running buildah-tssc Step: buildah-tssc Results: /workspace/source/source/results/buildah-tssc Custom root CA variable is not set. Make sure CA trust is established ========Running buildah-tssc:login --- Registry Auth Bypass Active --- ========Running buildah-tssc:build [1/2] STEP 1/4: FROM registry.access.redhat.com/ubi9/go-toolset:9.7-1773088126 Trying to pull registry.access.redhat.com/ubi9/go-toolset:9.7-1773088126... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:560b43cfda4eb5e7a4651b1a8369705d59060069fb72430b774e042382fd85ff Copying blob sha256:f3a0a6a8ea4545905d33eb87655162747fd714d34cf25f3e50a63f1c05579a59 Copying blob sha256:56b2ec53eb90753f4259bc1fd55c9b03d2aeb15f32351977d3513cdfc735b78c Copying blob sha256:882328d3dcd9ec2deda6fb3a0635e78d68aeff0cb5b48a24f36bfdb60c98fb8e Copying config sha256:c9b63e7fce8a7ea6f0a2bcd733286d8a1c5454a4f13be6f3ecd2c5de94c7a60d Writing manifest to image destination Storing signatures [1/2] STEP 2/4: COPY . . [1/2] STEP 3/4: RUN go mod download go: no module dependencies to download [1/2] STEP 4/4: RUN go build -buildvcs=false -o ./main [2/2] STEP 1/5: FROM registry.access.redhat.com/ubi9/ubi-micro:latest Trying to pull registry.access.redhat.com/ubi9/ubi-micro:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:467c53df85ca9327203be5317e52460f3d1ca5fe0ea4fe982b3145f58ceed714 Copying config sha256:cd39a5a508009b58a17bae6307b6cd16056a63b01382d235a10f31b9542af740 Writing manifest to image destination Storing signatures [2/2] STEP 2/5: COPY --from=0 /opt/app-root/src/main ./main [2/2] STEP 3/5: ENV PORT 8081 [2/2] STEP 4/5: EXPOSE 8081 [2/2] STEP 5/5: CMD [ "./main" ] [2/2] COMMIT quay.io/rhtap_qe/e2e-tests-go-gtthfhxp:on-pr-c5482bf8d06bb2cf3a030af49afca6df9b563f23 Getting image source signatures Copying blob sha256:c7f0581deee3537883fe1e34d0d4a741a7a90c095427f2ababb4fba4dd6ead93 Copying blob sha256:d929987476804eba8c26be8cec6ce2a995a7e57e615bb3c9f6b8fde82e0b25a7 Copying config sha256:b1f9fc3f07a7e87d792c6cf73d0289998a9ec50baaa8b20b7ab3963a2e746b87 Writing manifest to image destination --> b1f9fc3f07a7 Successfully tagged quay.io/rhtap_qe/e2e-tests-go-gtthfhxp:on-pr-c5482bf8d06bb2cf3a030af49afca6df9b563f23 b1f9fc3f07a7e87d792c6cf73d0289998a9ec50baaa8b20b7ab3963a2e746b87 Getting image source signatures Copying blob sha256:d929987476804eba8c26be8cec6ce2a995a7e57e615bb3c9f6b8fde82e0b25a7 Copying blob sha256:c7f0581deee3537883fe1e34d0d4a741a7a90c095427f2ababb4fba4dd6ead93 Copying config sha256:b1f9fc3f07a7e87d792c6cf73d0289998a9ec50baaa8b20b7ab3963a2e746b87 Writing manifest to image destination sha256:0964b9f8620cdcad2787b8c38ba375dbee9bde1b229ef52a6f9528b4ea8ce499quay.io/rhtap_qe/e2e-tests-go-gtthfhxp:on-pr-c5482bf8d06bb2cf3a030af49afca6df9b563f23Getting image source signatures Copying blob sha256:d929987476804eba8c26be8cec6ce2a995a7e57e615bb3c9f6b8fde82e0b25a7 Copying blob sha256:c7f0581deee3537883fe1e34d0d4a741a7a90c095427f2ababb4fba4dd6ead93 Copying config sha256:b1f9fc3f07a7e87d792c6cf73d0289998a9ec50baaa8b20b7ab3963a2e746b87 Writing manifest to image destination ========Running buildah-tssc:generate-sboms { "bom-ref": "af63bd4c8601b7f1", "type": "file", "name": "e2e-tests-go-gtthfhxp", "version": "c5482bf8d06bb2cf3a030af49afca6df9b563f23" } { "bom-ref": "b5283ba6eec15c63", "type": "container", "name": "quay.io/rhtap_qe/e2e-tests-go-gtthfhxp:on-pr-c5482bf8d06bb2cf3a030af49afca6df9b563f23", "version": "sha256:0964b9f8620cdcad2787b8c38ba375dbee9bde1b229ef52a6f9528b4ea8ce499" } ========RUNNING PYTHON ========Running buildah-tssc:upload-sbom There is a discussion in sigstore community triggered by https://github.com/sigstore/cosign/issues/3599. It is likely that cosign attach deprecation will be reverted. Please, ignore deprecation warning for now. WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate /workspace/source/source/results/temp/files/sbom-cyclonedx.json --key '. Uploading SBOM file for [quay.io/rhtap_qe/e2e-tests-go-gtthfhxp:on-pr-c5482bf8d06bb2cf3a030af49afca6df9b563f23] to [quay.io/rhtap_qe/e2e-tests-go-gtthfhxp:sha256-0964b9f8620cdcad2787b8c38ba375dbee9bde1b229ef52a6f9528b4ea8ce499.sbom] with mediaType [application/vnd.cyclonedx+json]. ========