e0e3709b90eb17ffebada85371c63dbc9a8dd7132aea",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:13:22Z",
                            "message": "[{\"key\":\"auth-json-path\",\"value\":\"/auth/auth.json\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:13:22Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-set-skip-for-bundles",
                        "imageID": "quay.io/redhat-appstudio/konflux-test@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                        "name": "set-skip-for-bundles",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://2561d0d072e08cef16e45f97f9fe20e1d8567e566f344617a7d41a8e712f2493",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:13:22Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:13:22Z"
                        },
                        "terminationReason": "Skipped"
                    },
                    {
                        "container": "step-app-check",
                        "imageID": "quay.io/opdev/preflight@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                        "name": "app-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://7b883c1328477f3d000cdd6db08ddfef730daf72a195b772d856fc590d165020",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:36Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:13:22Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-app-set-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "app-set-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "images-processed",
                                "type": "string",
                                "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\", \"digests\": [\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\"]}}"
                            },
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922476\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://08870bf5a93226be78603b237c4aba3f8641053a1b984d7e867f59a28ec4708a",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:37Z",
                            "message": "[{\"key\":\"images-processed\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa\\\", \\\"digests\\\": [\\\"sha256:b1373419c9640c1b9f772c21fe0de7fe92b836fe3883efa0fe2dc54ca62427a5\\\"]}}\",\"type\":4},{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782922476\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:14:36Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-final-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "final-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922476\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://f258c37c1337354c5fd3368699b96708dd2d7a34af0428101360829179d1c55b",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:14:38Z",
                            "message": "[{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782922476\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:14:38Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for certification readiness. Note that running this against an operatorbundle will result in a skip, as bundle validation is not executed through this task.",
                    "params": [
                        {
                            "description": "Image url to scan.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "introspect",
                            "description": "The type of artifact. Select from application, operatorbundle, or introspect.",
                            "name": "artifact-type",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform the image is built on.",
                            "name": "platform",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Ecosystem checks pass or fail outcome.",
                            "name": "TEST_OUTPUT",
                            "type": "string",
                            "value": "$(steps.final-outcome.results.test-output)"
                        },
                        {
                            "description": "The artifact type, either introspected or set.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type)"
                        },
                        {
                            "description": "How the artifact type was set.",
                            "name": "ARTIFACT_TYPE_SET_BY",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type-set-by)"
                        },
                        {
                            "description": "Collected image digests",
                            "name": "IMAGES_PROCESSED",
                            "type": "string",
                            "value": "$(steps.app-set-outcome.results.images-processed)"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_ARTIFACT_TYPE",
                                    "value": "introspect"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "introspect",
                            "results": [
                                {
                                    "description": "The type of artifact this task is considering.",
                                    "name": "artifact-type"
                                },
                                {
                                    "description": "The process that sets the artifact type. Informational.\nValues from: introspection, parameter.\n",
                                    "name": "artifact-type-set-by"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n_SET_BY=parameter\n# If the parameter is invalid, we'll introspect\nif [[ \"${PARAM_ARTIFACT_TYPE}\" != \"application\" ]] \u0026\u0026 [[ \"${PARAM_ARTIFACT_TYPE}\" != \"operatorbundle\" ]]; then\n  echo \"Artifact type will be determined by introspection.\"\n  _SET_BY=introspection\nfi\nprintf \"%s\" \"${_SET_BY}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type-set-by\"\n\nif [[ \"${_SET_BY}\" == \"parameter\" ]]; then\n  # short circuit if the artifact type was set via parameter.\n  echo \"Skipping introspection because the artifact-type parameter is explicitly set to \\\"${PARAM_ARTIFACT_TYPE}\\\".\"\n  printf \"%s\" \"${PARAM_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\n  exit 0\nfi\n\n# If the image URL points to a manifest list (a multi-arch image), check the labels on any of the child\n# images (don't fail in the case where the list does not include an image for the arch of the system\n# where this pipeline is running).\n\ndeclare -a _SKOPEO_INSPECT_ARGS\n\nskopeo_retries=3\n\necho \"Checking the media type of the OCI artifact...\"\nif ! _RAW_IMAGE_MANIFEST=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\")\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n_IMAGE_MEDIA_TYPE=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.mediaType')\necho \"The media type of the OCI artifact is ${_IMAGE_MEDIA_TYPE}.\"\n\nif [[ \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.docker.distribution.manifest.list.v2+json\" || \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.oci.image.index.v1+json\" ]]; then\n  _CURRENT_ARCH=$(uname -m)\n  _CURRENT_OS=$(uname -s | tr '[:upper:]' '[:lower:]')\n\n  # The archs returned by uname are not always the same as the archs used by OCI manifests, so we need\n  # to map them.\n  case ${_CURRENT_ARCH} in\n    \"aarch64\")\n      _CURRENT_ARCH=\"arm64\"\n      ;;\n    \"x86_64\")\n      _CURRENT_ARCH=\"amd64\"\n      ;;\n    *)\n      ;;\n  esac\n\n  # If the manifest list contains an image for the current OS and architecture, prefer to test that.\n  _MATCHING_IMAGE_COUNT=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r \"[.manifests[] | select(.platform.os == \\\"${_CURRENT_OS}\\\" and .platform.architecture == \\\"${_CURRENT_ARCH}\\\")] | length\")\n  if [[ \"${_MATCHING_IMAGE_COUNT}\" -gt 0 ]]; then\n    echo \"Found an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}).\"\n  else\n    # If there is no image for the current OS and architecture, just use the first one in the list.\n    _INSPECT_OVERRIDE_IMAGE_OS=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.os')\n    _INSPECT_OVERRIDE_IMAGE_ARCH=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.architecture')\n    _SKOPEO_INSPECT_ARGS+=(\"--override-os=${_INSPECT_OVERRIDE_IMAGE_OS}\")\n    _SKOPEO_INSPECT_ARGS+=(\"--override-arch=${_INSPECT_OVERRIDE_IMAGE_ARCH}\")\n\n    echo \"Could not find an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}), inspecting the image for ${_INSPECT_OVERRIDE_IMAGE_OS}/${_INSPECT_OVERRIDE_IMAGE_ARCH} instead.\"\n  fi\nfi\n\n# Introspect based on minimum count of operator-framework related bundle labels.\necho \"Looking for image labels that indicate this might be an operator bundle...\"\n\n# We purposely do not quote the array elements here, so that they are expanded by the shell as separate args.\n# shellcheck disable=SC2068\nif ! retry skopeo inspect --retry-times \"$skopeo_retries\" ${_SKOPEO_INSPECT_ARGS[@]} \"docker://${PARAM_IMAGE_URL}\" \\\n  | jq '.Labels | keys | .[]' -r \\\n  | { grep operators.operatorframework.io.bundle || true ;} \\\n  | tee /tmp/ecosystem-image-labels\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n\n_OPFW_LABEL_COUNT=$(grep -c operators.operatorframework.io.bundle /tmp/ecosystem-image-labels || true)\n_MIN_LABELS=3\n\necho \"Found ${_OPFW_LABEL_COUNT} matching labels.\"\necho \"Expecting ${_MIN_LABELS} or more to identify this image as an operator bundle.\"\n\n# If the image has several labels, assume it is an operator\n_ARTIFACT_TYPE=application\n(( _OPFW_LABEL_COUNT \u003e= _MIN_LABELS )) \u0026\u0026 _ARTIFACT_TYPE=operatorbundle\n\nprintf \"%s\" \"${_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\necho \"Introspection concludes that this artifact is of type \\\"${_ARTIFACT_TYPE}\\\".\"\n"
                        },
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "generate-container-auth",
                            "results": [
                                {
                                    "description": "Path to auth.json",
                                    "name": "auth-json-path"
                                }
                            ],
                            "script": "_AUTH_JSON_PATH=\"/auth/auth.json\"\necho \"Selecting auth for $PARAM_IMAGE_URL\"\n# `select-oci-auth` here assumes the input credentials are at path ~/.docker/config.json\nselect-oci-auth \"$PARAM_IMAGE_URL\" \u003e \"${_AUTH_JSON_PATH}\"\n\nprintf \"%s\" \"${_AUTH_JSON_PATH}\" \u003e \"/tekton/steps/step-generate-container-auth/results/auth-json-path\"\necho \"Auth json written to \\\"${_AUTH_JSON_PATH}\\\".\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/auth",
                                    "name": "auth"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/redhat-appstudio/konflux-test:v1.4.31@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                            "name": "set-skip-for-bundles",
                            "results": [
                                {
                                    "description": "A skipped tekton result for bundles.",
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nNOTE=\"This ecosystem check is not executed for operatorbundles.\"\n\n# shellcheck source=/dev/null\n. /utils.sh # gives us the make_result_json helper used below.\n\n# Generate TEST_OUTPUT\n# We're skipping the test, but don't use status \"SKIPPED\" because\n# it produces unwanted Conforma violations\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"${NOTE}\")\n\nprintf \"%s\" \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-set-skip-for-bundles/results/test-output\" /bundle/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/bundle",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "operatorbundle"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PFLT_DOCKERCONFIG",
                                    "value": "$(steps.generate-container-auth.results.auth-json-path)"
                                },
                                {
                                    "name": "PFLT_KONFLUX",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                },
                                {
                                    "name": "PARAM_PLATFORM"
                                }
                            ],
                            "image": "quay.io/opdev/preflight:stable@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                            "name": "app-check",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nimage_url=\"${PARAM_IMAGE_URL}\"\nplatform=\"${PARAM_PLATFORM}\"\n\nif [ -n \"$platform\" ]; then\n  # Extract part after slash if present\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n\n  # Validate against supported arch list. If it's not a known arch, return an error result\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  /usr/local/bin/preflight check container \"$image_url\" --platform \"$arch\"\nelse\n  /usr/local/bin/preflight check container \"$image_url\"\nfi\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                },
                                {
                                    "mountPath": "/auth",
                                    "name": "auth",
                                    "readOnly": true
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:on-pr-ace9d7f8acbb28d2ecceef54e7bfbd35e9d541aa"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "app-set-outcome",
                            "results": [
                                {
                                    "description": "The overall outcome of this task.",
                                    "name": "test-output"
                                },
                                {
                                    "description": "Processed image digests.",
                                    "name": "images-processed"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n# Declare Supported architectures\ndeclare -a SUPPORTED_ARCHES=(amd64 arm64 ppc64le s390x)\n\nskopeo_retries=3\n\n# Initialize result vars\nPFLT_PASS_COUNT=0\nPFLT_FAIL_COUNT=0\nPFLT_ERROR_COUNT=0\nPFLT_RESULT=\"SUCCESS\"\n\n# Loop over SUPPORTED_ARCHES and process results\nfor ARCH in \"${SUPPORTED_ARCHES[@]}\"\ndo\n    # Check if results directory exits\n    RESULT_JSON_PATH=/artifacts/${ARCH}/results.json\n    if ! [ -f \"${RESULT_JSON_PATH}\" ]; then\n        continue\n    fi\n    # Process results\n    if jq -e '.passed == false' \"${RESULT_JSON_PATH}\" \u003e /dev/null; then PFLT_RESULT=\"FAILURE\"; fi\n    PFLT_PASS_COUNT=$((PFLT_PASS_COUNT+$(jq -r '.results.passed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_FAIL_COUNT=$((PFLT_FAIL_COUNT+$(jq -r '.results.failed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_ERROR_COUNT=$((PFLT_ERROR_COUNT+$(jq -r '.results.errors | length' \"${RESULT_JSON_PATH}\")))\ndone\n\n# Mark as ERROR if no results were recorded, which can occur when an unsupported or malformed\n# architecture is parsed from the `platform` parameter.\nif [[ $PFLT_FAIL_COUNT -eq 0 ]] \u0026\u0026 [[ $PFLT_PASS_COUNT -eq 0 ]] ; then PFLT_RESULT=\"ERROR\" ; fi\n\nif [[ $PFLT_ERROR_COUNT -gt 0 ]]; then PFLT_RESULT=\"ERROR\" ; fi\nPFLT_NOTE=\"Task preflight is a ${PFLT_RESULT}: Refer to Tekton task logs for more information\"\n\n# Generate TEST_OUTPUT\nTEST_OUTPUT=$(jq -rce \\\n--arg date \"$(date +%s)\" \\\n--arg note \"${PFLT_NOTE}\" \\\n--arg result \"${PFLT_RESULT}\" \\\n--arg successes \"${PFLT_PASS_COUNT}\" \\\n--arg failures \"${PFLT_FAIL_COUNT}\" \\\n--arg warnings \"0\" \\\n--null-input \\\n'{  result: $result,\n    timestamp: $date,\n    note: $note,\n    successes: $successes|tonumber,\n    failures: $failures|tonumber,\n    warnings: $warnings|tonumber\n}')\necho -n \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-app-set-outcome/results/test-output\" /artifacts/konflux.results.json\n\n# Generate IMAGES_PROCESSED\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$PARAM_IMAGE_URL\"'\", \"digests\": [%s]}}'\ndeclare -a digests_processed=()\n\n# Extract processed image digests from \"/artifacts/$arch/cert-image.json\"\nwhile read -r cert_image_file; do\n  docker_image_digest=$(jq -r '.docker_image_digest' \"$cert_image_file\")\n  if [[ -n \"$docker_image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$docker_image_digest\\\" \"* ]]; then\n    digests_processed+=(\"\\\"$docker_image_digest\\\"\")\n  fi\ndone \u003c \u003c(find /artifacts -type f -name \"cert-image.json\")\n\nimage_digest=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\" | sha256sum | awk '{print \"sha256:\" $1}')\nif [[ -n \"$image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$image_digest\\\" \"* ]]; then\n  digests_processed+=(\"\\\"$image_digest\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\nfinal_output=\"${images_processed_template/\\[%s]/[$digests_processed_string]}\"\necho -n \"${final_output}\" \u003e \"/tekton/steps/step-app-set-outcome/results/images-processed\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "final-outcome",
                            "results": [
                                {
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\nset -o xtrace\n\nif [[ ! -f /mount/konflux.results.json ]]; then\n  printf \"Unable to populate the right test log output because the artifact's type is not recorded correctly. Please file a bug.\" | tee \"/tekton/steps/step-final-outcome/results/test-output\"\n  exit 91\nfi\n\ntee \"/tekton/steps/step-final-outcome/results/test-output\" \u003c /mount/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mount",
                                    "name": "pfltoutputdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "pfltoutputdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "auth"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/358cb533-4386-4244-9150-51c2afd6509d",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:06:38Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "apply-tags",
                    "tekton.dev/task": "apply-tags"
                },
                "name": "python-component-bcqjpf-on-push-msgrp-apply-tags",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "26796",
                "uid": "358cb533-4386-4244-9150-51c2afd6509d"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "apply-tags"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:56Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:56Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-push-msgrp-apply-tags-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        "entryPoint": "apply-tags",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-apply-tags"
                    }
                },
                "startTime": "2026-07-01T16:06:41Z",
                "steps": [
                    {
                        "container": "step-apply-additional-tags",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                        "name": "apply-additional-tags",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://9b85ee17e71d6018a2c1dfb1627ebf94cdec627aebf05611650c6965e763361a",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:55Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:54Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Applies additional tags to the built image.",
                    "params": [
                        {
                            "description": "Image repository and tag reference of the the built image.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest of the built image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional tags that will be applied to the image in the registry.",
                            "name": "ADDITIONAL_TAGS",
                            "type": "array"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                                "--digest",
                                "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb",
                                "--tags",
                                "--tags-from-image-label",
                                "konflux.additional-tags"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "apply-tags"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                            "name": "apply-additional-tags"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-2710f06599",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/8fc5ada2-89c5-4745-8f60-fae5dbd00c46",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:03:13Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "build-container",
                    "tekton.dev/task": "buildah"
                },
                "name": "python-component-bcqjpf-on-push-msgrp-build-container",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "26012",
                "uid": "8fc5ada2-89c5-4745-8f60-fae5dbd00c46"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    },
                    {
                        "name": "DOCKERFILE",
                        "value": "docker/Dockerfile"
                    },
                    {
                        "name": "CONTEXT",
                        "value": "python-component"
                    },
                    {
                        "name": "HERMETIC",
                        "value": "false"
                    },
                    {
                        "name": "PREFETCH_INPUT",
                        "value": ""
                    },
                    {
                        "name": "IMAGE_EXPIRES_AFTER",
                        "value": ""
                    },
                    {
                        "name": "COMMIT_SHA",
                        "value": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    },
                    {
                        "name": "BUILD_ARGS",
                        "value": []
                    },
                    {
                        "name": "BUILD_ARGS_FILE",
                        "value": ""
                    },
                    {
                        "name": "PRIVILEGED_NESTED",
                        "value": "false"
                    },
                    {
                        "name": "SOURCE_URL",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    },
                    {
                        "name": "BUILDAH_FORMAT",
                        "value": "docker"
                    },
                    {
                        "name": "HTTP_PROXY",
                        "value": ""
                    },
                    {
                        "name": "NO_PROXY",
                        "value": ""
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "buildah"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-buildah:0.9@sha256:b68244eb0d68eff71861384ae73f5e93b11fd3da77a0381f14fb52604310d8c5"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "source",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-978606f553"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:19Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:19Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-push-msgrp-build-container-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "b68244eb0d68eff71861384ae73f5e93b11fd3da77a0381f14fb52604310d8c5"
                        },
                        "entryPoint": "buildah",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-buildah"
                    }
                },
                "results": [
                    {
                        "name": "IMAGE_DIGEST",
                        "type": "string",
                        "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                    },
                    {
                        "name": "IMAGE_REF",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3@sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                    },
                    {
                        "name": "IMAGE_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    },
                    {
                        "name": "SBOM_BLOB_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:5f3f367f2113a789ab219c97fec79bbd07e160c9d04598714b424671bb82d4ab"
                    }
                ],
                "startTime": "2026-07-01T16:03:13Z",
                "steps": [
                    {
                        "container": "step-build",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "build",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://6e9c2570c4a8cea507be4712c7637a0df28109685b35a13ee110f0279b41b44e",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:03:46Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:03:20Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-push",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "push",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://bca4026b50d6a7dc18f34844d837c954a8f68e7eab618a0997e8b3ab4d81a6d9",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:04:34Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3@sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:03:46Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-sbom-syft-generate",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "sbom-syft-generate",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://5804bd67bd75f8fa7502b3cb3166a73f74d2166da65ad829dab98e2f0f3bfe06",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:05:05Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3@sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:04:34Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-prepare-sboms",
                        "imageID": "quay.io/konflux-ci/mobster@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                        "name": "prepare-sboms",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://8a13d00f0181fd3ed1ab349e913bf2fc5d10008413c74bc5a6f50af4676612dc",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:05:37Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3@sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:05:06Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload-sbom",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "upload-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://8b9af99e1d24ad78e684135a1942188e9301d0432b51c4f114d60e2bbb9ee6b3",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:18Z",
                            "message": "[{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3@sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"type\":1},{\"key\":\"SBOM_BLOB_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:5f3f367f2113a789ab219c97fec79bbd07e160c9d04598714b424671bb82d4ab\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:05:38Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Buildah task builds source code into a container image and pushes the image into container registry using buildah tool.\nIn addition, it generates a SBOM file, injects the SBOM file into final container image and pushes the SBOM file as separate image using cosign tool.\nWhen prefetch-dependencies task is activated it is using its artifacts to run build in hermetic environment.",
                    "params": [
                        {
                            "description": "Reference of the image buildah will produce.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "default": "./Dockerfile",
                            "description": "Path to the Dockerfile to build.",
                            "name": "DOCKERFILE",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Path to the directory to use as context.",
                            "name": "CONTEXT",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)",
                            "name": "TLSVERIFY",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Determines if build will be executed without network access.",
                            "name": "HERMETIC",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "In case it is not empty, the prefetched content should be made available to the build.",
                            "name": "PREFETCH_INPUT",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Delete image tag after specified time. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.",
                            "name": "IMAGE_EXPIRES_AFTER",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The image is built from this commit.",
                            "name": "COMMIT_SHA",
                            "type": "string"
                        },
                        {
                            "default": "repos.d",
                            "description": "Path in the git repository in which yum repository files are stored",
                            "name": "YUM_REPOS_D_SRC",
                            "type": "string"
                        },
                        {
                            "default": "fetched.repos.d",
                            "description": "Path in source workspace where dynamically-fetched repos are present",
                            "name": "YUM_REPOS_D_FETCHED",
                            "type": "string"
                        },
                        {
                            "default": "/etc/yum.repos.d",
                            "description": "Target path on the container in which yum repository files should be made available",
                            "name": "YUM_REPOS_D_TARGET",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Target stage in Dockerfile to build. If not specified, the Dockerfile is processed entirely to (and including) its last stage.",
                            "name": "TARGET_STAGE",
                            "type": "string"
                        },
                        {
                            "default": "etc-pki-entitlement",
                            "description": "Name of secret which contains the entitlement certificates",
                            "name": "ENTITLEMENT_SECRET",
                            "type": "string"
                        },
                        {
                            "default": "activation-key",
                            "description": "Name of secret which contains subscription activation key",
                            "name": "ACTIVATION_KEY",
                            "type": "string"
                        },
                        {
                            "default": "does-not-exist",
                            "description": "Name of a secret which will be made available to the build with 'buildah build --secret' at /run/secrets/$ADDITIONAL_SECRET",
                            "name": "ADDITIONAL_SECRET",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Array of --build-arg values (\"arg=value\" strings)",
                            "name": "BUILD_ARGS",
                            "type": "array"
                        },
                        {
                            "default": [],
                            "description": "Array of --env values (\"env=value\" strings)",
                            "name": "ENV_VARS",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Path to a file with build arguments, see https://www.mankier.com/1/buildah-build#--build-arg-file",
                            "name": "BUILD_ARGS_FILE",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to keep compatibility location at /root/buildinfo/ for ICM injection",
                            "name": "ICM_KEEP_COMPAT_LOCATION",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma separated list of extra capabilities to add when running 'buildah build'",
                            "name": "ADD_CAPABILITIES",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Squash all new and previous layers added as a part of this build, as per --squash",
                            "name": "SQUASH",
                            "type": "string"
                        },
                        {
                            "default": "overlay",
                            "description": "Storage driver to configure for buildah",
                            "name": "STORAGE_DRIVER",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to skip stages in Containerfile that seem unused by subsequent stages",
                            "name": "SKIP_UNUSED_STAGES",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional key=value labels that should be applied to the image",
                            "name": "LABELS",
                            "type": "array"
                        },
                        {
                            "default": [],
                            "description": "Additional key=value annotations that should be applied to the image",
                            "name": "ANNOTATIONS",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Path to a file with additional key=value annotations that should be applied to the image",
                            "name": "ANNOTATIONS_FILE",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to enable privileged mode, should be used only with remote VMs",
                            "name": "PRIVILEGED_NESTED",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Skip SBOM-related operations. This will likely cause EC policies to fail if enabled",
                            "name": "SKIP_SBOM_GENERATION",
                            "type": "string"
                        },
                        {
                            "default": "spdx",
                            "description": "Select the SBOM format to generate. Valid values: spdx, cyclonedx. Note: the SBOM from the prefetch task - if there is one - must be in the same format.",
                            "name": "SBOM_TYPE",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Extra option to customize Syft's default catalogers when generating SBOMs. The value corresponds to Syft's CLI flag --select-catalogers. The details about available catalogers can be found here: https://github.com/anchore/syft/wiki/Package-Cataloger-Selection",
                            "name": "SBOM_SYFT_SELECT_CATALOGERS",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Flag to enable or disable SBOM generation from source code. The scanner of the source code is enabled only for non-hermetic builds and can be disabled if the SBOM_SYFT_SELECT_CATALOGERS can't turn off catalogers that cause false positives on source code scanning.",
                            "name": "SBOM_SOURCE_SCAN_ENABLED",
                            "type": "string"
                        },
                        {
                            "default": "oci",
                            "description": "The format for the resulting image's mediaType. Valid values are oci (default) or docker.",
                            "name": "BUILDAH_FORMAT",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional base image references to include to the SBOM. Array of image_reference_with_digest strings",
                            "name": "ADDITIONAL_BASE_IMAGES",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Mount the current working directory into the build using --volume $PWD:/$WORKINGDIR_MOUNT. Note that the $PWD will be the context directory for the build (see the CONTEXT param).",
                            "name": "WORKINGDIR_MOUNT",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Determines if the image inherits the base image labels.",
                            "name": "INHERIT_BASE_IMAGE_LABELS",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTP/HTTPS proxy to use for the buildah pull and build operations. Will not be passed through to the container during the build process.",
                            "name": "HTTP_PROXY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma separated list of hosts or domains which should bypass the HTTP/HTTPS proxy.",
                            "name": "NO_PROXY",
                            "type": "string"
                        },
                        {
                            "default": "caching-ca-bundle",
                            "description": "The name of the ConfigMap to read proxy CA bundle data from.",
                            "name": "PROXY_CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the proxy CA bundle data.",
                            "name": "PROXY_CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Defines the single build time for all buildah builds in seconds since UNIX epoch. Conflicts with SOURCE_DATE_EPOCH.",
                            "name": "BUILD_TIMESTAMP",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The image is built from this URL.",
                            "name": "SOURCE_URL",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Determines if SBOM will be contextualized.",
                            "name": "CONTEXTUALIZE_SBOM",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Flag to enable or disable SBOM validation before save. Validation is optional - use this if you are experiencing performance issues.",
                            "name": "SBOM_SKIP_VALIDATION",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Omit build history information from the resulting image. Improves reproducibility by excluding timestamps and layer metadata.",
                            "name": "OMIT_HISTORY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Timestamp in seconds since Unix epoch for reproducible builds. Sets image created time and SOURCE_DATE_EPOCH build arg. Conflicts with BUILD_TIMESTAMP.",
                            "name": "SOURCE_DATE_EPOCH",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Clamp mtime of all files to at most SOURCE_DATE_EPOCH. Does nothing if SOURCE_DATE_EPOCH is not defined.",
                            "name": "REWRITE_TIMESTAMP",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Don't inject a content-sets.json or a labels.json file. This requires that the canonical Containerfile takes care of this itself.",
                            "name": "SKIP_INJECTIONS",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest of the image just built",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "description": "Image repository and tag where the built image was pushed",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image reference of the built image",
                            "name": "IMAGE_REF",
                            "type": "string"
                        },
                        {
                            "description": "Reference of SBOM blob digest to enable digest-based verification from provenance",
                            "name": "SBOM_BLOB_URL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {
                            "limits": {
                                "memory": "4Gi"
                            },
                            "requests": {
                                "cpu": "1",
                                "memory": "4Gi"
                            }
                        },
                        "env": [
                            {
                                "name": "STORAGE_DRIVER",
                                "value": "overlay"
                            },
                            {
                                "name": "HERMETIC",
                                "value": "false"
                            },
                            {
                                "name": "SOURCE_CODE_DIR",
                                "value": "source"
                            },
                            {
                                "name": "CONTEXT",
                                "value": "python-component"
                            },
                            {
                                "name": "IMAGE",
                                "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                            },
                            {
                                "name": "TLSVERIFY",
                                "value": "true"
                            },
                            {
                                "name": "IMAGE_EXPIRES_AFTER"
                            },
                            {
                                "name": "YUM_REPOS_D_SRC",
                                "value": "repos.d"
                            },
                            {
                                "name": "YUM_REPOS_D_FETCHED",
                                "value": "fetched.repos.d"
                            },
                            {
                                "name": "YUM_REPOS_D_TARGET",
                                "value": "/etc/yum.repos.d"
                            },
                            {
                                "name": "TARGET_STAGE"
                            },
                            {
                                "name": "ENTITLEMENT_SECRET",
                                "value": "etc-pki-entitlement"
                            },
                            {
                                "name": "ACTIVATION_KEY",
                                "value": "activation-key"
                            },
                            {
                                "name": "ADDITIONAL_SECRET",
                                "value": "does-not-exist"
                            },
                            {
                                "name": "BUILD_ARGS_FILE"
                            },
                            {
                                "name": "ADD_CAPABILITIES"
                            },
                            {
                                "name": "SQUASH",
                                "value": "false"
                            },
                            {
                                "name": "SKIP_UNUSED_STAGES",
                                "value": "true"
                            },
                            {
                                "name": "PRIVILEGED_NESTED",
                                "value": "false"
                            },
                            {
                                "name": "SKIP_SBOM_GENERATION",
                                "value": "false"
                            },
                            {
                                "name": "SBOM_TYPE",
                                "value": "spdx"
                            },
                            {
                                "name": "SBOM_SYFT_SELECT_CATALOGERS"
                            },
                            {
                                "name": "SBOM_SOURCE_SCAN_ENABLED",
                                "value": "true"
                            },
                            {
                                "name": "ANNOTATIONS_FILE"
                            },
                            {
                                "name": "WORKINGDIR_MOUNT"
                            },
                            {
                                "name": "INHERIT_BASE_IMAGE_LABELS",
                                "value": "true"
                            },
                            {
                                "name": "BUILD_TIMESTAMP"
                            },
                            {
                                "name": "CONTEXTUALIZE_SBOM",
                                "value": "true"
                            },
                            {
                                "name": "SBOM_SKIP_VALIDATION",
                                "value": "true"
                            },
                            {
                                "name": "SKIP_INJECTIONS",
                                "value": "false"
                            }
                        ],
                        "imagePullPolicy": "IfNotPresent",
                        "volumeMounts": [
                            {
                                "mountPath": "/shared",
                                "name": "shared"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--build-args",
                                "--env",
                                "--labels",
                                "--annotations"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "4600m",
                                    "memory": "8Gi"
                                },
                                "requests": {
                                    "cpu": "4600m",
                                    "memory": "8Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/root"
                                },
                                {
                                    "name": "COMMIT_SHA",
                                    "value": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                },
                                {
                                    "name": "SOURCE_URL",
                                    "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                                },
                                {
                                    "name": "DOCKERFILE",
                                    "value": "docker/Dockerfile"
                                },
                                {
                                    "name": "BUILDAH_HTTP_PROXY"
                                },
                                {
                                    "name": "BUILDAH_NO_PROXY"
                                },
                                {
                                    "name": "ICM_KEEP_COMPAT_LOCATION",
                                    "value": "true"
                                },
                                {
                                    "name": "BUILDAH_OMIT_HISTORY",
                                    "value": "false"
                                },
                                {
                                    "name": "BUILDAH_SOURCE_DATE_EPOCH"
                                },
                                {
                                    "name": "BUILDAH_REWRITE_TIMESTAMP",
                                    "value": "false"
                                }
                            ],
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "build",
                            "script": "#!/bin/bash\nset -euo pipefail\n\nfunction set_proxy {\n  if [ -n \"${BUILDAH_HTTP_PROXY}\" ]; then\n    echo \"[$(date --utc -Ins)] Setting proxy to ${BUILDAH_HTTP_PROXY}\"\n    export HTTP_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    export HTTPS_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    export ALL_PROXY=\"${BUILDAH_HTTP_PROXY}\"\n    if [ -n \"${BUILDAH_NO_PROXY}\" ]; then\n      echo \"[$(date --utc -Ins)] Bypassing proxy for ${BUILDAH_NO_PROXY}\"\n      export NO_PROXY=\"${BUILDAH_NO_PROXY}\"\n    fi\n  fi\n}\n\nfunction unset_proxy {\n  echo \"[$(date --utc -Ins)] Unsetting proxy\"\n  unset HTTP_PROXY HTTPS_PROXY ALL_PROXY NO_PROXY\n}\n\necho \"[$(date --utc -Ins)] Validate context path\"\n\nif [ -z \"$CONTEXT\" ]; then\n  echo \"WARNING: CONTEXT is empty. Defaulting to '.' (the source directory).\" \u003e\u00262\n  CONTEXT=\".\"\nfi\n\nsource_dir_path=$(realpath \"$SOURCE_CODE_DIR\")\ncontext_dir_path=$(realpath \"$SOURCE_CODE_DIR/$CONTEXT\")\n\ncase \"$context_dir_path\" in\n  \"$source_dir_path\" | \"$source_dir_path/\"*)\n    # path is valid, do nothing\n    ;;\n  *)\n    echo \"ERROR: The CONTEXT parameter ('$CONTEXT') is invalid because it escapes the source directory.\" \u003e\u00262\n    echo \"Source path: $source_dir_path\" \u003e\u00262\n    echo \"Resolved path: $context_dir_path\" \u003e\u00262\n    exit 1\n    ;;\nesac\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nproxy_ca_bundle=/mnt/proxy-ca-bundle/ca-bundle.crt\nupdate_ca_trust=false\n\nif [ -f \"$ca_bundle\" ]; then\n  echo \"[$(date --utc -Ins)] Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors/ca-bundle.crt\n  update_ca_trust=true\nfi\n\nif [ -f \"$proxy_ca_bundle\" ] \u0026\u0026 [ -n \"${BUILDAH_HTTP_PROXY}\" ]; then\n  echo \"[$(date --utc -Ins)] Using mounted proxy CA bundle: $proxy_ca_bundle\"\n  cp -vf $proxy_ca_bundle /etc/pki/ca-trust/source/anchors/proxy-ca-bundle.crt\n  update_ca_trust=true\nfi\n\nif [ \"$update_ca_trust\" = \"true\" ]; then\n  update-ca-trust\nfi\n\necho \"[$(date --utc -Ins)] Prepare Dockerfile\"\n\nif [ -e \"$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE\" ]; then\n  dockerfile_path=\"$(pwd)/$SOURCE_CODE_DIR/$CONTEXT/$DOCKERFILE\"\nelif [ -e \"$SOURCE_CODE_DIR/$DOCKERFILE\" ]; then\n  dockerfile_path=\"$(pwd)/$SOURCE_CODE_DIR/$DOCKERFILE\"\nelif [ -e \"$DOCKERFILE\" ]; then\n  # Instrumented builds (SAST) use this custom dockerfile step as their base\n  dockerfile_path=\"$DOCKERFILE\"\nelse\n  echo \"Cannot find Dockerfile $DOCKERFILE\"\n  exit 1\nfi\n\ndockerfile_copy=$(mktemp --tmpdir \"$(basename \"$dockerfile_path\").XXXXXX\")\ncp \"$dockerfile_path\" \"$dockerfile_copy\"\n\n# Inject the image content manifest into the container we are producing.\n# This will generate the content-sets.json file and copy it by appending a COPY\n# instruction to the Containerfile.\nicm_opts=()\nif [ \"${ICM_KEEP_COMPAT_LOCATION}\" = \"true\" ]; then\n  icm_opts+=(-c)\nfi\nif [ \"${SKIP_INJECTIONS}\" = \"false\" ]; then\n  inject-icm-to-containerfile \"${icm_opts[@]}\" \"$dockerfile_copy\" \"/var/workdir/cachi2/output/bom.json\" \"$SOURCE_CODE_DIR/$CONTEXT\"\nfi\n\necho \"[$(date --utc -Ins)] Prepare system (architecture: $(uname -m))\"\n\n# Fixing group permission on /var/lib/containers\nchown root:root /var/lib/containers\n\nsed -i 's/^\\s*short-name-mode\\s*=\\s*.*/short-name-mode = \"disabled\"/' /etc/containers/registries.conf\n\n# Setting new namespace to run buildah - 2^32-2\necho 'root:1:4294967294' | tee -a /etc/subuid \u003e\u003e /etc/subgid\n\nbuild_args=()\nenv_vars=()\n\nLABELS=()\nANNOTATIONS=()\n# Append any annotations from the specified file\nif [ -n \"${ANNOTATIONS_FILE}\" ] \u0026\u0026 [ -f \"${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\" ]; then\n  echo \"Reading annotations from file: ${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\"\n  while IFS= read -r line || [[ -n \"$line\" ]]; do\n    # Skip empty lines and comments\n    if [[ -n \"$line\" \u0026\u0026 ! \"$line\" =~ ^[[:space:]]*# ]]; then\n      ANNOTATIONS+=(\"--annotation\" \"$line\")\n    fi\n  done \u003c \"${SOURCE_CODE_DIR}/${ANNOTATIONS_FILE}\"\nfi\n\n# Split `args` into two sets of arguments.\nwhile [[ $# -gt 0 ]]; do\n    case $1 in\n        --build-args)\n            shift\n            # Note: this may result in multiple --build-arg=KEY=value flags with the same KEY being\n            # passed to buildah. In that case, the *last* occurrence takes precedence. This is why\n            # we append BUILD_ARGS after the content of the BUILD_ARGS_FILE\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do build_args+=(\"$1\"); shift; done\n            ;;\n        --env)\n            shift\n            # Collect env entries of the form KEY=value\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do env_vars+=(\"$1\"); shift; done\n            ;;\n        --labels)\n            shift\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do LABELS+=(\"--label\" \"$1\"); shift; done\n            ;;\n        --annotations)\n            shift\n            while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do ANNOTATIONS+=(\"--annotation\" \"$1\"); shift; done\n            ;;\n        *)\n            echo \"unexpected argument: $1\" \u003e\u00262\n            exit 2\n            ;;\n    esac\ndone\n\nBUILD_ARG_FLAGS=()\nfor build_arg in \"${build_args[@]}\"; do\n  BUILD_ARG_FLAGS+=(\"--build-arg=$build_arg\")\ndone\n\nENV_FLAGS=()\nfor env_var in \"${env_vars[@]}\"; do\n  ENV_FLAGS+=(\"--env=$env_var\")\ndone\n\nDOCKERFILE_ARG_FLAGS=()\nDOCKERFILE_ARG_FLAGS+=(\"${BUILD_ARG_FLAGS[@]}\")\nDOCKERFILE_ARG_FLAGS+=(\"${ENV_FLAGS[@]}\")\n\nif [ -n \"${BUILD_ARGS_FILE}\" ]; then\n  DOCKERFILE_ARG_FLAGS+=(\"--build-arg-file=${SOURCE_CODE_DIR}/${BUILD_ARGS_FILE}\")\nfi\n\ndockerfile-json \"${DOCKERFILE_ARG_FLAGS[@]}\" \"$dockerfile_copy\" \u003e /shared/parsed_dockerfile.json\nBASE_IMAGES=$(\n    jq -r '.Stages[] | select(.From | .Stage or .Scratch | not) | .BaseName | select(test(\"^oci-archive:\") | not)' /shared/parsed_dockerfile.json |\n      tr -d '\"' |\n      tr -d \"'\"\n)\n\nBUILDAH_ARGS=()\nUNSHARE_ARGS=()\n\nif [ \"${HERMETIC}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--pull=never\")\n  UNSHARE_ARGS+=(\"--net\")\n  buildah_retries=3\n\n  set_proxy\n\n  for image in $BASE_IMAGES; do\n    if ! retry unshare -Ufp --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 --mount -- buildah pull --retry \"$buildah_retries\" \"$image\"\n    then\n      echo \"Failed to pull base image ${image}\"\n      exit 1\n    fi\n  done\n\n  unset_proxy\n\n  echo \"Build will be executed with network isolation\"\nfi\n\nif [ -n \"${TARGET_STAGE}\" ]; then\n  BUILDAH_ARGS+=(\"--target=${TARGET_STAGE}\")\nfi\n\nBUILDAH_ARGS+=(\"${BUILD_ARG_FLAGS[@]}\")\nBUILDAH_ARGS+=(\"${ENV_FLAGS[@]}\")\n\nif [ -n \"${BUILD_ARGS_FILE}\" ]; then\n  BUILDAH_ARGS+=(\"--build-arg-file=$(realpath \"${SOURCE_CODE_DIR}/${BUILD_ARGS_FILE}\")\")\nfi\n\n# Necessary for newer version of buildah if the host system does not contain up to date version of container-selinux\n# TODO remove the option once all hosts were updated\nBUILDAH_ARGS+=(\"--security-opt=unmask=/proc/interrupts\")\n\nif [ \"${PRIVILEGED_NESTED}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--security-opt=label=disable\")\n  BUILDAH_ARGS+=(\"--cap-add=all\")\n  BUILDAH_ARGS+=(\"--device=/dev/fuse\")\nfi\n\nif [ -n \"${ADD_CAPABILITIES}\" ]; then\n  BUILDAH_ARGS+=(\"--cap-add=${ADD_CAPABILITIES}\")\nfi\n\nif [ \"${SQUASH}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--squash\")\nfi\n\nif [ \"${SKIP_UNUSED_STAGES}\" != \"true\" ] ; then\n  BUILDAH_ARGS+=(\"--skip-unused-stages=false\")\nfi\n\nif [ \"${INHERIT_BASE_IMAGE_LABELS}\" != \"true\" ] ; then\n  BUILDAH_ARGS+=(\"--inherit-labels=false\")\nfi\n\nif [ -n \"${BUILDAH_SOURCE_DATE_EPOCH}\" ]; then\n  BUILDAH_ARGS+=(\"--source-date-epoch=${BUILDAH_SOURCE_DATE_EPOCH}\")\n  if [ \"${BUILDAH_REWRITE_TIMESTAMP}\" = \"true\" ]; then\n    BUILDAH_ARGS+=(\"--rewrite-timestamp\")\n  fi\n  if [ -n \"$BUILD_TIMESTAMP\" ]; then\n    echo \"ERROR: cannot use both BUILD_TIMESTAMP and SOURCE_DATE_EPOCH\"\n    exit 1\n  fi\n  # but do set it so that we get all the labels/annotations associated with it\n  BUILD_TIMESTAMP=\"$BUILDAH_SOURCE_DATE_EPOCH\"\nfi\n\nif [ \"${BUILDAH_OMIT_HISTORY}\" == \"true\" ]; then\n  BUILDAH_ARGS+=(\"--omit-history\")\nfi\n\nVOLUME_MOUNTS=()\n\necho \"[$(date --utc -Ins)] Setup prefetched\"\n\nif [ -f \"/workspace/source/cachi2/cachi2.env\" ]; then\n  # Identify the current arch to filter the prefetched content\n  PREFETCH_ARCH=\"$(uname -m)\"\n  echo \"$PREFETCH_ARCH\" \u003e /shared/prefetch-arch\n\n  echo \"Prefetched content will be made available\"\n\n  cp -r \"/workspace/source/cachi2\" /tmp/\n  chmod -R go+rwX /tmp/cachi2\n\n  # In case RPMs were prefetched and this is a multi-arch build,\n  # clean up the packages that do not match the architecture being built\n  RPM_PREFETCH_DIR=\"/tmp/cachi2/output/deps/rpm\"\n  if [ -d \"$RPM_PREFETCH_DIR\" ] \u0026\u0026 [ \"$(find $RPM_PREFETCH_DIR | wc -l)\" -gt 1 ]; then\n    echo \"Removing prefetched RPMs from non-matching architectures\"\n    PREFETCH_ARCH=\"$(uname -m)\"\n    for path in \"$RPM_PREFETCH_DIR\"/*; do\n      if [ \"$(basename \"$path\")\" != \"$PREFETCH_ARCH\" ]; then\n        echo \"Removing: $path\"\n        rm -rf \"$path\"\n      else\n        echo \"Keeping: $path\"\n      fi\n    done\n  fi\n\n  VOLUME_MOUNTS+=(--volume /tmp/cachi2:/cachi2)\n  # Read in the whole file (https://unix.stackexchange.com/questions/533277), then\n  # for each RUN ... line insert the cachi2.env command *after* any options like --mount\n  sed -E -i \\\n      -e 'H;1h;$!d;x' \\\n      -e 's@^\\s*(run((\\s|\\\\\\n)+-\\S+)*(\\s|\\\\\\n)+)@\\1. /cachi2/cachi2.env \\\u0026\\\u0026 \\\\\\n    @igM' \\\n      \"$dockerfile_copy\"\n\n  prefetched_repo_for_my_arch=\"/tmp/cachi2/output/deps/rpm/$(uname -m)/repos.d/cachi2.repo\"\n  if [ -f \"$prefetched_repo_for_my_arch\" ]; then\n    echo \"Adding $prefetched_repo_for_my_arch to $YUM_REPOS_D_FETCHED\"\n    mkdir -p \"$YUM_REPOS_D_FETCHED\"\n    if [ ! -f \"${YUM_REPOS_D_FETCHED}/cachi2.repo\" ]; then\n      cp \"$prefetched_repo_for_my_arch\" \"$YUM_REPOS_D_FETCHED\"\n    fi\n  fi\nfi\n\n# if yum repofiles stored in git, copy them to mount point outside the source dir\nif [ -d \"${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}\" ]; then\n  mkdir -p \"${YUM_REPOS_D_FETCHED}\"\n  cp -r \"${SOURCE_CODE_DIR}/${YUM_REPOS_D_SRC}\"/* \"${YUM_REPOS_D_FETCHED}\"\nfi\n\n# if anything in the repofiles mount point (either fetched or from git), mount it\nif [ -d \"${YUM_REPOS_D_FETCHED}\" ]; then\n  chmod -R go+rwX \"${YUM_REPOS_D_FETCHED}\"\n  mount_point=$(realpath \"${YUM_REPOS_D_FETCHED}\")\n  VOLUME_MOUNTS+=(--volume \"${mount_point}:${YUM_REPOS_D_TARGET}\")\nfi\n\nDEFAULT_LABELS=(\n  \"--label\" \"architecture=$(uname -m)\"\n  \"--label\" \"vcs-type=git\"\n)\nif [ -n \"$COMMIT_SHA\" ]; then\n  DEFAULT_LABELS+=(\"--label\" \"vcs-ref=${COMMIT_SHA}\" \"--label\" \"org.opencontainers.image.revision=${COMMIT_SHA}\")\n  ANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.revision=${COMMIT_SHA}\")\nfi\nif [ -n \"$SOURCE_URL\" ]; then\n  DEFAULT_LABELS+=(\"--label\" \"org.opencontainers.image.source=${SOURCE_URL}\")\n  ANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.source=${SOURCE_URL}\")\nfi\n[ -n \"$IMAGE_EXPIRES_AFTER\" ] \u0026\u0026 DEFAULT_LABELS+=(\"--label\" \"quay.expires-after=$IMAGE_EXPIRES_AFTER\")\n\nBUILD_TIMESTAMP_RFC3339=\"\"\nif [ -n \"$BUILD_TIMESTAMP\" ]; then\n  BUILD_TIMESTAMP_RFC3339=$(date -u -d \"@$BUILD_TIMESTAMP\" +'%Y-%m-%dT%H:%M:%SZ')\nelse\n  BUILD_TIMESTAMP_RFC3339=$(date -u +'%Y-%m-%dT%H:%M:%SZ')\nfi\n\nDEFAULT_LABELS+=(\"--label\" \"build-date=${BUILD_TIMESTAMP_RFC3339}\")\nDEFAULT_LABELS+=(\"--label\" \"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\nANNOTATIONS+=(\"--annotation\" \"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\n\nlabel_pairs=()\n# If INHERIT_BASE_IMAGE_LABELS is true, get the labels from the final base image only\ntouch base_images_labels.json\nif [[ \"$INHERIT_BASE_IMAGE_LABELS\" == \"true\" ]] \u0026\u0026 [[ -n \"$BASE_IMAGES\" ]]; then\n  FINAL_BASE_IMAGE=$(\n    # Get the base image of the final stage\n    # The final stage can refer to a previous `FROM xxx AS yyy` stage, for example 'FROM bar AS foo; ... ; FROM foo; ...'\n    # Define a function that keeps nesting recursively into the parent stages until it finds the original base image\n    # Run the find_root_stage() function on the final stage\n    # If the final stage is scratch or oci-archive, return empty\n    jq -r '.Stages as $all_stages |\n      def find_root_stage($stage):\n        if $stage.From.Stage then\n          find_root_stage($all_stages[$stage.From.Stage.Index])\n        else\n          $stage\n        end;\n\n        find_root_stage(.Stages[-1]) |\n        if .From.Scratch or (.BaseName | test(\"^oci-archive:\")) then\n          empty\n        else\n          .BaseName\n        end' /shared/parsed_dockerfile.json |\n      tr -d '\"' |\n      tr -d \"'\"\n  )\n  if [[ -n \"$FINAL_BASE_IMAGE\" ]]; then\n    set_proxy\n    buildah pull \"$FINAL_BASE_IMAGE\" \u003e/dev/null` `\n    unset_proxy\n    buildah inspect \"$FINAL_BASE_IMAGE\" | jq '.OCIv1.config.Labels' \u003e\"base_images_labels.json\"\n  fi\nfi\n\n# Concatenate defaults and explicit labels. If a label appears twice, the last one wins.\nLABELS=(\"${DEFAULT_LABELS[@]}\" \"${LABELS[@]}\")\n\n# Get all the default and explicit labels so that they can be written into labels.json\nfor label in \"${LABELS[@]}\"; do\n  if [[ \"$label\" != \"--label\" ]]; then\n    label_pairs+=(\"$label\")\n  fi\ndone\n\n# Labels that we explicitly add to the image\nlabel_pairs+=(\"org.opencontainers.image.created=${BUILD_TIMESTAMP_RFC3339}\")\nlabel_pairs+=(\"io.buildah.version=$(buildah version --json | jq -r '.version')\")\n\nwhile IFS= read -r label; do\n  label_pairs+=(\"$label\")\ndone \u003c \u003c(jq -r '.Stages[].Commands[] | select(.Name == \"LABEL\") | .Labels[] | \"\\(.Key)=\\(.Value)\"' /shared/parsed_dockerfile.json | sed 's/\"//g')\n\nprintf '%s\\n' \"${label_pairs[@]}\" | jq -Rn '\n  [ inputs | select(length\u003e0) ]\n| map( split(\"=\") | {(.[0]): (.[1] // \"\")} )\n  | add' \u003e\"image_labels.json\"\n\njq -s '(.[0] // {}) * (.[1] // {})' \"base_images_labels.json\" \"image_labels.json\" \u003e\"$SOURCE_CODE_DIR/$CONTEXT/labels.json\"\n\njq '.' \"$SOURCE_CODE_DIR/$CONTEXT/labels.json\"\n\nif [ \"${SKIP_INJECTIONS}\" = \"false\" ]; then\n  echo \"\" \u003e\u003e\"$dockerfile_copy\"\n  # Always write labels.json to the new standard location\n  echo 'COPY labels.json /usr/share/buildinfo/labels.json' \u003e\u003e\"$dockerfile_copy\"\n  # Conditionally write to the old location for backward compatibility\n  if [ \"${ICM_KEEP_COMPAT_LOCATION}\" = \"true\" ]; then\n    echo 'COPY labels.json /root/buildinfo/labels.json' \u003e\u003e\"$dockerfile_copy\"\n  fi\nfi\n\n# Make sure our labels.json file isn't filtered out\ncontainerignore=\"\"\nif [ -f \"$SOURCE_CODE_DIR/$CONTEXT/.containerignore\" ]; then\n  containerignore=\"$SOURCE_CODE_DIR/$CONTEXT/.containerignore\"\nelif [ -f \"$SOURCE_CODE_DIR/$CONTEXT/.dockerignore\" ]; then\n  containerignore=\"$SOURCE_CODE_DIR/$CONTEXT/.dockerignore\"\nfi\n\nif [ -n \"$containerignore\" ]; then\n  ignorefile_copy=$(mktemp --tmpdir \"$(basename \"$containerignore\").XXXXXX\")\n  cp \"$containerignore\" \"$ignorefile_copy\"\n  {\n    echo \"\"\n    echo \"!/labels.json\"\n    echo \"!/content-sets.json\"\n  } \u003e\u003e \"$ignorefile_copy\"\n  BUILDAH_ARGS+=(--ignorefile \"$ignorefile_copy\")\nfi\n\necho \"[$(date --utc -Ins)] Register sub-man\"\n\nACTIVATION_KEY_PATH=\"/activation-key\"\nENTITLEMENT_PATH=\"/entitlement\"\n\n# 0. if hermetic=true, skip all subscription related stuff\n# 1. do not enable activation key and entitlement at same time. If both vars are provided, prefer activation key.\n# 2. Activation-keys will be used when the key 'org' exists in the activation key secret.\n# 3. try to pre-register and mount files to the correct location so that users do no need to modify Dockerfiles.\n# 3. If the Dockerfile contains the string \"subcription-manager register\", add the activation-keys volume\n#    to buildah but don't pre-register for backwards compatibility. Mount an empty directory on\n#    shared emptydir volume to \"/etc/pki/entitlement\" to prevent certificates from being included\n\nif [ \"${HERMETIC}\" != \"true\" ] \u0026\u0026 [ -e /activation-key/org ]; then\n  cp -r --preserve=mode \"$ACTIVATION_KEY_PATH\" /tmp/activation-key\n  mkdir -p /shared/rhsm/etc/pki/entitlement\n  mkdir -p /shared/rhsm/etc/pki/consumer\n\n  VOLUME_MOUNTS+=(-v /tmp/activation-key:/activation-key \\\n                  -v /shared/rhsm/etc/pki/entitlement:/etc/pki/entitlement:Z \\\n                  -v /shared/rhsm/etc/pki/consumer:/etc/pki/consumer:Z)\n  echo \"Adding activation key to the build\"\n\n  if ! grep -E \"^[^#]*subscription-manager.[^#]*register\" \"$dockerfile_path\"; then\n    # user is not running registration in the Containerfile: pre-register.\n    echo \"Pre-registering with subscription manager.\"\n    export RETRY_MAX_TRIES=6\n    if ! retry subscription-manager register --org \"$(cat /tmp/activation-key/org)\" --activationkey \"$(cat /tmp/activation-key/activationkey)\"\n    then\n      echo \"Subscription-manager register failed\"\n      exit 1\n    fi\n    unset RETRY_MAX_TRIES\n    trap 'subscription-manager unregister || true' EXIT\n\n    # copy generated certificates to /shared volume\n    cp /etc/pki/entitlement/*.pem /shared/rhsm/etc/pki/entitlement\n    cp /etc/pki/consumer/*.pem /shared/rhsm/etc/pki/consumer\n\n    # and then mount get /etc/rhsm/ca/redhat-uep.pem into /run/secrets/rhsm/ca\n    VOLUME_MOUNTS+=(--volume /etc/rhsm/ca/redhat-uep.pem:/etc/rhsm/ca/redhat-uep.pem:Z)\n  fi\n\nelif [ \"${HERMETIC}\" != \"true\" ] \u0026\u0026 find /entitlement -name \"*.pem\" \u003e /dev/null; then\n  cp -r --preserve=mode \"$ENTITLEMENT_PATH\" /tmp/entitlement\n  VOLUME_MOUNTS+=(--volume /tmp/entitlement:/etc/pki/entitlement)\n  echo \"Adding the entitlement to the build\"\nfi\n\nif [ -n \"$WORKINGDIR_MOUNT\" ]; then\n  if [[ \"$WORKINGDIR_MOUNT\" == *:* ]]; then\n    echo \"WORKINGDIR_MOUNT contains ':'\" \u003e\u00262\n    echo \"Refusing to proceed in case this is an attempt to set unexpected mount options.\" \u003e\u00262\n    exit 1\n  fi\n  # ${SOURCE_CODE_DIR}/${CONTEXT} will be the $PWD when we call 'buildah build'\n  # (we set the workdir using 'unshare -w')\n  context_dir=$(realpath \"${SOURCE_CODE_DIR}/${CONTEXT}\")\n  VOLUME_MOUNTS+=(--volume \"$context_dir:${WORKINGDIR_MOUNT}\")\nfi\n\nif [ -n \"${ADDITIONAL_VOLUME_MOUNTS-}\" ]; then\n  # ADDITIONAL_VOLUME_MOUNTS allows to specify more volumes for the build.\n  # Instrumented builds (SAST) use this step as their base and add some other tools.\n  while read -r volume_mount; do\n    VOLUME_MOUNTS+=(\"--volume=$volume_mount\")\n  done \u003c\u003c\u003c \"$ADDITIONAL_VOLUME_MOUNTS\"\nfi\n\necho \"[$(date --utc -Ins)] Add secrets\"\n\nADDITIONAL_SECRET_PATH=\"/additional-secret\"\nADDITIONAL_SECRET_TMP=\"/tmp/additional-secret\"\nif [ -d \"$ADDITIONAL_SECRET_PATH\" ]; then\n  cp -r --preserve=mode -L \"$ADDITIONAL_SECRET_PATH\" $ADDITIONAL_SECRET_TMP\n  while read -r filename; do\n    echo \"Adding the secret ${ADDITIONAL_SECRET}/${filename} to the build, available at /run/secrets/${ADDITIONAL_SECRET}/${filename}\"\n    BUILDAH_ARGS+=(\"--secret=id=${ADDITIONAL_SECRET}/${filename},src=$ADDITIONAL_SECRET_TMP/${filename}\")\n  done \u003c \u003c(find $ADDITIONAL_SECRET_TMP -maxdepth 1 -type f -exec basename {} \\;)\nfi\n\n# Prevent ShellCheck from giving a warning because 'image' is defined and 'IMAGE' is not.\ndeclare IMAGE\n\nbuildah_cmd_array=(\n    buildah build\n    \"${VOLUME_MOUNTS[@]}\"\n    \"${BUILDAH_ARGS[@]}\"\n    \"${LABELS[@]}\"\n    \"${ANNOTATIONS[@]}\"\n    --tls-verify=\"$TLSVERIFY\" --no-cache\n    --ulimit nofile=4096:4096\n    --http-proxy=false\n    -f \"$dockerfile_copy\" -t \"$IMAGE\" .\n)\nbuildah_cmd=$(printf \"%q \" \"${buildah_cmd_array[@]}\")\n\nif [ \"${HERMETIC}\" == \"true\" ]; then\n  # enabling loopback adapter enables Bazel builds to work in hermetic mode.\n  command=\"ip link set lo up \u0026\u0026 $buildah_cmd\"\nelse\n  command=\"$buildah_cmd\"\nfi\n\n# disable host subcription manager integration\nfind /usr/share/rhel/secrets -type l -exec unlink {} \\;\n\nset_proxy\n\necho \"[$(date --utc -Ins)] Run buildah build\"\necho \"[$(date --utc -Ins)] ${command}\"\n\nunshare -Uf \"${UNSHARE_ARGS[@]}\" --keep-caps -r --map-users 1,1,65536 --map-groups 1,1,65536 -w \"${SOURCE_CODE_DIR}/$CONTEXT\" --mount -- sh -c \"$command\"\n\nunset_proxy\n\necho \"[$(date --utc -Ins)] Add metadata\"\n\n# Save the SBOM produced in prefetch so it can be merged into the final SBOM later\nif [ -f \"/tmp/cachi2/output/bom.json\" ]; then\n  echo \"Making copy of sbom-prefetch.json\"\n  cp /tmp/cachi2/output/bom.json ./sbom-prefetch.json\nfi\n\ntouch /shared/base_images_digests\necho \"Recording base image digests used\"\nfor image in $BASE_IMAGES; do\n  # Get the image pullspec and filter out a tag if it is not set\n  # Use head -n 1 to ensure we only get one result even if multiple images match the filter\n  base_image_digest=$(buildah images --format '{{ .Name }}{{ if ne .Tag \"\u003cnone\u003e\" }}:{{ .Tag }}{{ end }}@{{ .Digest }}' --filter reference=\"$image\" | head -n 1)\n  # In some cases, there might be BASE_IMAGES, but not any associated digest. This happens\n  # if buildah did not use that particular image during build because it was skipped\n  if [ -n \"$base_image_digest\" ]; then\n    echo \"$image $base_image_digest\" | tee -a /shared/base_images_digests\n  fi\ndone\n\nimage_name=$(echo \"${IMAGE##*/}\" | tr ':' '-')\nbuildah push \"$IMAGE\" oci:\"/shared/$image_name.oci\"\necho \"/shared/$image_name.oci\" \u003e /shared/container_path\n\necho \"[$(date --utc -Ins)] End build\"\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/entitlement",
                                    "name": "etc-pki-entitlement"
                                },
                                {
                                    "mountPath": "/activation-key",
                                    "name": "activation-key"
                                },
                                {
                                    "mountPath": "/additional-secret",
                                    "name": "additional-secret"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/mnt/proxy-ca-bundle",
                                    "name": "proxy-ca-bundle",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "600m",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "600m",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/root"
                                },
                                {
                                    "name": "BUILDAH_FORMAT",
                                    "value": "docker"
                                },
                                {
                                    "name": "TASKRUN_NAME",
                                    "value": "python-component-bcqjpf-on-push-msgrp-build-container"
                                }
                            ],
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "push",
                            "script": "#!/bin/bash\nset -e\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\necho \"[$(date --utc -Ins)] Convert image\"\n\n# While we can build images with the desired format, we will simplify any local\n# and remote build differences by just performing any necessary conversions at\n# push time.\npush_format=oci\nif [ \"${BUILDAH_FORMAT}\" == \"docker\" ]; then\n  push_format=docker\nfi\n\necho \"[$(date --utc -Ins)] Push image with unique tag\"\n\nbuildah_retries=3\n\n# Push to a unique tag based on the TaskRun name to avoid race conditions\necho \"Pushing to ${IMAGE%:*}:${TASKRUN_NAME}\"\nif ! retry buildah push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:${TASKRUN_NAME}\"\nthen\n  echo \"Failed to push sbom image to ${IMAGE%:*}:${TASKRUN_NAME}\"\n  exit 1\nfi\n\necho \"[$(date --utc -Ins)] Push image with git revision\"\n\n# Push to a tag based on the git revision\necho \"Pushing to ${IMAGE}\"\nif ! retry buildah push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile \"/workspace/source/image-digest\" \"$IMAGE\" \\\n  \"docker://$IMAGE\"\nthen\n  echo \"Failed to push sbom image to $IMAGE\"\n  exit 1\nfi\n\ntee \"/tekton/results/IMAGE_DIGEST\" \u003c \"/workspace/source\"/image-digest\necho -n \"$IMAGE\" | tee /tekton/results/IMAGE_URL\n{\n  echo -n \"${IMAGE}@\"\n  cat \"/workspace/source/image-digest\"\n} \u003e \"/tekton/results/IMAGE_REF\"\necho\n\n# detect if keyless signing is required\nSIGNING_CONFIG='{}'\nKFLX_CONFIG_PATH='/tmp/konflux_config.json'\nif ! RETRY_STOP_IF_STDERR_MATCHES='configmaps \"cluster-config\" not found' retry kubectl get configmap cluster-config -n konflux-info -o json \u003e\"${KFLX_CONFIG_PATH}\"\nthen\n  echo \"Failed to fetch konflux cluster-config, default values will be used\" \u003e\u00262\nelse\n  SIGNING_CONFIG=\"$(cat ${KFLX_CONFIG_PATH})\"\nfi\n\n# configmap key -\u003e variable name mapping\ndeclare -A SIGNING_KEY_MAP=(\n  [defaultOIDCIssuer]=SIGSTORE_OIDC_ISSUER\n  [rekorInternalUrl]=REKOR_URL\n  [fulcioInternalUrl]=SIGSTORE_FULCIO_URL\n  [tufInternalUrl]=TUF_URL\n)\n\n# fallback keys when internal URL is not available\ndeclare -A SIGNING_FALLBACK_MAP=(\n  [rekorInternalUrl]=rekorExternalUrl\n  [fulcioInternalUrl]=fulcioExternalUrl\n  [tufInternalUrl]=tufExternalUrl\n)\n\nmissing=\"\"\nconfigured=0\nfor key in \"${!SIGNING_KEY_MAP[@]}\"; do\n  val=$(echo \"${SIGNING_CONFIG}\" | jq -r \".data.${key} // empty\")\n  if [ -z \"${val}\" ] \u0026\u0026 [ -n \"${SIGNING_FALLBACK_MAP[$key]+x}\" ]; then\n    fallback_key=\"${SIGNING_FALLBACK_MAP[$key]}\"\n    val=$(echo \"${SIGNING_CONFIG}\" | jq -r \".data.${fallback_key} // empty\")\n    if [ -n \"${val}\" ]; then\n      echo \"Using fallback ${fallback_key} instead of ${key}\"\n    fi\n  fi\n  if [ -z \"${val}\" ]; then\n    missing=\"${missing:+${missing}, }${key}\"\n  else\n    declare \"${SIGNING_KEY_MAP[$key]}=${val}\"\n    configured=$((configured + 1))\n  fi\ndone\n\nif [ \"${configured}\" -eq \"${#SIGNING_KEY_MAP[@]}\" ]; then\n  echo \"Keyless signing is enabled\"\n\n  # Save signing config for upload-sbom step\n  for key in \"${!SIGNING_KEY_MAP[@]}\"; do\n    envvar=\"${SIGNING_KEY_MAP[$key]}\"\n    printf '%s=%q\\n' \"${envvar}\" \"${!envvar}\"\n  done \u003e /shared/signing-config.env\n\n  echo \"Using Rekor URL: ${REKOR_URL}\"\n  echo \"Using Fulcio URL: ${SIGSTORE_FULCIO_URL}\"\n  echo \"Using OIDC issuer: ${SIGSTORE_OIDC_ISSUER}\"\n\n  echo \"Initializing TUF root from ${TUF_URL}\"\n  if ! retry cosign initialize --root \"${TUF_URL}/root.json\" --mirror \"${TUF_URL}\"\n  then\n    echo \"Failed to initialize TUF root\" \u003e\u00262\n    exit 1\n  fi\n\n  # env var consumed by cosign\n  SIGSTORE_ID_TOKEN=\"$(cat /var/run/sigstore/cosign/oidc-token)\"\n  export SIGSTORE_ID_TOKEN\n\n  IMAGE_REF=\"$(cat \"/tekton/results/IMAGE_REF\")\"\n\n  # Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\n  mkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"${IMAGE_REF}\" \u003e /tmp/auth/config.json\n  export DOCKER_CONFIG=/tmp/auth\n\n  echo \"[$(date --utc -Ins)] Sign image\"\n  echo \"Signing image ${IMAGE_REF} using keyless signing\"\n  if ! retry cosign sign -y \\\n    --rekor-url=\"${REKOR_URL}\" \\\n    --fulcio-url=\"${SIGSTORE_FULCIO_URL}\" \\\n    --oidc-issuer=\"${SIGSTORE_OIDC_ISSUER}\" \\\n    \"${IMAGE_REF}\"\n  then\n    echo \"Failed to sign image\" \u003e\u00262\n    exit 1\n  fi\nelif [ \"${configured}\" -eq 0 ]; then\n  echo \"Keyless signing is disabled (none of ${missing} are configured in the konflux-info/cluster-config configmap)\"\nelse\n  echo \"ERROR: Incomplete keyless signing configuration in konflux-info/cluster-config configmap. Missing: ${missing}\" \u003e\u00262\n  exit 1\nfi\n\necho \"[$(date --utc -Ins)] End push\"\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                },
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/var/run/sigstore/cosign",
                                    "name": "oidc-token",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "1100m",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1100m",
                                    "memory": "4Gi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "sbom-syft-generate",
                            "script": "#!/bin/bash\nset -euo pipefail\necho \"[$(date --utc -Ins)] Generate SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\ncase $SBOM_TYPE in\n  cyclonedx)\n    syft_sbom_type=cyclonedx-json@1.5 ;;\n  spdx)\n    syft_sbom_type=spdx-json@2.3 ;;\n  *)\n    echo \"Invalid SBOM type: $SBOM_TYPE. Valid: cyclonedx, spdx\" \u003e\u00262\n    exit 1\n    ;;\nesac\n\nOCI_DIR=\"$(cat /shared/container_path)\"\n\nsyft_oci_args=(\n  oci-dir:\"${OCI_DIR}\"\n  --output \"$syft_sbom_type=/workspace/source/sbom-image.json\"\n)\nsyft_source_args=(\n  dir:\"/workspace/source/$SOURCE_CODE_DIR/$CONTEXT\"\n  --output \"$syft_sbom_type=/workspace/source/sbom-source.json\"\n)\n\nif [ \"${SBOM_SYFT_SELECT_CATALOGERS}\" != \"\" ]; then\n  syft_oci_args+=(--select-catalogers \"${SBOM_SYFT_SELECT_CATALOGERS}\")\n  syft_source_args+=(--select-catalogers \"${SBOM_SYFT_SELECT_CATALOGERS}\")\nfi\n\necho \"Running syft on the image\"\nsyft \"${syft_oci_args[@]}\"\nif [[ \"${HERMETIC}\" == \"false\" \u0026\u0026 \"${SBOM_SOURCE_SCAN_ENABLED}\" == \"true\" ]]; then\n  echo \"Running syft on the source code\"\n  syft \"${syft_source_args[@]}\"\nelse\n  echo \"Skipping syft on source code.\"\nfi\n\necho \"[$(date --utc -Ins)] End sbom-syft-generate\"\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/var/lib/containers",
                                    "name": "varlibcontainers"
                                },
                                {
                                    "mountPath": "/shared",
                                    "name": "shared"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/source/source"
                        },
                        {
                            "args": [
                                "--additional-base-images"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/mobster:1.1.0-1770046049@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                            "name": "prepare-sboms",
                            "script": "#!/bin/bash\nset -euo pipefail\n\necho \"[$(date --utc -Ins)] Prepare SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\n# Convert Tekton array params into Mobster params\nADDITIONAL_BASE_IMAGES=()\nwhile [[ $# -gt 0 ]]; do\n  case $1 in\n    --additional-base-images)\n      shift\n      while [[ $# -gt 0 \u0026\u0026 $1 != --* ]]; do ADDITIONAL_BASE_IMAGES+=(\"$1\"); shift; done\n      ;;\n    *)\n      echo \"unexpected argument: $1\" \u003e\u00262\n      exit 2\n      ;;\n  esac\ndone\n\nIMAGE_URL=\"$(cat \"/tekton/results/IMAGE_URL\")\"\nIMAGE_DIGEST=\"$(cat \"/tekton/results/IMAGE_DIGEST\")\"\n\necho \"[$(date --utc -Ins)] Generate SBOM with mobster\"\n\nmobster_args=(\n  generate\n  --output sbom.json\n)\n\n# Validation is a flag for `generate`, not `oci-image`, so we need to\n# handle it before the oci-image arguments\nif [ \"${SBOM_SKIP_VALIDATION}\" == \"true\" ]; then\n  echo \"Skipping SBOM validation\"\n  mobster_args+=(--skip-validation)\nfi\n\nmobster_args+=(\n  oci-image\n  --from-syft \"/workspace/source/sbom-image.json\"\n  --image-pullspec \"$IMAGE_URL\"\n  --image-digest \"$IMAGE_DIGEST\"\n  --parsed-dockerfile-path \"/shared/parsed_dockerfile.json\"\n  --base-image-digest-file \"/shared/base_images_digests\"\n)\n\nif [ -f \"/workspace/source/sbom-source.json\" ]; then\n  mobster_args+=(--from-syft \"/workspace/source/sbom-source.json\")\nfi\n\nif [ -f \"/workspace/source/sbom-prefetch.json\" ]; then\n  mobster_args+=(--from-hermeto \"/workspace/source/sbom-prefetch.json\")\nfi\n\nif [ -n \"${TARGET_STAGE}\" ]; then\n  mobster_args+=(--dockerfile-target \"${TARGET_STAGE}\")\nfi\n\nfor ADDITIONAL_BASE_IMAGE in \"${ADDITIONAL_BASE_IMAGES[@]}\"; do\n  mobster_args+=(--additional-base-image \"$ADDITIONAL_BASE_IMAGE\")\ndone\n\nif [ \"${CONTEXTUALIZE_SBOM}\" == \"true\" ] \u0026\u0026 [ \"${HERMETIC}\" == \"false\" ]; then\n  mobster_args+=(--contextualize)\nfi\n\nif [ -f \"/shared/prefetch-arch\" ]; then\n  mobster_args+=(--arch \"$(cat /shared/prefetch-arch)\")\nfi\n\nmobster \"${mobster_args[@]}\"\n\necho \"[$(date --utc -Ins)] End prepare-sboms\"\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "workingDir": "/workspace/source"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "upload-sbom",
                            "script": "#!/bin/bash\nset -euo pipefail\n\necho \"[$(date --utc -Ins)] Upload SBOM\"\n\nif [ \"${SKIP_SBOM_GENERATION}\" = \"true\" ]; then\n  echo \"Skipping SBOM generation\"\n  exit 0\nfi\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\n# Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\nmkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"$(cat \"/tekton/results/IMAGE_REF\")\" \u003e /tmp/auth/config.json\nexport DOCKER_CONFIG=/tmp/auth\necho \"Pushing sbom to registry\"\nif ! retry cosign attach sbom --sbom sbom.json --type \"$SBOM_TYPE\" \"$(cat \"/tekton/results/IMAGE_REF\")\"\nthen\n    echo \"Failed to push sbom to registry\"\n    exit 1\nfi\n\n# Remove tag from IMAGE while allowing registry to contain a port number.\nsbom_repo=\"${IMAGE%:*}\"\nsbom_digest=\"$(sha256sum sbom.json | cut -d' ' -f1)\"\n# The SBOM_BLOB_URL is created by `cosign attach sbom`.\necho -n \"${sbom_repo}@sha256:${sbom_digest}\" | tee \"/tekton/results/SBOM_BLOB_URL\"\n\nif [ -f \"/shared/signing-config.env\" ]; then\n  # shellcheck source=/dev/null\n  source /shared/signing-config.env\n\n  echo \"Initializing TUF root from ${TUF_URL}\"\n  if ! retry cosign initialize --root \"${TUF_URL}/root.json\" --mirror \"${TUF_URL}\"\n  then\n    echo \"Failed to initialize TUF root\" \u003e\u00262\n    exit 1\n  fi\n\n  # env var consumed by cosign\n  SIGSTORE_ID_TOKEN=\"$(cat /var/run/sigstore/cosign/oidc-token)\"\n  export SIGSTORE_ID_TOKEN\n\n  IMAGE_REF=\"$(cat \"/tekton/results/IMAGE_REF\")\"\n\n  ATT_SBOM_TYPE=\"${SBOM_TYPE}\"\n  if [ \"${ATT_SBOM_TYPE}\" = \"spdx\" ]; then\n    # for format cossistency with cyclonedx format, we want to use spdxjson instad of spdx\n    # spdx export data as rawstring, we want structured json as cyclonedx\n    ATT_SBOM_TYPE=\"spdxjson\"\n  fi\n\n  echo \"[$(date --utc -Ins)] Sign SBOM\"\n  echo \"Signing and attaching SBOM to ${IMAGE_REF} using keyless signing\"\n  if ! retry cosign attest -y --type \"${ATT_SBOM_TYPE}\" --predicate sbom.json \\\n    --rekor-url=\"${REKOR_URL}\" \\\n    --fulcio-url=\"${SIGSTORE_FULCIO_URL}\" \\\n    --oidc-issuer=\"${SIGSTORE_OIDC_ISSUER}\" \\\n    \"${IMAGE_REF}\"\n  then\n    echo \"Failed to sign SBOM\" \u003e\u00262\n    exit 1\n  fi\nfi\n\necho\necho \"[$(date --utc -Ins)] End upload-sbom\"\n",
                            "securityContext": {
                                "runAsNonRoot": false,
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/var/run/sigstore/cosign",
                                    "name": "oidc-token",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/source"
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "varlibcontainers"
                        },
                        {
                            "emptyDir": {},
                            "name": "shared"
                        },
                        {
                            "name": "etc-pki-entitlement",
                            "secret": {
                                "optional": true,
                                "secretName": "etc-pki-entitlement"
                            }
                        },
                        {
                            "name": "activation-key",
                            "secret": {
                                "optional": true,
                                "secretName": "activation-key"
                            }
                        },
                        {
                            "name": "additional-secret",
                            "secret": {
                                "optional": true,
                                "secretName": "does-not-exist"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "caching-ca-bundle",
                                "optional": true
                            },
                            "name": "proxy-ca-bundle"
                        },
                        {
                            "name": "oidc-token",
                            "projected": {
                                "sources": [
                                    {
                                        "serviceAccountToken": {
                                            "audience": "sigstore",
                                            "expirationSeconds": 600,
                                            "path": "oidc-token"
                                        }
                                    }
                                ]
                            }
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace containing the source code to build.",
                            "name": "source"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/dcdf150c-627f-4acc-aaca-2a7965c9f712",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:06:20Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "build-image-index",
                    "tekton.dev/task": "build-image-index"
                },
                "name": "python-component-bcqjpf-on-push-msgrp-build-image-index",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "26119",
                "uid": "dcdf150c-627f-4acc-aaca-2a7965c9f712"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    },
                    {
                        "name": "COMMIT_SHA",
                        "value": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    },
                    {
                        "name": "IMAGE_EXPIRES_AFTER",
                        "value": ""
                    },
                    {
                        "name": "ALWAYS_BUILD_INDEX",
                        "value": "false"
                    },
                    {
                        "name": "IMAGES",
                        "value": [
                            "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3@sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                        ]
                    },
                    {
                        "name": "BUILDAH_FORMAT",
                        "value": "docker"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "build-image-index"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:37Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:37Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-push-msgrp-build-image-index-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        "entryPoint": "build-image-index",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-build-image-index"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "type": "string",
                        "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                    },
                    {
                        "name": "IMAGE_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    }
                ],
                "startTime": "2026-07-01T16:06:20Z",
                "steps": [
                    {
                        "container": "step-build",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "build",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d8b3e5ee5659a106769134381d38d5f20cf167bc705bb42d7f2b84bf198f185a",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:30Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:26Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-create-sbom",
                        "imageID": "quay.io/konflux-ci/mobster@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                        "name": "create-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://5e32a3596ae9ba97ba035a36e100c6cce31957140fc463aad76e9414d671ef18",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:31Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:31Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload-sbom",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "upload-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://1a15de94e4ae7fb7eabc7f4523a9417b3f4a7e79b45fc9f11ac3fd59e1ca5573",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:35Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:31Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This takes existing Image Manifests and combines them in an Image Index.",
                    "params": [
                        {
                            "description": "The target image and tag where the image will be pushed to.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)",
                            "name": "TLSVERIFY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The commit the image is built from.",
                            "name": "COMMIT_SHA",
                            "type": "string"
                        },
                        {
                            "description": "List of Image Manifests to be referenced by the Image Index",
                            "name": "IMAGES",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Delete image tag after specified time resulting in garbage collection of the digest. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.",
                            "name": "IMAGE_EXPIRES_AFTER",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Build an image index even if IMAGES is of length 1. Default true. If the image index generation is skipped, the task will forward values for params.IMAGES[0] to results.IMAGE_*. In order to properly set all results, use the repository:tag@sha256:digest format for the IMAGES parameter.",
                            "name": "ALWAYS_BUILD_INDEX",
                            "type": "string"
                        },
                        {
                            "default": "vfs",
                            "description": "Storage driver to configure for buildah",
                            "name": "STORAGE_DRIVER",
                            "type": "string"
                        },
                        {
                            "default": "oci",
                            "description": "The format for the resulting image's mediaType. Valid values are oci (default) or docker.",
                            "name": "BUILDAH_FORMAT",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Flag to enable or disable SBOM validation before save. Validation is optional - use this if you are experiencing performance issues.",
                            "name": "SBOM_SKIP_VALIDATION",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest of the image just built",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "description": "Image repository and tag where the built image was pushed",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "List of all referenced image manifests",
                            "name": "IMAGES",
                            "type": "string"
                        },
                        {
                            "description": "Image reference of the built image containing both the repository and the digest",
                            "name": "IMAGE_REF",
                            "type": "string"
                        },
                        {
                            "description": "Reference of SBOM blob digest to enable digest-based verification from provenance",
                            "name": "SBOM_BLOB_URL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "env": [
                            {
                                "name": "BUILDAH_FORMAT",
                                "value": "docker"
                            },
                            {
                                "name": "COMMIT_SHA",
                                "value": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                            },
                            {
                                "name": "IMAGE",
                                "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                            },
                            {
                                "name": "TLSVERIFY",
                                "value": "true"
                            },
                            {
                                "name": "ALWAYS_BUILD_INDEX",
                                "value": "false"
                            },
                            {
                                "name": "STORAGE_DRIVER",
                                "value": "vfs"
                            }
                        ],
                        "volumeMounts": [
                            {
                                "mountPath": "/index-build-data",
                                "name": "shared-dir"
                            },
                            {
                                "mountPath": "/mnt/trusted-ca",
                                "name": "trusted-ca",
                                "readOnly": true
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3@sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "250m",
                                    "memory": "4Gi"
                                }
                            },
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "build",
                            "script": "#!/bin/bash\n# Fixing group permission on /var/lib/containers\nset -eu\nset -o pipefail\nchown root:root /var/lib/containers\n\nsed -i 's/^\\s*short-name-mode\\s*=\\s*.*/short-name-mode = \"disabled\"/' /etc/containers/registries.conf\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [[ $# -ne 1 \u0026\u0026 \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n  echo \"Skipping image index generation while supplying multiple image inputs is unsupported.\"\n  exit 2\nfi\n\nbuildah manifest create \"$IMAGE\"\nfor i in $@\ndo\n  TOADD=\"$i\"\n  TOADD_URL=\"$(echo \"$i\" | cut -d@ -f1)\"\n  TOADD_DIGEST=\"$(echo \"$i\" | cut -d@ -f2)\"\n  if [[ $(echo \"$i\" | tr -cd \":\" | wc -c) == 2 ]]; then\n    #format is repository:tag@sha256:digest\n    #we need to remove the tag, and just reference the digest\n    #as tag + digest is not supported\n    TOADD_REPOSITORY=\"$(echo \"$i\" | cut -d: -f1)\"\n    TOADD=\"${TOADD_REPOSITORY}@${TOADD_DIGEST}\"\n  fi\n  if [[ \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n    echo \"Skipping image index generation. Returning results for $TOADD.\"\n    echo -n \"${TOADD_URL}\" \u003e \"/tekton/results/IMAGE_URL\"\n    echo -n \"${TOADD_DIGEST}\" \u003e \"/tekton/results/IMAGE_DIGEST\"\n    echo -n \"${TOADD}\" \u003e \"/tekton/results/IMAGES\"\n    exit 0\n  fi\n\n  echo \"Adding $TOADD\"\n  buildah manifest add $IMAGE \"docker://$TOADD\" --all\ndone\n\necho \"Validating format consistency\"\nINCOMPATIBLE_STRING=\"vnd.oci.image.manifest\"\nINCOMPATIBLE_NAME=\"oci\"\nif [ \"$BUILDAH_FORMAT\" == \"oci\" ]; then\n  INCOMPATIBLE_STRING=\"vnd.docker.distribution.manifest\"\n  INCOMPATIBLE_NAME=\"docker\"\nfi\n\n# If mismatched formats (e.g., Docker manifests within an OCI index) exist locally, 'buildah push'\n# converts the inner manifests to match the target BUILDAH_FORMAT.\n# This alters the digests and breaks the link to the attached SBOMs.\nMANIFEST_MEDIA_TYPES=$(buildah manifest inspect \"$IMAGE\" | jq -er '.manifests[].mediaType')\nif echo \"$MANIFEST_MEDIA_TYPES\" | grep -q \"$INCOMPATIBLE_STRING\"; then\n  echo \"ERROR: Platform image contains $INCOMPATIBLE_NAME format, but index will be $BUILDAH_FORMAT\"\n  echo \"This will cause digest changes and break SBOM accessibility.\"\n  echo \"Ensure all platform images are built with buildah-format: $BUILDAH_FORMAT\"\n  exit 1\nfi\n\n# While the BUILDAH_FORMAT environment variable can define the push\n# format, lets be explicit about the format that we want when we push.\npush_format=oci\nif [ \"${BUILDAH_FORMAT}\" == \"docker\" ]; then\n  push_format=docker\nfi\n\nbuildah_retries=3\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://$IMAGE\"\nthen\n    echo \"Failed to push image ${IMAGE} to registry\"\n    exit 1\nfi\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:python-component-bcqjpf-on-push-msgrp-build-image-index\"\nthen\n    echo \"Failed to push image ${IMAGE%:*}:python-component-bcqjpf-on-push-msgrp-build-image-index to registry\"\n    exit 1\nfi\n\nINDEX_REPOSITORY=\"$(echo \"$IMAGE\" | cut -d@ -f1 | cut -d: -f1)\"\nMANIFEST_DIGESTS=$(buildah manifest inspect \"$IMAGE\" | jq -er \".manifests[].digest\")\nimage_manifests=\"\"\nfor i in $MANIFEST_DIGESTS\ndo\n  image_manifests=\"${image_manifests} ${INDEX_REPOSITORY}@${i},\"\ndone\n\ntee \"/tekton/results/IMAGE_DIGEST\" \u003c image-digest\necho -n \"$IMAGE\" | tee \"/tekton/results/IMAGE_URL\"\n{\n  echo -n \"${IMAGE}@\"\n  cat \"image-digest\"\n} \u003e \"/tekton/results/IMAGE_REF\"\necho -n \"${image_manifests:1:-1}\" \u003e \"/tekton/results/IMAGES\"\n\n# buildah manifest inspect will always give precedence to the local image.\n# Since we built this image in the same place as we are inspecting it, we can\n# just inspect it instead of finding the digest and inspecting the remote image.\nbuildah manifest inspect \"$IMAGE\" \u003e /index-build-data/manifest_data.json\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/mobster:1.1.0-1770046049@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                            "name": "create-sbom",
                            "script": "#!/bin/bash\nset -e\n\nMANIFEST_DATA_FILE=\"/index-build-data/manifest_data.json\"\nif [ ! -f \"$MANIFEST_DATA_FILE\" ]; then\n  echo \"The manifest_data.json file does not exist. Skipping the SBOM creation...\"\n  exit 0\nfi\n\nIMAGE_URL=\"$(cat \"/tekton/results/IMAGE_URL\")\"\nIMAGE_DIGEST=\"$(cat \"/tekton/results/IMAGE_DIGEST\")\"\necho \"Creating SBOM result file...\"\nmobster_args=(generate --output /index-build-data/index.spdx.json)\n\nif [ \"${SBOM_SKIP_VALIDATION}\" == \"true\" ]; then\n  echo \"Skipping SBOM validation\"\n  mobster_args+=(--skip-validation)\nfi\n\nmobster_args+=(\n  oci-index\n  --index-image-pullspec \"$IMAGE_URL\"\n  --index-image-digest \"$IMAGE_DIGEST\"\n  --index-manifest-path \"$MANIFEST_DATA_FILE\"\n)\nmobster \"${mobster_args[@]}\"\n"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "upload-sbom",
                            "script": "#!/bin/bash\nset -e\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSBOM_RESULT_FILE=\"/index-build-data/index.spdx.json\"\nif [ ! -f \"$SBOM_RESULT_FILE\" ]; then\n  echo \"The index.spdx.json file does not exists. Skipping the SBOM upload...\"\n  exit 0\nfi\n\n# Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\nmkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"$(cat \"/tekton/results/IMAGE_REF\")\" \u003e /tmp/auth/config.json\nexport DOCKER_CONFIG=/tmp/auth\n\necho \"Pushing sbom to registry\"\nif ! retry cosign attach sbom --sbom \"$SBOM_RESULT_FILE\" --type spdx \"$(cat \"/tekton/results/IMAGE_REF\")\"\nthen\n    echo \"Failed to push sbom to registry\"\n    exit 1\nfi\n\n# Remove tag from IMAGE while allowing registry to contain a port number.\nsbom_repo=\"${IMAGE%:*}\"\nsbom_digest=\"$(sha256sum \"$SBOM_RESULT_FILE\" | cut -d' ' -f1)\"\n# The SBOM_BLOB_URL is created by `cosign attach sbom`.\necho -n \"${sbom_repo}@sha256:${sbom_digest}\" | tee \"/tekton/results/SBOM_BLOB_URL\"\n",
                            "securityContext": {
                                "runAsNonRoot": false,
                                "runAsUser": 0
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "shared-dir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/384420f8-7fab-4a6f-8cb4-8ae79f8803f2",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:06:38Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "clair-scan",
                    "tekton.dev/task": "clair-scan"
                },
                "name": "python-component-bcqjpf-on-push-msgrp-clair-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "28615",
                "uid": "384420f8-7fab-4a6f-8cb4-8ae79f8803f2"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clair-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:08:20Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:08:20Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-push-msgrp-clair-scan-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        "entryPoint": "clair-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clair-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\", \"digests\": [\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\"]}}\n"
                    },
                    {
                        "name": "REPORTS",
                        "type": "string",
                        "value": "{\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\":\"sha256:f9f17b91c8230a5a8b069b61225e3f6dcf7b4db7c3efc3c49b7836881d0be614\"}\n"
                    },
                    {
                        "name": "SCAN_OUTPUT",
                        "type": "string",
                        "value": "{\"vulnerabilities\":{\"critical\":0,\"high\":331,\"medium\":873,\"low\":241,\"unknown\":2},\"unpatched_vulnerabilities\":{\"critical\":0,\"high\":4,\"medium\":489,\"low\":633,\"unknown\":0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:08:19+00:00\",\"note\":\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:38Z",
                "steps": [
                    {
                        "container": "step-get-image-manifests",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "get-image-manifests",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://921f98750e0e958d7f65507b7ddc2e2cba498c3afc3497a3d4fce651235c295f",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:07:02Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:56Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-get-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/clair-in-ci@sha256:e030a6094b6d88b430ed049a6a59808f4b795e9d8293d72a4bbab44da8cc429f",
                        "name": "get-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://825c2c7ad72bbfbe04ff426d686cbb7db2cc62c4c1d342a2cf5d3acc6246aed5",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:07:44Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:07:03Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-oci-attach-report",
                        "imageID": "quay.io/konflux-ci/oras@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                        "name": "oci-attach-report",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://721d47b7ff5ca33dd857ae2f3f4128c309b49123a8620e01897bfbee4388d09a",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:07:47Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:07:44Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-conftest-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "conftest-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://e9933eef4497ada2f88874af56a06472c48a7293350eec70baa6c2331548701a",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:19Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\\\", \\\"digests\\\": [\\\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\\\"]}}\\n\",\"type\":1},{\"key\":\"REPORTS\",\"value\":\"{\\\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\\\":\\\"sha256:f9f17b91c8230a5a8b069b61225e3f6dcf7b4db7c3efc3c49b7836881d0be614\\\"}\\n\",\"type\":1},{\"key\":\"SCAN_OUTPUT\",\"value\":\"{\\\"vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":331,\\\"medium\\\":873,\\\"low\\\":241,\\\"unknown\\\":2},\\\"unpatched_vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":4,\\\"medium\\\":489,\\\"low\\\":633,\\\"unknown\\\":0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:08:19+00:00\\\",\\\"note\\\":\\\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:07:47Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for vulnerabilities using Clair, by comparing the components of container image against Clair's vulnerability databases.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform built by.",
                            "name": "image-platform",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused, should be removed in next task version.",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-oci-attach-report",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Clair scan result.",
                            "name": "SCAN_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        },
                        {
                            "description": "Mapping of image digests to report digests",
                            "name": "REPORTS",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "get-image-manifests",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\necho \"Inspecting raw image manifest $imageanddigest.\"\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"' | while read -r arch arch_sha; do\n    echo \"$arch_sha\" \u003e /tekton/home/image-manifest-$arch.sha\n  done\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task clair-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                },
                                "requests": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                                },
                                {
                                    "name": "IMAGE_PLATFORM"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clair-in-ci:v1",
                            "imagePullPolicy": "Always",
                            "name": "get-vulnerabilities",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n# shellcheck source=/utils.sh\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\n# the quay report format used by the Conftest rules in the\n# conftest-vulnerabilities step doesn't contain the \"issued\" date which\n# we require in the policy rules, so we resort to running clair-action\n# twice to produce both quay and clair formatted output\nclair_report() {\n  { retry clair-action report --image-ref=\"$1\" --db-path=/tmp/matcher.db --format=clair | tee  \"clair-report-$2.json\"; } \u0026\u0026 \\\n  { retry clair-action convert  --file-path=\"clair-report-$2.json\" --format=quay \u003e \"clair-result-$2.json\"; }\n}\n\nrun_clair_on_arch() {\n  local arch=\"$1\"\n  local sha_file=\"image-manifest-$arch.sha\"\n\n  if [ -e \"$sha_file\" ]; then\n    local arch_sha\n    arch_sha=$(\u003c\"$sha_file\")\n    local digest=\"${imagewithouttag}@${arch_sha}\"\n\n    echo \"Running clair-action on $arch image manifest...\"\n    clair_report \"$digest\" \"$arch\" || true\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n   fi\n}\n\nplatform=\"${IMAGE_PLATFORM}\"\n\n# If a platform is specified, extract the architecture and run clair-action on the corresponding image manifest\nif [ -n \"$platform\" ]; then\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n  # Validate against supported arch list. If it's not a known arch, fallback to amd64\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  run_clair_on_arch \"$arch\"\n\n# If no platform is specified, run clair-action on all available image manifests\nelse\n  for sha_file in image-manifest-*.sha; do\n    if [ -e \"$sha_file\" ]; then\n      arch=$(basename \"$sha_file\" | sed 's/image-manifest-//;s/.sha//')\n      run_clair_on_arch \"$arch\"\n    fi\n  done\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nimages_processed=$(echo \"${images_processed_template/\\[%s]/[$digests_processed_string]}\")\necho \"$images_processed\" \u003e images-processed.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_OCI_ATTACH_REPORT",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                            "name": "oci-attach-report",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nif [ \"$SKIP_OCI_ATTACH_REPORT\" = \"true\" ]; then\n  echo 'OCI attach report skipped by parameter.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\nif ! compgen -G \"clair-report-*.json\" \u003e /dev/null; then\n  echo 'No Clair reports generated. Skipping upload.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\necho \"Selecting auth\"\nselect-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n\nrepository=\"${IMAGE_URL/:*/}\"\n\narch() {\n  report_file=\"$1\"\n  arch=\"${report_file/*-}\"\n  echo \"${arch/.json/}\"\n}\n\nMEDIA_TYPE='application/vnd.redhat.clair-report+json'\n\nreports_json=\"\"\nfor f in clair-report-*.json; do\n  digest=$(cat \"image-manifest-$(arch \"$f\").sha\")\n  image_ref=\"${repository}@${digest}\"\n  echo \"Attaching $f to ${image_ref}\"\n  if ! report_digest=\"$(retry oras attach --no-tty --format go-template='{{.digest}}' --registry-config \\\n    \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${image_ref}\" \"$f:${MEDIA_TYPE}\")\"\n  then\n    echo \"Failed to attach ${f} to ${image_ref}\"\n    exit 1\n  fi\n  # shellcheck disable=SC2016\n  reports_json=\"$(yq --output-format json --indent=0 eval-all '. as $i ireduce ({}; . * $i)' \u003c(echo \"${reports_json}\") \u003c(echo \"${digest}: ${report_digest}\"))\"\ndone\necho \"${reports_json}\" \u003e reports.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "conftest-vulnerabilities",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nclair_result_files=$(ls /tekton/home/clair-result-*.json)\nif [ -z \"$clair_result_files\" ]; then\n  echo \"Previous step [get-vulnerabilities] failed: No clair-result files found in /tekton/home.\"\nfi\n\nmissing_vulnerabilities_files=\"\"\nfor file in $clair_result_files; do\n  file_suffix=$(basename \"$file\" | sed 's/clair-result-//;s/.json//')\n  if [ ! -s \"$file\" ]; then\n    echo \"Previous step [get-vulnerabilities] failed: $file is empty.\"\n  else\n    /usr/bin/conftest test --no-fail $file \\\n    --policy /project/clair/vulnerabilities-check.rego --namespace required_checks \\\n    --output=json | tee /tekton/home/clair-vulnerabilities-$file_suffix.json || true\n  fi\n\n  #check for missing \"clair-vulnerabilities-\u003carch\u003e/image-index\" file and create a string\n  if [ ! -f \"/tekton/home/clair-vulnerabilities-$file_suffix.json\" ]; then\n    missing_vulnerabilities_files+=\"${missing_vulnerabilities_files:+, }/tekton/home/clair-vulnerabilities-$file_suffix.json\"\n  fi\ndone\n\nif [ -n \"$missing_vulnerabilities_files\" ]; then\n  note=\"Task clair-scan failed: $missing_vulnerabilities_files did not generate. For details, check Tekton task log.\"\n  TEST_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"$missing_vulnerabilities_files did not generate correctly. For details, check conftest command in Tekton task log.\"\n  echo \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n  exit 0\nfi\n\nscan_result='{\"vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}, \"unpatched_vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}}'\nfor file in /tekton/home/clair-vulnerabilities-*.json; do\n    result=$(jq -rce \\\n        '{\n            vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            },\n            unpatched_vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            }\n        }' \"$file\")\n\n    scan_result=$(jq -s -rce \\\n          '.[0].vulnerabilities.critical += .[1].vulnerabilities.critical |\n          .[0].vulnerabilities.high += .[1].vulnerabilities.high |\n          .[0].vulnerabilities.medium += .[1].vulnerabilities.medium |\n          .[0].vulnerabilities.low += .[1].vulnerabilities.low |\n          .[0].vulnerabilities.unknown += .[1].vulnerabilities.unknown |\n          .[0].unpatched_vulnerabilities.critical += .[1].unpatched_vulnerabilities.critical |\n          .[0].unpatched_vulnerabilities.high += .[1].unpatched_vulnerabilities.high |\n          .[0].unpatched_vulnerabilities.medium += .[1].unpatched_vulnerabilities.medium |\n          .[0].unpatched_vulnerabilities.low += .[1].unpatched_vulnerabilities.low |\n          .[0].unpatched_vulnerabilities.unknown += .[1].unpatched_vulnerabilities.unknown |\n          .[0]' \u003c\u003c\u003c\"$scan_result $result\")\ndone\n\necho \"$scan_result\" | tee \"/tekton/results/SCAN_OUTPUT\"\n\ncat /tekton/home/images-processed.json | tee /tekton/results/IMAGES_PROCESSED\n# shellcheck disable=SC2154\ncat /tekton/home/reports.json \u003e \"/tekton/results/REPORTS\"\n\nnote=\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\"\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"$note\")\necho \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/e35b61b8-744c-4593-ba3d-88cf5f48df0f",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "virus, konflux",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:06:38Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "clamav-scan",
                    "tekton.dev/task": "clamav-scan"
                },
                "name": "python-component-bcqjpf-on-push-msgrp-clamav-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "28924",
                "uid": "e35b61b8-744c-4593-ba3d-88cf5f48df0f"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clamav-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:08:11Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:08:11Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-push-msgrp-clamav-scan-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        "entryPoint": "clamav-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\", \"digests\": [\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"timestamp\":\"1782922087\",\"namespace\":\"required_checks\",\"successes\":2,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\",\"note\":\"All checks passed successfully\"}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:39Z",
                "steps": [
                    {
                        "container": "step-extract-and-scan-image",
                        "imageID": "quay.io/konflux-ci/clamav-db@sha256:2da6c1a37fef998b68b675505fb654b1123e3cd889c190c59b4527d11621e8fc",
                        "name": "extract-and-scan-image",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f8df3f06c6684f6053f2a9f7465089f77097bc50eaee2892e7d94ccc2069b48d",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:07Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\\\", \\\"digests\\\": [\\\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782922087\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:58Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://5c8988a2954433b16e94c8cf193cbe3a7731858f95808498c62b784180d722e9",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:10Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\\\", \\\"digests\\\": [\\\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782922087\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:08:07Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans the content of container images and OCI artifacts for viruses, malware, and other malicious content using ClamAV antivirus scanner.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image arch.",
                            "name": "image-arch",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "8",
                            "description": "Maximum number of threads clamd runs.",
                            "name": "clamd-max-threads",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-upload",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                },
                                "requests": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/work"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                                },
                                {
                                    "name": "IMAGE_ARCH"
                                },
                                {
                                    "name": "MAX_THREADS",
                                    "value": "8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clamav-db:latest",
                            "name": "extract-and-scan-image",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Start clamd in background\n/start-clamd.sh\n\n# Bootstrap .docker config in overridden HOME.\n# This prevents 'oc' CLI failures in clean environments where ~/.docker does not exist.\nif [ ! -d ~/.docker ]; then\n    mkdir -p ~/.docker\n    echo '{}' \u003e ~/.docker/config.json\nfi\n\nimagewithouttag=$(echo $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\" | tr -d '\\n')\n\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\n\n# check if image is attestation one, skip the clamav scan in such case\nif [[ $imageanddigest == *.att ]]\nthen\n    echo \"$imageanddigest is an attestation image. Skipping ClamAV scan.\"\n    exit 0\nfi\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\nmkdir logs\nmkdir content\ncd content\necho \"Detecting artifact type for ${imageanddigest}.\"\necho '{\"artifact\":{\"pullspec\":\"'\"${imageanddigest}\"'\",\"type\":\"unknown\",\"mediaType\":\"\"}}' \u003e /work/logs/artifact-meta.json\n\n# Function to scan content and process results with ClamAV and EC\n# Parameters:\n#   $1: destination - path to the content to scan\n#   $2: suffix - suffix for log file names (e.g., \"oci\", \"amd64\")\n#   $3: digest - digest to add to digests_processed array\n#   $4: scan_message - optional message describing what is being scanned\nscan_and_process() {\n  local destination=\"$1\"\n  local suffix=\"$2\"\n  local digest=\"$3\"\n  local scan_message=\"${4:-Scanning content}\"\n\n  db_version=$(clamdscan --version | sed 's|.*/\\(.*\\)/.*|\\1|')\n\n  echo \"$scan_message. This operation may take a while.\"\n  clamdscan \"${destination}\" -vi --multiscan --fdpass \\\n    | tee \"/work/logs/clamscan-result-${suffix}.log\" || true\n\n  echo \"Executed-on: Scan was executed on clamsdcan version - $(clamdscan --version) Database version: $db_version\" | tee -a \"/work/logs/clamscan-result-${suffix}.log\"\n\n  digests_processed+=(\"\\\"$digest\\\"\")\n\n  if [[ -e \"/work/logs/clamscan-result-${suffix}.log\" ]]; then\n    # OPA/EC requires structured data input, add clamAV log into json\n    jq -Rs '{ output: . }' \"/work/logs/clamscan-result-${suffix}.log\" \u003e \"/work/logs/clamscan-result-log-${suffix}.json\"\n\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o json \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" || true\n\n    # workaround: due to a bug in ec-cli, we cannot generate json and appstudio output at the same time, running it again\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o appstudio \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" | tee \"/work/logs/clamscan-ec-test-${suffix}.json\" || true\n\n    cat \"/work/logs/clamscan-ec-test-${suffix}.json\"\n  fi\n}\n\n# Detect artifact type: container image vs OCI artifact\n# First, try to get image manifests (works for container images)\n# Use subshell to prevent get_image_manifests() from exiting the main script if it fails\n# (get_image_manifests uses exit 1 when Architecture field is missing, which happens for OCI artifacts)\nimage_manifests=$(bash -c '. /utils.sh; get_image_manifests -i \"'\"${imageanddigest}\"'\"' 2\u003e/dev/null || echo \"\")\n\n# If get_image_manifests failed, check if it's an OCI artifact by inspecting manifest media type\nif [ -z \"$image_manifests\" ]; then\n  echo \"get_image_manifests returned empty, checking if this is an OCI artifact...\"\n  raw_manifest=$(skopeo inspect --raw --authfile ~/.docker/config.json \"docker://${imageanddigest}\" 2\u003e/dev/null || true)\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"inspected\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n\n  if [ -n \"$raw_manifest\" ]; then\n    media_type=$(echo \"$raw_manifest\" | jq -r '.mediaType // .config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n    artifact_type=$(echo \"$raw_manifest\" | jq -r '.artifactType // empty' 2\u003e/dev/null || echo \"\")\n    config_media_type=$(echo \"$raw_manifest\" | jq -r '.config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n\n    # Determine if this is an OCI artifact (not a container image)\n    # OCI artifacts typically have:\n    # - An empty/scratch config (config.mediaType contains \"empty\" or \"scratch\")\n    # - An explicit artifactType field that is not a container image type\n    is_oci_artifact=false\n\n    # Check if config is empty/scratch (typical for OCI artifacts like python wheels, helm charts, etc.)\n    if echo \"$config_media_type\" | grep -qiE \"(empty|scratch)\"; then\n      is_oci_artifact=true\n    fi\n\n    # Check if artifactType is set and is not a container image type\n    if [ -n \"$artifact_type\" ] \u0026\u0026 ! echo \"$artifact_type\" | grep -qE \"application/vnd\\.(oci|docker)\\.(image|container)\"; then\n      is_oci_artifact=true\n    fi\n\n    if [ \"$is_oci_artifact\" = true ]; then\n      # This is an OCI artifact (e.g., python wheels, helm charts, etc.)\n      echo \"Detected OCI artifact (artifactType: ${artifact_type:-unset}, config.mediaType: ${config_media_type:-unset}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.artifactType = '\"\\\"${artifact_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    elif echo \"$media_type\" | grep -qE \"(application/vnd\\.(docker|oci)\\.(distribution|image)\\.manifest|application/vnd\\.docker\\.distribution\\.manifest)\"; then\n      # This looks like a container image manifest, but get_image_manifests failed\n      echo \"Detected container image manifest type: $media_type, but get_image_manifests failed. This may indicate an error.\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"$media_type\\\"\"' | .artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      note=\"Task clamav-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n      ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n      echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n      exit 0\n    else\n      # Likely an OCI artifact with non-standard media type\n      echo \"Detected OCI artifact (media type: ${media_type:-unknown}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    fi\n  else\n    echo \"Failed to inspect artifact \\\"$imageanddigest\\\". Unable to determine type.\"\n    note=\"Task clamav-scan failed: Failed to inspect artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 0\n  fi\nfi\n\n# Process container images (existing logic)\nif [ -n \"$image_manifests\" ]; then\n  echo \"Detected container image. Processing image manifests.\"\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n  # Proceed only if a specific arch is provided.\n  # This typically occurs when using Tekton Matrix to launch multiple TaskRuns to scan all architectures of a multi-arch image in parallel.\n  if [ -n \"$IMAGE_ARCH\" ]; then\n    arch=\"${IMAGE_ARCH#*/}\"\n    if [ \"${arch}\" = \"x86_64\" ]; then\n      arch=\"amd64\"\n    fi\n\n    # Check if arch is supported; if not (e.g., it's 'local', see link below), default to amd64.\n    # https://github.com/redhat-appstudio/infra-deployments/blob/main/components/multi-platform-controller/production/stone-prd-rh01/host-config.yaml#L9-L14\n    case \"$arch\" in\n      amd64|ppc64le|arm64|s390x)\n        ;;\n      *)\n        arch=\"amd64\"\n        ;;\n    esac\n\n    image_manifests=$(echo \"$image_manifests\" | jq -c --arg arch \"$arch\" '{($arch): .[$arch]}')\n  fi\n\n  while read -r arch arch_sha; do\n    destination=$(echo content-$arch)\n    mkdir -p \"$destination\"\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    echo \"Running \\\"oc image extract\\\" on image of arch $arch\"\n    retry oc image extract --only-files=true --registry-config ~/.docker/config.json \"$arch_imageanddigest\" --path=\"/:${destination}\" --filter-by-os=\"linux/${arch}\"\n    if [ $? -ne 0 ]; then\n      echo \"Unable to extract image for arch $arch. Skipping ClamAV scan!\"\n      exit 0\n    fi\n\n    # Scan and process container image for this architecture\n    scan_and_process \"${destination}\" \"$arch\" \"$arch_sha\" \"Scanning image for arch $arch\"\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nfi\n\njq -s -rce '\n  reduce .[] as $item ({\"timestamp\":\"0\",\"namespace\":\"\",\"successes\":0,\"failures\":0,\"warnings\":0,\"result\":\"\",\"note\":\"\"};\n    {\n    \"timestamp\" : (if .timestamp \u003c $item.timestamp then $item.timestamp else .timestamp end),\n    \"namespace\" : $item.namespace,\n    \"successes\" : (.successes + $item.successes),\n    \"failures\" : (.failures + $item.failures),\n    \"warnings\" : (.warnings + $item.warnings),\n    \"result\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.result else .result end),\n    \"note\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.note else .note end)\n    })' /work/logs/clamscan-ec-test-*.json | tee /tekton/results/TEST_OUTPUT\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_UPLOAD",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\n# Skip upload if requested e.g. read-only CI tests where push access is denied\nif [ \"$SKIP_UPLOAD\" == \"true\" ]; then\n  echo \"Upload skipped by parameter.\"\n  exit 0\nfi\n\n# Don't return a glob expression when no matches are found\nshopt -s nullglob\n\ncd logs\n\nfor UPLOAD_FILE in clamscan-result*.log; do\n  MEDIA_TYPE=text/vnd.clamav\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\nfor UPLOAD_FILE in clamscan-ec-test*.json; do\n  MEDIA_TYPE=application/vnd.konflux.test_output+json\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\n\nif [ -z \"${args}\" ]; then\n  echo \"No files found. Skipping upload.\"\n  exit 0;\nfi\n\necho \"Selecting auth\"\nselect-oci-auth $IMAGE_URL \u003e $HOME/auth.json\necho \"Attaching to ${IMAGE_URL}\"\n retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type application/vnd.clamav \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${args[@]}\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "dbfolder"
                        },
                        {
                            "emptyDir": {},
                            "name": "work"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-2710f06599",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/b6aa6965-c7d2-4bad-a10a-d27862a238e8",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/categories": "Git",
                    "tekton.dev/displayName": "git clone",
                    "tekton.dev/pipelines.minVersion": "0.21.0",
                    "tekton.dev/platforms": "linux/amd64,linux/s390x,linux/ppc64le,linux/arm64",
                    "tekton.dev/tags": "git",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:02:52Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "clone-repository",
                    "tekton.dev/task": "git-clone"
                },
                "name": "python-component-bcqjpf-on-push-msgrp-clone-repository",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "23269",
                "uid": "b6aa6965-c7d2-4bad-a10a-d27862a238e8"
            },
            "spec": {
                "params": [
                    {
                        "name": "url",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    },
                    {
                        "name": "revision",
                        "value": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "git-clone"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-git-clone:0.1@sha256:7db7ad9653dccc771407cb0294487cf4be9064fa782ffad7e983db1a8ba57e21"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "output",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-978606f553"
                        }
                    },
                    {
                        "name": "basic-auth",
                        "secret": {
                            "secretName": "pac-gitauth-fspzjg"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:02:59Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:02:59Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-push-msgrp-clone-repository-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "7db7ad9653dccc771407cb0294487cf4be9064fa782ffad7e983db1a8ba57e21"
                        },
                        "entryPoint": "git-clone",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-git-clone"
                    }
                },
                "results": [
                    {
                        "name": "CHAINS-GIT_COMMIT",
                        "type": "string",
                        "value": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    },
                    {
                        "name": "CHAINS-GIT_URL",
                        "type": "string",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    },
                    {
                        "name": "commit",
                        "type": "string",
                        "value": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    },
                    {
                        "name": "commit-timestamp",
                        "type": "string",
                        "value": "1782921732"
                    },
                    {
                        "name": "short-commit",
                        "type": "string",
                        "value": "be5b1d9"
                    },
                    {
                        "name": "url",
                        "type": "string",
                        "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                    }
                ],
                "startTime": "2026-07-01T16:02:53Z",
                "steps": [
                    {
                        "container": "step-clone",
                        "imageID": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                        "name": "clone",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://6643f0eb85f753ef6ba464059724dbd1d9ea4a242cb19cd6309569869ea3bf30",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:02:57Z",
                            "message": "[{\"key\":\"CHAINS-GIT_COMMIT\",\"value\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"type\":1},{\"key\":\"CHAINS-GIT_URL\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1},{\"key\":\"commit\",\"value\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"type\":1},{\"key\":\"commit-timestamp\",\"value\":\"1782921732\",\"type\":1},{\"key\":\"short-commit\",\"value\":\"be5b1d9\",\"type\":1},{\"key\":\"url\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:02:57Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-symlink-check",
                        "imageID": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                        "name": "symlink-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://e66ce285bbda88b1ff4a2a2a8d0b3701f76ff0d648bbb095919f17b1967c3e0f",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:02:58Z",
                            "message": "[{\"key\":\"CHAINS-GIT_COMMIT\",\"value\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"type\":1},{\"key\":\"CHAINS-GIT_URL\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1},{\"key\":\"commit\",\"value\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"type\":1},{\"key\":\"commit-timestamp\",\"value\":\"1782921732\",\"type\":1},{\"key\":\"short-commit\",\"value\":\"be5b1d9\",\"type\":1},{\"key\":\"url\",\"value\":\"https://github.com/redhat-appstudio-qe/group-snapshot-multi-component\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:02:58Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "The git-clone Task will clone a repo from the provided url into the output Workspace. By default the repo will be cloned into the root of your Workspace.",
                    "params": [
                        {
                            "description": "Repository URL to clone from.",
                            "name": "url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Revision to checkout. (branch, tag, sha, ref, etc...)",
                            "name": "revision",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Refspec to fetch before checking out revision.",
                            "name": "refspec",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Initialize and fetch git submodules.",
                            "name": "submodules",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Comma-separated list of specific submodule paths to initialize and fetch. Only submodules in the specified directories and their subdirectories will be fetched.\nEmpty string fetches all submodules. Parameter \"submodules\" must be set to \"true\" to make this parameter applicable.\n",
                            "name": "submodulePaths",
                            "type": "string"
                        },
                        {
                            "default": "1",
                            "description": "Perform a shallow clone, fetching only the most recent N commits.",
                            "name": "depth",
                            "type": "string"
                        },
                        {
                            "default": "7",
                            "description": "Length of short commit SHA",
                            "name": "shortCommitLength",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Set the `http.sslVerify` global git config. Setting this to `false` is not advised unless you are sure that you trust your git remote.",
                            "name": "sslVerify",
                            "type": "string"
                        },
                        {
                            "default": "source",
                            "description": "Subdirectory inside the `output` Workspace to clone the repo into.",
                            "name": "subdirectory",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Define the directory patterns to match or exclude when performing a sparse checkout.",
                            "name": "sparseCheckoutDirectories",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Clean out the contents of the destination directory if it already exists before cloning.",
                            "name": "deleteExisting",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTP proxy server for non-SSL requests.",
                            "name": "httpProxy",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "HTTPS proxy server for SSL requests.",
                            "name": "httpsProxy",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Opt out of proxying HTTP/HTTPS requests.",
                            "name": "noProxy",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Log the commands that are executed during `git-clone`'s operation.",
                            "name": "verbose",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Deprecated. Has no effect. Will be removed in the future.",
                            "name": "gitInitImage",
                            "type": "string"
                        },
                        {
                            "default": "/tekton/home",
                            "description": "Absolute path to the user's home directory. Set this explicitly if you are running the image as a non-root user.\n",
                            "name": "userHome",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Check symlinks in the repo. If they're pointing outside of the repo, the build will fail.\n",
                            "name": "enableSymlinkCheck",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Fetch all tags for the repo.",
                            "name": "fetchTags",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Set to \"true\" to merge the targetBranch into the checked-out revision.",
                            "name": "mergeTargetBranch",
                            "type": "string"
                        },
                        {
                            "default": "main",
                            "description": "The target branch to merge into the revision (if mergeTargetBranch is true).",
                            "name": "targetBranch",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "URL of the repository to fetch the target branch from when mergeTargetBranch is true.\nIf empty, uses the same repository (origin). This allows merging a branch from a different repository.\n",
                            "name": "mergeSourceRepoUrl",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Perform a shallow fetch of the target branch, fetching only the most recent N commits.\nIf empty, fetches the full history of the target branch.\n",
                            "name": "mergeSourceDepth",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "The precise commit SHA that was fetched by this Task.",
                            "name": "commit",
                            "type": "string"
                        },
                        {
                            "description": "The commit SHA that was fetched by this Task limited to params.shortCommitLength number of characters",
                            "name": "short-commit",
                            "type": "string"
                        },
                        {
                            "description": "The precise URL that was fetched by this Task.",
                            "name": "url",
                            "type": "string"
                        },
                        {
                            "description": "The commit timestamp of the checkout",
                            "name": "commit-timestamp",
                            "type": "string"
                        },
                        {
                            "description": "The precise URL that was fetched by this Task. This result uses Chains type hinting to include in the provenance.",
                            "name": "CHAINS-GIT_URL",
                            "type": "string"
                        },
                        {
                            "description": "The precise commit SHA that was fetched by this Task. This result uses Chains type hinting to include in the provenance.",
                            "name": "CHAINS-GIT_COMMIT",
                            "type": "string"
                        },
                        {
                            "description": "The SHA of the commit after merging the target branch (if the param mergeTargetBranch is true).",
                            "name": "merged_sha",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/tekton/home"
                                },
                                {
                                    "name": "PARAM_URL",
                                    "value": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component"
                                },
                                {
                                    "name": "PARAM_REVISION",
                                    "value": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                },
                                {
                                    "name": "PARAM_REFSPEC"
                                },
                                {
                                    "name": "PARAM_SUBMODULES",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBMODULE_PATHS"
                                },
                                {
                                    "name": "PARAM_DEPTH",
                                    "value": "1"
                                },
                                {
                                    "name": "PARAM_SHORT_COMMIT_LENGTH",
                                    "value": "7"
                                },
                                {
                                    "name": "PARAM_SSL_VERIFY",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBDIRECTORY",
                                    "value": "source"
                                },
                                {
                                    "name": "PARAM_DELETE_EXISTING",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_HTTP_PROXY"
                                },
                                {
                                    "name": "PARAM_HTTPS_PROXY"
                                },
                                {
                                    "name": "PARAM_NO_PROXY"
                                },
                                {
                                    "name": "PARAM_VERBOSE",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_SPARSE_CHECKOUT_DIRECTORIES"
                                },
                                {
                                    "name": "PARAM_USER_HOME",
                                    "value": "/tekton/home"
                                },
                                {
                                    "name": "PARAM_FETCH_TAGS",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_GIT_INIT_IMAGE"
                                },
                                {
                                    "name": "PARAM_MERGE_TARGET_BRANCH",
                                    "value": "false"
                                },
                                {
                                    "name": "PARAM_TARGET_BRANCH",
                                    "value": "main"
                                },
                                {
                                    "name": "PARAM_MERGE_SOURCE_REPO_URL"
                                },
                                {
                                    "name": "PARAM_MERGE_SOURCE_DEPTH"
                                },
                                {
                                    "name": "WORKSPACE_OUTPUT_PATH",
                                    "value": "/workspace/output"
                                },
                                {
                                    "name": "WORKSPACE_SSH_DIRECTORY_BOUND",
                                    "value": "false"
                                },
                                {
                                    "name": "WORKSPACE_SSH_DIRECTORY_PATH"
                                },
                                {
                                    "name": "WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND",
                                    "value": "true"
                                },
                                {
                                    "name": "WORKSPACE_BASIC_AUTH_DIRECTORY_PATH",
                                    "value": "/workspace/basic-auth"
                                }
                            ],
                            "image": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                            "name": "clone",
                            "script": "#!/usr/bin/env sh\nset -eu\n\nif [ \"${PARAM_VERBOSE}\" = \"true\" ] ; then\n  set -x\nfi\n\nif [ -n \"${PARAM_GIT_INIT_IMAGE}\" ]; then\n  echo \"WARNING: provided deprecated gitInitImage parameter has no effect.\"\nfi\n\nif [ \"${WORKSPACE_BASIC_AUTH_DIRECTORY_BOUND}\" = \"true\" ] ; then\n  if [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials\" ] \u0026\u0026 [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig\" ]; then\n    cp \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.git-credentials\" \"${PARAM_USER_HOME}/.git-credentials\"\n    cp \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/.gitconfig\" \"${PARAM_USER_HOME}/.gitconfig\"\n  # Compatibility with kubernetes.io/basic-auth secrets\n  elif [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/username\" ] \u0026\u0026 [ -f \"${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/password\" ]; then\n    HOSTNAME=$(echo $PARAM_URL | awk -F/ '{print $3}')\n    echo \"https://$(cat ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/username):$(cat ${WORKSPACE_BASIC_AUTH_DIRECTORY_PATH}/password)@$HOSTNAME\" \u003e \"${PARAM_USER_HOME}/.git-credentials\"\n    echo -e \"[credential \\\"https://$HOSTNAME\\\"]\\n  helper = store\" \u003e \"${PARAM_USER_HOME}/.gitconfig\"\n  else\n    echo \"Unknown basic-auth workspace format\"\n    exit 1\n  fi\n  chmod 400 \"${PARAM_USER_HOME}/.git-credentials\"\n  chmod 400 \"${PARAM_USER_HOME}/.gitconfig\"\nfi\n\n# Should be called after the gitconfig is copied from the repository secret\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  git config --global http.sslCAInfo \"$ca_bundle\"\nfi\n\nif [ \"${WORKSPACE_SSH_DIRECTORY_BOUND}\" = \"true\" ] ; then\n  cp -R \"${WORKSPACE_SSH_DIRECTORY_PATH}\" \"${PARAM_USER_HOME}\"/.ssh\n  chmod 700 \"${PARAM_USER_HOME}\"/.ssh\n  chmod -R 400 \"${PARAM_USER_HOME}\"/.ssh/*\nfi\n\nCHECKOUT_DIR=\"${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}\"\n\ncleandir() {\n  # Delete any existing contents of the repo directory if it exists.\n  #\n  # We don't just \"rm -rf ${CHECKOUT_DIR}\" because ${CHECKOUT_DIR} might be \"/\"\n  # or the root of a mounted volume.\n  if [ -d \"${CHECKOUT_DIR}\" ] ; then\n    # Delete non-hidden files and directories\n    rm -rf \"${CHECKOUT_DIR:?}\"/*\n    # Delete files and directories starting with . but excluding ..\n    rm -rf \"${CHECKOUT_DIR}\"/.[!.]*\n    # Delete files and directories starting with .. plus any other character\n    rm -rf \"${CHECKOUT_DIR}\"/..?*\n  fi\n}\n\nif [ \"${PARAM_DELETE_EXISTING}\" = \"true\" ] ; then\n  cleandir\nfi\n\ntest -z \"${PARAM_HTTP_PROXY}\" || export HTTP_PROXY=\"${PARAM_HTTP_PROXY}\"\ntest -z \"${PARAM_HTTPS_PROXY}\" || export HTTPS_PROXY=\"${PARAM_HTTPS_PROXY}\"\ntest -z \"${PARAM_NO_PROXY}\" || export NO_PROXY=\"${PARAM_NO_PROXY}\"\n\n/ko-app/git-init \\\n  -url=\"${PARAM_URL}\" \\\n  -revision=\"${PARAM_REVISION}\" \\\n  -refspec=\"${PARAM_REFSPEC}\" \\\n  -path=\"${CHECKOUT_DIR}\" \\\n  -sslVerify=\"${PARAM_SSL_VERIFY}\" \\\n  -submodules=\"${PARAM_SUBMODULES}\" \\\n  -submodulePaths=\"${PARAM_SUBMODULE_PATHS}\" \\\n  -depth=\"${PARAM_DEPTH}\" \\\n  -sparseCheckoutDirectories=\"${PARAM_SPARSE_CHECKOUT_DIRECTORIES}\" \\\n  -retryMaxAttempts=10\ncd \"${CHECKOUT_DIR}\"\nRESULT_SHA=\"$(git rev-parse HEAD)\"\nRESULT_SHA_SHORT=\"$(git rev-parse --short=\"${PARAM_SHORT_COMMIT_LENGTH}\" HEAD)\"\n\nif [ \"${PARAM_MERGE_TARGET_BRANCH}\" = \"true\" ]; then\n  echo \"Merge option enabled. Attempting to merge target branch '${PARAM_TARGET_BRANCH}' into HEAD (${RESULT_SHA}).\"\n\n  if [ \"${PARAM_DEPTH}\" = \"1\" ]; then\n    echo \"WARNING: Shallow clone with depth=1 may cause merge conflicts due to insufficient commit history.\" \u003e\u00262\n  fi\n\n  if [ \"${PARAM_MERGE_SOURCE_DEPTH}\" = \"1\" ]; then\n    echo \"WARNING: Shallow fetch with mergeSourceDepth=1 may cause merge conflicts due to insufficient commit history.\" \u003e\u00262\n  fi\n\n  # Determine if merging from a different repository or the same one\n  if [ -n \"${PARAM_MERGE_SOURCE_REPO_URL}\" ]; then\n    # Normalize URLs for comparison (remove trailing slashes and .git suffix)\n    normalize_url() {\n      echo \"$1\" | sed -e 's#/$##' -e 's#\\.git$##'\n    }\n\n    NORMALIZED_ORIGIN_URL=$(normalize_url \"${PARAM_URL}\")\n    NORMALIZED_MERGE_URL=$(normalize_url \"${PARAM_MERGE_SOURCE_REPO_URL}\")\n\n    if [ \"${NORMALIZED_ORIGIN_URL}\" = \"${NORMALIZED_MERGE_URL}\" ]; then\n      echo \"Merge source URL is the same as origin. Using existing 'origin' remote.\"\n      MERGE_REMOTE=\"origin\"\n    else\n      echo \"Merging from different repository: ${PARAM_MERGE_SOURCE_REPO_URL}\"\n      echo \"Adding remote 'merge-source'...\"\n      git remote add merge-source \"${PARAM_MERGE_SOURCE_REPO_URL}\"\n      MERGE_REMOTE=\"merge-source\"\n    fi\n  else\n    echo \"Merging from the same repository (origin)\"\n    MERGE_REMOTE=\"origin\"\n  fi\n\n  echo \"Fetching target branch '${PARAM_TARGET_BRANCH}' from ${MERGE_REMOTE}...\"\n  if [ -n \"${PARAM_MERGE_SOURCE_DEPTH}\" ]; then\n    retry git fetch --depth=\"${PARAM_MERGE_SOURCE_DEPTH}\" ${MERGE_REMOTE} \"${PARAM_TARGET_BRANCH}\"\n  else\n    retry git fetch ${MERGE_REMOTE} \"${PARAM_TARGET_BRANCH}\"\n  fi\n\n\n  echo \"Merging ${MERGE_REMOTE}/${PARAM_TARGET_BRANCH} into current HEAD...\"\n  git config --global user.email \"tekton-git-clone@tekton.dev\"\n  git config --global user.name \"Tekton Git Clone Task\"\n\nif ! git merge FETCH_HEAD --no-commit --no-ff --allow-unrelated-histories; then\n  echo \"ERROR: Merge conflict detected or merge failed before commit.\" \u003e\u00262\n  echo \"--- Git Status ---\"\n  git status\n  echo \"------------------\"\n  exit 1\nfi\n\n# Check if there are changes staged for commit\nif git diff --staged --quiet; then\n  echo \"No diff was found, skipping merge...\" \u003e\u00262\nelse\n  echo \"Merge successful (no conflicts found), committing...\"\nif ! git commit -m \"Merge branch '${PARAM_TARGET_BRANCH}' from ${MERGE_REMOTE} into ${RESULT_SHA}\"; then\n  echo \"ERROR: Failed to commit merge.\" \u003e\u00262\n  exit 1\nfi\n  MERGED_SHA=$(git rev-parse HEAD)\n  echo \"New HEAD after merge: ${MERGED_SHA}\"\n  echo \"${MERGED_SHA}\" \u003e \"/tekton/results/merged_sha\"\nfi\n\nelse\n  echo \"Merge option disabled. Using checked-out revision ${RESULT_SHA} directly.\"\nfi\nprintf \"%s\" \"${RESULT_SHA}\" \u003e \"/tekton/results/commit\"\nprintf \"%s\" \"${RESULT_SHA}\" \u003e \"/tekton/results/CHAINS-GIT_COMMIT\"\nprintf \"%s\" \"${RESULT_SHA_SHORT}\" \u003e \"/tekton/results/short-commit\"\nprintf \"%s\" \"${PARAM_URL}\" \u003e \"/tekton/results/url\"\nprintf \"%s\" \"${PARAM_URL}\" \u003e \"/tekton/results/CHAINS-GIT_URL\"\nprintf \"%s\" \"$(git log -1 --pretty=%ct)\" \u003e \"/tekton/results/commit-timestamp\"\n\nif [ \"${PARAM_FETCH_TAGS}\" = \"true\" ] ; then\n  echo \"Fetching tags\"\n  retry git fetch --tags\nfi\n",
                            "securityContext": {
                                "runAsUser": 0
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ]
                        },
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "PARAM_ENABLE_SYMLINK_CHECK",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_SUBDIRECTORY",
                                    "value": "source"
                                },
                                {
                                    "name": "WORKSPACE_OUTPUT_PATH",
                                    "value": "/workspace/output"
                                }
                            ],
                            "image": "quay.io/konflux-ci/git-clone@sha256:09ac9c14392b5c2b8057f66cc4abfb8ce5d7214706318959d00908923a754434",
                            "name": "symlink-check",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n\nCHECKOUT_DIR=\"${WORKSPACE_OUTPUT_PATH}/${PARAM_SUBDIRECTORY}\"\ncheck_symlinks() {\n  FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO=false\n  while read -r symlink\n  do\n    target=$(readlink -m \"$symlink\")\n    if ! [[ \"$target\" =~ ^$CHECKOUT_DIR ]]; then\n      echo \"The cloned repository contains symlink pointing outside of the cloned repository: $symlink\"\n      FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO=true\n    fi\n  done \u003c \u003c(find $CHECKOUT_DIR -type l -print)\n  if [ \"$FOUND_SYMLINK_POINTING_OUTSIDE_OF_REPO\" = true ] ; then\n    return 1\n  fi\n}\n\nif [ \"${PARAM_ENABLE_SYMLINK_CHECK}\" = \"true\" ] ; then\n  echo \"Running symlink check\"\n  check_symlinks\nfi\n"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "The git repo will be cloned onto the volume backing this Workspace.",
                            "name": "output"
                        },
                        {
                            "description": "A .ssh directory with private key, known_hosts, config, etc. Copied to\nthe user's home before git commands are executed. Used to authenticate\nwith the git remote when performing the clone. Binding a Secret to this\nWorkspace is strongly recommended over other volume types.\n",
                            "name": "ssh-directory",
                            "optional": true
                        },
                        {
                            "description": "A Workspace containing a .gitconfig and .git-credentials file or username and password.\nThese will be copied to the user's home before any git commands are run. Any\nother files in this Workspace are ignored. It is strongly recommended\nto use ssh-directory over basic-auth whenever possible and to bind a\nSecret to this Workspace over other volume types.\n",
                            "name": "basic-auth",
                            "optional": true
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/50adf1e3-ac2b-450c-994a-fac9e3d34085",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:02:44Z",
                "finalizers": [
                    "results.tekton.dev/taskrun",
                    "chains.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "init",
                    "tekton.dev/task": "init"
                },
                "name": "python-component-bcqjpf-on-push-msgrp-init",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "23071",
                "uid": "50adf1e3-ac2b-450c-994a-fac9e3d34085"
            },
            "spec": {
                "params": [
                    {
                        "name": "enable-cache-proxy",
                        "value": "false"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "init"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-init:0.4@sha256:288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:02:49Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:02:49Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-push-msgrp-init-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "288f3106118edc1d0f0c79a89c960abf5841a4dd8bc3f38feb10527253105b19"
                        },
                        "entryPoint": "init",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-init"
                    }
                },
                "results": [
                    {
                        "name": "http-proxy",
                        "type": "string",
                        "value": ""
                    },
                    {
                        "name": "no-proxy",
                        "type": "string",
                        "value": ""
                    }
                ],
                "startTime": "2026-07-01T16:02:45Z",
                "steps": [
                    {
                        "container": "step-init",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:59f2ea93fa4d47342b54acb434422ee07ebccd927a06a00d3f3eca70f8356ddf",
                        "name": "init",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://4a361be6dc93860d66ac4ec325c9e622a7fd2d8e2571566f8a7ac74878285a5e",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:02:48Z",
                            "message": "[{\"key\":\"http-proxy\",\"value\":\"\",\"type\":1},{\"key\":\"no-proxy\",\"value\":\"\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:02:48Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Initialize Pipeline Task, enables configuration for cache-proxy if required during the PipelineRun.",
                    "params": [
                        {
                            "default": "false",
                            "description": "Enable cache proxy configuration",
                            "name": "enable-cache-proxy",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "HTTP proxy URL for cache proxy (when enable-cache-proxy is true)",
                            "name": "http-proxy",
                            "type": "string"
                        },
                        {
                            "description": "NO_PROXY value for cache proxy (when enable-cache-proxy is true)",
                            "name": "no-proxy",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "args": [
                                "--enable",
                                "false"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "config",
                                "cache-proxy"
                            ],
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                },
                                {
                                    "name": "DEFAULT_HTTP_PROXY",
                                    "value": "squid.caching.svc.cluster.local:3128"
                                },
                                {
                                    "name": "DEFAULT_NO_PROXY",
                                    "value": "brew.registry.redhat.io,docker.io,gcr.io,ghcr.io,images.paas.redhat.com,mirror.gcr.io,nvcr.io,quay.io,registry-proxy.engineering.redhat.com,registry.access.redhat.com,registry.ci.openshift.org,registry.fedoraproject.org,registry.redhat.io,registry.stage.redhat.io,vault.habana.ai"
                                },
                                {
                                    "name": "HTTP_PROXY_RESULTS_PATH",
                                    "value": "/tekton/results/http-proxy"
                                },
                                {
                                    "name": "NO_PROXY_RESULTS_PATH",
                                    "value": "/tekton/results/no-proxy"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:59f2ea93fa4d47342b54acb434422ee07ebccd927a06a00d3f3eca70f8356ddf",
                            "name": "init"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-2710f06599",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/7979917d-b11c-4118-bd9e-e1f6abd28bf0",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:03:02Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "prefetch-dependencies",
                    "tekton.dev/task": "prefetch-dependencies"
                },
                "name": "python-component-bcqjpf-on-push-msgrp-prefetch-dependencies",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "23551",
                "uid": "7979917d-b11c-4118-bd9e-e1f6abd28bf0"
            },
            "spec": {
                "params": [
                    {
                        "name": "input",
                        "value": ""
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "prefetch-dependencies"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.3@sha256:45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "source",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-978606f553"
                        }
                    },
                    {
                        "name": "git-basic-auth",
                        "secret": {
                            "secretName": "pac-gitauth-fspzjg"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:03:13Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:03:13Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-push-msgrp-prefetch-dependencies-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        "entryPoint": "prefetch-dependencies",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies"
                    }
                },
                "startTime": "2026-07-01T16:03:03Z",
                "steps": [
                    {
                        "container": "step-prefetch-dependencies",
                        "imageID": "quay.io/konflux-ci/hermeto@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                        "name": "prefetch-dependencies",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://3eccbe2e79153d77c60792196e831c2bfe6e9b6592fd79b54bffea390694f2c7",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:03:12Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:03:07Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Task that prefetches project dependencies for hermetic build.",
                    "params": [
                        {
                            "description": "Configures project packages that will have their dependencies prefetched.",
                            "name": "input",
                            "type": "string"
                        },
                        {
                            "default": "debug",
                            "description": "Set the logging level (debug, info, warn, error, fatal).",
                            "name": "log-level",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Pass configuration to the prefetch tool.\nNote this needs to be passed as a YAML-formatted config dump, not as a file path!\n",
                            "name": "config-file-content",
                            "type": "string"
                        },
                        {
                            "default": "spdx",
                            "description": "Select the SBOM format to generate. Valid values: spdx, cyclonedx.",
                            "name": "sbom-type",
                            "type": "string"
                        },
                        {
                            "default": "strict",
                            "description": "Control how input requirement violations are handled: strict (errors) or permissive (warnings).",
                            "name": "mode",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "activation-key",
                            "description": "Name of secret which contains subscription activation key",
                            "name": "ACTIVATION_KEY",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "debug"
                                },
                                {
                                    "name": "KBC_PD_INPUT"
                                },
                                {
                                    "name": "KBC_PD_SOURCE_DIR",
                                    "value": "/workspace/source/source"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR",
                                    "value": "/workspace/source/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_SBOM_FORMAT",
                                    "value": "spdx"
                                },
                                {
                                    "name": "KBC_PD_MODE",
                                    "value": "strict"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR_MOUNT_POINT",
                                    "value": "/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_ENV_FILE",
                                    "value": "/workspace/source/cachi2/cachi2.env"
                                },
                                {
                                    "name": "KBC_PD_GIT_AUTH_DIRECTORY",
                                    "value": "/workspace/git-basic-auth"
                                },
                                {
                                    "name": "WORKSPACE_NETRC_PATH"
                                },
                                {
                                    "name": "CONFIG_FILE_CONTENT"
                                }
                            ],
                            "image": "quay.io/konflux-ci/hermeto:0.48.0@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                            "name": "prefetch-dependencies",
                            "script": "#!/bin/bash\n\nif [ -n \"${WORKSPACE_NETRC_PATH}\" ]; then\n  export NETRC=\"${WORKSPACE_NETRC_PATH}/.netrc\"\nfi\n\nCA_BUNDLE_PATH=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$CA_BUNDLE_PATH\" ]; then\n  cp -vf \"$CA_BUNDLE_PATH\" /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [ -e /activation-key/org ] \u0026\u0026 [ -e /activation-key/activationkey ]; then\n  export KBC_PD_RHSM_ORG=/activation-key/org\n  export KBC_PD_RHSM_ACTIVATION_KEY=/activation-key/activationkey\nfi\n\nif [ -n \"${CONFIG_FILE_CONTENT}\" ]; then\n  echo \"${CONFIG_FILE_CONTENT}\" \u003e /mnt/config/config.yaml\n  export KBC_PD_CONFIG_FILE=/mnt/config/config.yaml\nfi\n\nkonflux-build-cli prefetch-dependencies\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/activation-key",
                                    "name": "activation-key"
                                },
                                {
                                    "mountPath": "/mnt/config",
                                    "name": "config"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "activation-key",
                            "secret": {
                                "optional": true,
                                "secretName": "activation-key"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "config"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace with the source code, prefetch artifacts will be stored on the workspace as well",
                            "name": "source"
                        },
                        {
                            "description": "A Workspace containing a .gitconfig and .git-credentials file or username and password.\nThese will be copied to the user's home before prefetch is run. Any\nother files in this Workspace are ignored. It is strongly recommended\nto bind a Secret to this Workspace over other volume types.\n",
                            "name": "git-basic-auth",
                            "optional": true
                        },
                        {
                            "description": "Workspace containing a .netrc file. Prefetch will use the credentials in this file when\nperforming http(s) requests.\n",
                            "name": "netrc",
                            "optional": true
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-2710f06599",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/31ca65a6-876b-4b14-9d4b-72fd5e2673be",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, appstudio",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:06:38Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "push-dockerfile",
                    "tekton.dev/task": "push-dockerfile"
                },
                "name": "python-component-bcqjpf-on-push-msgrp-push-dockerfile",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "26864",
                "uid": "31ca65a6-876b-4b14-9d4b-72fd5e2673be"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                    },
                    {
                        "name": "DOCKERFILE",
                        "value": "docker/Dockerfile"
                    },
                    {
                        "name": "CONTEXT",
                        "value": "python-component"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "push-dockerfile"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.3@sha256:64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-978606f553"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:58Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:58Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-push-msgrp-push-dockerfile-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        "entryPoint": "push-dockerfile",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile"
                    }
                },
                "results": [
                    {
                        "name": "IMAGE_REF",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:47fb79abfdbcb66a43b1ebf4f07e1381a17575ffd509db57c47454909a3a8324"
                    }
                ],
                "startTime": "2026-07-01T16:06:41Z",
                "steps": [
                    {
                        "container": "step-push",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                        "name": "push",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://1d2f623dd4f2fe69866bcc6edb24746ac20b3a2559384ac042f9b8eab78f1fe6",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:57Z",
                            "message": "[{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf@sha256:47fb79abfdbcb66a43b1ebf4f07e1381a17575ffd509db57c47454909a3a8324\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:57Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Discover Dockerfile from source code and push it to registry as an OCI artifact.",
                    "params": [
                        {
                            "description": "The built binary image. The Dockerfile is pushed to the same image repository alongside.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "description": "The built binary image digest, which is used to construct the tag of Dockerfile image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "./Dockerfile",
                            "description": "Path to the Dockerfile.",
                            "name": "DOCKERFILE",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Path to the directory to use as context.",
                            "name": "CONTEXT",
                            "type": "string"
                        },
                        {
                            "default": ".dockerfile",
                            "description": "Suffix of the Dockerfile image tag.",
                            "name": "TAG_SUFFIX",
                            "type": "string"
                        },
                        {
                            "default": "application/vnd.konflux.dockerfile",
                            "description": "Artifact type of the Dockerfile image.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest-pinned image reference to the Dockerfile image.",
                            "name": "IMAGE_REF",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--source",
                                "source",
                                "--context",
                                "python-component",
                                "--containerfile",
                                "docker/Dockerfile",
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                                "--image-digest",
                                "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb",
                                "--artifact-type",
                                "application/vnd.konflux.dockerfile",
                                "--tag-suffix",
                                ".dockerfile",
                                "--result-path-image-ref",
                                "/tekton/results/IMAGE_REF",
                                "--alternative-filename",
                                "Dockerfile"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "push-containerfile"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                            "name": "push",
                            "workingDir": "/workspace/workspace"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace containing the source code from where the Dockerfile is discovered.",
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/b2f0daf6-06bd-4fc8-9006-e85ddc8ebe41",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:06:38Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "rpms-signature-scan",
                    "tekton.dev/task": "rpms-signature-scan"
                },
                "name": "python-component-bcqjpf-on-push-msgrp-rpms-signature-scan",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "28057",
                "uid": "b2f0daf6-06bd-4fc8-9006-e85ddc8ebe41"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    },
                    {
                        "name": "image-digest",
                        "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "rpms-signature-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:07:52Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:07:52Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-push-msgrp-rpms-signature-scan-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        "entryPoint": "rpms-signature-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\", \"digests\": [\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\"]}}\n"
                    },
                    {
                        "name": "RPMS_DATA",
                        "type": "string",
                        "value": "{\"keys\": {\"199e2f91fd431d51\": 467, \"unsigned\": 0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:07:51+00:00\",\"note\":\"Task rpms-signature-scan completed successfully\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:42Z",
                "steps": [
                    {
                        "container": "step-rpms-signature-scan",
                        "imageID": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                        "name": "rpms-signature-scan",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://c5d6e31aa9d6557ad16ae971cab7e55c0ed141379af0e2df43b31bbd4f65ab66",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:07:50Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:58Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-output-results",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                        "name": "output-results",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d7a55f4923113bb673c017364c26d12a46699be1aa9835f25e13f542f172a681",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:07:51Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\\\", \\\"digests\\\": [\\\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\\\"]}}\\n\",\"type\":1},{\"key\":\"RPMS_DATA\",\"value\":\"{\\\"keys\\\": {\\\"199e2f91fd431d51\\\": 467, \\\"unsigned\\\": 0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:07:51+00:00\\\",\\\"note\\\":\\\"Task rpms-signature-scan completed successfully\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:07:51Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans RPMs in an image and provide information about RPMs signatures.",
                    "params": [
                        {
                            "description": "Image URL",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Image digest to scan",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "/tmp",
                            "description": "Directory that will be used for storing temporary\nfiles produced by this task.\n",
                            "name": "workdir",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Information about signed and unsigned RPMs",
                            "name": "RPMS_DATA",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                                },
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                            "name": "rpms-signature-scan",
                            "script": "#!/bin/bash\nset -ex\nset -o pipefail\n\nrpm_verifier \\\n  --image-url \"${IMAGE_URL}\" \\\n  --image-digest \"${IMAGE_DIGEST}\" \\\n  --workdir \"${WORKDIR}\" \\\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                },
                                "requests": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.46@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                            "name": "output-results",
                            "script": "#!/bin/bash\nset -ex\n\nsource /utils.sh\nstatus=$(cat \"${WORKDIR}\"/status)\nrpms_data=$(cat \"${WORKDIR}\"/results)\nimages_processed=$(cat \"${WORKDIR}\"/images_processed)\n\nif [ \"$status\" == \"ERROR\" ]; then\n  note=\"Task rpms-signature-scan failed to scan images. Refer to Tekton task output for details\"\nelse\n  note=\"Task rpms-signature-scan completed successfully\"\nfi\n\nTEST_OUTPUT=$(make_result_json -r \"$status\" -t \"$note\")\n\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\necho \"${rpms_data}\" | tee \"/tekton/results/RPMS_DATA\"\necho \"${images_processed}\" | tee \"/tekton/results/IMAGES_PROCESSED\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "workdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-2710f06599",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/026f5aef-0a20-4138-af30-32615b82f2c9",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:06:38Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "sast-shell-check",
                    "tekton.dev/task": "sast-shell-check"
                },
                "name": "python-component-bcqjpf-on-push-msgrp-sast-shell-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "26693",
                "uid": "026f5aef-0a20-4138-af30-32615b82f2c9"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-shell-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-978606f553"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:07:00Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:07:00Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-push-msgrp-sast-shell-check-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        "entryPoint": "sast-shell-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:06:58+00:00\",\"note\":\"For details, check Tekton task log.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:40Z",
                "steps": [
                    {
                        "container": "step-sast-shell-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-shell-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://22e41b94a96e77a4c38ef01526165c8bb9b54b12b6bf25cecc7bd0cfe793971b",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:58Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:58+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:57Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://96057ccd0f94b19d5eb23648308c7b49fca9d4fba268d4bf6497c7dc678244c3",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:59Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:58+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:58Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "The sast-shell-check task uses [shellcheck](https://www.shellcheck.net/) tool to perform Static Application Security Testing (SAST), a popular cloud-native application security platform. This task leverages the shellcheck wrapper (csmock-plugin-shellcheck-core) to run shellcheck on a directory tree.\nShellCheck is a static analysis tool, gives warnings and suggestions for bash/sh shell scripts. This task can run on x86 and arm.",
                    "params": [
                        {
                            "default": "",
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image digest to report findings for.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (default to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to include important findings only",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "8",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-shell-check",
                            "script": "#!/usr/bin/env bash\nset -x\n# shellcheck source=/dev/null\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nPACKAGE_VERSION=$(rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\\n' ShellCheck)\n\nOUTPUT_FILE=\"shellcheck-results.json\"\nSOURCE_CODE_DIR=/workspace/workspace/source\n\n# generate full path for each dirname separated by comma\ndeclare -a ALL_TARGETS\nIFS=\",\" read -ra TARGET_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGET_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    ALL_TARGETS+=(\"$resolved_path\")\n  else\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\ndone\n\n# determine number of available CPU cores for shellcheck based on container cgroup v2 CPU limits\n# this calculates the ceiling, so if the cpu limit is 0.5, the number of jobs will be 1.\nif [ -z \"$SC_JOBS\" ] \u0026\u0026 [ -r \"/sys/fs/cgroup/cpu.max\" ]; then\n    read -r quota period \u003c /sys/fs/cgroup/cpu.max\n    if [ \"$quota\" != \"max\" ] \u0026\u0026 [ -n \"$period\" ] \u0026\u0026 [ \"$period\" -gt 0 ]; then\n        export SC_JOBS=$(((quota + period - 1) / period))\n        echo \"INFO: Setting SC_JOBS=${SC_JOBS} based on cgroups v2 max for run-shellcheck.sh\"\n    fi\nfi\n\n# generate all shellcheck result JSON files to $SC_RESULTS_DIR, which defaults to ./shellcheck-results/\n/usr/share/csmock/scripts/run-shellcheck.sh \"${ALL_TARGETS[@]}\"\n\nCSGREP_OPTS=(\n    --mode=json\n    --strip-path-prefix=\"$SOURCE_CODE_DIR\"/\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"ShellCheck:${PACKAGE_VERSION}\"\n)\nif [[ \"$IMP_FINDINGS_ONLY\" == \"true\" ]]; then\n    # predefined list of shellcheck important findings\n    CSGREP_EVENT_FILTER='\\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|'\n    CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|'\n    CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\\]$'\n    CSGREP_OPTS+=(\n        --event=\"$CSGREP_EVENT_FILTER\"\n    )\nelse\n    CSGREP_OPTS+=(\n        --event=\"error|warning\"\n    )\nfi\n\nif ! csgrep \"${CSGREP_OPTS[@]}\" ./shellcheck-results/*.json \u003e \"$OUTPUT_FILE\"; then\n    echo \"Error occurred while running 'run-shellcheck.sh'\"\n    note=\"Task sast-shell-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" \"${OUTPUT_FILE}\" \u003e \"${OUTPUT_FILE}.filtered\" 2\u003e \"${OUTPUT_FILE}.error\"\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n        mv \"${OUTPUT_FILE}.filtered\" \"$OUTPUT_FILE\"\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\necho \"ShellCheck results have been saved to $OUTPUT_FILE\"\n\ncsgrep --mode=evtstat \"$OUTPUT_FILE\"\ncsgrep --mode=sarif \"$OUTPUT_FILE\" \u003e shellcheck-results.sarif\n\nTEST_OUTPUT=\nparse_test_output \"sast-shell-check\" sarif shellcheck-results.sarif || true\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\nif [ -z \"${IMAGE_URL}\" ] || [ -z \"${IMAGE_DIGEST}\" ]; then\n    echo 'No image-url or image-digest param provided. Skipping upload.'\n    exit 0\nfi\n\nUPLOAD_FILES=\"shellcheck-results.sarif excluded-findings.json\"\n\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n        echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n        continue\n    fi\n\n    # Determine the media type based on the file extension\n    if [[ \"${UPLOAD_FILE}\" == *.json ]]; then\n        MEDIA_TYPE=\"application/json\"\n    else\n        MEDIA_TYPE=\"application/sarif+json\"\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach ${UPLOAD_FILE} to ${IMAGE_URL}\"\n      exit 1\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-2710f06599",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/bd08939b-90ad-4b21-96e2-a5b3af5c8c11",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:06:38Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "sast-snyk-check",
                    "tekton.dev/task": "sast-snyk-check"
                },
                "name": "python-component-bcqjpf-on-push-msgrp-sast-snyk-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "27422",
                "uid": "bd08939b-90ad-4b21-96e2-a5b3af5c8c11"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-snyk-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-978606f553"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:06:59Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:06:59Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-push-msgrp-sast-snyk-check-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        "entryPoint": "sast-snyk-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SKIPPED\",\"timestamp\":\"2026-07-01T16:06:58+00:00\",\"note\":\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:38Z",
                "steps": [
                    {
                        "container": "step-sast-snyk-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-snyk-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://6dda8a51a884a4fcd95262b09b65d48dcf2f15bfe189d8ee5643efca9f7154e0",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:58Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:58+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:56Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://b65a159d4bc33fd5c706a29264f3a10ab3cabebf2f8e49eb49e591f72fc544b7",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:58Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:58+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:58Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for security vulnerabilities, including common issues such as SQL injection, cross-site scripting (XSS), and code injection attacks using Snyk Code, a Static Application Security Testing (SAST) tool.\n\nFollow the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/) to obtain a snyk-token and to enable the snyk task in a Pipeline.\n\nThe snyk binary used in this Task comes from a container image defined in https://github.com/konflux-ci/konflux-test\n\nSee https://snyk.io/product/snyk-code/ and https://snyk.io/ for more information about the snyk tool.",
                    "params": [
                        {
                            "default": "snyk-secret",
                            "description": "Name of secret which contains Snyk token.",
                            "name": "SNYK_SECRET",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Append arguments.",
                            "name": "ARGS",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Digest of the image to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Report only important findings in task result. Default is \"true\". To report all findings in task result, specify \"false\". Uploaded SARIF report to remote registry always includes all findings, regardless of severity level.",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Write excluded records in file. Useful for auditing (defaults to false).",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Directories or files to be excluded from Snyk scan (Comma-separated). Useful to split the directories of a git repo across multiple components.",
                            "name": "IGNORE_FILE_PATHS",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "6Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "6Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SNYK_SECRET",
                                    "value": "snyk-secret"
                                },
                                {
                                    "name": "ARGS"
                                },
                                {
                                    "name": "IGNORE_FILE_PATHS"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-snyk-check",
                            "script": "#!/usr/bin/env bash\n\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\n# Installation of Red Hat certificates for cloning Red Hat internal repositories\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSNYK_TOKEN_PATH=\"/etc/secrets/snyk_token\"\nif [ -f \"${SNYK_TOKEN_PATH}\" ] \u0026\u0026 [ -s \"${SNYK_TOKEN_PATH}\" ]; then\n  # SNYK token is provided\n  SNYK_TOKEN=\"$(cat ${SNYK_TOKEN_PATH})\"\n  export SNYK_TOKEN\nelse\n  # According to shellcheck documentation, the following error can be ignored as it is ignored through indirection: https://www.shellcheck.net/wiki/SC2034\n  # shellcheck disable=SC2034\n  to_enable_snyk='[here](https://konflux-ci.dev/docs/testing/build/snyk/)'\n  note=\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given ${to_enable_snyk}\"\n  TEST_OUTPUT=$(make_result_json -r SKIPPED -t \"$note\")\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nSNYK_EXIT_CODE=0\nSOURCE_CODE_DIR=/workspace/workspace\n\n# We ignore files using snyk ignore if the user set up the IGNORE_FILE_PATHS variable.\n(cd \"${SOURCE_CODE_DIR}\" \u0026\u0026 IFS=\",\" \u0026\u0026 for path in $IGNORE_FILE_PATHS; do\n  snyk ignore --file-path=\"source/${path}\"\ndone)\n\nset +e\necho \"INFO: Running 'snyk code test'..\"\n# We do want to expand ARGS (it can be multiple CLI flags, not just one)\n# shellcheck disable=SC2086\n\n# Generate full paths for each directory in TARGET_DIRS\nIFS=\",\" read -ra TARGETS_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGETS_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # Ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ ! \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\n\n  # Ensure directory exists\n  if [ ! -d \"$resolved_path\" ]; then\n    echo \"Warning: Directory $resolved_path does not exist, skipping\"\n    continue\n  fi\n\n  echo \"INFO: Scanning directory: $resolved_path\"\n  # We do want to expand ARGS (it can be multiple CLI flags, not just one)\n  # shellcheck disable=SC2086\n  snyk code test $ARGS \"$resolved_path\" --max-depth=1 --sarif-file-output=\"${resolved_path}/sast_snyk_check_out_${d//\\//_}.json\" 1\u003e\u00262\u003e\u003e stdout.txt\n  cmd_exit_code=$?\n  # Track the exit code: if any snyk command fails, preserve the failure\n  # Exit codes: 0 = success, 1 = vulnerabilities found, 2 = error, 3 = no supported files\n  # Error codes (2+) always override, warning codes (1,3) only if no previous error\n  if [[ \"$cmd_exit_code\" -ne 0 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 1 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 3 ]]; then\n    SNYK_EXIT_CODE=$cmd_exit_code\n  fi\n\ndone\n\n# Merge all SARIF outputs\nfind \"$SOURCE_CODE_DIR\" -name \"sast_snyk_check_out_*.json\" -exec cat {} + \u003e \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\nset -e\ntest_not_skipped=0\nSKIP_MSG=\"We found 0 supported files\"\ngrep -q \"$SKIP_MSG\" stdout.txt || test_not_skipped=$?\n\nif [[ \"$SNYK_EXIT_CODE\" -eq 0 ]] || [[ \"$SNYK_EXIT_CODE\" -eq 1 ]]; then\n  # Check if the merged SARIF file has content - this could happen if the snyk scan found no findings\n  if [ ! -s \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\" ]; then\n    echo \"WARN: No JSON output files were generated by snyk scan\"\n    # Get snyk version for proper SARIF metadata\n    SNYK_VERSION=$(snyk --version 2\u003e/dev/null | head -1 | tr -d '\\n' || echo \"unknown\")\n    # Create a valid minimal SARIF structure using jq\n    # Note: coverage array is required even when empty because downstream jq commands expect it\n    jq -n --arg version \"$SNYK_VERSION\" '{\n      \"$schema\": \"https://json.schemastore.org/sarif-2.1.0.json\",\n      \"version\": \"2.1.0\",\n      \"runs\": [{\n        \"tool\": {\n          \"driver\": {\n            \"name\": \"snyk\",\n            \"version\": $version,\n            \"informationUri\": \"https://snyk.io\"\n          }\n        },\n        \"results\": [],\n        \"properties\": {\n          \"coverage\": []\n        }\n      }]\n    }' \u003e\"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\n  fi\n\n  # In order to generate csdiff/v1, we need to add the whole path of the source code as Snyk only provides an URI to embed the context\n  (cd  \"${SOURCE_CODE_DIR}\" \u0026\u0026 csgrep --mode=json --embed-context=3 \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json) \\\n    | csgrep --mode=json --strip-path-prefix=\"source/\"  \\\n    \u003e sast_snyk_check_out_all_findings.json\n\n  echo \"INFO: Initial results:\"\n  csgrep --mode=evtstat sast_snyk_check_out_all_findings.json\n\n  if [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\n  fi\n  PROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n  # create the KFP clone directory regardless\n  KFP_DIR=\"known-false-positives\"\n  KFP_CLONED=\"0\"\n  mkdir \"${KFP_DIR}\"\n\n  # We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\n  if [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n      echo \"INFO: Trying to clone known-false-positives..\"\n      git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\n  fi\n\n  if [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone know-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv sast_snyk_check_out_all_findings.json filtered_sast_snyk_check_out.json\n  else\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    CMD=(\n      csfilter-kfp\n      --verbose\n      --kfp-dir=\"${KFP_DIR}\"\n      --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [ \"${RECORD_EXCLUDED}\" == \"true\" ]; then\n      CMD+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    set +e\n    \"${CMD[@]}\" sast_snyk_check_out_all_findings.json \u003e filtered_sast_snyk_check_out.json\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n      echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n      echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\n    echo \"INFO: Results after filtering:\"\n    (set -x \u0026\u0026 csgrep --mode=evtstat filtered_sast_snyk_check_out.json)\n  fi\n\n  # Generation of scan stats\n\n  total_files=$(jq '[.runs[0].properties.coverage[].files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n  supported_files=$(jq '[.runs[0].properties.coverage[] | select(.type == \"SUPPORTED\") | .files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n\n  # We make sure the values are 0 if no supported/total files are found\n  if [ \"$total_files\" = \"null\" ] || [ -z \"$total_files\" ]; then\n    total_files=0\n  fi\n\n  if [ \"$supported_files\" = \"null\" ] || [ -z \"$supported_files\" ]; then\n    supported_files=0\n  fi\n\n  coverage_ratio=0\n  if (( total_files \u003e 0 )); then\n      coverage_ratio=$((supported_files * 100 / total_files))\n  fi\n\n  # embed stats in results file and convert to SARIF\n  csgrep --mode=sarif --set-scan-prop snyk-scanned-files-coverage:\"${coverage_ratio}\" \\\n                      --set-scan-prop snyk-scanned-files-success:\"${supported_files}\"  \\\n                      --set-scan-prop snyk-scanned-files-total:\"${total_files}\" \\\n                      filtered_sast_snyk_check_out.json  \u003e sast_snyk_check_out.sarif\n\n  # Create filtered SARIF for Tekton task result based on IMP_FINDINGS_ONLY parameter\n  if [ \"${IMP_FINDINGS_ONLY}\" == \"true\" ]; then\n    # Filter to only \"error\" level or higher (high/critical severity) for Tekton task result\n    # In SARIF, defects are given a level like \"error\" or \"warning\". Snyk maps \"high\" level findings to \"error\".\n    # - \"error\" → importance level 1\n    # - \"warning\" (or missing level) → importance level 0\n    RESULT_SARIF=\"result_sast_snyk_check_out.sarif\"\n    csgrep --mode=sarif --imp-level 1 sast_snyk_check_out.sarif \u003e \"$RESULT_SARIF\"\n  else\n    # Use all findings for Tekton task result\n    RESULT_SARIF=\"sast_snyk_check_out.sarif\"\n  fi\n\n  TEST_OUTPUT=\n  parse_test_output \"sast-snyk-check\" sarif \"$RESULT_SARIF\"  || true\n\n# When the test is skipped, the \"SNYK_EXIT_CODE\" is 3 and it can also be 3 in some other situation\nelif [[ \"$test_not_skipped\" -eq 0 ]]; then\n  note=\"Task sast-snyk-check success: Snyk code test found zero supported files.\"\n  ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n  echo \"sast-snyk-check test failed because of the following issues:\"\n  cat stdout.txt\n  note=\"Task sast-snyk-check failed: For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets",
                                    "name": "snyk-secret",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url provided. Skipping upload.'\n  exit 0\nfi\n\nUPLOAD_FILES=\"sast_snyk_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n    if [ \"${UPLOAD_FILES}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach to ${IMAGE_URL}\"\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        }
                    ],
                    "volumes": [
                        {
                            "name": "snyk-secret",
                            "secret": {
                                "optional": true,
                                "secretName": "snyk-secret"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-2710f06599",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/e86d0347-8887-484e-ae2b-61dab7817a8c",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:06:38Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "sast-unicode-check",
                    "tekton.dev/task": "sast-unicode-check"
                },
                "name": "python-component-bcqjpf-on-push-msgrp-sast-unicode-check",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "26724",
                "uid": "e86d0347-8887-484e-ae2b-61dab7817a8c"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-unicode-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.4@sha256:d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-978606f553"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:07:00Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:07:00Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-push-msgrp-sast-unicode-check-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        "entryPoint": "sast-unicode-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T16:06:58+00:00\",\"note\":\"Task sast-unicode-check success: No finding was detected\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T16:06:40Z",
                "steps": [
                    {
                        "container": "step-sast-unicode-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-unicode-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://0effc5e8352741d83aff57a810c073bf4e6ecba1e2c111928263984658807668",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:58Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:58+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:57Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://8388cf7ca7e4d7abc31da372522ea397364939bf8b86c4fb1a7a847f46e599b8",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:07:00Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T16:06:58+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:58Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for non-printable unicode characters in all text files.",
                    "params": [
                        {
                            "description": "Image digest used for ORAS upload.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL used for ORAS upload.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "-p bidi -v -d -t",
                            "description": "arguments for find-unicode-control command.",
                            "name": "FIND_UNICODE_CONTROL_ARGS",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (defaults to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "FIND_UNICODE_CONTROL_ARGS",
                                    "value": "-p bidi -v -d -t"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "SOURCE_CODE_DIR",
                                    "value": "/workspace/workspace"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-unicode-check",
                            "script": "#!/usr/bin/env bash\nset -exuo pipefail\n\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSCAN_PROP=\"https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58\"\nFUC_EXIT_CODE=0\n\n# shellcheck disable=SC2086\nLANG=en_US.utf8 find_unicode_control.py ${FIND_UNICODE_CONTROL_ARGS} \"${SOURCE_CODE_DIR}/source\" \\\n    \u003eraw_sast_unicode_check_out.txt \\\n    2\u003eraw_sast_unicode_check_out.log \\\n    || FUC_EXIT_CODE=$?\nif [[ \"${FUC_EXIT_CODE}\" -ne 0 ]] \u0026\u0026 [[ \"${FUC_EXIT_CODE}\" -ne 1 ]]; then\n    echo \"Failed to run find-unicode-control command\" \u003e\u00262\n    cat raw_sast_unicode_check_out.log\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Translate the output format\nif ! sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\\1: warning:\\2|' -e 's|^|Error: UNICONTROL_WARNING:\\n|'; then\n    echo \"Error: failed to translate the unicontrol output format\" \u003e\u00262\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Process all results as configured with CSGERP_OPTS\nCSGERP_OPTS=(\n    --mode=json\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"${SCAN_PROP}\"\n    --strip-path-prefix=\"${SOURCE_CODE_DIR}\"/source/\n)\n# In order to generate csdiff/v1, we need to add the whole path of the source code as\n# sast-unicode-check only provides an URI to embed the context\nif ! csgrep \"${CSGERP_OPTS[@]}\" raw_sast_unicode_check_out.txt \u003e processed_sast_unicode_check_out.json 2\u003e processed_sast_unicode_check_out.err; then\n    echo \"Error occurred while running csgrep with CSGERP_OPTS:\"\n    cat processed_sast_unicode_check_out.err\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\ncsgrep --mode=evtstat processed_sast_unicode_check_out.json\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\n# If KFP clone failed, use the unfiltered results\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # Build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    # Append --record-excluded option if RECORD_EXCLUDED is true\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" processed_sast_unicode_check_out.json \u003e sast_unicode_check_out.json 2\u003e sast_unicode_check_out.error\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n        mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\n    else\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\n# Generate sarif report\ncsgrep --mode=sarif sast_unicode_check_out.json \u003e sast_unicode_check_out.sarif\nif [[ \"${FUC_EXIT_CODE}\" -eq 0 ]]; then\n    note=\"Task sast-unicode-check success: No finding was detected\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelif [[ \"${FUC_EXIT_CODE}\" -eq 1 ]] \u0026\u0026 [[ ! -s  sast_unicode_check_out.sarif ]]; then\n    note=\"Task sast-unicode-check success: Some findings were detected, but filtered by known false positive\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n    echo \"sast-unicode-check test failed because of the following issues:\"\n    cat sast_unicode_check_out.json\n    TEST_OUTPUT=\n    parse_test_output \"sast-unicode-check\" sarif sast_unicode_check_out.sarif  || true\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url param provided. Skipping upload.'\n  exit 0;\nfi\n\nUPLOAD_FILES=\"sast_unicode_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n\n    if [ \"${UPLOAD_FILE}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component?rev=be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/commit_sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "build.appstudio.redhat.com/target_branch": "love-triangle-nb40q1",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-fspzjg",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/group-7d3v/pipelinerun/python-component-bcqjpf-on-push-msgrp",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"push\" \u0026\u0026 target_branch == \"love-triangle-nb40q1\" \u0026\u0026 ( \"python-component/***\".pathChanged() || \".tekton/python-component-bcqjpf-push.yaml\".pathChanged() )",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "redhat-appstudio-qe-bot",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/sha-title": "Merge pull request #22754 from redhat-appstudio-qe/konflux-python-component-bcqjpf\n\nkonflux-ci e2e-tests update python-component-bcqjpf",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component/commit/be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/source-branch": "refs/heads/love-triangle-nb40q1",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/group-snapshot-multi-component",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02/records/6493090f-3eca-4843-af9a-2dd2dd60d284",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"group-snapshot-multi-component\",\"commit\":\"be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\",\"eventType\":\"push\",\"pull_request-id\":22754}",
                    "results.tekton.dev/result": "group-7d3v/results/dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/pr-status": "merged"
                },
                "creationTimestamp": "2026-07-01T16:06:38Z",
                "finalizers": [
                    "chains.tekton.dev/taskrun",
                    "results.tekton.dev/taskrun"
                ],
                "generation": 1,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-84zp",
                    "appstudio.openshift.io/component": "python-component-bcqjpf",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "false",
                    "pipelinesascode.tekton.dev/check-run-id": "84579767475",
                    "pipelinesascode.tekton.dev/event-type": "push",
                    "pipelinesascode.tekton.dev/original-prname": "python-component-bcqjpf-on-push",
                    "pipelinesascode.tekton.dev/pull-request": "22754",
                    "pipelinesascode.tekton.dev/repository": "go-component-8mawty",
                    "pipelinesascode.tekton.dev/sha": "be5b1d9d9a4363ebe0542b0c40291f3ab31928f3",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "group-snapshot-multi-component",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRun": "python-component-bcqjpf-on-push-msgrp",
                    "tekton.dev/pipelineRunUID": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02",
                    "tekton.dev/pipelineTask": "ecosystem-cert-preflight-checks",
                    "tekton.dev/task": "ecosystem-cert-preflight-checks"
                },
                "name": "python-component-bcqjpf-on-push76b5039e3923b00f62c60035a0dd2599",
                "namespace": "group-7d3v",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "python-component-bcqjpf-on-push-msgrp",
                        "uid": "dcc05e22-2ee2-4eaa-b7a2-71b09503cb02"
                    }
                ],
                "resourceVersion": "28347",
                "uid": "6493090f-3eca-4843-af9a-2dd2dd60d284"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                    }
                ],
                "serviceAccountName": "build-pipeline-python-component-bcqjpf",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "ecosystem-cert-preflight-checks"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:08:12Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:08:12Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "python-component-bcqjpf-on-fb91999dbcf25edb5dbf677b658de9ab-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        "entryPoint": "ecosystem-cert-preflight-checks",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks"
                    }
                },
                "results": [
                    {
                        "name": "ARTIFACT_TYPE",
                        "type": "string",
                        "value": "application"
                    },
                    {
                        "name": "ARTIFACT_TYPE_SET_BY",
                        "type": "string",
                        "value": "introspection"
                    },
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\", \"digests\": [\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\"]}}"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922090\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T16:06:38Z",
                "steps": [
                    {
                        "container": "step-introspect",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "introspect",
                        "provenance": {},
                        "results": [
                            {
                                "name": "artifact-type",
                                "type": "string",
                                "value": "application"
                            },
                            {
                                "name": "artifact-type-set-by",
                                "type": "string",
                                "value": "introspection"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://0ade1d0a6160a88c7db558eb4a0f01fb41bc85fc6f85ca12c2ab693bb52608d4",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:06:59Z",
                            "message": "[{\"key\":\"artifact-type\",\"value\":\"application\",\"type\":4},{\"key\":\"artifact-type-set-by\",\"value\":\"introspection\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:06:58Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-generate-container-auth",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "generate-container-auth",
                        "provenance": {},
                        "results": [
                            {
                                "name": "auth-json-path",
                                "type": "string",
                                "value": "/auth/auth.json"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://87da016966b06bc259009ed747cd67fcfde92108d38b9deabbc2739e076360b2",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:07:00Z",
                            "message": "[{\"key\":\"auth-json-path\",\"value\":\"/auth/auth.json\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:07:00Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-set-skip-for-bundles",
                        "imageID": "quay.io/redhat-appstudio/konflux-test@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                        "name": "set-skip-for-bundles",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://fe4be83ee7272d81825fc64cea1e88c574bb206ae7e4fdd809279ee4a72839ee",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:07:01Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:07:01Z"
                        },
                        "terminationReason": "Skipped"
                    },
                    {
                        "container": "step-app-check",
                        "imageID": "quay.io/opdev/preflight@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                        "name": "app-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d3a553b15062dba8a4a95ee18c6e2f885bf4453a10554f472d4d92e7950d1b7e",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:10Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:07:01Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-app-set-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "app-set-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "images-processed",
                                "type": "string",
                                "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\", \"digests\": [\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\"]}}"
                            },
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922090\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://f0acab9e9b0b049026a7c74d8da33545f3bd3a4b080c45f91690f049ed10ba42",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:11Z",
                            "message": "[{\"key\":\"images-processed\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3\\\", \\\"digests\\\": [\\\"sha256:311b71309ec018f673ebd5980e3cff0fd258c05c5c1f3e72a31849192b7decbb\\\"]}}\",\"type\":4},{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782922090\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:08:10Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-final-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "final-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782922090\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://db5c22c31cfe2680e6ff9302ae1ac1587213f839203eacaacfe45f7a439a4b7f",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:08:11Z",
                            "message": "[{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782922090\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:08:11Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for certification readiness. Note that running this against an operatorbundle will result in a skip, as bundle validation is not executed through this task.",
                    "params": [
                        {
                            "description": "Image url to scan.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "introspect",
                            "description": "The type of artifact. Select from application, operatorbundle, or introspect.",
                            "name": "artifact-type",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform the image is built on.",
                            "name": "platform",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Ecosystem checks pass or fail outcome.",
                            "name": "TEST_OUTPUT",
                            "type": "string",
                            "value": "$(steps.final-outcome.results.test-output)"
                        },
                        {
                            "description": "The artifact type, either introspected or set.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type)"
                        },
                        {
                            "description": "How the artifact type was set.",
                            "name": "ARTIFACT_TYPE_SET_BY",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type-set-by)"
                        },
                        {
                            "description": "Collected image digests",
                            "name": "IMAGES_PROCESSED",
                            "type": "string",
                            "value": "$(steps.app-set-outcome.results.images-processed)"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_ARTIFACT_TYPE",
                                    "value": "introspect"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "introspect",
                            "results": [
                                {
                                    "description": "The type of artifact this task is considering.",
                                    "name": "artifact-type"
                                },
                                {
                                    "description": "The process that sets the artifact type. Informational.\nValues from: introspection, parameter.\n",
                                    "name": "artifact-type-set-by"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n_SET_BY=parameter\n# If the parameter is invalid, we'll introspect\nif [[ \"${PARAM_ARTIFACT_TYPE}\" != \"application\" ]] \u0026\u0026 [[ \"${PARAM_ARTIFACT_TYPE}\" != \"operatorbundle\" ]]; then\n  echo \"Artifact type will be determined by introspection.\"\n  _SET_BY=introspection\nfi\nprintf \"%s\" \"${_SET_BY}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type-set-by\"\n\nif [[ \"${_SET_BY}\" == \"parameter\" ]]; then\n  # short circuit if the artifact type was set via parameter.\n  echo \"Skipping introspection because the artifact-type parameter is explicitly set to \\\"${PARAM_ARTIFACT_TYPE}\\\".\"\n  printf \"%s\" \"${PARAM_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\n  exit 0\nfi\n\n# If the image URL points to a manifest list (a multi-arch image), check the labels on any of the child\n# images (don't fail in the case where the list does not include an image for the arch of the system\n# where this pipeline is running).\n\ndeclare -a _SKOPEO_INSPECT_ARGS\n\nskopeo_retries=3\n\necho \"Checking the media type of the OCI artifact...\"\nif ! _RAW_IMAGE_MANIFEST=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\")\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n_IMAGE_MEDIA_TYPE=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.mediaType')\necho \"The media type of the OCI artifact is ${_IMAGE_MEDIA_TYPE}.\"\n\nif [[ \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.docker.distribution.manifest.list.v2+json\" || \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.oci.image.index.v1+json\" ]]; then\n  _CURRENT_ARCH=$(uname -m)\n  _CURRENT_OS=$(uname -s | tr '[:upper:]' '[:lower:]')\n\n  # The archs returned by uname are not always the same as the archs used by OCI manifests, so we need\n  # to map them.\n  case ${_CURRENT_ARCH} in\n    \"aarch64\")\n      _CURRENT_ARCH=\"arm64\"\n      ;;\n    \"x86_64\")\n      _CURRENT_ARCH=\"amd64\"\n      ;;\n    *)\n      ;;\n  esac\n\n  # If the manifest list contains an image for the current OS and architecture, prefer to test that.\n  _MATCHING_IMAGE_COUNT=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r \"[.manifests[] | select(.platform.os == \\\"${_CURRENT_OS}\\\" and .platform.architecture == \\\"${_CURRENT_ARCH}\\\")] | length\")\n  if [[ \"${_MATCHING_IMAGE_COUNT}\" -gt 0 ]]; then\n    echo \"Found an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}).\"\n  else\n    # If there is no image for the current OS and architecture, just use the first one in the list.\n    _INSPECT_OVERRIDE_IMAGE_OS=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.os')\n    _INSPECT_OVERRIDE_IMAGE_ARCH=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.architecture')\n    _SKOPEO_INSPECT_ARGS+=(\"--override-os=${_INSPECT_OVERRIDE_IMAGE_OS}\")\n    _SKOPEO_INSPECT_ARGS+=(\"--override-arch=${_INSPECT_OVERRIDE_IMAGE_ARCH}\")\n\n    echo \"Could not find an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}), inspecting the image for ${_INSPECT_OVERRIDE_IMAGE_OS}/${_INSPECT_OVERRIDE_IMAGE_ARCH} instead.\"\n  fi\nfi\n\n# Introspect based on minimum count of operator-framework related bundle labels.\necho \"Looking for image labels that indicate this might be an operator bundle...\"\n\n# We purposely do not quote the array elements here, so that they are expanded by the shell as separate args.\n# shellcheck disable=SC2068\nif ! retry skopeo inspect --retry-times \"$skopeo_retries\" ${_SKOPEO_INSPECT_ARGS[@]} \"docker://${PARAM_IMAGE_URL}\" \\\n  | jq '.Labels | keys | .[]' -r \\\n  | { grep operators.operatorframework.io.bundle || true ;} \\\n  | tee /tmp/ecosystem-image-labels\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n\n_OPFW_LABEL_COUNT=$(grep -c operators.operatorframework.io.bundle /tmp/ecosystem-image-labels || true)\n_MIN_LABELS=3\n\necho \"Found ${_OPFW_LABEL_COUNT} matching labels.\"\necho \"Expecting ${_MIN_LABELS} or more to identify this image as an operator bundle.\"\n\n# If the image has several labels, assume it is an operator\n_ARTIFACT_TYPE=application\n(( _OPFW_LABEL_COUNT \u003e= _MIN_LABELS )) \u0026\u0026 _ARTIFACT_TYPE=operatorbundle\n\nprintf \"%s\" \"${_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\necho \"Introspection concludes that this artifact is of type \\\"${_ARTIFACT_TYPE}\\\".\"\n"
                        },
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "generate-container-auth",
                            "results": [
                                {
                                    "description": "Path to auth.json",
                                    "name": "auth-json-path"
                                }
                            ],
                            "script": "_AUTH_JSON_PATH=\"/auth/auth.json\"\necho \"Selecting auth for $PARAM_IMAGE_URL\"\n# `select-oci-auth` here assumes the input credentials are at path ~/.docker/config.json\nselect-oci-auth \"$PARAM_IMAGE_URL\" \u003e \"${_AUTH_JSON_PATH}\"\n\nprintf \"%s\" \"${_AUTH_JSON_PATH}\" \u003e \"/tekton/steps/step-generate-container-auth/results/auth-json-path\"\necho \"Auth json written to \\\"${_AUTH_JSON_PATH}\\\".\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/auth",
                                    "name": "auth"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/redhat-appstudio/konflux-test:v1.4.31@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                            "name": "set-skip-for-bundles",
                            "results": [
                                {
                                    "description": "A skipped tekton result for bundles.",
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nNOTE=\"This ecosystem check is not executed for operatorbundles.\"\n\n# shellcheck source=/dev/null\n. /utils.sh # gives us the make_result_json helper used below.\n\n# Generate TEST_OUTPUT\n# We're skipping the test, but don't use status \"SKIPPED\" because\n# it produces unwanted Conforma violations\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"${NOTE}\")\n\nprintf \"%s\" \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-set-skip-for-bundles/results/test-output\" /bundle/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/bundle",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "operatorbundle"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PFLT_DOCKERCONFIG",
                                    "value": "$(steps.generate-container-auth.results.auth-json-path)"
                                },
                                {
                                    "name": "PFLT_KONFLUX",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                },
                                {
                                    "name": "PARAM_PLATFORM"
                                }
                            ],
                            "image": "quay.io/opdev/preflight:stable@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                            "name": "app-check",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nimage_url=\"${PARAM_IMAGE_URL}\"\nplatform=\"${PARAM_PLATFORM}\"\n\nif [ -n \"$platform\" ]; then\n  # Extract part after slash if present\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n\n  # Validate against supported arch list. If it's not a known arch, return an error result\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  /usr/local/bin/preflight check container \"$image_url\" --platform \"$arch\"\nelse\n  /usr/local/bin/preflight check container \"$image_url\"\nfi\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                },
                                {
                                    "mountPath": "/auth",
                                    "name": "auth",
                                    "readOnly": true
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/group-7d3v/python-component-bcqjpf:be5b1d9d9a4363ebe0542b0c40291f3ab31928f3"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "app-set-outcome",
                            "results": [
                                {
                                    "description": "The overall outcome of this task.",
                                    "name": "test-output"
                                },
                                {
                                    "description": "Processed image digests.",
                                    "name": "images-processed"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n# Declare Supported architectures\ndeclare -a SUPPORTED_ARCHES=(amd64 arm64 ppc64le s390x)\n\nskopeo_retries=3\n\n# Initialize result vars\nPFLT_PASS_COUNT=0\nPFLT_FAIL_COUNT=0\nPFLT_ERROR_COUNT=0\nPFLT_RESULT=\"SUCCESS\"\n\n# Loop over SUPPORTED_ARCHES and process results\nfor ARCH in \"${SUPPORTED_ARCHES[@]}\"\ndo\n    # Check if results directory exits\n    RESULT_JSON_PATH=/artifacts/${ARCH}/results.json\n    if ! [ -f \"${RESULT_JSON_PATH}\" ]; then\n        continue\n    fi\n    # Process results\n    if jq -e '.passed == false' \"${RESULT_JSON_PATH}\" \u003e /dev/null; then PFLT_RESULT=\"FAILURE\"; fi\n    PFLT_PASS_COUNT=$((PFLT_PASS_COUNT+$(jq -r '.results.passed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_FAIL_COUNT=$((PFLT_FAIL_COUNT+$(jq -r '.results.failed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_ERROR_COUNT=$((PFLT_ERROR_COUNT+$(jq -r '.results.errors | length' \"${RESULT_JSON_PATH}\")))\ndone\n\n# Mark as ERROR if no results were recorded, which can occur when an unsupported or malformed\n# architecture is parsed from the `platform` parameter.\nif [[ $PFLT_FAIL_COUNT -eq 0 ]] \u0026\u0026 [[ $PFLT_PASS_COUNT -eq 0 ]] ; then PFLT_RESULT=\"ERROR\" ; fi\n\nif [[ $PFLT_ERROR_COUNT -gt 0 ]]; then PFLT_RESULT=\"ERROR\" ; fi\nPFLT_NOTE=\"Task preflight is a ${PFLT_RESULT}: Refer to Tekton task logs for more information\"\n\n# Generate TEST_OUTPUT\nTEST_OUTPUT=$(jq -rce \\\n--arg date \"$(date +%s)\" \\\n--arg note \"${PFLT_NOTE}\" \\\n--arg result \"${PFLT_RESULT}\" \\\n--arg successes \"${PFLT_PASS_COUNT}\" \\\n--arg failures \"${PFLT_FAIL_COUNT}\" \\\n--arg warnings \"0\" \\\n--null-input \\\n'{  result: $result,\n    timestamp: $date,\n    note: $note,\n    successes: $successes|tonumber,\n    failures: $failures|tonumber,\n    warnings: $warnings|tonumber\n}')\necho -n \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-app-set-outcome/results/test-output\" /artifacts/konflux.results.json\n\n# Generate IMAGES_PROCESSED\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$PARAM_IMAGE_URL\"'\", \"digests\": [%s]}}'\ndeclare -a digests_processed=()\n\n# Extract processed image digests from \"/artifacts/$arch/cert-image.json\"\nwhile read -r cert_image_file; do\n  docker_image_digest=$(jq -r '.docker_image_digest' \"$cert_image_file\")\n  if [[ -n \"$docker_image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$docker_image_digest\\\" \"* ]]; then\n    digests_processed+=(\"\\\"$docker_image_digest\\\"\")\n  fi\ndone \u003c \u003c(find /artifacts -type f -name \"cert-image.json\")\n\nimage_digest=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\" | sha256sum | awk '{print \"sha256:\" $1}')\nif [[ -n \"$image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$image_digest\\\" \"* ]]; then\n  digests_processed+=(\"\\\"$image_digest\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\nfinal_output=\"${images_processed_template/\\[%s]/[$digests_processed_string]}\"\necho -n \"${final_output}\" \u003e \"/tekton/steps/step-app-set-outcome/results/images-processed\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "final-outcome",
                            "results": [
                                {
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\nset -o xtrace\n\nif [[ ! -f /mount/konflux.results.json ]]; then\n  printf \"Unable to populate the right test log output because the artifact's type is not recorded correctly. Please file a bug.\" | tee \"/tekton/steps/step-final-outcome/results/test-output\"\n  exit 91\nfi\n\ntee \"/tekton/steps/step-final-outcome/results/test-output\" \u003c /mount/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mount",
                                    "name": "pfltoutputdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "pfltoutputdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "auth"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pac.test.appstudio.openshift.io/branch": "base-4lmvk9",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/git-auth-secret": "pac-gitauth-gyuvge",
                    "pac.test.appstudio.openshift.io/git-provider": "github",
                    "pac.test.appstudio.openshift.io/installation-id": "72200095",
                    "pac.test.appstudio.openshift.io/log-url": "https://CONSOLE_URL_NOT_AVAILABLE",
                    "pac.test.appstudio.openshift.io/max-keep-runs": "3",
                    "pac.test.appstudio.openshift.io/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/scm-reporting-plr-started": "true",
                    "pac.test.appstudio.openshift.io/sender": "konflux-ci-e2e-tests[bot]",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/source-branch": "konflux-test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/49c0e8eb-c739-4408-8e52-b817f79fe1b0/records/03c49f36-0dcd-4591-a13e-8d74db7f9ddd",
                    "results.tekton.dev/result": "integration2-bxjx/results/49c0e8eb-c739-4408-8e52-b817f79fe1b0",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "The number 0 of component snapshots belonging to this pr group hash 77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e is less than 2, skipping group snapshot creation",
                    "test.appstudio.openshift.io/git-reporter-status": "{\"scenarios\":{\"integration-test-djm6-integ-app-uk8n-20260701-165635-000\":{\"lastUpdateTime\":\"2026-07-01T17:01:19.684281965Z\"}}}",
                    "test.appstudio.openshift.io/integration-workflow": "pull-request",
                    "test.appstudio.openshift.io/pipelinerunstarttime": "1782924995000",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/result-chains-git-commit": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/result-chains-git-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "test.appstudio.openshift.io/result-image-digest": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45",
                    "test.appstudio.openshift.io/result-image-url": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed",
                    "test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "test.appstudio.openshift.io/status": "[{\"scenario\":\"integration-test-djm6\",\"status\":\"TestFail\",\"lastUpdateTime\":\"2026-07-01T17:01:19.684281965Z\",\"details\":\"Integration test failed\",\"startTime\":\"2026-07-01T17:01:08.567831044Z\",\"completionTime\":\"2026-07-01T17:01:19.684281965Z\",\"testPipelineRunName\":\"integration-test-djm6-4s6gf\"}]"
                },
                "creationTimestamp": "2026-07-01T17:01:40Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:10Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "tekton-pipelines",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "appstudio.openshift.io/snapshot": "integ-app-uk8n-20260701-165635-000",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipelines.appstudio.openshift.io/type": "test",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "integration-resolver-pipeline-pass",
                    "tekton.dev/pipelineRun": "integration-test-57ae-sf8mj",
                    "tekton.dev/pipelineRunUID": "49c0e8eb-c739-4408-8e52-b817f79fe1b0",
                    "tekton.dev/pipelineTask": "task-skipped",
                    "tekton.dev/task": "test-output",
                    "test.appstudio.openshift.io/optional": "false",
                    "test.appstudio.openshift.io/pipelinerunfinishtime": "1782925263",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e",
                    "test.appstudio.openshift.io/run": "integration-test-57ae",
                    "test.appstudio.openshift.io/scenario": "integration-test-57ae",
                    "test.appstudio.openshift.io/type": "component"
                },
                "name": "integration-test-57ae-sf8mj-task-skipped",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "integration-test-57ae-sf8mj",
                        "uid": "49c0e8eb-c739-4408-8e52-b817f79fe1b0"
                    }
                ],
                "resourceVersion": "73505",
                "uid": "03c49f36-0dcd-4591-a13e-8d74db7f9ddd"
            },
            "spec": {
                "params": [
                    {
                        "name": "RESULT",
                        "value": "SKIPPED"
                    }
                ],
                "serviceAccountName": "konflux-integration-runner",
                "taskRef": {
                    "params": [
                        {
                            "name": "url",
                            "value": "https://github.com/konflux-ci/integration-examples"
                        },
                        {
                            "name": "revision",
                            "value": "main"
                        },
                        {
                            "name": "pathInRepo",
                            "value": "tasks/test_output.yaml"
                        }
                    ],
                    "resolver": "git"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:01:48Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:01:48Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "integration-test-57ae-sf8mj-task-skipped-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha1": "a1a70b0a1cfc96f5216d472fbd60f6b42780b3e5"
                        },
                        "entryPoint": "tasks/test_output.yaml",
                        "uri": "git+https://github.com/konflux-ci/integration-examples"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SKIPPED\",\"timestamp\":\"2026-07-01T17:01:47+00:00\",\"failures\":0,\"successes\":0,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T17:01:40Z",
                "steps": [
                    {
                        "container": "step-unnamed-0",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c370a7bc6e172cdbab001f1a19f37ebc95f47c3d8fe2d915fa4641132490ead7",
                        "name": "unnamed-0",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://7737de5774fb022eb11cc025c1ad7159966084270cc3472358a6fd04efb43c48",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:01:47Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T17:01:47+00:00\\\",\\\"failures\\\":0,\\\"successes\\\":0,\\\"warnings\\\":0}\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:01:47Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "params": [
                        {
                            "default": "SUCCESS",
                            "description": "Test result to be generated",
                            "name": "RESULT",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Test output",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "image": "quay.io/konflux-ci/konflux-test:latest",
                            "name": "",
                            "script": "TEST_OUTPUT=$(jq -rc --arg date $(date -u --iso-8601=seconds) --arg RESULT SKIPPED --null-input \\\n  '{result: $RESULT, timestamp: $date, failures: 0, successes: 0, warnings: 0}')\necho -n \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pac.test.appstudio.openshift.io/branch": "base-4lmvk9",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/git-auth-secret": "pac-gitauth-gyuvge",
                    "pac.test.appstudio.openshift.io/git-provider": "github",
                    "pac.test.appstudio.openshift.io/installation-id": "72200095",
                    "pac.test.appstudio.openshift.io/log-url": "https://CONSOLE_URL_NOT_AVAILABLE",
                    "pac.test.appstudio.openshift.io/max-keep-runs": "3",
                    "pac.test.appstudio.openshift.io/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/scm-reporting-plr-started": "true",
                    "pac.test.appstudio.openshift.io/sender": "konflux-ci-e2e-tests[bot]",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/source-branch": "konflux-test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/49c0e8eb-c739-4408-8e52-b817f79fe1b0/records/11ce5876-6c9c-473e-b68b-315992e67002",
                    "results.tekton.dev/result": "integration2-bxjx/results/49c0e8eb-c739-4408-8e52-b817f79fe1b0",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "The number 0 of component snapshots belonging to this pr group hash 77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e is less than 2, skipping group snapshot creation",
                    "test.appstudio.openshift.io/git-reporter-status": "{\"scenarios\":{\"integration-test-djm6-integ-app-uk8n-20260701-165635-000\":{\"lastUpdateTime\":\"2026-07-01T17:01:19.684281965Z\"}}}",
                    "test.appstudio.openshift.io/integration-workflow": "pull-request",
                    "test.appstudio.openshift.io/pipelinerunstarttime": "1782924995000",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/result-chains-git-commit": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/result-chains-git-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "test.appstudio.openshift.io/result-image-digest": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45",
                    "test.appstudio.openshift.io/result-image-url": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed",
                    "test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "test.appstudio.openshift.io/status": "[{\"scenario\":\"integration-test-djm6\",\"status\":\"TestFail\",\"lastUpdateTime\":\"2026-07-01T17:01:19.684281965Z\",\"details\":\"Integration test failed\",\"startTime\":\"2026-07-01T17:01:08.567831044Z\",\"completionTime\":\"2026-07-01T17:01:19.684281965Z\",\"testPipelineRunName\":\"integration-test-djm6-4s6gf\"}]"
                },
                "creationTimestamp": "2026-07-01T17:01:40Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:10Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "tekton-pipelines",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "appstudio.openshift.io/snapshot": "integ-app-uk8n-20260701-165635-000",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipelines.appstudio.openshift.io/type": "test",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "integration-resolver-pipeline-pass",
                    "tekton.dev/pipelineRun": "integration-test-57ae-sf8mj",
                    "tekton.dev/pipelineRunUID": "49c0e8eb-c739-4408-8e52-b817f79fe1b0",
                    "tekton.dev/pipelineTask": "task-success",
                    "tekton.dev/task": "test-output",
                    "test.appstudio.openshift.io/optional": "false",
                    "test.appstudio.openshift.io/pipelinerunfinishtime": "1782925263",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e",
                    "test.appstudio.openshift.io/run": "integration-test-57ae",
                    "test.appstudio.openshift.io/scenario": "integration-test-57ae",
                    "test.appstudio.openshift.io/type": "component"
                },
                "name": "integration-test-57ae-sf8mj-task-success",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "integration-test-57ae-sf8mj",
                        "uid": "49c0e8eb-c739-4408-8e52-b817f79fe1b0"
                    }
                ],
                "resourceVersion": "73508",
                "uid": "11ce5876-6c9c-473e-b68b-315992e67002"
            },
            "spec": {
                "params": [
                    {
                        "name": "RESULT",
                        "value": "SUCCESS"
                    }
                ],
                "serviceAccountName": "konflux-integration-runner",
                "taskRef": {
                    "params": [
                        {
                            "name": "url",
                            "value": "https://github.com/konflux-ci/integration-examples"
                        },
                        {
                            "name": "revision",
                            "value": "main"
                        },
                        {
                            "name": "pathInRepo",
                            "value": "tasks/test_output.yaml"
                        }
                    ],
                    "resolver": "git"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:01:46Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:01:46Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "integration-test-57ae-sf8mj-task-success-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha1": "a1a70b0a1cfc96f5216d472fbd60f6b42780b3e5"
                        },
                        "entryPoint": "tasks/test_output.yaml",
                        "uri": "git+https://github.com/konflux-ci/integration-examples"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T17:01:45+00:00\",\"failures\":0,\"successes\":0,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T17:01:40Z",
                "steps": [
                    {
                        "container": "step-unnamed-0",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c370a7bc6e172cdbab001f1a19f37ebc95f47c3d8fe2d915fa4641132490ead7",
                        "name": "unnamed-0",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://586b7f6dbe40049f469abd5e832c92356bdede4b6555a353c10e206aca72f4f3",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:01:45Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T17:01:45+00:00\\\",\\\"failures\\\":0,\\\"successes\\\":0,\\\"warnings\\\":0}\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:01:45Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "params": [
                        {
                            "default": "SUCCESS",
                            "description": "Test result to be generated",
                            "name": "RESULT",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Test output",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "image": "quay.io/konflux-ci/konflux-test:latest",
                            "name": "",
                            "script": "TEST_OUTPUT=$(jq -rc --arg date $(date -u --iso-8601=seconds) --arg RESULT SUCCESS --null-input \\\n  '{result: $RESULT, timestamp: $date, failures: 0, successes: 0, warnings: 0}')\necho -n \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pac.test.appstudio.openshift.io/branch": "base-4lmvk9",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/git-auth-secret": "pac-gitauth-gyuvge",
                    "pac.test.appstudio.openshift.io/git-provider": "github",
                    "pac.test.appstudio.openshift.io/installation-id": "72200095",
                    "pac.test.appstudio.openshift.io/log-url": "https://CONSOLE_URL_NOT_AVAILABLE",
                    "pac.test.appstudio.openshift.io/max-keep-runs": "3",
                    "pac.test.appstudio.openshift.io/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/scm-reporting-plr-started": "true",
                    "pac.test.appstudio.openshift.io/sender": "konflux-ci-e2e-tests[bot]",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/source-branch": "konflux-test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/49c0e8eb-c739-4408-8e52-b817f79fe1b0/records/1d49bd80-3e13-4479-af94-7f38d1821af3",
                    "results.tekton.dev/result": "integration2-bxjx/results/49c0e8eb-c739-4408-8e52-b817f79fe1b0",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "The number 0 of component snapshots belonging to this pr group hash 77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e is less than 2, skipping group snapshot creation",
                    "test.appstudio.openshift.io/git-reporter-status": "{\"scenarios\":{\"integration-test-djm6-integ-app-uk8n-20260701-165635-000\":{\"lastUpdateTime\":\"2026-07-01T17:01:19.684281965Z\"}}}",
                    "test.appstudio.openshift.io/integration-workflow": "pull-request",
                    "test.appstudio.openshift.io/pipelinerunstarttime": "1782924995000",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/result-chains-git-commit": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/result-chains-git-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "test.appstudio.openshift.io/result-image-digest": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45",
                    "test.appstudio.openshift.io/result-image-url": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed",
                    "test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "test.appstudio.openshift.io/status": "[{\"scenario\":\"integration-test-djm6\",\"status\":\"TestFail\",\"lastUpdateTime\":\"2026-07-01T17:01:19.684281965Z\",\"details\":\"Integration test failed\",\"startTime\":\"2026-07-01T17:01:08.567831044Z\",\"completionTime\":\"2026-07-01T17:01:19.684281965Z\",\"testPipelineRunName\":\"integration-test-djm6-4s6gf\"}]"
                },
                "creationTimestamp": "2026-07-01T17:01:40Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:10Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "tekton-pipelines",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "appstudio.openshift.io/snapshot": "integ-app-uk8n-20260701-165635-000",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipelines.appstudio.openshift.io/type": "test",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "integration-resolver-pipeline-pass",
                    "tekton.dev/pipelineRun": "integration-test-57ae-sf8mj",
                    "tekton.dev/pipelineRunUID": "49c0e8eb-c739-4408-8e52-b817f79fe1b0",
                    "tekton.dev/pipelineTask": "task-success-2",
                    "tekton.dev/task": "test-output",
                    "test.appstudio.openshift.io/optional": "false",
                    "test.appstudio.openshift.io/pipelinerunfinishtime": "1782925263",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e",
                    "test.appstudio.openshift.io/run": "integration-test-57ae",
                    "test.appstudio.openshift.io/scenario": "integration-test-57ae",
                    "test.appstudio.openshift.io/type": "component"
                },
                "name": "integration-test-57ae-sf8mj-task-success-2",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "integration-test-57ae-sf8mj",
                        "uid": "49c0e8eb-c739-4408-8e52-b817f79fe1b0"
                    }
                ],
                "resourceVersion": "73504",
                "uid": "1d49bd80-3e13-4479-af94-7f38d1821af3"
            },
            "spec": {
                "params": [
                    {
                        "name": "RESULT",
                        "value": "SUCCESS"
                    }
                ],
                "serviceAccountName": "konflux-integration-runner",
                "taskRef": {
                    "params": [
                        {
                            "name": "url",
                            "value": "https://github.com/konflux-ci/integration-examples"
                        },
                        {
                            "name": "revision",
                            "value": "main"
                        },
                        {
                            "name": "pathInRepo",
                            "value": "tasks/test_output.yaml"
                        }
                    ],
                    "resolver": "git"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:01:46Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:01:46Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "integration-test-57ae-sf8mj-task-success-2-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha1": "a1a70b0a1cfc96f5216d472fbd60f6b42780b3e5"
                        },
                        "entryPoint": "tasks/test_output.yaml",
                        "uri": "git+https://github.com/konflux-ci/integration-examples"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T17:01:45+00:00\",\"failures\":0,\"successes\":0,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T17:01:40Z",
                "steps": [
                    {
                        "container": "step-unnamed-0",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c370a7bc6e172cdbab001f1a19f37ebc95f47c3d8fe2d915fa4641132490ead7",
                        "name": "unnamed-0",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://cb3051c9ca1d8dac09e53177a4a94a936139abef9199b6bc759e97e7193cd9a5",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:01:45Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T17:01:45+00:00\\\",\\\"failures\\\":0,\\\"successes\\\":0,\\\"warnings\\\":0}\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:01:45Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "params": [
                        {
                            "default": "SUCCESS",
                            "description": "Test result to be generated",
                            "name": "RESULT",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Test output",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "image": "quay.io/konflux-ci/konflux-test:latest",
                            "name": "",
                            "script": "TEST_OUTPUT=$(jq -rc --arg date $(date -u --iso-8601=seconds) --arg RESULT SUCCESS --null-input \\\n  '{result: $RESULT, timestamp: $date, failures: 0, successes: 0, warnings: 0}')\necho -n \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pac.test.appstudio.openshift.io/branch": "base-4lmvk9",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/git-auth-secret": "pac-gitauth-gyuvge",
                    "pac.test.appstudio.openshift.io/git-provider": "github",
                    "pac.test.appstudio.openshift.io/installation-id": "72200095",
                    "pac.test.appstudio.openshift.io/log-url": "https://CONSOLE_URL_NOT_AVAILABLE",
                    "pac.test.appstudio.openshift.io/max-keep-runs": "3",
                    "pac.test.appstudio.openshift.io/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/scm-reporting-plr-started": "true",
                    "pac.test.appstudio.openshift.io/sender": "konflux-ci-e2e-tests[bot]",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/source-branch": "konflux-test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a5dea1f4-451c-4992-9184-a981bb120e1a/records/41258ba8-8a86-4619-bdd3-ac04c01e5663",
                    "results.tekton.dev/result": "integration2-bxjx/results/a5dea1f4-451c-4992-9184-a981bb120e1a",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "The number 0 of component snapshots belonging to this pr group hash 77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e is less than 2, skipping group snapshot creation",
                    "test.appstudio.openshift.io/integration-workflow": "pull-request",
                    "test.appstudio.openshift.io/pipelinerunstarttime": "1782924995000",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/result-chains-git-commit": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/result-chains-git-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "test.appstudio.openshift.io/result-image-digest": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45",
                    "test.appstudio.openshift.io/result-image-url": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed",
                    "test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration"
                },
                "creationTimestamp": "2026-07-01T17:01:10Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:04Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "tekton-pipelines",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "appstudio.openshift.io/snapshot": "integ-app-uk8n-20260701-165635-000",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipelines.appstudio.openshift.io/type": "test",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "integration-resolver-pipeline-pass",
                    "tekton.dev/pipelineRun": "integration-test-djm6-4s6gf",
                    "tekton.dev/pipelineRunUID": "a5dea1f4-451c-4992-9184-a981bb120e1a",
                    "tekton.dev/pipelineTask": "task-fail",
                    "tekton.dev/task": "test-output",
                    "test.appstudio.openshift.io/optional": "false",
                    "test.appstudio.openshift.io/pipelinerunfinishtime": "1782925263",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e",
                    "test.appstudio.openshift.io/run": "integration-test-djm6",
                    "test.appstudio.openshift.io/scenario": "integration-test-djm6",
                    "test.appstudio.openshift.io/type": "component"
                },
                "name": "integration-test-djm6-4s6gf-task-fail",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "integration-test-djm6-4s6gf",
                        "uid": "a5dea1f4-451c-4992-9184-a981bb120e1a"
                    }
                ],
                "resourceVersion": "73381",
                "uid": "41258ba8-8a86-4619-bdd3-ac04c01e5663"
            },
            "spec": {
                "params": [
                    {
                        "name": "RESULT",
                        "value": "FAILURE"
                    }
                ],
                "serviceAccountName": "konflux-integration-runner",
                "taskRef": {
                    "params": [
                        {
                            "name": "url",
                            "value": "https://github.com/konflux-ci/integration-examples"
                        },
                        {
                            "name": "revision",
                            "value": "main"
                        },
                        {
                            "name": "pathInRepo",
                            "value": "tasks/test_output.yaml"
                        }
                    ],
                    "resolver": "git"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:01:18Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:01:18Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "integration-test-djm6-4s6gf-task-fail-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha1": "a1a70b0a1cfc96f5216d472fbd60f6b42780b3e5"
                        },
                        "entryPoint": "tasks/test_output.yaml",
                        "uri": "git+https://github.com/konflux-ci/integration-examples"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"2026-07-01T17:01:18+00:00\",\"failures\":0,\"successes\":0,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T17:01:11Z",
                "steps": [
                    {
                        "container": "step-unnamed-0",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c370a7bc6e172cdbab001f1a19f37ebc95f47c3d8fe2d915fa4641132490ead7",
                        "name": "unnamed-0",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://aa9b99e23997d30c7bfc2c2f074fe89be51614b50d1de7dde885f1baffdbe71d",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:01:18Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"2026-07-01T17:01:18+00:00\\\",\\\"failures\\\":0,\\\"successes\\\":0,\\\"warnings\\\":0}\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:01:18Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "params": [
                        {
                            "default": "SUCCESS",
                            "description": "Test result to be generated",
                            "name": "RESULT",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Test output",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "image": "quay.io/konflux-ci/konflux-test:latest",
                            "name": "",
                            "script": "TEST_OUTPUT=$(jq -rc --arg date $(date -u --iso-8601=seconds) --arg RESULT FAILURE --null-input \\\n  '{result: $RESULT, timestamp: $date, failures: 0, successes: 0, warnings: 0}')\necho -n \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pac.test.appstudio.openshift.io/branch": "base-4lmvk9",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/git-auth-secret": "pac-gitauth-gyuvge",
                    "pac.test.appstudio.openshift.io/git-provider": "github",
                    "pac.test.appstudio.openshift.io/installation-id": "72200095",
                    "pac.test.appstudio.openshift.io/log-url": "https://CONSOLE_URL_NOT_AVAILABLE",
                    "pac.test.appstudio.openshift.io/max-keep-runs": "3",
                    "pac.test.appstudio.openshift.io/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/scm-reporting-plr-started": "true",
                    "pac.test.appstudio.openshift.io/sender": "konflux-ci-e2e-tests[bot]",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/source-branch": "konflux-test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a5dea1f4-451c-4992-9184-a981bb120e1a/records/a536cac8-9b8f-4ea2-97f4-94a695a653f6",
                    "results.tekton.dev/result": "integration2-bxjx/results/a5dea1f4-451c-4992-9184-a981bb120e1a",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "The number 0 of component snapshots belonging to this pr group hash 77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e is less than 2, skipping group snapshot creation",
                    "test.appstudio.openshift.io/integration-workflow": "pull-request",
                    "test.appstudio.openshift.io/pipelinerunstarttime": "1782924995000",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/result-chains-git-commit": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/result-chains-git-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "test.appstudio.openshift.io/result-image-digest": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45",
                    "test.appstudio.openshift.io/result-image-url": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed",
                    "test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration"
                },
                "creationTimestamp": "2026-07-01T17:01:10Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:04Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "tekton-pipelines",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "appstudio.openshift.io/snapshot": "integ-app-uk8n-20260701-165635-000",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipelines.appstudio.openshift.io/type": "test",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "integration-resolver-pipeline-pass",
                    "tekton.dev/pipelineRun": "integration-test-djm6-4s6gf",
                    "tekton.dev/pipelineRunUID": "a5dea1f4-451c-4992-9184-a981bb120e1a",
                    "tekton.dev/pipelineTask": "task-skipped",
                    "tekton.dev/task": "test-output",
                    "test.appstudio.openshift.io/optional": "false",
                    "test.appstudio.openshift.io/pipelinerunfinishtime": "1782925263",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e",
                    "test.appstudio.openshift.io/run": "integration-test-djm6",
                    "test.appstudio.openshift.io/scenario": "integration-test-djm6",
                    "test.appstudio.openshift.io/type": "component"
                },
                "name": "integration-test-djm6-4s6gf-task-skipped",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "integration-test-djm6-4s6gf",
                        "uid": "a5dea1f4-451c-4992-9184-a981bb120e1a"
                    }
                ],
                "resourceVersion": "73385",
                "uid": "a536cac8-9b8f-4ea2-97f4-94a695a653f6"
            },
            "spec": {
                "params": [
                    {
                        "name": "RESULT",
                        "value": "SKIPPED"
                    }
                ],
                "serviceAccountName": "konflux-integration-runner",
                "taskRef": {
                    "params": [
                        {
                            "name": "url",
                            "value": "https://github.com/konflux-ci/integration-examples"
                        },
                        {
                            "name": "revision",
                            "value": "main"
                        },
                        {
                            "name": "pathInRepo",
                            "value": "tasks/test_output.yaml"
                        }
                    ],
                    "resolver": "git"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:01:21Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:01:21Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "integration-test-djm6-4s6gf-task-skipped-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha1": "a1a70b0a1cfc96f5216d472fbd60f6b42780b3e5"
                        },
                        "entryPoint": "tasks/test_output.yaml",
                        "uri": "git+https://github.com/konflux-ci/integration-examples"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SKIPPED\",\"timestamp\":\"2026-07-01T17:01:20+00:00\",\"failures\":0,\"successes\":0,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T17:01:13Z",
                "steps": [
                    {
                        "container": "step-unnamed-0",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c370a7bc6e172cdbab001f1a19f37ebc95f47c3d8fe2d915fa4641132490ead7",
                        "name": "unnamed-0",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://1cc1d9cdefdcacfb04002ff8bc4778d4ab62ecc617109fe38237d13c08325fec",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:01:20Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T17:01:20+00:00\\\",\\\"failures\\\":0,\\\"successes\\\":0,\\\"warnings\\\":0}\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:01:20Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "params": [
                        {
                            "default": "SUCCESS",
                            "description": "Test result to be generated",
                            "name": "RESULT",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Test output",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "image": "quay.io/konflux-ci/konflux-test:latest",
                            "name": "",
                            "script": "TEST_OUTPUT=$(jq -rc --arg date $(date -u --iso-8601=seconds) --arg RESULT SKIPPED --null-input \\\n  '{result: $RESULT, timestamp: $date, failures: 0, successes: 0, warnings: 0}')\necho -n \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pac.test.appstudio.openshift.io/branch": "base-4lmvk9",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/git-auth-secret": "pac-gitauth-gyuvge",
                    "pac.test.appstudio.openshift.io/git-provider": "github",
                    "pac.test.appstudio.openshift.io/installation-id": "72200095",
                    "pac.test.appstudio.openshift.io/log-url": "https://CONSOLE_URL_NOT_AVAILABLE",
                    "pac.test.appstudio.openshift.io/max-keep-runs": "3",
                    "pac.test.appstudio.openshift.io/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/scm-reporting-plr-started": "true",
                    "pac.test.appstudio.openshift.io/sender": "konflux-ci-e2e-tests[bot]",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/source-branch": "konflux-test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a5dea1f4-451c-4992-9184-a981bb120e1a/records/40f54ee7-151f-4cad-a147-71138a2732eb",
                    "results.tekton.dev/result": "integration2-bxjx/results/a5dea1f4-451c-4992-9184-a981bb120e1a",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "The number 0 of component snapshots belonging to this pr group hash 77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e is less than 2, skipping group snapshot creation",
                    "test.appstudio.openshift.io/integration-workflow": "pull-request",
                    "test.appstudio.openshift.io/pipelinerunstarttime": "1782924995000",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/result-chains-git-commit": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/result-chains-git-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "test.appstudio.openshift.io/result-image-digest": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45",
                    "test.appstudio.openshift.io/result-image-url": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed",
                    "test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration"
                },
                "creationTimestamp": "2026-07-01T17:01:10Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:04Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "tekton-pipelines",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "appstudio.openshift.io/snapshot": "integ-app-uk8n-20260701-165635-000",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipelines.appstudio.openshift.io/type": "test",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "integration-resolver-pipeline-pass",
                    "tekton.dev/pipelineRun": "integration-test-djm6-4s6gf",
                    "tekton.dev/pipelineRunUID": "a5dea1f4-451c-4992-9184-a981bb120e1a",
                    "tekton.dev/pipelineTask": "task-success",
                    "tekton.dev/task": "test-output",
                    "test.appstudio.openshift.io/optional": "false",
                    "test.appstudio.openshift.io/pipelinerunfinishtime": "1782925263",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e",
                    "test.appstudio.openshift.io/run": "integration-test-djm6",
                    "test.appstudio.openshift.io/scenario": "integration-test-djm6",
                    "test.appstudio.openshift.io/type": "component"
                },
                "name": "integration-test-djm6-4s6gf-task-success",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "integration-test-djm6-4s6gf",
                        "uid": "a5dea1f4-451c-4992-9184-a981bb120e1a"
                    }
                ],
                "resourceVersion": "73382",
                "uid": "40f54ee7-151f-4cad-a147-71138a2732eb"
            },
            "spec": {
                "params": [
                    {
                        "name": "RESULT",
                        "value": "SUCCESS"
                    }
                ],
                "serviceAccountName": "konflux-integration-runner",
                "taskRef": {
                    "params": [
                        {
                            "name": "url",
                            "value": "https://github.com/konflux-ci/integration-examples"
                        },
                        {
                            "name": "revision",
                            "value": "main"
                        },
                        {
                            "name": "pathInRepo",
                            "value": "tasks/test_output.yaml"
                        }
                    ],
                    "resolver": "git"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:01:16Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:01:16Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "integration-test-djm6-4s6gf-task-success-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha1": "a1a70b0a1cfc96f5216d472fbd60f6b42780b3e5"
                        },
                        "entryPoint": "tasks/test_output.yaml",
                        "uri": "git+https://github.com/konflux-ci/integration-examples"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T17:01:16+00:00\",\"failures\":0,\"successes\":0,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T17:01:10Z",
                "steps": [
                    {
                        "container": "step-unnamed-0",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c370a7bc6e172cdbab001f1a19f37ebc95f47c3d8fe2d915fa4641132490ead7",
                        "name": "unnamed-0",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://766455f968f8657536bffc9dbe557327fff1f209d5e2a0fa72e883d715e77f85",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:01:16Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T17:01:16+00:00\\\",\\\"failures\\\":0,\\\"successes\\\":0,\\\"warnings\\\":0}\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:01:16Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "params": [
                        {
                            "default": "SUCCESS",
                            "description": "Test result to be generated",
                            "name": "RESULT",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Test output",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "image": "quay.io/konflux-ci/konflux-test:latest",
                            "name": "",
                            "script": "TEST_OUTPUT=$(jq -rc --arg date $(date -u --iso-8601=seconds) --arg RESULT SUCCESS --null-input \\\n  '{result: $RESULT, timestamp: $date, failures: 0, successes: 0, warnings: 0}')\necho -n \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pac.test.appstudio.openshift.io/branch": "base-4lmvk9",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/git-auth-secret": "pac-gitauth-gyuvge",
                    "pac.test.appstudio.openshift.io/git-provider": "github",
                    "pac.test.appstudio.openshift.io/installation-id": "72200095",
                    "pac.test.appstudio.openshift.io/log-url": "https://CONSOLE_URL_NOT_AVAILABLE",
                    "pac.test.appstudio.openshift.io/max-keep-runs": "3",
                    "pac.test.appstudio.openshift.io/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/scm-reporting-plr-started": "true",
                    "pac.test.appstudio.openshift.io/sender": "konflux-ci-e2e-tests[bot]",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/source-branch": "konflux-test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/45ae0083-f8b4-4246-a29b-955a2d1db7ce/records/ff804532-6a5e-42ff-8c3c-f5c16b527631",
                    "results.tekton.dev/result": "integration2-bxjx/results/45ae0083-f8b4-4246-a29b-955a2d1db7ce",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "The number 0 of component snapshots belonging to this pr group hash 77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e is less than 2, skipping group snapshot creation",
                    "test.appstudio.openshift.io/integration-workflow": "pull-request",
                    "test.appstudio.openshift.io/pipelinerunstarttime": "1782924995000",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/result-chains-git-commit": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/result-chains-git-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "test.appstudio.openshift.io/result-image-digest": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45",
                    "test.appstudio.openshift.io/result-image-url": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed",
                    "test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration"
                },
                "creationTimestamp": "2026-07-01T17:01:10Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:06Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "tekton-pipelines",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "appstudio.openshift.io/snapshot": "integ-app-uk8n-20260701-165635-000",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipelines.appstudio.openshift.io/type": "test",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "integration-resolver-pipeline-pass",
                    "tekton.dev/pipelineRun": "integration-test-djm6-pnpzh",
                    "tekton.dev/pipelineRunUID": "45ae0083-f8b4-4246-a29b-955a2d1db7ce",
                    "tekton.dev/pipelineTask": "task-fail",
                    "tekton.dev/task": "test-output",
                    "test.appstudio.openshift.io/optional": "false",
                    "test.appstudio.openshift.io/pipelinerunfinishtime": "1782925263",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e",
                    "test.appstudio.openshift.io/scenario": "integration-test-djm6",
                    "test.appstudio.openshift.io/type": "component"
                },
                "name": "integration-test-djm6-pnpzh-task-fail",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "integration-test-djm6-pnpzh",
                        "uid": "45ae0083-f8b4-4246-a29b-955a2d1db7ce"
                    }
                ],
                "resourceVersion": "73403",
                "uid": "ff804532-6a5e-42ff-8c3c-f5c16b527631"
            },
            "spec": {
                "params": [
                    {
                        "name": "RESULT",
                        "value": "FAILURE"
                    }
                ],
                "serviceAccountName": "konflux-integration-runner",
                "taskRef": {
                    "params": [
                        {
                            "name": "url",
                            "value": "https://github.com/konflux-ci/integration-examples"
                        },
                        {
                            "name": "revision",
                            "value": "main"
                        },
                        {
                            "name": "pathInRepo",
                            "value": "tasks/test_output.yaml"
                        }
                    ],
                    "resolver": "git"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:01:19Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:01:19Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "integration-test-djm6-pnpzh-task-fail-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha1": "a1a70b0a1cfc96f5216d472fbd60f6b42780b3e5"
                        },
                        "entryPoint": "tasks/test_output.yaml",
                        "uri": "git+https://github.com/konflux-ci/integration-examples"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"2026-07-01T17:01:19+00:00\",\"failures\":0,\"successes\":0,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T17:01:11Z",
                "steps": [
                    {
                        "container": "step-unnamed-0",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c370a7bc6e172cdbab001f1a19f37ebc95f47c3d8fe2d915fa4641132490ead7",
                        "name": "unnamed-0",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://87fe4d1496e2c8b7449a58ed25e33ca7245115d90a23bfe6a8ef7bf91611ec90",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:01:19Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"2026-07-01T17:01:19+00:00\\\",\\\"failures\\\":0,\\\"successes\\\":0,\\\"warnings\\\":0}\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:01:19Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "params": [
                        {
                            "default": "SUCCESS",
                            "description": "Test result to be generated",
                            "name": "RESULT",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Test output",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "image": "quay.io/konflux-ci/konflux-test:latest",
                            "name": "",
                            "script": "TEST_OUTPUT=$(jq -rc --arg date $(date -u --iso-8601=seconds) --arg RESULT FAILURE --null-input \\\n  '{result: $RESULT, timestamp: $date, failures: 0, successes: 0, warnings: 0}')\necho -n \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pac.test.appstudio.openshift.io/branch": "base-4lmvk9",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/git-auth-secret": "pac-gitauth-gyuvge",
                    "pac.test.appstudio.openshift.io/git-provider": "github",
                    "pac.test.appstudio.openshift.io/installation-id": "72200095",
                    "pac.test.appstudio.openshift.io/log-url": "https://CONSOLE_URL_NOT_AVAILABLE",
                    "pac.test.appstudio.openshift.io/max-keep-runs": "3",
                    "pac.test.appstudio.openshift.io/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/scm-reporting-plr-started": "true",
                    "pac.test.appstudio.openshift.io/sender": "konflux-ci-e2e-tests[bot]",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/source-branch": "konflux-test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/45ae0083-f8b4-4246-a29b-955a2d1db7ce/records/e69277d5-a787-4a7a-bfc8-ec0c07efcb86",
                    "results.tekton.dev/result": "integration2-bxjx/results/45ae0083-f8b4-4246-a29b-955a2d1db7ce",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "The number 0 of component snapshots belonging to this pr group hash 77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e is less than 2, skipping group snapshot creation",
                    "test.appstudio.openshift.io/integration-workflow": "pull-request",
                    "test.appstudio.openshift.io/pipelinerunstarttime": "1782924995000",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/result-chains-git-commit": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/result-chains-git-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "test.appstudio.openshift.io/result-image-digest": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45",
                    "test.appstudio.openshift.io/result-image-url": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed",
                    "test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration"
                },
                "creationTimestamp": "2026-07-01T17:01:10Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:06Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "tekton-pipelines",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "appstudio.openshift.io/snapshot": "integ-app-uk8n-20260701-165635-000",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipelines.appstudio.openshift.io/type": "test",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "integration-resolver-pipeline-pass",
                    "tekton.dev/pipelineRun": "integration-test-djm6-pnpzh",
                    "tekton.dev/pipelineRunUID": "45ae0083-f8b4-4246-a29b-955a2d1db7ce",
                    "tekton.dev/pipelineTask": "task-skipped",
                    "tekton.dev/task": "test-output",
                    "test.appstudio.openshift.io/optional": "false",
                    "test.appstudio.openshift.io/pipelinerunfinishtime": "1782925263",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e",
                    "test.appstudio.openshift.io/scenario": "integration-test-djm6",
                    "test.appstudio.openshift.io/type": "component"
                },
                "name": "integration-test-djm6-pnpzh-task-skipped",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "integration-test-djm6-pnpzh",
                        "uid": "45ae0083-f8b4-4246-a29b-955a2d1db7ce"
                    }
                ],
                "resourceVersion": "73407",
                "uid": "e69277d5-a787-4a7a-bfc8-ec0c07efcb86"
            },
            "spec": {
                "params": [
                    {
                        "name": "RESULT",
                        "value": "SKIPPED"
                    }
                ],
                "serviceAccountName": "konflux-integration-runner",
                "taskRef": {
                    "params": [
                        {
                            "name": "url",
                            "value": "https://github.com/konflux-ci/integration-examples"
                        },
                        {
                            "name": "revision",
                            "value": "main"
                        },
                        {
                            "name": "pathInRepo",
                            "value": "tasks/test_output.yaml"
                        }
                    ],
                    "resolver": "git"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:01:19Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:01:19Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "integration-test-djm6-pnpzh-task-skipped-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha1": "a1a70b0a1cfc96f5216d472fbd60f6b42780b3e5"
                        },
                        "entryPoint": "tasks/test_output.yaml",
                        "uri": "git+https://github.com/konflux-ci/integration-examples"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SKIPPED\",\"timestamp\":\"2026-07-01T17:01:18+00:00\",\"failures\":0,\"successes\":0,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T17:01:12Z",
                "steps": [
                    {
                        "container": "step-unnamed-0",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c370a7bc6e172cdbab001f1a19f37ebc95f47c3d8fe2d915fa4641132490ead7",
                        "name": "unnamed-0",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://13d699c689148c9330241220a0826c84212f26a58288e8c514a25060e321a9ac",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:01:18Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T17:01:18+00:00\\\",\\\"failures\\\":0,\\\"successes\\\":0,\\\"warnings\\\":0}\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:01:18Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "params": [
                        {
                            "default": "SUCCESS",
                            "description": "Test result to be generated",
                            "name": "RESULT",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Test output",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "image": "quay.io/konflux-ci/konflux-test:latest",
                            "name": "",
                            "script": "TEST_OUTPUT=$(jq -rc --arg date $(date -u --iso-8601=seconds) --arg RESULT SKIPPED --null-input \\\n  '{result: $RESULT, timestamp: $date, failures: 0, successes: 0, warnings: 0}')\necho -n \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pac.test.appstudio.openshift.io/branch": "base-4lmvk9",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/git-auth-secret": "pac-gitauth-gyuvge",
                    "pac.test.appstudio.openshift.io/git-provider": "github",
                    "pac.test.appstudio.openshift.io/installation-id": "72200095",
                    "pac.test.appstudio.openshift.io/log-url": "https://CONSOLE_URL_NOT_AVAILABLE",
                    "pac.test.appstudio.openshift.io/max-keep-runs": "3",
                    "pac.test.appstudio.openshift.io/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/scm-reporting-plr-started": "true",
                    "pac.test.appstudio.openshift.io/sender": "konflux-ci-e2e-tests[bot]",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/source-branch": "konflux-test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/45ae0083-f8b4-4246-a29b-955a2d1db7ce/records/a479296b-8332-49d8-b08b-4ff08343e47a",
                    "results.tekton.dev/result": "integration2-bxjx/results/45ae0083-f8b4-4246-a29b-955a2d1db7ce",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/create-groupsnapshot-status": "The number 0 of component snapshots belonging to this pr group hash 77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e is less than 2, skipping group snapshot creation",
                    "test.appstudio.openshift.io/integration-workflow": "pull-request",
                    "test.appstudio.openshift.io/pipelinerunstarttime": "1782924995000",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/result-chains-git-commit": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/result-chains-git-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "test.appstudio.openshift.io/result-image-digest": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45",
                    "test.appstudio.openshift.io/result-image-url": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed",
                    "test.appstudio.openshift.io/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration"
                },
                "creationTimestamp": "2026-07-01T17:01:10Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:06Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "tekton-pipelines",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "appstudio.openshift.io/snapshot": "integ-app-uk8n-20260701-165635-000",
                    "pac.test.appstudio.openshift.io/cancel-in-progress": "true",
                    "pac.test.appstudio.openshift.io/check-run-id": "84590472077",
                    "pac.test.appstudio.openshift.io/event-type": "pull_request",
                    "pac.test.appstudio.openshift.io/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pac.test.appstudio.openshift.io/pull-request": "30782",
                    "pac.test.appstudio.openshift.io/repository": "test-component-pac-strsml",
                    "pac.test.appstudio.openshift.io/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pac.test.appstudio.openshift.io/state": "completed",
                    "pac.test.appstudio.openshift.io/url-org": "redhat-appstudio-qe",
                    "pac.test.appstudio.openshift.io/url-repository": "konflux-test-integration",
                    "pipelines.appstudio.openshift.io/type": "test",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "integration-resolver-pipeline-pass",
                    "tekton.dev/pipelineRun": "integration-test-djm6-pnpzh",
                    "tekton.dev/pipelineRunUID": "45ae0083-f8b4-4246-a29b-955a2d1db7ce",
                    "tekton.dev/pipelineTask": "task-success",
                    "tekton.dev/task": "test-output",
                    "test.appstudio.openshift.io/optional": "false",
                    "test.appstudio.openshift.io/pipelinerunfinishtime": "1782925263",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e",
                    "test.appstudio.openshift.io/scenario": "integration-test-djm6",
                    "test.appstudio.openshift.io/type": "component"
                },
                "name": "integration-test-djm6-pnpzh-task-success",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "integration-test-djm6-pnpzh",
                        "uid": "45ae0083-f8b4-4246-a29b-955a2d1db7ce"
                    }
                ],
                "resourceVersion": "73404",
                "uid": "a479296b-8332-49d8-b08b-4ff08343e47a"
            },
            "spec": {
                "params": [
                    {
                        "name": "RESULT",
                        "value": "SUCCESS"
                    }
                ],
                "serviceAccountName": "konflux-integration-runner",
                "taskRef": {
                    "params": [
                        {
                            "name": "url",
                            "value": "https://github.com/konflux-ci/integration-examples"
                        },
                        {
                            "name": "revision",
                            "value": "main"
                        },
                        {
                            "name": "pathInRepo",
                            "value": "tasks/test_output.yaml"
                        }
                    ],
                    "resolver": "git"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:01:16Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:01:16Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "integration-test-djm6-pnpzh-task-success-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha1": "a1a70b0a1cfc96f5216d472fbd60f6b42780b3e5"
                        },
                        "entryPoint": "tasks/test_output.yaml",
                        "uri": "git+https://github.com/konflux-ci/integration-examples"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T17:01:15+00:00\",\"failures\":0,\"successes\":0,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T17:01:10Z",
                "steps": [
                    {
                        "container": "step-unnamed-0",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c370a7bc6e172cdbab001f1a19f37ebc95f47c3d8fe2d915fa4641132490ead7",
                        "name": "unnamed-0",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d09fd92afd1580d1792fe78b5dc10359226eecad9618051c8aca804fadb04a84",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:01:15Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T17:01:15+00:00\\\",\\\"failures\\\":0,\\\"successes\\\":0,\\\"warnings\\\":0}\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:01:15Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "params": [
                        {
                            "default": "SUCCESS",
                            "description": "Test result to be generated",
                            "name": "RESULT",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Test output",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {},
                            "image": "quay.io/konflux-ci/konflux-test:latest",
                            "name": "",
                            "script": "TEST_OUTPUT=$(jq -rc --arg date $(date -u --iso-8601=seconds) --arg RESULT SUCCESS --null-input \\\n  '{result: $RESULT, timestamp: $date, failures: 0, successes: 0, warnings: 0}')\necho -n \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "base-4lmvk9",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-gyuvge",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/integration2-bxjx/pipelinerun/test-component-pac-strsml-on-pull-request-zrnp9",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478/records/67406fc3-b249-46e6-8f2c-d53b973ee9e5",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration\",\"commit\":\"a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"eventType\":\"pull_request\",\"pull_request-id\":30782}",
                    "results.tekton.dev/result": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T17:00:02Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:09Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRun": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRunUID": "a63346c4-ef3e-40a2-9327-dace0d209478",
                    "tekton.dev/pipelineTask": "coverity-availability-check",
                    "tekton.dev/task": "coverity-availability-check",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e"
                },
                "name": "tes388343f479387765cf5d056667401a93-coverity-availability-check",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "test-component-pac-strsml-on-pull-request-zrnp9",
                        "uid": "a63346c4-ef3e-40a2-9327-dace0d209478"
                    }
                ],
                "resourceVersion": "73461",
                "uid": "67406fc3-b249-46e6-8f2c-d53b973ee9e5"
            },
            "spec": {
                "serviceAccountName": "build-pipeline-test-component-pac-strsml",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "coverity-availability-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check:0.2@sha256:de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:00:16Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:00:16Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "tes388343f479387765cf5d0566e17432538523e68087114f89929ffc74-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "de35caf2f090e3275cfd1019ea50d9662422e904fb4aebd6ea29fb53a1ad57f5"
                        },
                        "entryPoint": "coverity-availability-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check"
                    }
                },
                "results": [
                    {
                        "name": "STATUS",
                        "type": "string",
                        "value": "failed"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"2026-07-01T17:00:15+00:00\",\"note\":\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\",\"namespace\":\"default\",\"successes\":0,\"failures\":1,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T17:00:03Z",
                "steps": [
                    {
                        "container": "step-coverity-availability-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "coverity-availability-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://473645d5722bb6991c477db8554100cbcaa86baa4836bcce17597c1b3782dd11",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:15Z",
                            "message": "[{\"key\":\"STATUS\",\"value\":\"failed\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"2026-07-01T17:00:15+00:00\\\",\\\"note\\\":\\\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":1,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:15Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This task performs needed checks in order to use Coverity image in the pipeline. It will check for a Coverity license secret and an authentication secret for pulling the image.",
                    "params": [
                        {
                            "default": "cov-license",
                            "description": "Name of secret which contains the Coverity license",
                            "name": "COV_LICENSE",
                            "type": "string"
                        },
                        {
                            "default": "auth-token-coverity-image",
                            "description": "Name of secret which contains the authentication token for pulling the Coverity image.",
                            "name": "AUTH_TOKEN_COVERITY_IMAGE",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task result output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Tekton task simple status to be later checked",
                            "name": "STATUS",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "COV_LICENSE",
                                    "value": "cov-license"
                                },
                                {
                                    "name": "AUTH_TOKEN_COVERITY_IMAGE",
                                    "value": "auth-token-coverity-image"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "coverity-availability-check",
                            "script": "#!/usr/bin/env bash\nset -eo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Checking Coverity license\nCOV_LICENSE_PATH=/etc/secrets/cov/cov-license\nif [ -f \"${COV_LICENSE_PATH}\" ] \u0026\u0026 [ -s \"${COV_LICENSE_PATH}\" ]; then\n  echo \"Coverity license detected!\"\nelse\n  echo 'No license file for Coverity was detected. Coverity scan will not be executed...'\n  echo 'Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license'\n  note=\"Task coverity-availability-check failed: No license file for Coverity was detected. Please, create a secret called 'cov-license' with a key called 'cov-license' and the value containing the Coverity license\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# Checking authentication token for downloading coverity image\nAUTH_TOKEN_COVERITY_IMAGE_PATH=/etc/secrets/auth/config.json\nif [ -f \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ] \u0026\u0026 [ -s \"${AUTH_TOKEN_COVERITY_IMAGE_PATH}\" ]; then\n  echo \"Authentication token detected!\"\nelse\n  echo 'No authentication token for downloading Coverity image detected. Coverity scan will not be executed...'\n  echo 'Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image'\n  note=\"Task coverity-availability-check failed: No authentication token for downloading Coverity image detected. Please, create an imagePullSecret named 'auth-token-coverity-image' with the authentication token for pulling the Coverity image\"\n  TEST_OUTPUT=$(make_result_json -r FAILURE -t \"$note\" -f 1)\n  echo -n \"failed\" | tee \"/tekton/results/STATUS\"\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nnote=\"Task coverity-availability-check completed: Coverity availability checks finished succesfully.\"\n# shellcheck disable=SC2034\nTEST_OUTPUT=$(make_result_json -r SUCCESS -s 1 -t \"$note\")\necho -n \"success\" | tee \"/tekton/results/STATUS\"\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets/cov",
                                    "name": "cov-license",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/etc/secrets/auth/config.json",
                                    "name": "auth-token-coverity-image",
                                    "subPath": ".dockerconfigjson"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "cov-license",
                            "secret": {
                                "optional": true,
                                "secretName": "cov-license"
                            }
                        },
                        {
                            "name": "auth-token-coverity-image",
                            "secret": {
                                "optional": true,
                                "secretName": "auth-token-coverity-image"
                            }
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "base-4lmvk9",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-gyuvge",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/integration2-bxjx/pipelinerun/test-component-pac-strsml-on-pull-request-zrnp9",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478/records/c4474367-2171-4f82-97ec-201a2f813a86",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration\",\"commit\":\"a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"eventType\":\"pull_request\",\"pull_request-id\":30782}",
                    "results.tekton.dev/result": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T17:00:02Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:09Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRun": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRunUID": "a63346c4-ef3e-40a2-9327-dace0d209478",
                    "tekton.dev/pipelineTask": "deprecated-base-image-check",
                    "tekton.dev/task": "deprecated-image-check",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e"
                },
                "name": "tes388343f479387765cf5d056667401a93-deprecated-base-image-check",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "test-component-pac-strsml-on-pull-request-zrnp9",
                        "uid": "a63346c4-ef3e-40a2-9327-dace0d209478"
                    }
                ],
                "resourceVersion": "73470",
                "uid": "c4474367-2171-4f82-97ec-201a2f813a86"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                    }
                ],
                "serviceAccountName": "build-pipeline-test-component-pac-strsml",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "deprecated-image-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check:0.5@sha256:3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:00:27Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:00:27Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "tes388343f479387765cf5d05662164d8f6806ff6c6181f8b16b4f59502-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "3457a4ca93f8d55f14ebd407532b1223c689eacc34f0abb3003db4111667bdae"
                        },
                        "entryPoint": "deprecated-image-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\", \"digests\": [\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T17:00:23+00:00\",\"note\":\"Task deprecated-image-check completed: Check result for task result.\",\"namespace\":\"required_checks\",\"successes\":2,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T17:00:02Z",
                "steps": [
                    {
                        "container": "step-check-images",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "check-images",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://84879d86dc0cdc4874c8d2fd263c99c0d5b28e1b81f777bdf6653ae90d9107c4",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:23Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\\\", \\\"digests\\\": [\\\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T17:00:23+00:00\\\",\\\"note\\\":\\\"Task deprecated-image-check completed: Check result for task result.\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:12Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Identifies the unmaintained and potentially insecure deprecated base images. Pyxis API collects metadata from image repository, and Conftest applies supplied policy to identify the deprecated images using that metadata.",
                    "params": [
                        {
                            "default": "/project/repository/",
                            "description": "Path to directory containing Conftest policies.",
                            "name": "POLICY_DIR",
                            "type": "string"
                        },
                        {
                            "default": "required_checks",
                            "description": "Namespace for Conftest policy.",
                            "name": "POLICY_NAMESPACE",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Digests of base build images.",
                            "name": "BASE_IMAGES_DIGESTS",
                            "type": "string"
                        },
                        {
                            "description": "Fully qualified image name.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "POLICY_DIR",
                                    "value": "/project/repository/"
                                },
                                {
                                    "name": "POLICY_NAMESPACE",
                                    "value": "required_checks"
                                },
                                {
                                    "name": "BASE_IMAGES_DIGESTS"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "check-images",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nIMAGES_TO_BE_PROCESSED_PATH=\"/tmp/images_to_be_processed.txt\"\ntouch /tmp/images_to_be_processed.txt\n\nsuccess_counter=0\nfailure_counter=0\nerror_counter=0\nwarnings_counter=0\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo -n $imagewithouttag@$IMAGE_DIGEST)\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  while read -r arch arch_sha; do\n    SBOM_FILE_PATH=$(echo \"/tmp/sbom-$arch.json\")\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    # Get base images from SBOM\n    cosign download sbom $arch_imageanddigest \u003e ${SBOM_FILE_PATH}\n    if [ $? -ne 0 ]; then\n      echo \"Unable to download sbom for arch $arch.\"\n      continue\n    fi\n\n    \u003c \"${SBOM_FILE_PATH}\" jq -r '\n        if .bomFormat == \"CycloneDX\" then\n            .formulation[]?\n            | .components[]?\n            | select(any(.properties[]?; .name | test(\"^konflux:container:is_(base|builder)_image\")))\n            | (\n                .purl\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        else\n            .packages[]\n            | select(any(.annotations[]?.comment; (fromjson?).name? | test(\"^konflux:container:is_(base|builder)_image\")?))\n            | [.externalRefs[]? | select(.referenceType == \"purl\").referenceLocator] as $purls\n            | (\n                $purls | first\n                | capture(\"^pkg:oci/.*?@(?\u003cdigest\u003e[a-z0-9]+:[a-f0-9]+)(?:\\\\?[^#]*repository_url=(?\u003crepository_url\u003e[^\u0026#]*))?\")\n              ) as $matched\n            | $matched.repository_url\n        end\n    ' \u003e\u003e \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"Detected base images from $arch SBOM:\"\n    cat \"${IMAGES_TO_BE_PROCESSED_PATH}\"\n    echo \"\"\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task deprecated-image-check failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nif [ -n \"${BASE_IMAGES_DIGESTS}\" ];\nthen\n  echo \"Base images passed by param BASE_IMAGES_DIGESTS: $BASE_IMAGES_DIGESTS\"\n  # Get images from the parameter\n  for IMAGE_WITH_TAG in $(echo -n \"$BASE_IMAGES_DIGESTS\" | sed 's/\\\\n/\\'$'\\n''/g' );\n  do\n    echo $IMAGE_WITH_TAG | cut -d \":\" -f1 \u003e\u003e ${IMAGES_TO_BE_PROCESSED_PATH}\n  done\nfi\n\n# we want to remove duplicated entries\nBASE_IMAGES=$(sort -u \"${IMAGES_TO_BE_PROCESSED_PATH}\")\n\necho \"Images to be checked:\"\necho \"$BASE_IMAGES\"\necho \"\"\n\nfor BASE_IMAGE in ${BASE_IMAGES};\ndo\n  IFS=:'/' read -r IMAGE_REGISTRY IMAGE_REPOSITORY\u003c\u003c\u003c $BASE_IMAGE\n\n  # Red Hat Catalog hack: registry.redhat.io must be queried as registry.access.redhat.com in Red Hat catalog\n  IMAGE_REGISTRY_CATALOG=$(echo \"${IMAGE_REGISTRY}\" | sed 's/^registry.redhat.io$/registry.access.redhat.com/')\n\n  export IMAGE_REPO_PATH=/tmp/${IMAGE_REPOSITORY}\n  mkdir -p ${IMAGE_REPO_PATH}\n  echo \"Querying Red Hat Catalog for $BASE_IMAGE.\"\n  http_code=$(curl -s -o ${IMAGE_REPO_PATH}/repository_data.json -w '%{http_code}' \"https://catalog.redhat.com/api/containers/v1/repositories/registry/${IMAGE_REGISTRY_CATALOG}/repository/${IMAGE_REPOSITORY}\")\n\n  if [ \"$http_code\" == \"200\" ];\n  then\n    echo \"Running conftest using $POLICY_DIR policy, $POLICY_NAMESPACE namespace.\"\n    /usr/bin/conftest test --no-fail ${IMAGE_REPO_PATH}/repository_data.json \\\n    --policy $POLICY_DIR --namespace $POLICY_NAMESPACE \\\n    --output=json | tee ${IMAGE_REPO_PATH}/deprecated_image_check_output.json\n\n    failures_num=$(jq -r '.[].failures|length' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${failures_num}\" -gt 0 ]]; then\n      echo \"[FAILURE] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} has been deprecated\"\n    fi\n    failure_counter=$((failure_counter+failures_num))\n\n    successes_num=$(jq -r '.[].successes' ${IMAGE_REPO_PATH}/deprecated_image_check_output.json)\n    if [[ \"${successes_num}\" -gt 0 ]]; then\n      echo \"[SUCCESS] Image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} is valid\"\n    fi\n    success_counter=$((success_counter+successes_num))\n\n  elif [ \"$http_code\" == \"404\" ];\n  then\n    echo \"[WARNING] Registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY} not found in Red Hat Catalog. Task cannot provide results if image is deprecated.\"\n    warnings_counter=$((warnings_counter+1))\n  else\n    echo \"[ERROR] Unexpected error (HTTP code: ${http_code}) occurred for registry/image ${IMAGE_REGISTRY}/${IMAGE_REPOSITORY}.\"\n    error_counter=$((error_counter+1))\n  fi\ndone\n\nnote=\"Task deprecated-image-check failed: Command conftest failed. For details, check Tekton task log.\"\nERROR_OUTPUT=$(make_result_json -r ERROR -n \"$POLICY_NAMESPACE\" -t \"$note\")\n\nnote=\"Task deprecated-image-check completed: Check result for task result.\"\nif [[ \"$error_counter\" == 0 ]];\nthen\n  if [[ \"${failure_counter}\" -gt 0 ]]; then\n    RES=\"FAILURE\"\n  elif [[ \"${warnings_counter}\" -gt 0 ]]; then\n    RES=\"WARNING\"\n  elif [[ \"${success_counter}\" -eq 0 ]]; then\n    # when all counters are 0, there are no base images to check\n    note=\"Task deprecated-image-check success: No base images to check.\"\n    RES=\"SUCCESS\"\n  else\n    RES=\"SUCCESS\"\n  fi\n  TEST_OUTPUT=$(make_result_json \\\n    -r \"${RES}\" -n \"$POLICY_NAMESPACE\" \\\n    -s \"${success_counter}\" -f \"${failure_counter}\" -w \"${warnings_counter}\" -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee /tekton/results/TEST_OUTPUT\n\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-8fc7f25ca4",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "base-4lmvk9",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-gyuvge",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/integration2-bxjx/pipelinerun/test-component-pac-strsml-on-pull-request-zrnp9",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478/records/f8ce0a79-fb60-400a-b367-2a82d0ee9b0b",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration\",\"commit\":\"a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"eventType\":\"pull_request\",\"pull_request-id\":30782}",
                    "results.tekton.dev/result": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:57:00Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:09Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRun": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRunUID": "a63346c4-ef3e-40a2-9327-dace0d209478",
                    "tekton.dev/pipelineTask": "prefetch-dependencies",
                    "tekton.dev/task": "prefetch-dependencies",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e"
                },
                "name": "test-comp388343f479387765cf5d056667401a93-prefetch-dependencies",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "test-component-pac-strsml-on-pull-request-zrnp9",
                        "uid": "a63346c4-ef3e-40a2-9327-dace0d209478"
                    }
                ],
                "resourceVersion": "73479",
                "uid": "f8ce0a79-fb60-400a-b367-2a82d0ee9b0b"
            },
            "spec": {
                "params": [
                    {
                        "name": "input",
                        "value": ""
                    }
                ],
                "serviceAccountName": "build-pipeline-test-component-pac-strsml",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "prefetch-dependencies"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies:0.3@sha256:45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "source",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-143838c0ca"
                        }
                    },
                    {
                        "name": "git-basic-auth",
                        "secret": {
                            "secretName": "pac-gitauth-gyuvge"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T16:57:12Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T16:57:12Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "test-comp388343f479387765cf7730628af9da59302c9a7f662d61151a-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "45d2d88ddcc02db4605a4059e034121163458a63b7bb4e179e4402c156f84487"
                        },
                        "entryPoint": "prefetch-dependencies",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies"
                    }
                },
                "startTime": "2026-07-01T16:57:00Z",
                "steps": [
                    {
                        "container": "step-prefetch-dependencies",
                        "imageID": "quay.io/konflux-ci/hermeto@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                        "name": "prefetch-dependencies",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://c3aa96c06dfa096013bc1ce3d9f1ac91d25b5ce514412d5a4d85eb0b00af99aa",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:57:11Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:57:05Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Task that prefetches project dependencies for hermetic build.",
                    "params": [
                        {
                            "description": "Configures project packages that will have their dependencies prefetched.",
                            "name": "input",
                            "type": "string"
                        },
                        {
                            "default": "debug",
                            "description": "Set the logging level (debug, info, warn, error, fatal).",
                            "name": "log-level",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Pass configuration to the prefetch tool.\nNote this needs to be passed as a YAML-formatted config dump, not as a file path!\n",
                            "name": "config-file-content",
                            "type": "string"
                        },
                        {
                            "default": "spdx",
                            "description": "Select the SBOM format to generate. Valid values: spdx, cyclonedx.",
                            "name": "sbom-type",
                            "type": "string"
                        },
                        {
                            "default": "strict",
                            "description": "Control how input requirement violations are handled: strict (errors) or permissive (warnings).",
                            "name": "mode",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "activation-key",
                            "description": "Name of secret which contains subscription activation key",
                            "name": "ACTIVATION_KEY",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "3Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "debug"
                                },
                                {
                                    "name": "KBC_PD_INPUT"
                                },
                                {
                                    "name": "KBC_PD_SOURCE_DIR",
                                    "value": "/workspace/source/source"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR",
                                    "value": "/workspace/source/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_SBOM_FORMAT",
                                    "value": "spdx"
                                },
                                {
                                    "name": "KBC_PD_MODE",
                                    "value": "strict"
                                },
                                {
                                    "name": "KBC_PD_OUTPUT_DIR_MOUNT_POINT",
                                    "value": "/cachi2/output"
                                },
                                {
                                    "name": "KBC_PD_ENV_FILE",
                                    "value": "/workspace/source/cachi2/cachi2.env"
                                },
                                {
                                    "name": "KBC_PD_GIT_AUTH_DIRECTORY",
                                    "value": "/workspace/git-basic-auth"
                                },
                                {
                                    "name": "WORKSPACE_NETRC_PATH"
                                },
                                {
                                    "name": "CONFIG_FILE_CONTENT"
                                }
                            ],
                            "image": "quay.io/konflux-ci/hermeto:0.48.0@sha256:105b953463a203b82223cc54fb466ee0395ae9cca67bcdbbcbec4c340d511f26",
                            "name": "prefetch-dependencies",
                            "script": "#!/bin/bash\n\nif [ -n \"${WORKSPACE_NETRC_PATH}\" ]; then\n  export NETRC=\"${WORKSPACE_NETRC_PATH}/.netrc\"\nfi\n\nCA_BUNDLE_PATH=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$CA_BUNDLE_PATH\" ]; then\n  cp -vf \"$CA_BUNDLE_PATH\" /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [ -e /activation-key/org ] \u0026\u0026 [ -e /activation-key/activationkey ]; then\n  export KBC_PD_RHSM_ORG=/activation-key/org\n  export KBC_PD_RHSM_ACTIVATION_KEY=/activation-key/activationkey\nfi\n\nif [ -n \"${CONFIG_FILE_CONTENT}\" ]; then\n  echo \"${CONFIG_FILE_CONTENT}\" \u003e /mnt/config/config.yaml\n  export KBC_PD_CONFIG_FILE=/mnt/config/config.yaml\nfi\n\nkonflux-build-cli prefetch-dependencies\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/activation-key",
                                    "name": "activation-key"
                                },
                                {
                                    "mountPath": "/mnt/config",
                                    "name": "config"
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "name": "activation-key",
                            "secret": {
                                "optional": true,
                                "secretName": "activation-key"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "config"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace with the source code, prefetch artifacts will be stored on the workspace as well",
                            "name": "source"
                        },
                        {
                            "description": "A Workspace containing a .gitconfig and .git-credentials file or username and password.\nThese will be copied to the user's home before prefetch is run. Any\nother files in this Workspace are ignored. It is strongly recommended\nto bind a Secret to this Workspace over other volume types.\n",
                            "name": "git-basic-auth",
                            "optional": true
                        },
                        {
                            "description": "Workspace containing a .netrc file. Prefetch will use the credentials in this file when\nperforming http(s) requests.\n",
                            "name": "netrc",
                            "optional": true
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "base-4lmvk9",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-gyuvge",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/integration2-bxjx/pipelinerun/test-component-pac-strsml-on-pull-request-zrnp9",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478/records/7b34fa26-7623-46a4-ac65-7358873daa1f",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration\",\"commit\":\"a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"eventType\":\"pull_request\",\"pull_request-id\":30782}",
                    "results.tekton.dev/result": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T17:00:02Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:08Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRun": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRunUID": "a63346c4-ef3e-40a2-9327-dace0d209478",
                    "tekton.dev/pipelineTask": "rpms-signature-scan",
                    "tekton.dev/task": "rpms-signature-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e"
                },
                "name": "test-compon388343f479387765cf5d056667401a93-rpms-signature-scan",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "test-component-pac-strsml-on-pull-request-zrnp9",
                        "uid": "a63346c4-ef3e-40a2-9327-dace0d209478"
                    }
                ],
                "resourceVersion": "73437",
                "uid": "7b34fa26-7623-46a4-ac65-7358873daa1f"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                    },
                    {
                        "name": "image-digest",
                        "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                    }
                ],
                "serviceAccountName": "build-pipeline-test-component-pac-strsml",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "rpms-signature-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:00:44Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:00:44Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "test-compon388343f4793877654d61ef280f8b7d41a9ec2eb8114e2703-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "47b81d6b3d752649eddfbb8b3fd8f6522c4bb07f6d1946f9bc45dae3f92e2c9a"
                        },
                        "entryPoint": "rpms-signature-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\", \"digests\": [\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\"]}}\n"
                    },
                    {
                        "name": "RPMS_DATA",
                        "type": "string",
                        "value": "{\"keys\": {\"199e2f91fd431d51\": 132, \"unsigned\": 0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T17:00:44+00:00\",\"note\":\"Task rpms-signature-scan completed successfully\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T17:00:06Z",
                "steps": [
                    {
                        "container": "step-rpms-signature-scan",
                        "imageID": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                        "name": "rpms-signature-scan",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://1fe328231514b083426abcb7c42eb45e08b3dd13ae9519458bbd6472d7715902",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:43Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:19Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-output-results",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                        "name": "output-results",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://1312fa6848da51ce6ae9d817b89da010d42ddbffe2bc914b7e858479283bb661",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:44Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\\\", \\\"digests\\\": [\\\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\\\"]}}\\n\",\"type\":1},{\"key\":\"RPMS_DATA\",\"value\":\"{\\\"keys\\\": {\\\"199e2f91fd431d51\\\": 132, \\\"unsigned\\\": 0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T17:00:44+00:00\\\",\\\"note\\\":\\\"Task rpms-signature-scan completed successfully\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:43Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans RPMs in an image and provide information about RPMs signatures.",
                    "params": [
                        {
                            "description": "Image URL",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Image digest to scan",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "/tmp",
                            "description": "Directory that will be used for storing temporary\nfiles produced by this task.\n",
                            "name": "workdir",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Information about signed and unsigned RPMs",
                            "name": "RPMS_DATA",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "200m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                                },
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/tools@sha256:c677979dbad26c7b95e502ef62548beaf805607b691ba0d26ff488fd394fb215",
                            "name": "rpms-signature-scan",
                            "script": "#!/bin/bash\nset -ex\nset -o pipefail\n\nrpm_verifier \\\n  --image-url \"${IMAGE_URL}\" \\\n  --image-digest \"${IMAGE_DIGEST}\" \\\n  --workdir \"${WORKDIR}\" \\\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                },
                                "requests": {
                                    "cpu": "50m",
                                    "memory": "32Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "WORKDIR",
                                    "value": "/tmp"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.46@sha256:c7e2099ad87d4c65284cba5df8488eae64d16ea0baff344c549ed7ca2415ebce",
                            "name": "output-results",
                            "script": "#!/bin/bash\nset -ex\n\nsource /utils.sh\nstatus=$(cat \"${WORKDIR}\"/status)\nrpms_data=$(cat \"${WORKDIR}\"/results)\nimages_processed=$(cat \"${WORKDIR}\"/images_processed)\n\nif [ \"$status\" == \"ERROR\" ]; then\n  note=\"Task rpms-signature-scan failed to scan images. Refer to Tekton task output for details\"\nelse\n  note=\"Task rpms-signature-scan completed successfully\"\nfi\n\nTEST_OUTPUT=$(make_result_json -r \"$status\" -t \"$note\")\n\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\necho \"${rpms_data}\" | tee \"/tekton/results/RPMS_DATA\"\necho \"${images_processed}\" | tee \"/tekton/results/IMAGES_PROCESSED\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/tmp",
                                    "name": "workdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "workdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-8fc7f25ca4",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "base-4lmvk9",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-gyuvge",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/integration2-bxjx/pipelinerun/test-component-pac-strsml-on-pull-request-zrnp9",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478/records/bf0a7544-1410-446c-a28e-0338e5dfe222",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration\",\"commit\":\"a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"eventType\":\"pull_request\",\"pull_request-id\":30782}",
                    "results.tekton.dev/result": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T17:00:02Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:08Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRun": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRunUID": "a63346c4-ef3e-40a2-9327-dace0d209478",
                    "tekton.dev/pipelineTask": "sast-unicode-check",
                    "tekton.dev/task": "sast-unicode-check",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e"
                },
                "name": "test-compone388343f479387765cf5d056667401a93-sast-unicode-check",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "test-component-pac-strsml-on-pull-request-zrnp9",
                        "uid": "a63346c4-ef3e-40a2-9327-dace0d209478"
                    }
                ],
                "resourceVersion": "73440",
                "uid": "bf0a7544-1410-446c-a28e-0338e5dfe222"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                    }
                ],
                "serviceAccountName": "build-pipeline-test-component-pac-strsml",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-unicode-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check:0.4@sha256:d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-143838c0ca"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:00:27Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:00:27Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "test-compone388343f47938776f41fd4a78c6b419bd12d3f3cf594e13e-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "d65abc145444d056dfc373cd42843c3653e35435ef9d2f1e3d3fbabf0fbef477"
                        },
                        "entryPoint": "sast-unicode-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T17:00:19+00:00\",\"note\":\"Task sast-unicode-check success: No finding was detected\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T17:00:04Z",
                "steps": [
                    {
                        "container": "step-sast-unicode-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-unicode-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d38111e4983da52e5f2332b1508e2ef5ca844381b3eeea18eb503459f550ea15",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:19Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T17:00:19+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:17Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f918c43bbd6f95cc8142f9c1ef96b23acfa4b0c7b567c0498326f9227a015683",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:22Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T17:00:19+00:00\\\",\\\"note\\\":\\\"Task sast-unicode-check success: No finding was detected\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:20Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for non-printable unicode characters in all text files.",
                    "params": [
                        {
                            "description": "Image digest used for ORAS upload.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL used for ORAS upload.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "-p bidi -v -d -t",
                            "description": "arguments for find-unicode-control command.",
                            "name": "FIND_UNICODE_CONTROL_ARGS",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (defaults to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "FIND_UNICODE_CONTROL_ARGS",
                                    "value": "-p bidi -v -d -t"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "SOURCE_CODE_DIR",
                                    "value": "/workspace/workspace"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-unicode-check",
                            "script": "#!/usr/bin/env bash\nset -exuo pipefail\n\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSCAN_PROP=\"https://github.com/siddhesh/find-unicode-control.git#c2accbfbba7553a8bc1ebd97089ae08ad8347e58\"\nFUC_EXIT_CODE=0\n\n# shellcheck disable=SC2086\nLANG=en_US.utf8 find_unicode_control.py ${FIND_UNICODE_CONTROL_ARGS} \"${SOURCE_CODE_DIR}/source\" \\\n    \u003eraw_sast_unicode_check_out.txt \\\n    2\u003eraw_sast_unicode_check_out.log \\\n    || FUC_EXIT_CODE=$?\nif [[ \"${FUC_EXIT_CODE}\" -ne 0 ]] \u0026\u0026 [[ \"${FUC_EXIT_CODE}\" -ne 1 ]]; then\n    echo \"Failed to run find-unicode-control command\" \u003e\u00262\n    cat raw_sast_unicode_check_out.log\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Translate the output format\nif ! sed -i raw_sast_unicode_check_out.txt -E -e 's|(.*:[0-9]+)(.*)|\\1: warning:\\2|' -e 's|^|Error: UNICONTROL_WARNING:\\n|'; then\n    echo \"Error: failed to translate the unicontrol output format\" \u003e\u00262\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\n# Process all results as configured with CSGERP_OPTS\nCSGERP_OPTS=(\n    --mode=json\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"${SCAN_PROP}\"\n    --strip-path-prefix=\"${SOURCE_CODE_DIR}\"/source/\n)\n# In order to generate csdiff/v1, we need to add the whole path of the source code as\n# sast-unicode-check only provides an URI to embed the context\nif ! csgrep \"${CSGERP_OPTS[@]}\" raw_sast_unicode_check_out.txt \u003e processed_sast_unicode_check_out.json 2\u003e processed_sast_unicode_check_out.err; then\n    echo \"Error occurred while running csgrep with CSGERP_OPTS:\"\n    cat processed_sast_unicode_check_out.err\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\ncsgrep --mode=evtstat processed_sast_unicode_check_out.json\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\n# If KFP clone failed, use the unfiltered results\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # Build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    # Append --record-excluded option if RECORD_EXCLUDED is true\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" processed_sast_unicode_check_out.json \u003e sast_unicode_check_out.json 2\u003e sast_unicode_check_out.error\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n        mv processed_sast_unicode_check_out.json sast_unicode_check_out.json\n    else\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\n# Generate sarif report\ncsgrep --mode=sarif sast_unicode_check_out.json \u003e sast_unicode_check_out.sarif\nif [[ \"${FUC_EXIT_CODE}\" -eq 0 ]]; then\n    note=\"Task sast-unicode-check success: No finding was detected\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelif [[ \"${FUC_EXIT_CODE}\" -eq 1 ]] \u0026\u0026 [[ ! -s  sast_unicode_check_out.sarif ]]; then\n    note=\"Task sast-unicode-check success: Some findings were detected, but filtered by known false positive\"\n    ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n    echo \"sast-unicode-check test failed because of the following issues:\"\n    cat sast_unicode_check_out.json\n    TEST_OUTPUT=\n    parse_test_output \"sast-unicode-check\" sarif sast_unicode_check_out.sarif  || true\n    note=\"Task sast-unicode-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url param provided. Skipping upload.'\n  exit 0;\nfi\n\nUPLOAD_FILES=\"sast_unicode_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n\n    if [ \"${UPLOAD_FILE}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-unicode-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "base-4lmvk9",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-gyuvge",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/integration2-bxjx/pipelinerun/test-component-pac-strsml-on-pull-request-zrnp9",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478/records/a35030b4-48e5-413b-9486-b9cbd7bb0133",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration\",\"commit\":\"a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"eventType\":\"pull_request\",\"pull_request-id\":30782}",
                    "results.tekton.dev/result": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T16:59:49Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:09Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRun": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRunUID": "a63346c4-ef3e-40a2-9327-dace0d209478",
                    "tekton.dev/pipelineTask": "build-image-index",
                    "tekton.dev/task": "build-image-index",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e"
                },
                "name": "test-componen388343f479387765cf5d056667401a93-build-image-index",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "test-component-pac-strsml-on-pull-request-zrnp9",
                        "uid": "a63346c4-ef3e-40a2-9327-dace0d209478"
                    }
                ],
                "resourceVersion": "73483",
                "uid": "a35030b4-48e5-413b-9486-b9cbd7bb0133"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                    },
                    {
                        "name": "COMMIT_SHA",
                        "value": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                    },
                    {
                        "name": "IMAGE_EXPIRES_AFTER",
                        "value": "5d"
                    },
                    {
                        "name": "ALWAYS_BUILD_INDEX",
                        "value": "false"
                    },
                    {
                        "name": "IMAGES",
                        "value": [
                            "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd@sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                        ]
                    },
                    {
                        "name": "BUILDAH_FORMAT",
                        "value": "docker"
                    }
                ],
                "serviceAccountName": "build-pipeline-test-component-pac-strsml",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "build-image-index"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-build-image-index:0.2@sha256:c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:00:01Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:00:01Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "test-componen388343f47938778d13905430c20f9a867759d06b1ed23b-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "c7b0f7e1f743040d99a3532abbdfddc9484f80fd559a75171c97499c3eb5d163"
                        },
                        "entryPoint": "build-image-index",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-build-image-index"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml@sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "type": "string",
                        "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                    },
                    {
                        "name": "IMAGE_URL",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                    }
                ],
                "startTime": "2026-07-01T16:59:49Z",
                "steps": [
                    {
                        "container": "step-build",
                        "imageID": "quay.io/konflux-ci/buildah-task@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                        "name": "build",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://82e11f6f104128ac3c8f43c70440c2a5cc96a9690e9ff738db544cd00cc6224c",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:59:57Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml@sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:59:53Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-create-sbom",
                        "imageID": "quay.io/konflux-ci/mobster@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                        "name": "create-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://6f508c6bf230f6b4dd6e7b8a4d1eeb89a97b03538311b75386d14cd6794bd719",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T16:59:58Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml@sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:59:58Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload-sbom",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                        "name": "upload-sbom",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://adc176b353134e923b5c2a223085ddbf87f33d37189567cf33f4e3a95401595e",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:01Z",
                            "message": "[{\"key\":\"IMAGES\",\"value\":\"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml@sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\",\"type\":1},{\"key\":\"IMAGE_DIGEST\",\"value\":\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\",\"type\":1},{\"key\":\"IMAGE_URL\",\"value\":\"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T16:59:58Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "This takes existing Image Manifests and combines them in an Image Index.",
                    "params": [
                        {
                            "description": "The target image and tag where the image will be pushed to.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Verify the TLS on the registry endpoint (for push/pull to a non-TLS registry)",
                            "name": "TLSVERIFY",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The commit the image is built from.",
                            "name": "COMMIT_SHA",
                            "type": "string"
                        },
                        {
                            "description": "List of Image Manifests to be referenced by the Image Index",
                            "name": "IMAGES",
                            "type": "array"
                        },
                        {
                            "default": "",
                            "description": "Delete image tag after specified time resulting in garbage collection of the digest. Empty means to keep the image tag. Time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.",
                            "name": "IMAGE_EXPIRES_AFTER",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Build an image index even if IMAGES is of length 1. Default true. If the image index generation is skipped, the task will forward values for params.IMAGES[0] to results.IMAGE_*. In order to properly set all results, use the repository:tag@sha256:digest format for the IMAGES parameter.",
                            "name": "ALWAYS_BUILD_INDEX",
                            "type": "string"
                        },
                        {
                            "default": "vfs",
                            "description": "Storage driver to configure for buildah",
                            "name": "STORAGE_DRIVER",
                            "type": "string"
                        },
                        {
                            "default": "oci",
                            "description": "The format for the resulting image's mediaType. Valid values are oci (default) or docker.",
                            "name": "BUILDAH_FORMAT",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Flag to enable or disable SBOM validation before save. Validation is optional - use this if you are experiencing performance issues.",
                            "name": "SBOM_SKIP_VALIDATION",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest of the image just built",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "description": "Image repository and tag where the built image was pushed",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "List of all referenced image manifests",
                            "name": "IMAGES",
                            "type": "string"
                        },
                        {
                            "description": "Image reference of the built image containing both the repository and the digest",
                            "name": "IMAGE_REF",
                            "type": "string"
                        },
                        {
                            "description": "Reference of SBOM blob digest to enable digest-based verification from provenance",
                            "name": "SBOM_BLOB_URL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "env": [
                            {
                                "name": "BUILDAH_FORMAT",
                                "value": "docker"
                            },
                            {
                                "name": "COMMIT_SHA",
                                "value": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                            },
                            {
                                "name": "IMAGE",
                                "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                            },
                            {
                                "name": "TLSVERIFY",
                                "value": "true"
                            },
                            {
                                "name": "ALWAYS_BUILD_INDEX",
                                "value": "false"
                            },
                            {
                                "name": "STORAGE_DRIVER",
                                "value": "vfs"
                            }
                        ],
                        "volumeMounts": [
                            {
                                "mountPath": "/index-build-data",
                                "name": "shared-dir"
                            },
                            {
                                "mountPath": "/mnt/trusted-ca",
                                "name": "trusted-ca",
                                "readOnly": true
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd@sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "250m",
                                    "memory": "4Gi"
                                }
                            },
                            "image": "quay.io/konflux-ci/buildah-task:latest@sha256:4c470b5a153c4acd14bf4f8731b5e36c61d7faafe09c2bf376bb81ce84aa5709",
                            "name": "build",
                            "script": "#!/bin/bash\n# Fixing group permission on /var/lib/containers\nset -eu\nset -o pipefail\nchown root:root /var/lib/containers\n\nsed -i 's/^\\s*short-name-mode\\s*=\\s*.*/short-name-mode = \"disabled\"/' /etc/containers/registries.conf\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nif [[ $# -ne 1 \u0026\u0026 \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n  echo \"Skipping image index generation while supplying multiple image inputs is unsupported.\"\n  exit 2\nfi\n\nbuildah manifest create \"$IMAGE\"\nfor i in $@\ndo\n  TOADD=\"$i\"\n  TOADD_URL=\"$(echo \"$i\" | cut -d@ -f1)\"\n  TOADD_DIGEST=\"$(echo \"$i\" | cut -d@ -f2)\"\n  if [[ $(echo \"$i\" | tr -cd \":\" | wc -c) == 2 ]]; then\n    #format is repository:tag@sha256:digest\n    #we need to remove the tag, and just reference the digest\n    #as tag + digest is not supported\n    TOADD_REPOSITORY=\"$(echo \"$i\" | cut -d: -f1)\"\n    TOADD=\"${TOADD_REPOSITORY}@${TOADD_DIGEST}\"\n  fi\n  if [[ \"$ALWAYS_BUILD_INDEX\" != \"true\" ]]; then\n    echo \"Skipping image index generation. Returning results for $TOADD.\"\n    echo -n \"${TOADD_URL}\" \u003e \"/tekton/results/IMAGE_URL\"\n    echo -n \"${TOADD_DIGEST}\" \u003e \"/tekton/results/IMAGE_DIGEST\"\n    echo -n \"${TOADD}\" \u003e \"/tekton/results/IMAGES\"\n    exit 0\n  fi\n\n  echo \"Adding $TOADD\"\n  buildah manifest add $IMAGE \"docker://$TOADD\" --all\ndone\n\necho \"Validating format consistency\"\nINCOMPATIBLE_STRING=\"vnd.oci.image.manifest\"\nINCOMPATIBLE_NAME=\"oci\"\nif [ \"$BUILDAH_FORMAT\" == \"oci\" ]; then\n  INCOMPATIBLE_STRING=\"vnd.docker.distribution.manifest\"\n  INCOMPATIBLE_NAME=\"docker\"\nfi\n\n# If mismatched formats (e.g., Docker manifests within an OCI index) exist locally, 'buildah push'\n# converts the inner manifests to match the target BUILDAH_FORMAT.\n# This alters the digests and breaks the link to the attached SBOMs.\nMANIFEST_MEDIA_TYPES=$(buildah manifest inspect \"$IMAGE\" | jq -er '.manifests[].mediaType')\nif echo \"$MANIFEST_MEDIA_TYPES\" | grep -q \"$INCOMPATIBLE_STRING\"; then\n  echo \"ERROR: Platform image contains $INCOMPATIBLE_NAME format, but index will be $BUILDAH_FORMAT\"\n  echo \"This will cause digest changes and break SBOM accessibility.\"\n  echo \"Ensure all platform images are built with buildah-format: $BUILDAH_FORMAT\"\n  exit 1\nfi\n\n# While the BUILDAH_FORMAT environment variable can define the push\n# format, lets be explicit about the format that we want when we push.\npush_format=oci\nif [ \"${BUILDAH_FORMAT}\" == \"docker\" ]; then\n  push_format=docker\nfi\n\nbuildah_retries=3\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://$IMAGE\"\nthen\n    echo \"Failed to push image ${IMAGE} to registry\"\n    exit 1\nfi\n\necho \"Pushing image to registry\"\nif ! retry buildah manifest push \\\n  --format=\"$push_format\" \\\n  --retry \"$buildah_retries\" \\\n  --tls-verify=\"$TLSVERIFY\" \\\n  --digestfile image-digest \\\n  \"$IMAGE\" \\\n  \"docker://${IMAGE%:*}:test-componen388343f479387765cf5d056667401a93-build-image-index\"\nthen\n    echo \"Failed to push image ${IMAGE%:*}:test-componen388343f479387765cf5d056667401a93-build-image-index to registry\"\n    exit 1\nfi\n\nINDEX_REPOSITORY=\"$(echo \"$IMAGE\" | cut -d@ -f1 | cut -d: -f1)\"\nMANIFEST_DIGESTS=$(buildah manifest inspect \"$IMAGE\" | jq -er \".manifests[].digest\")\nimage_manifests=\"\"\nfor i in $MANIFEST_DIGESTS\ndo\n  image_manifests=\"${image_manifests} ${INDEX_REPOSITORY}@${i},\"\ndone\n\ntee \"/tekton/results/IMAGE_DIGEST\" \u003c image-digest\necho -n \"$IMAGE\" | tee \"/tekton/results/IMAGE_URL\"\n{\n  echo -n \"${IMAGE}@\"\n  cat \"image-digest\"\n} \u003e \"/tekton/results/IMAGE_REF\"\necho -n \"${image_manifests:1:-1}\" \u003e \"/tekton/results/IMAGES\"\n\n# buildah manifest inspect will always give precedence to the local image.\n# Since we built this image in the same place as we are inspecting it, we can\n# just inspect it instead of finding the digest and inspecting the remote image.\nbuildah manifest inspect \"$IMAGE\" \u003e /index-build-data/manifest_data.json\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/mobster:1.1.0-1770046049@sha256:7415f55121f5580ac79dc6e6567383574ee5f94f97736f235a141688f02e6094",
                            "name": "create-sbom",
                            "script": "#!/bin/bash\nset -e\n\nMANIFEST_DATA_FILE=\"/index-build-data/manifest_data.json\"\nif [ ! -f \"$MANIFEST_DATA_FILE\" ]; then\n  echo \"The manifest_data.json file does not exist. Skipping the SBOM creation...\"\n  exit 0\nfi\n\nIMAGE_URL=\"$(cat \"/tekton/results/IMAGE_URL\")\"\nIMAGE_DIGEST=\"$(cat \"/tekton/results/IMAGE_DIGEST\")\"\necho \"Creating SBOM result file...\"\nmobster_args=(generate --output /index-build-data/index.spdx.json)\n\nif [ \"${SBOM_SKIP_VALIDATION}\" == \"true\" ]; then\n  echo \"Skipping SBOM validation\"\n  mobster_args+=(--skip-validation)\nfi\n\nmobster_args+=(\n  oci-index\n  --index-image-pullspec \"$IMAGE_URL\"\n  --index-image-digest \"$IMAGE_DIGEST\"\n  --index-manifest-path \"$MANIFEST_DATA_FILE\"\n)\nmobster \"${mobster_args[@]}\"\n"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.4.1@sha256:d9feec6f2ce9b10cfb76b45ea14f83b5ed9f231de7d6083291550aebe8eb09ea",
                            "name": "upload-sbom",
                            "script": "#!/bin/bash\nset -e\n\necho \"[$(date --utc -Ins)] Update CA trust\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSBOM_RESULT_FILE=\"/index-build-data/index.spdx.json\"\nif [ ! -f \"$SBOM_RESULT_FILE\" ]; then\n  echo \"The index.spdx.json file does not exists. Skipping the SBOM upload...\"\n  exit 0\nfi\n\n# Pre-select the correct credentials to work around cosign not supporting the containers-auth.json spec\nmkdir -p /tmp/auth \u0026\u0026 select-oci-auth \"$(cat \"/tekton/results/IMAGE_REF\")\" \u003e /tmp/auth/config.json\nexport DOCKER_CONFIG=/tmp/auth\n\necho \"Pushing sbom to registry\"\nif ! retry cosign attach sbom --sbom \"$SBOM_RESULT_FILE\" --type spdx \"$(cat \"/tekton/results/IMAGE_REF\")\"\nthen\n    echo \"Failed to push sbom to registry\"\n    exit 1\nfi\n\n# Remove tag from IMAGE while allowing registry to contain a port number.\nsbom_repo=\"${IMAGE%:*}\"\nsbom_digest=\"$(sha256sum \"$SBOM_RESULT_FILE\" | cut -d' ' -f1)\"\n# The SBOM_BLOB_URL is created by `cosign attach sbom`.\necho -n \"${sbom_repo}@sha256:${sbom_digest}\" | tee \"/tekton/results/SBOM_BLOB_URL\"\n",
                            "securityContext": {
                                "runAsNonRoot": false,
                                "runAsUser": 0
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "shared-dir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "base-4lmvk9",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-gyuvge",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/integration2-bxjx/pipelinerun/test-component-pac-strsml-on-pull-request-zrnp9",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478/records/c352f8e1-ff8b-4e71-9abe-8d5e9d2d9810",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration\",\"commit\":\"a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"eventType\":\"pull_request\",\"pull_request-id\":30782}",
                    "results.tekton.dev/result": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478",
                    "results.tekton.dev/stored": "true",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T17:00:02Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:09Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRun": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRunUID": "a63346c4-ef3e-40a2-9327-dace0d209478",
                    "tekton.dev/pipelineTask": "ecosystem-cert-preflight-checks",
                    "tekton.dev/task": "ecosystem-cert-preflight-checks",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e"
                },
                "name": "test-component-pac-strsml-on-puea876ff29d299d7e7ff4c62a8b62012d",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "test-component-pac-strsml-on-pull-request-zrnp9",
                        "uid": "a63346c4-ef3e-40a2-9327-dace0d209478"
                    }
                ],
                "resourceVersion": "73455",
                "uid": "c352f8e1-ff8b-4e71-9abe-8d5e9d2d9810"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                    }
                ],
                "serviceAccountName": "build-pipeline-test-component-pac-strsml",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "ecosystem-cert-preflight-checks"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:00:46Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:00:46Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "test-component-pac-strsml-o9d69babbc415401144632f56728741dd-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "b4ac586edea81dcd25dfc17f1bd57899825be2b443e48d572cd05ce058f153bb"
                        },
                        "entryPoint": "ecosystem-cert-preflight-checks",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks"
                    }
                },
                "results": [
                    {
                        "name": "ARTIFACT_TYPE",
                        "type": "string",
                        "value": "application"
                    },
                    {
                        "name": "ARTIFACT_TYPE_SET_BY",
                        "type": "string",
                        "value": "introspection"
                    },
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\", \"digests\": [\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\"]}}"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782925244\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                    }
                ],
                "startTime": "2026-07-01T17:00:02Z",
                "steps": [
                    {
                        "container": "step-introspect",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "introspect",
                        "provenance": {},
                        "results": [
                            {
                                "name": "artifact-type",
                                "type": "string",
                                "value": "application"
                            },
                            {
                                "name": "artifact-type-set-by",
                                "type": "string",
                                "value": "introspection"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://5b739bb2ab5cd7394ab9bc98c133d779cf077c603b221920cb2e932d3415cbe9",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:17Z",
                            "message": "[{\"key\":\"artifact-type\",\"value\":\"application\",\"type\":4},{\"key\":\"artifact-type-set-by\",\"value\":\"introspection\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:15Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-generate-container-auth",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "generate-container-auth",
                        "provenance": {},
                        "results": [
                            {
                                "name": "auth-json-path",
                                "type": "string",
                                "value": "/auth/auth.json"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://6d7f8664679d84b1ac7352cefbf265f88713b3adc9edc491784da310b75c0b35",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:18Z",
                            "message": "[{\"key\":\"auth-json-path\",\"value\":\"/auth/auth.json\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:18Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-set-skip-for-bundles",
                        "imageID": "quay.io/redhat-appstudio/konflux-test@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                        "name": "set-skip-for-bundles",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://86e2ba27c5bf62480bb33a1e1741deffb44b9bfcda2f4f12b77f768e4d932972",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:19Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:18Z"
                        },
                        "terminationReason": "Skipped"
                    },
                    {
                        "container": "step-app-check",
                        "imageID": "quay.io/opdev/preflight@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                        "name": "app-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://792ad5ff38cc80e50abbb5a976e835f863e9a470e833236ed7a0494d43290db0",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:44Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:19Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-app-set-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "app-set-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "images-processed",
                                "type": "string",
                                "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\", \"digests\": [\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\"]}}"
                            },
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782925244\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://fc095cdaf2d263fdc643fd5300c88ec5ffddc62545a5e2e4989fd07127889796",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:45Z",
                            "message": "[{\"key\":\"images-processed\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\\\", \\\"digests\\\": [\\\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\\\"]}}\",\"type\":4},{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782925244\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:44Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-final-outcome",
                        "imageID": "quay.io/konflux-ci/task-runner@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                        "name": "final-outcome",
                        "provenance": {},
                        "results": [
                            {
                                "name": "test-output",
                                "type": "string",
                                "value": "{\"result\":\"FAILURE\",\"timestamp\":\"1782925244\",\"note\":\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\",\"successes\":7,\"failures\":1,\"warnings\":0}"
                            }
                        ],
                        "terminated": {
                            "containerID": "containerd://08c8faec9d0238ab87dc17902752d9fc310f4a3668a43e63d16aebd4b6a60070",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:46Z",
                            "message": "[{\"key\":\"test-output\",\"value\":\"{\\\"result\\\":\\\"FAILURE\\\",\\\"timestamp\\\":\\\"1782925244\\\",\\\"note\\\":\\\"Task preflight is a FAILURE: Refer to Tekton task logs for more information\\\",\\\"successes\\\":7,\\\"failures\\\":1,\\\"warnings\\\":0}\",\"type\":4}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:46Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for certification readiness. Note that running this against an operatorbundle will result in a skip, as bundle validation is not executed through this task.",
                    "params": [
                        {
                            "description": "Image url to scan.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "introspect",
                            "description": "The type of artifact. Select from application, operatorbundle, or introspect.",
                            "name": "artifact-type",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform the image is built on.",
                            "name": "platform",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Ecosystem checks pass or fail outcome.",
                            "name": "TEST_OUTPUT",
                            "type": "string",
                            "value": "$(steps.final-outcome.results.test-output)"
                        },
                        {
                            "description": "The artifact type, either introspected or set.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type)"
                        },
                        {
                            "description": "How the artifact type was set.",
                            "name": "ARTIFACT_TYPE_SET_BY",
                            "type": "string",
                            "value": "$(steps.introspect.results.artifact-type-set-by)"
                        },
                        {
                            "description": "Collected image digests",
                            "name": "IMAGES_PROCESSED",
                            "type": "string",
                            "value": "$(steps.app-set-outcome.results.images-processed)"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "512Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "512Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_ARTIFACT_TYPE",
                                    "value": "introspect"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "introspect",
                            "results": [
                                {
                                    "description": "The type of artifact this task is considering.",
                                    "name": "artifact-type"
                                },
                                {
                                    "description": "The process that sets the artifact type. Informational.\nValues from: introspection, parameter.\n",
                                    "name": "artifact-type-set-by"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n_SET_BY=parameter\n# If the parameter is invalid, we'll introspect\nif [[ \"${PARAM_ARTIFACT_TYPE}\" != \"application\" ]] \u0026\u0026 [[ \"${PARAM_ARTIFACT_TYPE}\" != \"operatorbundle\" ]]; then\n  echo \"Artifact type will be determined by introspection.\"\n  _SET_BY=introspection\nfi\nprintf \"%s\" \"${_SET_BY}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type-set-by\"\n\nif [[ \"${_SET_BY}\" == \"parameter\" ]]; then\n  # short circuit if the artifact type was set via parameter.\n  echo \"Skipping introspection because the artifact-type parameter is explicitly set to \\\"${PARAM_ARTIFACT_TYPE}\\\".\"\n  printf \"%s\" \"${PARAM_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\n  exit 0\nfi\n\n# If the image URL points to a manifest list (a multi-arch image), check the labels on any of the child\n# images (don't fail in the case where the list does not include an image for the arch of the system\n# where this pipeline is running).\n\ndeclare -a _SKOPEO_INSPECT_ARGS\n\nskopeo_retries=3\n\necho \"Checking the media type of the OCI artifact...\"\nif ! _RAW_IMAGE_MANIFEST=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\")\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n_IMAGE_MEDIA_TYPE=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.mediaType')\necho \"The media type of the OCI artifact is ${_IMAGE_MEDIA_TYPE}.\"\n\nif [[ \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.docker.distribution.manifest.list.v2+json\" || \"${_IMAGE_MEDIA_TYPE}\" == \"application/vnd.oci.image.index.v1+json\" ]]; then\n  _CURRENT_ARCH=$(uname -m)\n  _CURRENT_OS=$(uname -s | tr '[:upper:]' '[:lower:]')\n\n  # The archs returned by uname are not always the same as the archs used by OCI manifests, so we need\n  # to map them.\n  case ${_CURRENT_ARCH} in\n    \"aarch64\")\n      _CURRENT_ARCH=\"arm64\"\n      ;;\n    \"x86_64\")\n      _CURRENT_ARCH=\"amd64\"\n      ;;\n    *)\n      ;;\n  esac\n\n  # If the manifest list contains an image for the current OS and architecture, prefer to test that.\n  _MATCHING_IMAGE_COUNT=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r \"[.manifests[] | select(.platform.os == \\\"${_CURRENT_OS}\\\" and .platform.architecture == \\\"${_CURRENT_ARCH}\\\")] | length\")\n  if [[ \"${_MATCHING_IMAGE_COUNT}\" -gt 0 ]]; then\n    echo \"Found an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}).\"\n  else\n    # If there is no image for the current OS and architecture, just use the first one in the list.\n    _INSPECT_OVERRIDE_IMAGE_OS=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.os')\n    _INSPECT_OVERRIDE_IMAGE_ARCH=$(printf \"%s\" \"${_RAW_IMAGE_MANIFEST}\" | jq -r '.manifests[0].platform.architecture')\n    _SKOPEO_INSPECT_ARGS+=(\"--override-os=${_INSPECT_OVERRIDE_IMAGE_OS}\")\n    _SKOPEO_INSPECT_ARGS+=(\"--override-arch=${_INSPECT_OVERRIDE_IMAGE_ARCH}\")\n\n    echo \"Could not find an image in the manifests for the current OS and architecture (${_CURRENT_OS}/${_CURRENT_ARCH}), inspecting the image for ${_INSPECT_OVERRIDE_IMAGE_OS}/${_INSPECT_OVERRIDE_IMAGE_ARCH} instead.\"\n  fi\nfi\n\n# Introspect based on minimum count of operator-framework related bundle labels.\necho \"Looking for image labels that indicate this might be an operator bundle...\"\n\n# We purposely do not quote the array elements here, so that they are expanded by the shell as separate args.\n# shellcheck disable=SC2068\nif ! retry skopeo inspect --retry-times \"$skopeo_retries\" ${_SKOPEO_INSPECT_ARGS[@]} \"docker://${PARAM_IMAGE_URL}\" \\\n  | jq '.Labels | keys | .[]' -r \\\n  | { grep operators.operatorframework.io.bundle || true ;} \\\n  | tee /tmp/ecosystem-image-labels\nthen\n  echo \"Failed to inspect ${PARAM_IMAGE_URL}\"\n  exit 1\nfi\n\n_OPFW_LABEL_COUNT=$(grep -c operators.operatorframework.io.bundle /tmp/ecosystem-image-labels || true)\n_MIN_LABELS=3\n\necho \"Found ${_OPFW_LABEL_COUNT} matching labels.\"\necho \"Expecting ${_MIN_LABELS} or more to identify this image as an operator bundle.\"\n\n# If the image has several labels, assume it is an operator\n_ARTIFACT_TYPE=application\n(( _OPFW_LABEL_COUNT \u003e= _MIN_LABELS )) \u0026\u0026 _ARTIFACT_TYPE=operatorbundle\n\nprintf \"%s\" \"${_ARTIFACT_TYPE}\" \u003e \"/tekton/steps/step-introspect/results/artifact-type\"\necho \"Introspection concludes that this artifact is of type \\\"${_ARTIFACT_TYPE}\\\".\"\n"
                        },
                        {
                            "computeResources": {},
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "generate-container-auth",
                            "results": [
                                {
                                    "description": "Path to auth.json",
                                    "name": "auth-json-path"
                                }
                            ],
                            "script": "_AUTH_JSON_PATH=\"/auth/auth.json\"\necho \"Selecting auth for $PARAM_IMAGE_URL\"\n# `select-oci-auth` here assumes the input credentials are at path ~/.docker/config.json\nselect-oci-auth \"$PARAM_IMAGE_URL\" \u003e \"${_AUTH_JSON_PATH}\"\n\nprintf \"%s\" \"${_AUTH_JSON_PATH}\" \u003e \"/tekton/steps/step-generate-container-auth/results/auth-json-path\"\necho \"Auth json written to \\\"${_AUTH_JSON_PATH}\\\".\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/auth",
                                    "name": "auth"
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/redhat-appstudio/konflux-test:v1.4.31@sha256:a7cae9e96663e277a3904d0c78630508ddb6cc8eebaa912a840bd20f68dcaad1",
                            "name": "set-skip-for-bundles",
                            "results": [
                                {
                                    "description": "A skipped tekton result for bundles.",
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nNOTE=\"This ecosystem check is not executed for operatorbundles.\"\n\n# shellcheck source=/dev/null\n. /utils.sh # gives us the make_result_json helper used below.\n\n# Generate TEST_OUTPUT\n# We're skipping the test, but don't use status \"SKIPPED\" because\n# it produces unwanted Conforma violations\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"${NOTE}\")\n\nprintf \"%s\" \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-set-skip-for-bundles/results/test-output\" /bundle/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/bundle",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "operatorbundle"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PFLT_DOCKERCONFIG",
                                    "value": "$(steps.generate-container-auth.results.auth-json-path)"
                                },
                                {
                                    "name": "PFLT_KONFLUX",
                                    "value": "true"
                                },
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                },
                                {
                                    "name": "PARAM_PLATFORM"
                                }
                            ],
                            "image": "quay.io/opdev/preflight:stable@sha256:0834c74012598ac7b0b0104deb947d449accd518db745047c98d1ddfcfd8ceaf",
                            "name": "app-check",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nimage_url=\"${PARAM_IMAGE_URL}\"\nplatform=\"${PARAM_PLATFORM}\"\n\nif [ -n \"$platform\" ]; then\n  # Extract part after slash if present\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n\n  # Validate against supported arch list. If it's not a known arch, return an error result\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  /usr/local/bin/preflight check container \"$image_url\" --platform \"$arch\"\nelse\n  /usr/local/bin/preflight check container \"$image_url\"\nfi\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                },
                                {
                                    "mountPath": "/auth",
                                    "name": "auth",
                                    "readOnly": true
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "PARAM_IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                }
                            ],
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "app-set-outcome",
                            "results": [
                                {
                                    "description": "The overall outcome of this task.",
                                    "name": "test-output"
                                },
                                {
                                    "description": "Processed image digests.",
                                    "name": "images-processed"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\n# Declare Supported architectures\ndeclare -a SUPPORTED_ARCHES=(amd64 arm64 ppc64le s390x)\n\nskopeo_retries=3\n\n# Initialize result vars\nPFLT_PASS_COUNT=0\nPFLT_FAIL_COUNT=0\nPFLT_ERROR_COUNT=0\nPFLT_RESULT=\"SUCCESS\"\n\n# Loop over SUPPORTED_ARCHES and process results\nfor ARCH in \"${SUPPORTED_ARCHES[@]}\"\ndo\n    # Check if results directory exits\n    RESULT_JSON_PATH=/artifacts/${ARCH}/results.json\n    if ! [ -f \"${RESULT_JSON_PATH}\" ]; then\n        continue\n    fi\n    # Process results\n    if jq -e '.passed == false' \"${RESULT_JSON_PATH}\" \u003e /dev/null; then PFLT_RESULT=\"FAILURE\"; fi\n    PFLT_PASS_COUNT=$((PFLT_PASS_COUNT+$(jq -r '.results.passed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_FAIL_COUNT=$((PFLT_FAIL_COUNT+$(jq -r '.results.failed | length' \"${RESULT_JSON_PATH}\")))\n    PFLT_ERROR_COUNT=$((PFLT_ERROR_COUNT+$(jq -r '.results.errors | length' \"${RESULT_JSON_PATH}\")))\ndone\n\n# Mark as ERROR if no results were recorded, which can occur when an unsupported or malformed\n# architecture is parsed from the `platform` parameter.\nif [[ $PFLT_FAIL_COUNT -eq 0 ]] \u0026\u0026 [[ $PFLT_PASS_COUNT -eq 0 ]] ; then PFLT_RESULT=\"ERROR\" ; fi\n\nif [[ $PFLT_ERROR_COUNT -gt 0 ]]; then PFLT_RESULT=\"ERROR\" ; fi\nPFLT_NOTE=\"Task preflight is a ${PFLT_RESULT}: Refer to Tekton task logs for more information\"\n\n# Generate TEST_OUTPUT\nTEST_OUTPUT=$(jq -rce \\\n--arg date \"$(date +%s)\" \\\n--arg note \"${PFLT_NOTE}\" \\\n--arg result \"${PFLT_RESULT}\" \\\n--arg successes \"${PFLT_PASS_COUNT}\" \\\n--arg failures \"${PFLT_FAIL_COUNT}\" \\\n--arg warnings \"0\" \\\n--null-input \\\n'{  result: $result,\n    timestamp: $date,\n    note: $note,\n    successes: $successes|tonumber,\n    failures: $failures|tonumber,\n    warnings: $warnings|tonumber\n}')\necho -n \"${TEST_OUTPUT}\" | tee \"/tekton/steps/step-app-set-outcome/results/test-output\" /artifacts/konflux.results.json\n\n# Generate IMAGES_PROCESSED\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$PARAM_IMAGE_URL\"'\", \"digests\": [%s]}}'\ndeclare -a digests_processed=()\n\n# Extract processed image digests from \"/artifacts/$arch/cert-image.json\"\nwhile read -r cert_image_file; do\n  docker_image_digest=$(jq -r '.docker_image_digest' \"$cert_image_file\")\n  if [[ -n \"$docker_image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$docker_image_digest\\\" \"* ]]; then\n    digests_processed+=(\"\\\"$docker_image_digest\\\"\")\n  fi\ndone \u003c \u003c(find /artifacts -type f -name \"cert-image.json\")\n\nimage_digest=$(retry skopeo inspect --raw --retry-times \"$skopeo_retries\" \"docker://${PARAM_IMAGE_URL}\" | sha256sum | awk '{print \"sha256:\" $1}')\nif [[ -n \"$image_digest\" \u0026\u0026 ! \" ${digests_processed[*]} \" == *\" \\\"$image_digest\\\" \"* ]]; then\n  digests_processed+=(\"\\\"$image_digest\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\nfinal_output=\"${images_processed_template/\\[%s]/[$digests_processed_string]}\"\necho -n \"${final_output}\" \u003e \"/tekton/steps/step-app-set-outcome/results/images-processed\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/artifacts",
                                    "name": "pfltoutputdir"
                                }
                            ],
                            "when": [
                                {
                                    "input": "$(steps.introspect.results.artifact-type)",
                                    "operator": "in",
                                    "values": [
                                        "application"
                                    ]
                                }
                            ]
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/task-runner:1.5.0@sha256:200019314a50be5b6dd06f362c794c92a700583a522c5eee9a41e3eab7f706c5",
                            "name": "final-outcome",
                            "results": [
                                {
                                    "name": "test-output"
                                }
                            ],
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\nset -o xtrace\n\nif [[ ! -f /mount/konflux.results.json ]]; then\n  printf \"Unable to populate the right test log output because the artifact's type is not recorded correctly. Please file a bug.\" | tee \"/tekton/steps/step-final-outcome/results/test-output\"\n  exit 91\nfi\n\ntee \"/tekton/steps/step-final-outcome/results/test-output\" \u003c /mount/konflux.results.json\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mount",
                                    "name": "pfltoutputdir"
                                }
                            ]
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "pfltoutputdir"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        },
                        {
                            "emptyDir": {},
                            "name": "auth"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "base-4lmvk9",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-gyuvge",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/integration2-bxjx/pipelinerun/test-component-pac-strsml-on-pull-request-zrnp9",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478/records/122452de-54fe-43c4-94a5-5b2c687116ee",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration\",\"commit\":\"a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"eventType\":\"pull_request\",\"pull_request-id\":30782}",
                    "results.tekton.dev/result": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T17:00:02Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:09Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRun": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRunUID": "a63346c4-ef3e-40a2-9327-dace0d209478",
                    "tekton.dev/pipelineTask": "apply-tags",
                    "tekton.dev/task": "apply-tags",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e"
                },
                "name": "test-component-pac-strsml-on-pull-request-zrnp9-apply-tags",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "test-component-pac-strsml-on-pull-request-zrnp9",
                        "uid": "a63346c4-ef3e-40a2-9327-dace0d209478"
                    }
                ],
                "resourceVersion": "73473",
                "uid": "122452de-54fe-43c4-94a5-5b2c687116ee"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE_URL",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                    }
                ],
                "serviceAccountName": "build-pipeline-test-component-pac-strsml",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "apply-tags"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-apply-tags:0.3@sha256:aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:00:17Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:00:17Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "test-component-pac-strsml-on-pull-request-zrnp9-apply-tags-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "aa62b41861c09e2e59c69cc6e9a1f740bf0c81e6a1eb03f57f59dfda0f65840e"
                        },
                        "entryPoint": "apply-tags",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-apply-tags"
                    }
                },
                "startTime": "2026-07-01T17:00:04Z",
                "steps": [
                    {
                        "container": "step-apply-additional-tags",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                        "name": "apply-additional-tags",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://8d6a3128e37c71956931aa759c3e31eef602ab300696b753860be35b04ac3e0d",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:16Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:15Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Applies additional tags to the built image.",
                    "params": [
                        {
                            "description": "Image repository and tag reference of the the built image.",
                            "name": "IMAGE_URL",
                            "type": "string"
                        },
                        {
                            "description": "Image digest of the built image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": [],
                            "description": "Additional tags that will be applied to the image in the registry.",
                            "name": "ADDITIONAL_TAGS",
                            "type": "array"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                                "--digest",
                                "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45",
                                "--tags",
                                "--tags-from-image-label",
                                "konflux.additional-tags"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "apply-tags"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:731f87170f764c8a234d2c552990a298abad8b80f05926dab393d6ca89ffcbd2",
                            "name": "apply-additional-tags"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "base-4lmvk9",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-gyuvge",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/integration2-bxjx/pipelinerun/test-component-pac-strsml-on-pull-request-zrnp9",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478/records/b14c3f59-6f42-4308-a3e1-8f11514524cc",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration\",\"commit\":\"a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"eventType\":\"pull_request\",\"pull_request-id\":30782}",
                    "results.tekton.dev/result": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T17:00:02Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:09Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRun": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRunUID": "a63346c4-ef3e-40a2-9327-dace0d209478",
                    "tekton.dev/pipelineTask": "clair-scan",
                    "tekton.dev/task": "clair-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e"
                },
                "name": "test-component-pac-strsml-on-pull-request-zrnp9-clair-scan",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "test-component-pac-strsml-on-pull-request-zrnp9",
                        "uid": "a63346c4-ef3e-40a2-9327-dace0d209478"
                    }
                ],
                "resourceVersion": "73486",
                "uid": "b14c3f59-6f42-4308-a3e1-8f11514524cc"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                    }
                ],
                "serviceAccountName": "build-pipeline-test-component-pac-strsml",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clair-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clair-scan:0.3@sha256:9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:00:46Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:00:46Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "test-component-pac-strsml-on-pull-request-zrnp9-clair-scan-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9397d3eb9f1cbebaa15e93256e0ca9eaca148baa674be72f07f4a00df63c4609"
                        },
                        "entryPoint": "clair-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clair-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\", \"digests\": [\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\"]}}\n"
                    },
                    {
                        "name": "REPORTS",
                        "type": "string",
                        "value": "{\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\":\"sha256:a4f45d2057c6aca53bead28dc7cf094c20bdbb97a898e1e8ce8bc8744ed469ae\"}\n"
                    },
                    {
                        "name": "SCAN_OUTPUT",
                        "type": "string",
                        "value": "{\"vulnerabilities\":{\"critical\":0,\"high\":0,\"medium\":0,\"low\":0,\"unknown\":0},\"unpatched_vulnerabilities\":{\"critical\":0,\"high\":0,\"medium\":147,\"low\":150,\"unknown\":0}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T17:00:46+00:00\",\"note\":\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T17:00:02Z",
                "steps": [
                    {
                        "container": "step-get-image-manifests",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "get-image-manifests",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://cb202b6e0371cef340daa74f59582be15ad825927053a917389b5ab32aa631a7",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:21Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:15Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-get-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/clair-in-ci@sha256:e030a6094b6d88b430ed049a6a59808f4b795e9d8293d72a4bbab44da8cc429f",
                        "name": "get-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://94131c8b109c98e11a16404f972f7661b313d644cb553e37588a861a6ef66e4e",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:36Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:22Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-oci-attach-report",
                        "imageID": "quay.io/konflux-ci/oras@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                        "name": "oci-attach-report",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://df0194a0e3d70a88ce4fe4b98ad75695de24d5ece36e271d26ef296e12b19c75",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:41Z",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:37Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-conftest-vulnerabilities",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                        "name": "conftest-vulnerabilities",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d55d2a102c9b716a7a115e2fa758ff06deb5e7cebb60584be8e26a4a5003a918",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:46Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\\\", \\\"digests\\\": [\\\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\\\"]}}\\n\",\"type\":1},{\"key\":\"REPORTS\",\"value\":\"{\\\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\\\":\\\"sha256:a4f45d2057c6aca53bead28dc7cf094c20bdbb97a898e1e8ce8bc8744ed469ae\\\"}\\n\",\"type\":1},{\"key\":\"SCAN_OUTPUT\",\"value\":\"{\\\"vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":0,\\\"medium\\\":0,\\\"low\\\":0,\\\"unknown\\\":0},\\\"unpatched_vulnerabilities\\\":{\\\"critical\\\":0,\\\"high\\\":0,\\\"medium\\\":147,\\\"low\\\":150,\\\"unknown\\\":0}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T17:00:46+00:00\\\",\\\"note\\\":\\\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:41Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans container images for vulnerabilities using Clair, by comparing the components of container image against Clair's vulnerability databases.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "The platform built by.",
                            "name": "image-platform",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused, should be removed in next task version.",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-oci-attach-report",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Clair scan result.",
                            "name": "SCAN_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        },
                        {
                            "description": "Mapping of image digests to report digests",
                            "name": "REPORTS",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "get-image-manifests",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\necho \"Inspecting raw image manifest $imageanddigest.\"\n\n# Get the arch and image manifests by inspecting the image. This is mainly for identifying image indexes\nimage_manifests=$(get_image_manifests -i \"${imageanddigest}\")\nif [ -n \"$image_manifests\" ]; then\n  echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"' | while read -r arch arch_sha; do\n    echo \"$arch_sha\" \u003e /tekton/home/image-manifest-$arch.sha\n  done\nelse\n  echo \"Failed to get image manifests from image \\\"$imageanddigest\\\"\"\n  note=\"Task clair-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                },
                                "requests": {
                                    "cpu": "800m",
                                    "memory": "7Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                                },
                                {
                                    "name": "IMAGE_PLATFORM"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clair-in-ci:v1",
                            "imagePullPolicy": "Always",
                            "name": "get-vulnerabilities",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n# shellcheck source=/utils.sh\n. /utils.sh\n\nimagewithouttag=$(echo -n $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\")\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\n\n# the quay report format used by the Conftest rules in the\n# conftest-vulnerabilities step doesn't contain the \"issued\" date which\n# we require in the policy rules, so we resort to running clair-action\n# twice to produce both quay and clair formatted output\nclair_report() {\n  { retry clair-action report --image-ref=\"$1\" --db-path=/tmp/matcher.db --format=clair | tee  \"clair-report-$2.json\"; } \u0026\u0026 \\\n  { retry clair-action convert  --file-path=\"clair-report-$2.json\" --format=quay \u003e \"clair-result-$2.json\"; }\n}\n\nrun_clair_on_arch() {\n  local arch=\"$1\"\n  local sha_file=\"image-manifest-$arch.sha\"\n\n  if [ -e \"$sha_file\" ]; then\n    local arch_sha\n    arch_sha=$(\u003c\"$sha_file\")\n    local digest=\"${imagewithouttag}@${arch_sha}\"\n\n    echo \"Running clair-action on $arch image manifest...\"\n    clair_report \"$digest\" \"$arch\" || true\n\n    digests_processed+=(\"\\\"$arch_sha\\\"\")\n   fi\n}\n\nplatform=\"${IMAGE_PLATFORM}\"\n\n# If a platform is specified, extract the architecture and run clair-action on the corresponding image manifest\nif [ -n \"$platform\" ]; then\n  arch=\"${platform#*/}\"\n  if [ \"$arch\" = \"x86_64\" ] || [ \"$arch\" = \"local\" ] || [ \"$arch\" = \"localhost\" ]; then\n    arch=\"amd64\"\n  fi\n  # Validate against supported arch list. If it's not a known arch, fallback to amd64\n  case \"$arch\" in\n    amd64|ppc64le|arm64|s390x)\n      ;;\n    *)\n      echo \"Error: Unsupported or malformed architecture: '$arch' (parsed from platform: '$platform')\"\n      exit 0\n      ;;\n  esac\n\n  run_clair_on_arch \"$arch\"\n\n# If no platform is specified, run clair-action on all available image manifests\nelse\n  for sha_file in image-manifest-*.sha; do\n    if [ -e \"$sha_file\" ]; then\n      arch=$(basename \"$sha_file\" | sed 's/image-manifest-//;s/.sha//')\n      run_clair_on_arch \"$arch\"\n    fi\n  done\nfi\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\n\nimages_processed=$(echo \"${images_processed_template/\\[%s]/[$digests_processed_string]}\")\necho \"$images_processed\" \u003e images-processed.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_OCI_ATTACH_REPORT",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:d126f98e16bfad71aab782eb212a5be701e2cde915d294a7bd6423a4ab448705",
                            "name": "oci-attach-report",
                            "script": "#!/usr/bin/env bash\n\nset -o errexit\nset -o nounset\nset -o pipefail\n\nif [ \"$SKIP_OCI_ATTACH_REPORT\" = \"true\" ]; then\n  echo 'OCI attach report skipped by parameter.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\nif ! compgen -G \"clair-report-*.json\" \u003e /dev/null; then\n  echo 'No Clair reports generated. Skipping upload.'\n  echo '{}' \u003e reports.json\n  exit 0\nfi\n\necho \"Selecting auth\"\nselect-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n\nrepository=\"${IMAGE_URL/:*/}\"\n\narch() {\n  report_file=\"$1\"\n  arch=\"${report_file/*-}\"\n  echo \"${arch/.json/}\"\n}\n\nMEDIA_TYPE='application/vnd.redhat.clair-report+json'\n\nreports_json=\"\"\nfor f in clair-report-*.json; do\n  digest=$(cat \"image-manifest-$(arch \"$f\").sha\")\n  image_ref=\"${repository}@${digest}\"\n  echo \"Attaching $f to ${image_ref}\"\n  if ! report_digest=\"$(retry oras attach --no-tty --format go-template='{{.digest}}' --registry-config \\\n    \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${image_ref}\" \"$f:${MEDIA_TYPE}\")\"\n  then\n    echo \"Failed to attach ${f} to ${image_ref}\"\n    exit 1\n  fi\n  # shellcheck disable=SC2016\n  reports_json=\"$(yq --output-format json --indent=0 eval-all '. as $i ireduce ({}; . * $i)' \u003c(echo \"${reports_json}\") \u003c(echo \"${digest}: ${report_digest}\"))\"\ndone\necho \"${reports_json}\" \u003e reports.json\n",
                            "workingDir": "/tekton/home"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.48@sha256:9b815268fb2bf10b5d745518da1c6568944f15816efe51adc192972b42a6e74d",
                            "name": "conftest-vulnerabilities",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nclair_result_files=$(ls /tekton/home/clair-result-*.json)\nif [ -z \"$clair_result_files\" ]; then\n  echo \"Previous step [get-vulnerabilities] failed: No clair-result files found in /tekton/home.\"\nfi\n\nmissing_vulnerabilities_files=\"\"\nfor file in $clair_result_files; do\n  file_suffix=$(basename \"$file\" | sed 's/clair-result-//;s/.json//')\n  if [ ! -s \"$file\" ]; then\n    echo \"Previous step [get-vulnerabilities] failed: $file is empty.\"\n  else\n    /usr/bin/conftest test --no-fail $file \\\n    --policy /project/clair/vulnerabilities-check.rego --namespace required_checks \\\n    --output=json | tee /tekton/home/clair-vulnerabilities-$file_suffix.json || true\n  fi\n\n  #check for missing \"clair-vulnerabilities-\u003carch\u003e/image-index\" file and create a string\n  if [ ! -f \"/tekton/home/clair-vulnerabilities-$file_suffix.json\" ]; then\n    missing_vulnerabilities_files+=\"${missing_vulnerabilities_files:+, }/tekton/home/clair-vulnerabilities-$file_suffix.json\"\n  fi\ndone\n\nif [ -n \"$missing_vulnerabilities_files\" ]; then\n  note=\"Task clair-scan failed: $missing_vulnerabilities_files did not generate. For details, check Tekton task log.\"\n  TEST_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n  echo \"$missing_vulnerabilities_files did not generate correctly. For details, check conftest command in Tekton task log.\"\n  echo \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n  exit 0\nfi\n\nscan_result='{\"vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}, \"unpatched_vulnerabilities\":{\"critical\":0, \"high\":0, \"medium\":0, \"low\":0, \"unknown\":0}}'\nfor file in /tekton/home/clair-vulnerabilities-*.json; do\n    result=$(jq -rce \\\n        '{\n            vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            },\n            unpatched_vulnerabilities:{\n              critical: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_critical_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              high: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_high_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              medium: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_medium_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              low: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_low_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0),\n              unknown: (.[] | .warnings? // [] | map(select(.metadata.details.name==\"clair_unpatched_unknown_vulnerabilities\").metadata.\"vulnerabilities_number\" // 0)| add // 0)\n            }\n        }' \"$file\")\n\n    scan_result=$(jq -s -rce \\\n          '.[0].vulnerabilities.critical += .[1].vulnerabilities.critical |\n          .[0].vulnerabilities.high += .[1].vulnerabilities.high |\n          .[0].vulnerabilities.medium += .[1].vulnerabilities.medium |\n          .[0].vulnerabilities.low += .[1].vulnerabilities.low |\n          .[0].vulnerabilities.unknown += .[1].vulnerabilities.unknown |\n          .[0].unpatched_vulnerabilities.critical += .[1].unpatched_vulnerabilities.critical |\n          .[0].unpatched_vulnerabilities.high += .[1].unpatched_vulnerabilities.high |\n          .[0].unpatched_vulnerabilities.medium += .[1].unpatched_vulnerabilities.medium |\n          .[0].unpatched_vulnerabilities.low += .[1].unpatched_vulnerabilities.low |\n          .[0].unpatched_vulnerabilities.unknown += .[1].unpatched_vulnerabilities.unknown |\n          .[0]' \u003c\u003c\u003c\"$scan_result $result\")\ndone\n\necho \"$scan_result\" | tee \"/tekton/results/SCAN_OUTPUT\"\n\ncat /tekton/home/images-processed.json | tee /tekton/results/IMAGES_PROCESSED\n# shellcheck disable=SC2154\ncat /tekton/home/reports.json \u003e \"/tekton/results/REPORTS\"\n\nnote=\"Task clair-scan completed: Refer to Tekton task result SCAN_OUTPUT for vulnerabilities scanned by Clair.\"\nTEST_OUTPUT=$(make_result_json -r \"SUCCESS\" -t \"$note\")\necho \"${TEST_OUTPUT}\" | tee /tekton/results/TEST_OUTPUT\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            }
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "base-4lmvk9",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-gyuvge",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/integration2-bxjx/pipelinerun/test-component-pac-strsml-on-pull-request-zrnp9",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478/records/506e8df6-0084-47a0-8bdf-a267b4e6fe29",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration\",\"commit\":\"a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"eventType\":\"pull_request\",\"pull_request-id\":30782}",
                    "results.tekton.dev/result": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "virus, konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T17:00:02Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:09Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRun": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRunUID": "a63346c4-ef3e-40a2-9327-dace0d209478",
                    "tekton.dev/pipelineTask": "clamav-scan",
                    "tekton.dev/task": "clamav-scan",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e"
                },
                "name": "test-component-pac-strsml-on-pull-request-zrnp9-clamav-scan",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "test-component-pac-strsml-on-pull-request-zrnp9",
                        "uid": "a63346c4-ef3e-40a2-9327-dace0d209478"
                    }
                ],
                "resourceVersion": "73458",
                "uid": "506e8df6-0084-47a0-8bdf-a267b4e6fe29"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                    }
                ],
                "serviceAccountName": "build-pipeline-test-component-pac-strsml",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "clamav-scan"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan:0.3@sha256:9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s"
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:01:03Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:01:03Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "test-component-pac-strsml-on-pull-request-zrnp9-clamav-scan-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "9f18b216ce71a66909e7cb17d9b34526c02d73cf12884ba32d1f10614f7b9f5a"
                        },
                        "entryPoint": "clamav-scan",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-clamav-scan"
                    }
                },
                "results": [
                    {
                        "name": "IMAGES_PROCESSED",
                        "type": "string",
                        "value": "{\"image\": {\"pullspec\": \"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\", \"digests\": [\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\"]}}\n"
                    },
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"timestamp\":\"1782925257\",\"namespace\":\"required_checks\",\"successes\":2,\"failures\":0,\"warnings\":0,\"result\":\"SUCCESS\",\"note\":\"All checks passed successfully\"}\n"
                    }
                ],
                "startTime": "2026-07-01T17:00:03Z",
                "steps": [
                    {
                        "container": "step-extract-and-scan-image",
                        "imageID": "quay.io/konflux-ci/clamav-db@sha256:2da6c1a37fef998b68b675505fb654b1123e3cd889c190c59b4527d11621e8fc",
                        "name": "extract-and-scan-image",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://f7dbb1ba1aa01577bdc657b08eb73a954cd322c147f18f9c1daaf9b962b6fe82",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:58Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\\\", \\\"digests\\\": [\\\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782925257\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:17Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d9a44fae1289d3b178da1fe1fac38ec8099dd31bba60ff66a464b043e13ff8b5",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:01:02Z",
                            "message": "[{\"key\":\"IMAGES_PROCESSED\",\"value\":\"{\\\"image\\\": {\\\"pullspec\\\": \\\"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\\\", \\\"digests\\\": [\\\"sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45\\\"]}}\\n\",\"type\":1},{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"timestamp\\\":\\\"1782925257\\\",\\\"namespace\\\":\\\"required_checks\\\",\\\"successes\\\":2,\\\"failures\\\":0,\\\"warnings\\\":0,\\\"result\\\":\\\"SUCCESS\\\",\\\"note\\\":\\\"All checks passed successfully\\\"}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:58Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans the content of container images and OCI artifacts for viruses, malware, and other malicious content using ClamAV antivirus scanner.",
                    "params": [
                        {
                            "description": "Image digest to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image arch.",
                            "name": "image-arch",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "unused",
                            "name": "docker-auth",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "ca-trust-config-map-name",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "ca-trust-config-map-key",
                            "type": "string"
                        },
                        {
                            "default": "8",
                            "description": "Maximum number of threads clamd runs.",
                            "name": "clamd-max-threads",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "If true, skips uploading the results to the image registry. Useful for read-only tests.",
                            "name": "skip-upload",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        },
                        {
                            "description": "Images processed in the task.",
                            "name": "IMAGES_PROCESSED",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                },
                                "requests": {
                                    "cpu": "7300m",
                                    "memory": "12Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "HOME",
                                    "value": "/work"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                                },
                                {
                                    "name": "IMAGE_ARCH"
                                },
                                {
                                    "name": "MAX_THREADS",
                                    "value": "8"
                                }
                            ],
                            "image": "quay.io/konflux-ci/clamav-db:latest",
                            "name": "extract-and-scan-image",
                            "script": "#!/usr/bin/env bash\nset -euo pipefail\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\n# Start clamd in background\n/start-clamd.sh\n\n# Bootstrap .docker config in overridden HOME.\n# This prevents 'oc' CLI failures in clean environments where ~/.docker does not exist.\nif [ ! -d ~/.docker ]; then\n    mkdir -p ~/.docker\n    echo '{}' \u003e ~/.docker/config.json\nfi\n\nimagewithouttag=$(echo $IMAGE_URL | sed \"s/\\(.*\\):.*/\\1/\" | tr -d '\\n')\n\n# strip new-line escape symbol from parameter and save it to variable\nimageanddigest=$(echo $imagewithouttag@$IMAGE_DIGEST)\n\n# check if image is attestation one, skip the clamav scan in such case\nif [[ $imageanddigest == *.att ]]\nthen\n    echo \"$imageanddigest is an attestation image. Skipping ClamAV scan.\"\n    exit 0\nfi\n\nimages_processed_template='{\"image\": {\"pullspec\": \"'\"$IMAGE_URL\"'\", \"digests\": [%s]}}'\ndigests_processed=()\nmkdir logs\nmkdir content\ncd content\necho \"Detecting artifact type for ${imageanddigest}.\"\necho '{\"artifact\":{\"pullspec\":\"'\"${imageanddigest}\"'\",\"type\":\"unknown\",\"mediaType\":\"\"}}' \u003e /work/logs/artifact-meta.json\n\n# Function to scan content and process results with ClamAV and EC\n# Parameters:\n#   $1: destination - path to the content to scan\n#   $2: suffix - suffix for log file names (e.g., \"oci\", \"amd64\")\n#   $3: digest - digest to add to digests_processed array\n#   $4: scan_message - optional message describing what is being scanned\nscan_and_process() {\n  local destination=\"$1\"\n  local suffix=\"$2\"\n  local digest=\"$3\"\n  local scan_message=\"${4:-Scanning content}\"\n\n  db_version=$(clamdscan --version | sed 's|.*/\\(.*\\)/.*|\\1|')\n\n  echo \"$scan_message. This operation may take a while.\"\n  clamdscan \"${destination}\" -vi --multiscan --fdpass \\\n    | tee \"/work/logs/clamscan-result-${suffix}.log\" || true\n\n  echo \"Executed-on: Scan was executed on clamsdcan version - $(clamdscan --version) Database version: $db_version\" | tee -a \"/work/logs/clamscan-result-${suffix}.log\"\n\n  digests_processed+=(\"\\\"$digest\\\"\")\n\n  if [[ -e \"/work/logs/clamscan-result-${suffix}.log\" ]]; then\n    # OPA/EC requires structured data input, add clamAV log into json\n    jq -Rs '{ output: . }' \"/work/logs/clamscan-result-${suffix}.log\" \u003e \"/work/logs/clamscan-result-log-${suffix}.json\"\n\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o json \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" || true\n\n    # workaround: due to a bug in ec-cli, we cannot generate json and appstudio output at the same time, running it again\n    EC_EXPERIMENTAL=1 ec test \\\n      --namespace required_checks \\\n      --policy /project/clamav/virus-check.rego \\\n      -o appstudio \\\n      \"/work/logs/clamscan-result-log-${suffix}.json\" | tee \"/work/logs/clamscan-ec-test-${suffix}.json\" || true\n\n    cat \"/work/logs/clamscan-ec-test-${suffix}.json\"\n  fi\n}\n\n# Detect artifact type: container image vs OCI artifact\n# First, try to get image manifests (works for container images)\n# Use subshell to prevent get_image_manifests() from exiting the main script if it fails\n# (get_image_manifests uses exit 1 when Architecture field is missing, which happens for OCI artifacts)\nimage_manifests=$(bash -c '. /utils.sh; get_image_manifests -i \"'\"${imageanddigest}\"'\"' 2\u003e/dev/null || echo \"\")\n\n# If get_image_manifests failed, check if it's an OCI artifact by inspecting manifest media type\nif [ -z \"$image_manifests\" ]; then\n  echo \"get_image_manifests returned empty, checking if this is an OCI artifact...\"\n  raw_manifest=$(skopeo inspect --raw --authfile ~/.docker/config.json \"docker://${imageanddigest}\" 2\u003e/dev/null || true)\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"inspected\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n\n  if [ -n \"$raw_manifest\" ]; then\n    media_type=$(echo \"$raw_manifest\" | jq -r '.mediaType // .config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n    artifact_type=$(echo \"$raw_manifest\" | jq -r '.artifactType // empty' 2\u003e/dev/null || echo \"\")\n    config_media_type=$(echo \"$raw_manifest\" | jq -r '.config.mediaType // empty' 2\u003e/dev/null || echo \"\")\n\n    # Determine if this is an OCI artifact (not a container image)\n    # OCI artifacts typically have:\n    # - An empty/scratch config (config.mediaType contains \"empty\" or \"scratch\")\n    # - An explicit artifactType field that is not a container image type\n    is_oci_artifact=false\n\n    # Check if config is empty/scratch (typical for OCI artifacts like python wheels, helm charts, etc.)\n    if echo \"$config_media_type\" | grep -qiE \"(empty|scratch)\"; then\n      is_oci_artifact=true\n    fi\n\n    # Check if artifactType is set and is not a container image type\n    if [ -n \"$artifact_type\" ] \u0026\u0026 ! echo \"$artifact_type\" | grep -qE \"application/vnd\\.(oci|docker)\\.(image|container)\"; then\n      is_oci_artifact=true\n    fi\n\n    if [ \"$is_oci_artifact\" = true ]; then\n      # This is an OCI artifact (e.g., python wheels, helm charts, etc.)\n      echo \"Detected OCI artifact (artifactType: ${artifact_type:-unset}, config.mediaType: ${config_media_type:-unset}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.artifactType = '\"\\\"${artifact_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    elif echo \"$media_type\" | grep -qE \"(application/vnd\\.(docker|oci)\\.(distribution|image)\\.manifest|application/vnd\\.docker\\.distribution\\.manifest)\"; then\n      # This looks like a container image manifest, but get_image_manifests failed\n      echo \"Detected container image manifest type: $media_type, but get_image_manifests failed. This may indicate an error.\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"$media_type\\\"\"' | .artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      note=\"Task clamav-scan failed: Failed to get image manifests from image \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n      ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n      echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n      exit 0\n    else\n      # Likely an OCI artifact with non-standard media type\n      echo \"Detected OCI artifact (media type: ${media_type:-unknown}). Downloading for scanning...\"\n      if [ -s /work/logs/artifact-meta.json ]; then\n        tmp=$(mktemp)\n        if jq '.artifact.mediaType = '\"\\\"${media_type:-unknown}\\\"\"' | .artifact.type = \"oci\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n          mv \"$tmp\" /work/logs/artifact-meta.json || true\n        fi\n      fi\n      destination=\"content-oci\"\n      mkdir -p \"$destination\"\n\n      # Download OCI artifact using skopeo copy\n      echo \"Downloading OCI artifact using skopeo copy\"\n      if ! retry skopeo copy --authfile ~/.docker/config.json \"docker://${imageanddigest}\" \"dir:${destination}\" 2\u003e\u00261; then\n        echo \"Failed to download OCI artifact \\\"$imageanddigest\\\". Skipping ClamAV scan!\"\n        note=\"Task clamav-scan failed: Failed to download OCI artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n        ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n        echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n        exit 0\n      fi\n\n      # Scan and process OCI artifact\n      scan_and_process \"${destination}\" \"oci\" \"$IMAGE_DIGEST\" \"Scanning OCI artifact\"\n\n      # Skip the container image processing path\n      image_manifests=\"\"\n    fi\n  else\n    echo \"Failed to inspect artifact \\\"$imageanddigest\\\". Unable to determine type.\"\n    note=\"Task clamav-scan failed: Failed to inspect artifact \\\"$imageanddigest\\\". For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r \"ERROR\" -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 0\n  fi\nfi\n\n# Process container images (existing logic)\nif [ -n \"$image_manifests\" ]; then\n  echo \"Detected container image. Processing image manifests.\"\n  if [ -s /work/logs/artifact-meta.json ]; then\n    tmp=$(mktemp)\n    if jq '.artifact.type = \"image\"' /work/logs/artifact-meta.json \u003e \"$tmp\"; then\n      mv \"$tmp\" /work/logs/artifact-meta.json || true\n    fi\n  fi\n  # Proceed only if a specific arch is provided.\n  # This typically occurs when using Tekton Matrix to launch multiple TaskRuns to scan all architectures of a multi-arch image in parallel.\n  if [ -n \"$IMAGE_ARCH\" ]; then\n    arch=\"${IMAGE_ARCH#*/}\"\n    if [ \"${arch}\" = \"x86_64\" ]; then\n      arch=\"amd64\"\n    fi\n\n    # Check if arch is supported; if not (e.g., it's 'local', see link below), default to amd64.\n    # https://github.com/redhat-appstudio/infra-deployments/blob/main/components/multi-platform-controller/production/stone-prd-rh01/host-config.yaml#L9-L14\n    case \"$arch\" in\n      amd64|ppc64le|arm64|s390x)\n        ;;\n      *)\n        arch=\"amd64\"\n        ;;\n    esac\n\n    image_manifests=$(echo \"$image_manifests\" | jq -c --arg arch \"$arch\" '{($arch): .[$arch]}')\n  fi\n\n  while read -r arch arch_sha; do\n    destination=$(echo content-$arch)\n    mkdir -p \"$destination\"\n    arch_imageanddigest=$(echo $imagewithouttag@$arch_sha)\n\n    echo \"Running \\\"oc image extract\\\" on image of arch $arch\"\n    retry oc image extract --only-files=true --registry-config ~/.docker/config.json \"$arch_imageanddigest\" --path=\"/:${destination}\" --filter-by-os=\"linux/${arch}\"\n    if [ $? -ne 0 ]; then\n      echo \"Unable to extract image for arch $arch. Skipping ClamAV scan!\"\n      exit 0\n    fi\n\n    # Scan and process container image for this architecture\n    scan_and_process \"${destination}\" \"$arch\" \"$arch_sha\" \"Scanning image for arch $arch\"\n  done \u003c \u003c(echo \"$image_manifests\" | jq -r 'to_entries[] | \"\\(.key) \\(.value)\"')\nfi\n\njq -s -rce '\n  reduce .[] as $item ({\"timestamp\":\"0\",\"namespace\":\"\",\"successes\":0,\"failures\":0,\"warnings\":0,\"result\":\"\",\"note\":\"\"};\n    {\n    \"timestamp\" : (if .timestamp \u003c $item.timestamp then $item.timestamp else .timestamp end),\n    \"namespace\" : $item.namespace,\n    \"successes\" : (.successes + $item.successes),\n    \"failures\" : (.failures + $item.failures),\n    \"warnings\" : (.warnings + $item.warnings),\n    \"result\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.result else .result end),\n    \"note\" : (if .result == \"\" or ($item.result == \"SKIPPED\" and .result == \"SUCCESS\") or ($item.result == \"WARNING\" and (.result == \"SUCCESS\" or .result == \"SKIPPED\")) or ($item.result == \"FAILURE\" and .result != \"ERROR\") or $item.result == \"ERROR\" then $item.note else .note end)\n    })' /work/logs/clamscan-ec-test-*.json | tee /tekton/results/TEST_OUTPUT\n\n# If the image is an Image Index, also add the Image Index digest to the list.\nif [[ \"${digests_processed[*]}\" != *\"$IMAGE_DIGEST\"* ]]; then\n  digests_processed+=(\"\\\"$IMAGE_DIGEST\\\"\")\nfi\n\ndigests_processed_string=$(IFS=,; echo \"${digests_processed[*]}\")\necho \"${images_processed_template/\\[%s]/[$digests_processed_string]}\" | tee /tekton/results/IMAGES_PROCESSED\n",
                            "securityContext": {
                                "capabilities": {
                                    "add": [
                                        "SETFCAP"
                                    ]
                                }
                            },
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SKIP_UPLOAD",
                                    "value": "false"
                                },
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\n# Skip upload if requested e.g. read-only CI tests where push access is denied\nif [ \"$SKIP_UPLOAD\" == \"true\" ]; then\n  echo \"Upload skipped by parameter.\"\n  exit 0\nfi\n\n# Don't return a glob expression when no matches are found\nshopt -s nullglob\n\ncd logs\n\nfor UPLOAD_FILE in clamscan-result*.log; do\n  MEDIA_TYPE=text/vnd.clamav\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\nfor UPLOAD_FILE in clamscan-ec-test*.json; do\n  MEDIA_TYPE=application/vnd.konflux.test_output+json\n  args+=(\"${UPLOAD_FILE}:${MEDIA_TYPE}\")\ndone\n\nif [ -z \"${args}\" ]; then\n  echo \"No files found. Skipping upload.\"\n  exit 0;\nfi\n\necho \"Selecting auth\"\nselect-oci-auth $IMAGE_URL \u003e $HOME/auth.json\necho \"Attaching to ${IMAGE_URL}\"\n retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type application/vnd.clamav \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${args[@]}\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/work",
                                    "name": "work"
                                },
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/work"
                        }
                    ],
                    "volumes": [
                        {
                            "emptyDir": {},
                            "name": "dbfolder"
                        },
                        {
                            "emptyDir": {},
                            "name": "work"
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-8fc7f25ca4",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "base-4lmvk9",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-gyuvge",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/integration2-bxjx/pipelinerun/test-component-pac-strsml-on-pull-request-zrnp9",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478/records/ecc00f91-00c4-49c2-8938-a44918318fe1",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration\",\"commit\":\"a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"eventType\":\"pull_request\",\"pull_request-id\":30782}",
                    "results.tekton.dev/result": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "image-build, appstudio",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T17:00:02Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:08Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "build.appstudio.redhat.com/build_type": "docker",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRun": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRunUID": "a63346c4-ef3e-40a2-9327-dace0d209478",
                    "tekton.dev/pipelineTask": "push-dockerfile",
                    "tekton.dev/task": "push-dockerfile",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e"
                },
                "name": "test-component-pac-strsml-on-pull-request-zrnp9-push-dockerfile",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "test-component-pac-strsml-on-pull-request-zrnp9",
                        "uid": "a63346c4-ef3e-40a2-9327-dace0d209478"
                    }
                ],
                "resourceVersion": "73443",
                "uid": "ecc00f91-00c4-49c2-8938-a44918318fe1"
            },
            "spec": {
                "params": [
                    {
                        "name": "IMAGE",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                    },
                    {
                        "name": "IMAGE_DIGEST",
                        "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                    },
                    {
                        "name": "DOCKERFILE",
                        "value": "Dockerfile"
                    },
                    {
                        "name": "CONTEXT",
                        "value": "."
                    }
                ],
                "serviceAccountName": "build-pipeline-test-component-pac-strsml",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "push-dockerfile"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile:0.3@sha256:64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-143838c0ca"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:00:19Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:00:19Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "test-component-pac-strsml-oe38b7be0b2b36e10504f852d67ac6752-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "64210c6d94ab467e1f8e1666e037060bd73942d65f5044bb63804470667ab3a2"
                        },
                        "entryPoint": "push-dockerfile",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-push-dockerfile"
                    }
                },
                "results": [
                    {
                        "name": "IMAGE_REF",
                        "type": "string",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml@sha256:3a02027129fb386777356641bcd56fe6e4cccf5cef56328bb15b663816645f0b"
                    }
                ],
                "startTime": "2026-07-01T17:00:06Z",
                "steps": [
                    {
                        "container": "step-push",
                        "imageID": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                        "name": "push",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://d571948d8cf0a8a5b5c02f844af3ac31b238f2093d86ec5426007e8acc57f5e7",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:18Z",
                            "message": "[{\"key\":\"IMAGE_REF\",\"value\":\"quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml@sha256:3a02027129fb386777356641bcd56fe6e4cccf5cef56328bb15b663816645f0b\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:16Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Discover Dockerfile from source code and push it to registry as an OCI artifact.",
                    "params": [
                        {
                            "description": "The built binary image. The Dockerfile is pushed to the same image repository alongside.",
                            "name": "IMAGE",
                            "type": "string"
                        },
                        {
                            "description": "The built binary image digest, which is used to construct the tag of Dockerfile image.",
                            "name": "IMAGE_DIGEST",
                            "type": "string"
                        },
                        {
                            "default": "./Dockerfile",
                            "description": "Path to the Dockerfile.",
                            "name": "DOCKERFILE",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Path to the directory to use as context.",
                            "name": "CONTEXT",
                            "type": "string"
                        },
                        {
                            "default": ".dockerfile",
                            "description": "Suffix of the Dockerfile image tag.",
                            "name": "TAG_SUFFIX",
                            "type": "string"
                        },
                        {
                            "default": "application/vnd.konflux.dockerfile",
                            "description": "Artifact type of the Dockerfile image.",
                            "name": "ARTIFACT_TYPE",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "CA_TRUST_CONFIG_MAP_NAME",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "CA_TRUST_CONFIG_MAP_KEY",
                            "type": "string"
                        },
                        {
                            "default": "info",
                            "description": "Log level to use in the task. See golang logrus docs for available levels.",
                            "name": "LOG_LEVEL",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Digest-pinned image reference to the Dockerfile image.",
                            "name": "IMAGE_REF",
                            "type": "string"
                        }
                    ],
                    "stepTemplate": {
                        "computeResources": {},
                        "volumeMounts": [
                            {
                                "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                "name": "trusted-ca",
                                "readOnly": true,
                                "subPath": "ca-bundle.crt"
                            }
                        ]
                    },
                    "steps": [
                        {
                            "args": [
                                "--source",
                                "source",
                                "--context",
                                ".",
                                "--containerfile",
                                "Dockerfile",
                                "--image-url",
                                "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                                "--image-digest",
                                "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45",
                                "--artifact-type",
                                "application/vnd.konflux.dockerfile",
                                "--tag-suffix",
                                ".dockerfile",
                                "--result-path-image-ref",
                                "/tekton/results/IMAGE_REF",
                                "--alternative-filename",
                                "Dockerfile"
                            ],
                            "command": [
                                "konflux-build-cli",
                                "image",
                                "push-containerfile"
                            ],
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KBC_LOG_LEVEL",
                                    "value": "info"
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-build-cli@sha256:b5d20c85efa96affda92b32ca50590aa72231b43484637b2547e2d4c8c808fa0",
                            "name": "push",
                            "workingDir": "/workspace/workspace"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "description": "Workspace containing the source code from where the Dockerfile is discovered.",
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-8fc7f25ca4",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "base-4lmvk9",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-gyuvge",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/integration2-bxjx/pipelinerun/test-component-pac-strsml-on-pull-request-zrnp9",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478/records/1204bb05-034b-4888-b9b9-53c6e8b99be6",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration\",\"commit\":\"a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"eventType\":\"pull_request\",\"pull_request-id\":30782}",
                    "results.tekton.dev/result": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T17:00:02Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:09Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRun": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRunUID": "a63346c4-ef3e-40a2-9327-dace0d209478",
                    "tekton.dev/pipelineTask": "sast-snyk-check",
                    "tekton.dev/task": "sast-snyk-check",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e"
                },
                "name": "test-component-pac-strsml-on-pull-request-zrnp9-sast-snyk-check",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "test-component-pac-strsml-on-pull-request-zrnp9",
                        "uid": "a63346c4-ef3e-40a2-9327-dace0d209478"
                    }
                ],
                "resourceVersion": "73465",
                "uid": "1204bb05-034b-4888-b9b9-53c6e8b99be6"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                    }
                ],
                "serviceAccountName": "build-pipeline-test-component-pac-strsml",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-snyk-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check:0.4@sha256:ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-143838c0ca"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:00:18Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:00:18Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "test-component-pac-strsml-o285bdcdcb0726800640301e607f2232c-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "ecb0583a01bf8dfd86b58f7d929387b1050a3dbdbdc6a8be8cd40181041cc335"
                        },
                        "entryPoint": "sast-snyk-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SKIPPED\",\"timestamp\":\"2026-07-01T17:00:17+00:00\",\"note\":\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T17:00:02Z",
                "steps": [
                    {
                        "container": "step-sast-snyk-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-snyk-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://9fde450b0590d250af27714b2670adc6262b098a7b191e75d884d93de2a2d3c1",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:17Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T17:00:17+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:15Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://4e4bdd6190dfdcccfca4b70d416f67310c33532102f0cdcb1b48b61cc2c2ca4f",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:17Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SKIPPED\\\",\\\"timestamp\\\":\\\"2026-07-01T17:00:17+00:00\\\",\\\"note\\\":\\\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/)\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:17Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "Scans source code for security vulnerabilities, including common issues such as SQL injection, cross-site scripting (XSS), and code injection attacks using Snyk Code, a Static Application Security Testing (SAST) tool.\n\nFollow the steps given [here](https://konflux-ci.dev/docs/testing/build/snyk/) to obtain a snyk-token and to enable the snyk task in a Pipeline.\n\nThe snyk binary used in this Task comes from a container image defined in https://github.com/konflux-ci/konflux-test\n\nSee https://snyk.io/product/snyk-code/ and https://snyk.io/ for more information about the snyk tool.",
                    "params": [
                        {
                            "default": "snyk-secret",
                            "description": "Name of secret which contains Snyk token.",
                            "name": "SNYK_SECRET",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Append arguments.",
                            "name": "ARGS",
                            "type": "string"
                        },
                        {
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "description": "Digest of the image to scan.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Report only important findings in task result. Default is \"true\". To report all findings in task result, specify \"false\". Uploaded SARIF report to remote registry always includes all findings, regardless of severity level.",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Write excluded records in file. Useful for auditing (defaults to false).",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Directories or files to be excluded from Snyk scan (Comma-separated). Useful to split the directories of a git repo across multiple components.",
                            "name": "IGNORE_FILE_PATHS",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "6Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "6Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "SNYK_SECRET",
                                    "value": "snyk-secret"
                                },
                                {
                                    "name": "ARGS"
                                },
                                {
                                    "name": "IGNORE_FILE_PATHS"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-snyk-check",
                            "script": "#!/usr/bin/env bash\n\nset -euo pipefail\n# shellcheck source=/dev/null\n. /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\n# Installation of Red Hat certificates for cloning Red Hat internal repositories\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nSNYK_TOKEN_PATH=\"/etc/secrets/snyk_token\"\nif [ -f \"${SNYK_TOKEN_PATH}\" ] \u0026\u0026 [ -s \"${SNYK_TOKEN_PATH}\" ]; then\n  # SNYK token is provided\n  SNYK_TOKEN=\"$(cat ${SNYK_TOKEN_PATH})\"\n  export SNYK_TOKEN\nelse\n  # According to shellcheck documentation, the following error can be ignored as it is ignored through indirection: https://www.shellcheck.net/wiki/SC2034\n  # shellcheck disable=SC2034\n  to_enable_snyk='[here](https://konflux-ci.dev/docs/testing/build/snyk/)'\n  note=\"Task sast-snyk-check skipped: If you wish to use the Snyk code SAST task, please create a secret name snyk-secret with the key 'snyk_token' containing the Snyk token by following the steps given ${to_enable_snyk}\"\n  TEST_OUTPUT=$(make_result_json -r SKIPPED -t \"$note\")\n  echo \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n  exit 0\nfi\n\nSNYK_EXIT_CODE=0\nSOURCE_CODE_DIR=/workspace/workspace\n\n# We ignore files using snyk ignore if the user set up the IGNORE_FILE_PATHS variable.\n(cd \"${SOURCE_CODE_DIR}\" \u0026\u0026 IFS=\",\" \u0026\u0026 for path in $IGNORE_FILE_PATHS; do\n  snyk ignore --file-path=\"source/${path}\"\ndone)\n\nset +e\necho \"INFO: Running 'snyk code test'..\"\n# We do want to expand ARGS (it can be multiple CLI flags, not just one)\n# shellcheck disable=SC2086\n\n# Generate full paths for each directory in TARGET_DIRS\nIFS=\",\" read -ra TARGETS_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGETS_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # Ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ ! \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\n\n  # Ensure directory exists\n  if [ ! -d \"$resolved_path\" ]; then\n    echo \"Warning: Directory $resolved_path does not exist, skipping\"\n    continue\n  fi\n\n  echo \"INFO: Scanning directory: $resolved_path\"\n  # We do want to expand ARGS (it can be multiple CLI flags, not just one)\n  # shellcheck disable=SC2086\n  snyk code test $ARGS \"$resolved_path\" --max-depth=1 --sarif-file-output=\"${resolved_path}/sast_snyk_check_out_${d//\\//_}.json\" 1\u003e\u00262\u003e\u003e stdout.txt\n  cmd_exit_code=$?\n  # Track the exit code: if any snyk command fails, preserve the failure\n  # Exit codes: 0 = success, 1 = vulnerabilities found, 2 = error, 3 = no supported files\n  # Error codes (2+) always override, warning codes (1,3) only if no previous error\n  if [[ \"$cmd_exit_code\" -ne 0 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 1 ]] \u0026\u0026 [[ \"$cmd_exit_code\" -ne 3 ]]; then\n    SNYK_EXIT_CODE=$cmd_exit_code\n  fi\n\ndone\n\n# Merge all SARIF outputs\nfind \"$SOURCE_CODE_DIR\" -name \"sast_snyk_check_out_*.json\" -exec cat {} + \u003e \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\nset -e\ntest_not_skipped=0\nSKIP_MSG=\"We found 0 supported files\"\ngrep -q \"$SKIP_MSG\" stdout.txt || test_not_skipped=$?\n\nif [[ \"$SNYK_EXIT_CODE\" -eq 0 ]] || [[ \"$SNYK_EXIT_CODE\" -eq 1 ]]; then\n  # Check if the merged SARIF file has content - this could happen if the snyk scan found no findings\n  if [ ! -s \"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\" ]; then\n    echo \"WARN: No JSON output files were generated by snyk scan\"\n    # Get snyk version for proper SARIF metadata\n    SNYK_VERSION=$(snyk --version 2\u003e/dev/null | head -1 | tr -d '\\n' || echo \"unknown\")\n    # Create a valid minimal SARIF structure using jq\n    # Note: coverage array is required even when empty because downstream jq commands expect it\n    jq -n --arg version \"$SNYK_VERSION\" '{\n      \"$schema\": \"https://json.schemastore.org/sarif-2.1.0.json\",\n      \"version\": \"2.1.0\",\n      \"runs\": [{\n        \"tool\": {\n          \"driver\": {\n            \"name\": \"snyk\",\n            \"version\": $version,\n            \"informationUri\": \"https://snyk.io\"\n          }\n        },\n        \"results\": [],\n        \"properties\": {\n          \"coverage\": []\n        }\n      }]\n    }' \u003e\"${SOURCE_CODE_DIR}/sast_snyk_check_out.json\"\n  fi\n\n  # In order to generate csdiff/v1, we need to add the whole path of the source code as Snyk only provides an URI to embed the context\n  (cd  \"${SOURCE_CODE_DIR}\" \u0026\u0026 csgrep --mode=json --embed-context=3 \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json) \\\n    | csgrep --mode=json --strip-path-prefix=\"source/\"  \\\n    \u003e sast_snyk_check_out_all_findings.json\n\n  echo \"INFO: Initial results:\"\n  csgrep --mode=evtstat sast_snyk_check_out_all_findings.json\n\n  if [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\n  fi\n  PROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n  # create the KFP clone directory regardless\n  KFP_DIR=\"known-false-positives\"\n  KFP_CLONED=\"0\"\n  mkdir \"${KFP_DIR}\"\n\n  # We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\n  if [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n      echo \"INFO: Trying to clone known-false-positives..\"\n      git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\n  fi\n\n  if [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone know-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\n    mv sast_snyk_check_out_all_findings.json filtered_sast_snyk_check_out.json\n  else\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    CMD=(\n      csfilter-kfp\n      --verbose\n      --kfp-dir=\"${KFP_DIR}\"\n      --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [ \"${RECORD_EXCLUDED}\" == \"true\" ]; then\n      CMD+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    set +e\n    \"${CMD[@]}\" sast_snyk_check_out_all_findings.json \u003e filtered_sast_snyk_check_out.json\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n      echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n      echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\n    echo \"INFO: Results after filtering:\"\n    (set -x \u0026\u0026 csgrep --mode=evtstat filtered_sast_snyk_check_out.json)\n  fi\n\n  # Generation of scan stats\n\n  total_files=$(jq '[.runs[0].properties.coverage[].files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n  supported_files=$(jq '[.runs[0].properties.coverage[] | select(.type == \"SUPPORTED\") | .files] | add' \"${SOURCE_CODE_DIR}\"/sast_snyk_check_out.json)\n\n  # We make sure the values are 0 if no supported/total files are found\n  if [ \"$total_files\" = \"null\" ] || [ -z \"$total_files\" ]; then\n    total_files=0\n  fi\n\n  if [ \"$supported_files\" = \"null\" ] || [ -z \"$supported_files\" ]; then\n    supported_files=0\n  fi\n\n  coverage_ratio=0\n  if (( total_files \u003e 0 )); then\n      coverage_ratio=$((supported_files * 100 / total_files))\n  fi\n\n  # embed stats in results file and convert to SARIF\n  csgrep --mode=sarif --set-scan-prop snyk-scanned-files-coverage:\"${coverage_ratio}\" \\\n                      --set-scan-prop snyk-scanned-files-success:\"${supported_files}\"  \\\n                      --set-scan-prop snyk-scanned-files-total:\"${total_files}\" \\\n                      filtered_sast_snyk_check_out.json  \u003e sast_snyk_check_out.sarif\n\n  # Create filtered SARIF for Tekton task result based on IMP_FINDINGS_ONLY parameter\n  if [ \"${IMP_FINDINGS_ONLY}\" == \"true\" ]; then\n    # Filter to only \"error\" level or higher (high/critical severity) for Tekton task result\n    # In SARIF, defects are given a level like \"error\" or \"warning\". Snyk maps \"high\" level findings to \"error\".\n    # - \"error\" → importance level 1\n    # - \"warning\" (or missing level) → importance level 0\n    RESULT_SARIF=\"result_sast_snyk_check_out.sarif\"\n    csgrep --mode=sarif --imp-level 1 sast_snyk_check_out.sarif \u003e \"$RESULT_SARIF\"\n  else\n    # Use all findings for Tekton task result\n    RESULT_SARIF=\"sast_snyk_check_out.sarif\"\n  fi\n\n  TEST_OUTPUT=\n  parse_test_output \"sast-snyk-check\" sarif \"$RESULT_SARIF\"  || true\n\n# When the test is skipped, the \"SNYK_EXIT_CODE\" is 3 and it can also be 3 in some other situation\nelif [[ \"$test_not_skipped\" -eq 0 ]]; then\n  note=\"Task sast-snyk-check success: Snyk code test found zero supported files.\"\n  ERROR_OUTPUT=$(make_result_json -r SUCCESS -t \"$note\")\nelse\n  echo \"sast-snyk-check test failed because of the following issues:\"\n  cat stdout.txt\n  note=\"Task sast-snyk-check failed: For details, check Tekton task log.\"\n  ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\nfi\necho \"${TEST_OUTPUT:-${ERROR_OUTPUT}}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/secrets",
                                    "name": "snyk-secret",
                                    "readOnly": true
                                },
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\n\nif [ -z \"${IMAGE_URL}\" ]; then\n  echo 'No image-url provided. Skipping upload.'\n  exit 0\nfi\n\nUPLOAD_FILES=\"sast_snyk_check_out.sarif excluded-findings.json\"\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n      echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n      continue\n    fi\n    if [ \"${UPLOAD_FILES}\" == \"excluded-findings.json\" ]; then\n        MEDIA_TYPE=application/json\n    else\n        MEDIA_TYPE=application/sarif+json\n    fi\n    echo \"Selecting auth\"\n    select-oci-auth \"${IMAGE_URL}\" \u003e \"${HOME}/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach to ${IMAGE_URL}\"\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-snyk-check"
                        }
                    ],
                    "volumes": [
                        {
                            "name": "snyk-secret",
                            "secret": {
                                "optional": true,
                                "secretName": "snyk-secret"
                            }
                        },
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        },
        {
            "apiVersion": "tekton.dev/v1",
            "kind": "TaskRun",
            "metadata": {
                "annotations": {
                    "build.appstudio.openshift.io/repo": "https://github.com/redhat-appstudio-qe/konflux-test-integration?rev=a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/commit_sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "build.appstudio.redhat.com/pull_request_number": "30782",
                    "build.appstudio.redhat.com/target_branch": "base-4lmvk9",
                    "chains.tekton.dev/signed": "true",
                    "pipeline.tekton.dev/affinity-assistant": "affinity-assistant-8fc7f25ca4",
                    "pipeline.tekton.dev/release": "9db88e0",
                    "pipelinesascode.tekton.dev/branch": "base-4lmvk9",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/controller-info": "{\"name\":\"default\",\"configmap\":\"pipelines-as-code\",\"secret\":\"pipelines-as-code-secret\", \"gRepo\": \"pipelines-as-code\"}",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/git-auth-secret": "pac-gitauth-gyuvge",
                    "pipelinesascode.tekton.dev/git-provider": "github",
                    "pipelinesascode.tekton.dev/installation-id": "72200095",
                    "pipelinesascode.tekton.dev/log-url": "https://100.30.165.125:9443/ns/integration2-bxjx/pipelinerun/test-component-pac-strsml-on-pull-request-zrnp9",
                    "pipelinesascode.tekton.dev/max-keep-runs": "3",
                    "pipelinesascode.tekton.dev/on-cel-expression": "event == \"pull_request\" \u0026\u0026 target_branch == \"base-4lmvk9\"",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/scm-reporting-plr-started": "true",
                    "pipelinesascode.tekton.dev/sender": "konflux-ci-e2e-tests[bot]",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/sha-title": "konflux-ci e2e-tests update test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration/commit/a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/source-branch": "konflux-test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/source-repo-url": "https://github.com/redhat-appstudio-qe/konflux-test-integration",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "results.tekton.dev/childReadyForDeletion": "true",
                    "results.tekton.dev/record": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478/records/e7736640-52fc-4369-ad8b-d5a38318bf4f",
                    "results.tekton.dev/recordSummaryAnnotations": "{\"repo\":\"konflux-test-integration\",\"commit\":\"a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd\",\"eventType\":\"pull_request\",\"pull_request-id\":30782}",
                    "results.tekton.dev/result": "integration2-bxjx/results/a63346c4-ef3e-40a2-9327-dace0d209478",
                    "results.tekton.dev/stored": "true",
                    "tekton.dev/pipelines.minVersion": "0.12.1",
                    "tekton.dev/tags": "konflux",
                    "test.appstudio.openshift.io/pr-group": "konflux-test-component-pac-strsml",
                    "test.appstudio.openshift.io/snapshot-creation-report": "SnapshotCreationFailed"
                },
                "creationTimestamp": "2026-07-01T17:00:02Z",
                "deletionGracePeriodSeconds": 0,
                "deletionTimestamp": "2026-07-01T17:02:09Z",
                "finalizers": [
                    "results.tekton.dev/taskrun"
                ],
                "generation": 2,
                "labels": {
                    "app.kubernetes.io/managed-by": "pipelinesascode.tekton.dev",
                    "app.kubernetes.io/version": "v0.42.0",
                    "appstudio.openshift.io/application": "integ-app-uk8n",
                    "appstudio.openshift.io/component": "test-component-pac-strsml",
                    "pipelines.appstudio.openshift.io/type": "build",
                    "pipelinesascode.tekton.dev/cancel-in-progress": "true",
                    "pipelinesascode.tekton.dev/check-run-id": "84590472077",
                    "pipelinesascode.tekton.dev/event-type": "pull_request",
                    "pipelinesascode.tekton.dev/original-prname": "test-component-pac-strsml-on-pull-request",
                    "pipelinesascode.tekton.dev/pull-request": "30782",
                    "pipelinesascode.tekton.dev/repository": "test-component-pac-strsml",
                    "pipelinesascode.tekton.dev/sha": "a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd",
                    "pipelinesascode.tekton.dev/state": "started",
                    "pipelinesascode.tekton.dev/url-org": "redhat-appstudio-qe",
                    "pipelinesascode.tekton.dev/url-repository": "konflux-test-integration",
                    "tekton.dev/memberOf": "tasks",
                    "tekton.dev/pipeline": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRun": "test-component-pac-strsml-on-pull-request-zrnp9",
                    "tekton.dev/pipelineRunUID": "a63346c4-ef3e-40a2-9327-dace0d209478",
                    "tekton.dev/pipelineTask": "sast-shell-check",
                    "tekton.dev/task": "sast-shell-check",
                    "test.appstudio.openshift.io/pr-group-sha": "77509046bd4b6c69162cf4139f83cd08eb1fcc0d5f5c9365848c8d1135e90e"
                },
                "name": "test-component388343f479387765cf5d056667401a93-sast-shell-check",
                "namespace": "integration2-bxjx",
                "ownerReferences": [
                    {
                        "apiVersion": "tekton.dev/v1",
                        "blockOwnerDeletion": true,
                        "controller": true,
                        "kind": "PipelineRun",
                        "name": "test-component-pac-strsml-on-pull-request-zrnp9",
                        "uid": "a63346c4-ef3e-40a2-9327-dace0d209478"
                    }
                ],
                "resourceVersion": "73488",
                "uid": "e7736640-52fc-4369-ad8b-d5a38318bf4f"
            },
            "spec": {
                "params": [
                    {
                        "name": "image-digest",
                        "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                    },
                    {
                        "name": "image-url",
                        "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                    }
                ],
                "serviceAccountName": "build-pipeline-test-component-pac-strsml",
                "taskRef": {
                    "params": [
                        {
                            "name": "name",
                            "value": "sast-shell-check"
                        },
                        {
                            "name": "bundle",
                            "value": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check:0.1@sha256:5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        {
                            "name": "kind",
                            "value": "task"
                        }
                    ],
                    "resolver": "bundles"
                },
                "timeout": "1h0m0s",
                "workspaces": [
                    {
                        "name": "workspace",
                        "persistentVolumeClaim": {
                            "claimName": "pvc-143838c0ca"
                        }
                    }
                ]
            },
            "status": {
                "artifacts": {},
                "completionTime": "2026-07-01T17:00:23Z",
                "conditions": [
                    {
                        "lastTransitionTime": "2026-07-01T17:00:23Z",
                        "message": "All Steps have completed executing",
                        "reason": "Succeeded",
                        "status": "True",
                        "type": "Succeeded"
                    }
                ],
                "podName": "test-component388343f479387364621add7c9a894fe0df13720b098ea-pod",
                "provenance": {
                    "featureFlags": {
                        "awaitSidecarReadiness": true,
                        "coschedule": "workspaces",
                        "enableAPIFields": "beta",
                        "enableProvenanceInStatus": true,
                        "enforceNonfalsifiability": "none",
                        "maxResultSize": 4096,
                        "resultExtractionMethod": "termination-message",
                        "runningInEnvWithInjectedSidecars": true,
                        "verificationNoMatchPolicy": "ignore"
                    },
                    "refSource": {
                        "digest": {
                            "sha256": "5ffec704e0946b247e0e2bf8a4547546a9e43ab661e5ab9ec29faae4751c6861"
                        },
                        "entryPoint": "sast-shell-check",
                        "uri": "quay.io/konflux-ci/tekton-catalog/task-sast-shell-check"
                    }
                },
                "results": [
                    {
                        "name": "TEST_OUTPUT",
                        "type": "string",
                        "value": "{\"result\":\"SUCCESS\",\"timestamp\":\"2026-07-01T17:00:19+00:00\",\"note\":\"For details, check Tekton task log.\",\"namespace\":\"default\",\"successes\":0,\"failures\":0,\"warnings\":0}\n"
                    }
                ],
                "startTime": "2026-07-01T17:00:04Z",
                "steps": [
                    {
                        "container": "step-sast-shell-check",
                        "imageID": "quay.io/konflux-ci/konflux-test@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                        "name": "sast-shell-check",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://9138ef4e9e9f5d92f7c6f8470e2f3164d8e751cf9fd5ca7934f04a1144d819fe",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:19Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T17:00:19+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:17Z"
                        },
                        "terminationReason": "Completed"
                    },
                    {
                        "container": "step-upload",
                        "imageID": "quay.io/konflux-ci/oras@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                        "name": "upload",
                        "provenance": {},
                        "terminated": {
                            "containerID": "containerd://88b0ccda23e964642b8890ec377bd719a52e81d16491e3c245838e327a02ed9b",
                            "exitCode": 0,
                            "finishedAt": "2026-07-01T17:00:21Z",
                            "message": "[{\"key\":\"TEST_OUTPUT\",\"value\":\"{\\\"result\\\":\\\"SUCCESS\\\",\\\"timestamp\\\":\\\"2026-07-01T17:00:19+00:00\\\",\\\"note\\\":\\\"For details, check Tekton task log.\\\",\\\"namespace\\\":\\\"default\\\",\\\"successes\\\":0,\\\"failures\\\":0,\\\"warnings\\\":0}\\n\",\"type\":1}]",
                            "reason": "Completed",
                            "startedAt": "2026-07-01T17:00:20Z"
                        },
                        "terminationReason": "Completed"
                    }
                ],
                "taskSpec": {
                    "description": "The sast-shell-check task uses [shellcheck](https://www.shellcheck.net/) tool to perform Static Application Security Testing (SAST), a popular cloud-native application security platform. This task leverages the shellcheck wrapper (csmock-plugin-shellcheck-core) to run shellcheck on a directory tree.\nShellCheck is a static analysis tool, gives warnings and suggestions for bash/sh shell scripts. This task can run on x86 and arm.",
                    "params": [
                        {
                            "default": "",
                            "description": "Image URL.",
                            "name": "image-url",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Image digest to report findings for.",
                            "name": "image-digest",
                            "type": "string"
                        },
                        {
                            "default": "SITE_DEFAULT",
                            "description": "Known False Positives (KFP) git URL (optionally taking a revision delimited by \\#). Defaults to \"SITE_DEFAULT\", which means the default value \"https://gitlab.cee.redhat.com/osh/known-false-positives.git\" for internal Konflux instance and empty string for external Konflux instance. If set to an empty string, the KFP filtering is disabled.",
                            "name": "KFP_GIT_URL",
                            "type": "string"
                        },
                        {
                            "default": "",
                            "description": "Name of the scanned project, used to find path exclusions. By default, the Konflux component name will be used.",
                            "name": "PROJECT_NAME",
                            "type": "string"
                        },
                        {
                            "default": "false",
                            "description": "Whether to record the excluded findings (default to false).\nIf `true`, the excluded findings will be stored in `excluded-findings.json`.\n",
                            "name": "RECORD_EXCLUDED",
                            "type": "string"
                        },
                        {
                            "default": "true",
                            "description": "Whether to include important findings only",
                            "name": "IMP_FINDINGS_ONLY",
                            "type": "string"
                        },
                        {
                            "default": ".",
                            "description": "Target directories in component's source code. Multiple values should be separated with commas.",
                            "name": "TARGET_DIRS",
                            "type": "string"
                        },
                        {
                            "default": "trusted-ca",
                            "description": "The name of the ConfigMap to read CA bundle data from.",
                            "name": "caTrustConfigMapName",
                            "type": "string"
                        },
                        {
                            "default": "ca-bundle.crt",
                            "description": "The name of the key in the ConfigMap that contains the CA bundle data.",
                            "name": "caTrustConfigMapKey",
                            "type": "string"
                        }
                    ],
                    "results": [
                        {
                            "description": "Tekton task test output.",
                            "name": "TEST_OUTPUT",
                            "type": "string"
                        }
                    ],
                    "steps": [
                        {
                            "computeResources": {
                                "limits": {
                                    "cpu": "8",
                                    "memory": "4Gi"
                                },
                                "requests": {
                                    "cpu": "1",
                                    "memory": "4Gi"
                                }
                            },
                            "env": [
                                {
                                    "name": "KFP_GIT_URL",
                                    "value": "SITE_DEFAULT"
                                },
                                {
                                    "name": "PROJECT_NAME"
                                },
                                {
                                    "name": "RECORD_EXCLUDED",
                                    "value": "false"
                                },
                                {
                                    "name": "IMP_FINDINGS_ONLY",
                                    "value": "true"
                                },
                                {
                                    "name": "TARGET_DIRS",
                                    "value": "."
                                },
                                {
                                    "name": "COMPONENT_LABEL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.labels['appstudio.openshift.io/component']"
                                        }
                                    }
                                },
                                {
                                    "name": "BUILD_PLR_LOG_URL",
                                    "valueFrom": {
                                        "fieldRef": {
                                            "fieldPath": "metadata.annotations['pipelinesascode.tekton.dev/log-url']"
                                        }
                                    }
                                }
                            ],
                            "image": "quay.io/konflux-ci/konflux-test:v1.4.49@sha256:74899c7a3dde27548e1ad9c665055bfef56c227251bd9224885f4bbd7addebd9",
                            "name": "sast-shell-check",
                            "script": "#!/usr/bin/env bash\nset -x\n# shellcheck source=/dev/null\nsource /utils.sh\ntrap 'handle_error /tekton/results/TEST_OUTPUT' EXIT\n\nif [[ -z \"${PROJECT_NAME}\" ]]; then\n    PROJECT_NAME=${COMPONENT_LABEL}\nfi\n\necho \"INFO: The PROJECT_NAME used is: ${PROJECT_NAME}\"\n\nca_bundle=/mnt/trusted-ca/ca-bundle.crt\nif [ -f \"$ca_bundle\" ]; then\n  echo \"INFO: Using mounted CA bundle: $ca_bundle\"\n  cp -vf $ca_bundle /etc/pki/ca-trust/source/anchors\n  update-ca-trust\nfi\n\nPACKAGE_VERSION=$(rpm -q --queryformat '%{NAME}-%{VERSION}-%{RELEASE}\\n' ShellCheck)\n\nOUTPUT_FILE=\"shellcheck-results.json\"\nSOURCE_CODE_DIR=/workspace/workspace/source\n\n# generate full path for each dirname separated by comma\ndeclare -a ALL_TARGETS\nIFS=\",\" read -ra TARGET_ARRAY \u003c\u003c\u003c \"$TARGET_DIRS\"\nfor d in \"${TARGET_ARRAY[@]}\"; do\n  potential_path=\"${SOURCE_CODE_DIR}/${d}\"\n\n  resolved_path=$(realpath -m \"$potential_path\")\n\n  # ensure resolved path is still within SOURCE_CODE_DIR\n  if [[ \"$resolved_path\" == \"$SOURCE_CODE_DIR\"* ]]; then\n    ALL_TARGETS+=(\"$resolved_path\")\n  else\n    echo \"Error: path traversal attempt, '$potential_path' is outside '$SOURCE_CODE_DIR'\"\n    exit 1\n  fi\ndone\n\n# determine number of available CPU cores for shellcheck based on container cgroup v2 CPU limits\n# this calculates the ceiling, so if the cpu limit is 0.5, the number of jobs will be 1.\nif [ -z \"$SC_JOBS\" ] \u0026\u0026 [ -r \"/sys/fs/cgroup/cpu.max\" ]; then\n    read -r quota period \u003c /sys/fs/cgroup/cpu.max\n    if [ \"$quota\" != \"max\" ] \u0026\u0026 [ -n \"$period\" ] \u0026\u0026 [ \"$period\" -gt 0 ]; then\n        export SC_JOBS=$(((quota + period - 1) / period))\n        echo \"INFO: Setting SC_JOBS=${SC_JOBS} based on cgroups v2 max for run-shellcheck.sh\"\n    fi\nfi\n\n# generate all shellcheck result JSON files to $SC_RESULTS_DIR, which defaults to ./shellcheck-results/\n/usr/share/csmock/scripts/run-shellcheck.sh \"${ALL_TARGETS[@]}\"\n\nCSGREP_OPTS=(\n    --mode=json\n    --strip-path-prefix=\"$SOURCE_CODE_DIR\"/\n    --remove-duplicates\n    --embed-context=3\n    --set-scan-prop=\"ShellCheck:${PACKAGE_VERSION}\"\n)\nif [[ \"$IMP_FINDINGS_ONLY\" == \"true\" ]]; then\n    # predefined list of shellcheck important findings\n    CSGREP_EVENT_FILTER='\\[SC(1020|1035|1054|1066|1068|1073|1080|1083|1099|1113|1115|1127|1128|1143|2043|2050|'\n    CSGREP_EVENT_FILTER+='2055|2057|2066|2069|2071|2077|2078|2091|2092|2157|2171|2193|2194|2195|2215|2216|'\n    CSGREP_EVENT_FILTER+='2218|2224|2225|2242|2256|2258|2261)\\]$'\n    CSGREP_OPTS+=(\n        --event=\"$CSGREP_EVENT_FILTER\"\n    )\nelse\n    CSGREP_OPTS+=(\n        --event=\"error|warning\"\n    )\nfi\n\nif ! csgrep \"${CSGREP_OPTS[@]}\" ./shellcheck-results/*.json \u003e \"$OUTPUT_FILE\"; then\n    echo \"Error occurred while running 'run-shellcheck.sh'\"\n    note=\"Task sast-shell-check failed: For details, check Tekton task log.\"\n    ERROR_OUTPUT=$(make_result_json -r ERROR -t \"$note\")\n    echo \"${ERROR_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n    exit 1\nfi\n\nif [[ \"${KFP_GIT_URL}\" == \"SITE_DEFAULT\" ]]; then\n    KFP_GIT_URL=\"https://gitlab.cee.redhat.com/osh/known-false-positives.git\"\nfi\nPROBE_URL=\"${KFP_GIT_URL%.git}\" # trims '.git' suffix\n\n# create the KFP clone directory regardless\nKFP_DIR=\"known-false-positives\"\nKFP_CLONED=\"0\"\nmkdir \"${KFP_DIR}\"\n\n# We check if the KFP_GIT_URL variable is set to clone and apply the filters or not\nif [[ -n \"${KFP_GIT_URL}\" ]]; then\n    # Default location only reachable from internal Konflux instances, check reachable first\n    echo -n \"INFO: Probing ${PROBE_URL}... \"\n    if curl --fail --head --max-time 60 --no-progress-meter \"${PROBE_URL}\" \u003e \u003e(head -1); then\n        echo \"INFO: Trying to clone known-false-positives..\"\n        git clone \"${KFP_GIT_URL}\" \"${KFP_DIR}\" \u0026\u0026 KFP_CLONED=\"1\"\n    fi\nfi\n\nif [[ \"${KFP_CLONED}\" -eq \"0\" ]]; then\n    echo \"WARN: Failed to clone known-false-positives at ${KFP_GIT_URL}, scan results will not be filtered\"\nelse\n    echo \"INFO: Filtering false positives in results files using csfilter-kfp...\"\n\n    # build initial csfilter-kfp command\n    csfilter_kfp_cmd=(\n        csfilter-kfp\n        --verbose\n        --kfp-dir=\"${KFP_DIR}\"\n        --project-nvr=\"${PROJECT_NAME}\"\n    )\n\n    if [[ \"${RECORD_EXCLUDED}\" == \"true\" ]]; then\n        csfilter_kfp_cmd+=(--record-excluded=\"excluded-findings.json\")\n    fi\n\n    # Execute the command and capture any errors\n    set +e\n    \"${csfilter_kfp_cmd[@]}\" \"${OUTPUT_FILE}\" \u003e \"${OUTPUT_FILE}.filtered\" 2\u003e \"${OUTPUT_FILE}.error\"\n    status=$?\n    set -e\n    if [ \"$status\" -ne 0 ]; then\n        echo \"WARN: failed to filter known false positives\" \u003e\u00262\n    else\n        mv \"${OUTPUT_FILE}.filtered\" \"$OUTPUT_FILE\"\n        echo \"INFO: Succeeded filtering known false positives\" \u003e\u00262\n    fi\nfi\n\necho \"ShellCheck results have been saved to $OUTPUT_FILE\"\n\ncsgrep --mode=evtstat \"$OUTPUT_FILE\"\ncsgrep --mode=sarif \"$OUTPUT_FILE\" \u003e shellcheck-results.sarif\n\nTEST_OUTPUT=\nparse_test_output \"sast-shell-check\" sarif shellcheck-results.sarif || true\necho \"${TEST_OUTPUT}\" | tee \"/tekton/results/TEST_OUTPUT\"\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/mnt/trusted-ca",
                                    "name": "trusted-ca",
                                    "readOnly": true
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        },
                        {
                            "computeResources": {
                                "limits": {
                                    "memory": "256Mi"
                                },
                                "requests": {
                                    "cpu": "100m",
                                    "memory": "256Mi"
                                }
                            },
                            "env": [
                                {
                                    "name": "IMAGE_URL",
                                    "value": "quay.io/redhat-appstudio-qe/integration2-bxjx/test-component-pac-strsml:on-pr-a5e1e9b92aebf02fe57dfde8acc9531ec5d011dd"
                                },
                                {
                                    "name": "IMAGE_DIGEST",
                                    "value": "sha256:3f5ac1472fe3f6fa8f109c8db5b9e09f11d154963bedc62d4951becef819ef45"
                                }
                            ],
                            "image": "quay.io/konflux-ci/oras:latest@sha256:f322638a8a337f26adda3f72d3fbcf7e1218a6d8d7e2365376487417a05e0f4e",
                            "name": "upload",
                            "script": "#!/usr/bin/env bash\nset -e\n\nif [ -z \"${IMAGE_URL}\" ] || [ -z \"${IMAGE_DIGEST}\" ]; then\n    echo 'No image-url or image-digest param provided. Skipping upload.'\n    exit 0\nfi\n\nUPLOAD_FILES=\"shellcheck-results.sarif excluded-findings.json\"\n\nfor UPLOAD_FILE in ${UPLOAD_FILES}; do\n    if [ ! -f \"${UPLOAD_FILE}\" ]; then\n        echo \"No ${UPLOAD_FILE} exists. Skipping upload.\"\n        continue\n    fi\n\n    # Determine the media type based on the file extension\n    if [[ \"${UPLOAD_FILE}\" == *.json ]]; then\n        MEDIA_TYPE=\"application/json\"\n    else\n        MEDIA_TYPE=\"application/sarif+json\"\n    fi\n\n    echo \"Selecting auth\"\n    select-oci-auth \"$IMAGE_URL\" \u003e \"$HOME/auth.json\"\n    echo \"Attaching to ${IMAGE_URL}\"\n    if ! retry oras attach --no-tty --registry-config \"$HOME/auth.json\" --artifact-type \"${MEDIA_TYPE}\" \"${IMAGE_URL}@${IMAGE_DIGEST}\" \"${UPLOAD_FILE}:${MEDIA_TYPE}\"\n    then\n      echo \"Failed to attach ${UPLOAD_FILE} to ${IMAGE_URL}\"\n      exit 1\n    fi\ndone\n",
                            "volumeMounts": [
                                {
                                    "mountPath": "/etc/pki/tls/certs/ca-custom-bundle.crt",
                                    "name": "trusted-ca",
                                    "readOnly": true,
                                    "subPath": "ca-bundle.crt"
                                }
                            ],
                            "workingDir": "/workspace/workspace/hacbs/sast-shell-check"
                        }
                    ],
                    "volumes": [
                        {
                            "configMap": {
                                "items": [
                                    {
                                        "key": "ca-bundle.crt",
                                        "path": "ca-bundle.crt"
                                    }
                                ],
                                "name": "trusted-ca",
                                "optional": true
                            },
                            "name": "trusted-ca"
                        }
                    ],
                    "workspaces": [
                        {
                            "name": "workspace"
                        }
                    ]
                }
            }
        }
    ],
    "kind": "List",
    "metadata": {
        "resourceVersion": ""
    }
}
