running buildah-tssc Step: buildah-tssc Results: /workspace/source/source/results/buildah-tssc Custom root CA variable is not set. Make sure CA trust is established ========Running buildah-tssc:login --- Registry Auth Bypass Active --- ========Running buildah-tssc:build [1/2] STEP 1/4: FROM registry.access.redhat.com/ubi9/go-toolset:9.8-1782980183 Trying to pull registry.access.redhat.com/ubi9/go-toolset:9.8-1782980183... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:4659f647ba9358e423d7a6d11b064756eae785fadb68f83b36a662a36dcc1d2d Copying blob sha256:77890051858405c513b753c67263aedd24a5b2fe02df9a2374b62742e935aa2b Copying blob sha256:b56ba94a703f3a48a47de5722159e07270a0c09dec1893b52b70c30317ed98c3 Copying blob sha256:82802daa14561c6530ef7fb00bcb9f5af1d332869bbf459b54f53ad0728eb02b Copying config sha256:91e34dc824c490af46ab66be1c2b8ce1c4814ffc5e5027cd4fa5eb7ab041019e Writing manifest to image destination Storing signatures [1/2] STEP 2/4: COPY . . [1/2] STEP 3/4: RUN go mod download go: no module dependencies to download [1/2] STEP 4/4: RUN go build -buildvcs=false -o ./main [2/2] STEP 1/5: FROM registry.access.redhat.com/ubi9/ubi-micro:latest Trying to pull registry.access.redhat.com/ubi9/ubi-micro:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:467c53df85ca9327203be5317e52460f3d1ca5fe0ea4fe982b3145f58ceed714 Copying config sha256:cd39a5a508009b58a17bae6307b6cd16056a63b01382d235a10f31b9542af740 Writing manifest to image destination Storing signatures [2/2] STEP 2/5: COPY --from=0 /opt/app-root/src/main ./main [2/2] STEP 3/5: ENV PORT 8081 [2/2] STEP 4/5: EXPOSE 8081 [2/2] STEP 5/5: CMD [ "./main" ] [2/2] COMMIT quay.io/rhtap_qe/e2e-tests-go-ouwjgimi:on-pr-6ebc94be02409559779e4a0893e6dc5e3967aa91 Getting image source signatures Copying blob sha256:c7f0581deee3537883fe1e34d0d4a741a7a90c095427f2ababb4fba4dd6ead93 Copying blob sha256:ff9c050273f09b3d4f687f189b450f72857398a34a4c0b8c5b2b6f2fde97df06 Copying config sha256:ac75d605c4feb2359027ec8f89d86ce6f8c3b5753fdd5b3bca442cfbdbd0a82d Writing manifest to image destination --> ac75d605c4fe Successfully tagged quay.io/rhtap_qe/e2e-tests-go-ouwjgimi:on-pr-6ebc94be02409559779e4a0893e6dc5e3967aa91 ac75d605c4feb2359027ec8f89d86ce6f8c3b5753fdd5b3bca442cfbdbd0a82d Getting image source signatures Copying blob sha256:ff9c050273f09b3d4f687f189b450f72857398a34a4c0b8c5b2b6f2fde97df06 Copying blob sha256:c7f0581deee3537883fe1e34d0d4a741a7a90c095427f2ababb4fba4dd6ead93 Copying config sha256:ac75d605c4feb2359027ec8f89d86ce6f8c3b5753fdd5b3bca442cfbdbd0a82d Writing manifest to image destination sha256:f8423574c48246b105f8dc4fa2a6aabbb7a0206b64b9e59ac452cbe9f0a6e59fquay.io/rhtap_qe/e2e-tests-go-ouwjgimi:on-pr-6ebc94be02409559779e4a0893e6dc5e3967aa91Getting image source signatures Copying blob sha256:ff9c050273f09b3d4f687f189b450f72857398a34a4c0b8c5b2b6f2fde97df06 Copying blob sha256:c7f0581deee3537883fe1e34d0d4a741a7a90c095427f2ababb4fba4dd6ead93 Copying config sha256:ac75d605c4feb2359027ec8f89d86ce6f8c3b5753fdd5b3bca442cfbdbd0a82d Writing manifest to image destination ========Running buildah-tssc:generate-sboms { "bom-ref": "af63bd4c8601b7f1", "type": "file", "name": "e2e-tests-go-ouwjgimi", "version": "6ebc94be02409559779e4a0893e6dc5e3967aa91" } { "bom-ref": "2385134219a85ba6", "type": "container", "name": "quay.io/rhtap_qe/e2e-tests-go-ouwjgimi:on-pr-6ebc94be02409559779e4a0893e6dc5e3967aa91", "version": "sha256:f8423574c48246b105f8dc4fa2a6aabbb7a0206b64b9e59ac452cbe9f0a6e59f" } ========RUNNING PYTHON ========Running buildah-tssc:upload-sbom There is a discussion in sigstore community triggered by https://github.com/sigstore/cosign/issues/3599. It is likely that cosign attach deprecation will be reverted. Please, ignore deprecation warning for now. WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate /workspace/source/source/results/temp/files/sbom-cyclonedx.json --key '. Uploading SBOM file for [quay.io/rhtap_qe/e2e-tests-go-ouwjgimi:on-pr-6ebc94be02409559779e4a0893e6dc5e3967aa91] to [quay.io/rhtap_qe/e2e-tests-go-ouwjgimi:sha256-f8423574c48246b105f8dc4fa2a6aabbb7a0206b64b9e59ac452cbe9f0a6e59f.sbom] with mediaType [application/vnd.cyclonedx+json]. ========