running buildah-tssc Step: buildah-tssc Results: /workspace/source/source/results/buildah-tssc Custom root CA variable is not set. Make sure CA trust is established ========Running buildah-tssc:login --- Registry Auth Bypass Active --- ========Running buildah-tssc:build [1/2] STEP 1/3: FROM registry.access.redhat.com/ubi9/nodejs-22:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:4d67b3b1393e59e19e41a218830501aca6bd77b3e6a6256d5d50d05238ae23a7 Copying blob sha256:5b6b4a422899b7c3f69297c3a1c12a35910c86075c2b21d4bb6536e9c25e5f82 Copying blob sha256:946c08bdc57e2608ec745ad376fa8ec775a2ddde72d8e704b92bc60390fb8638 Copying config sha256:987fbf5122b7adc0edf0f45dcac707eb163b0fa93e65ebc5c8ca14f72eb775ee Writing manifest to image destination Storing signatures [1/2] STEP 2/3: COPY package.json package-lock.json* ./ [1/2] STEP 3/3: RUN if [ -f package-lock.json ]; then npm ci; else npm install; fi added 102 packages, and audited 103 packages in 2s 19 packages are looking for funding run `npm fund` for details found 0 vulnerabilities [2/2] STEP 1/6: FROM registry.access.redhat.com/ubi9/nodejs-22-minimal:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22-minimal:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:239e9c28d6672e37236caa65824974586d81928c21bedd33ce3677b38ec6d1d8 Copying blob sha256:df0edd575569e5cb7e2e34f252e4cf36c13679e9633d7c97be861b8b247c70bc Copying config sha256:4342ec405c1decc659ba9c59c529325d134a05e18c30124cc0996f7f6fb50d59 Writing manifest to image destination Storing signatures [2/2] STEP 2/6: COPY --from=0 /opt/app-root/src/node_modules /opt/app-root/src/node_modules [2/2] STEP 3/6: COPY . /opt/app-root/src [2/2] STEP 4/6: ENV NODE_ENV production [2/2] STEP 5/6: ENV PORT 3001 [2/2] STEP 6/6: CMD ["npm", "start"] [2/2] COMMIT quay.io/rhtap_qe/e2e-tests-nodejs-oxhdffvu:on-pr-31cd7a4f638bbf3d06e3ae9fc8d1ae0135f8d8ae Getting image source signatures Copying blob sha256:ea4a52d7a4b80227c69b4071e67f250e561b6798a501520cd078425fcc119716 Copying blob sha256:07d155290093956f4955a986dab9ae829b0a403e89fd501161f4c0c931edf915 Copying blob sha256:89a9385a7702a8ddc04d6f6619b74789a92bf58803611947b97fdf0de46b0ab3 Copying config sha256:99fe10a96e630c3dfb48691c1d6b272673b8a1e6f061489f2efb0ab536d548cb Writing manifest to image destination --> 99fe10a96e63 Successfully tagged quay.io/rhtap_qe/e2e-tests-nodejs-oxhdffvu:on-pr-31cd7a4f638bbf3d06e3ae9fc8d1ae0135f8d8ae 99fe10a96e630c3dfb48691c1d6b272673b8a1e6f061489f2efb0ab536d548cb Getting image source signatures Copying blob sha256:89a9385a7702a8ddc04d6f6619b74789a92bf58803611947b97fdf0de46b0ab3 Copying blob sha256:07d155290093956f4955a986dab9ae829b0a403e89fd501161f4c0c931edf915 Copying blob sha256:ea4a52d7a4b80227c69b4071e67f250e561b6798a501520cd078425fcc119716 Copying config sha256:99fe10a96e630c3dfb48691c1d6b272673b8a1e6f061489f2efb0ab536d548cb Writing manifest to image destination sha256:aa8cd9367ae356fcb7c988a5cb64b6daa8e53aed704350bb04ed5370063e931fquay.io/rhtap_qe/e2e-tests-nodejs-oxhdffvu:on-pr-31cd7a4f638bbf3d06e3ae9fc8d1ae0135f8d8aeGetting image source signatures Copying blob sha256:89a9385a7702a8ddc04d6f6619b74789a92bf58803611947b97fdf0de46b0ab3 Copying blob sha256:ea4a52d7a4b80227c69b4071e67f250e561b6798a501520cd078425fcc119716 Copying blob sha256:07d155290093956f4955a986dab9ae829b0a403e89fd501161f4c0c931edf915 Copying config sha256:99fe10a96e630c3dfb48691c1d6b272673b8a1e6f061489f2efb0ab536d548cb Writing manifest to image destination ========Running buildah-tssc:generate-sboms { "bom-ref": "af63bd4c8601b7f1", "type": "file", "name": "e2e-tests-nodejs-oxhdffvu", "version": "31cd7a4f638bbf3d06e3ae9fc8d1ae0135f8d8ae" } { "bom-ref": "c1e55cb9af02a91c", "type": "container", "name": "quay.io/rhtap_qe/e2e-tests-nodejs-oxhdffvu:on-pr-31cd7a4f638bbf3d06e3ae9fc8d1ae0135f8d8ae", "version": "sha256:aa8cd9367ae356fcb7c988a5cb64b6daa8e53aed704350bb04ed5370063e931f" } ========RUNNING PYTHON ========Running buildah-tssc:upload-sbom There is a discussion in sigstore community triggered by https://github.com/sigstore/cosign/issues/3599. It is likely that cosign attach deprecation will be reverted. Please, ignore deprecation warning for now. WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate /workspace/source/source/results/temp/files/sbom-cyclonedx.json --key '. Uploading SBOM file for [quay.io/rhtap_qe/e2e-tests-nodejs-oxhdffvu:on-pr-31cd7a4f638bbf3d06e3ae9fc8d1ae0135f8d8ae] to [quay.io/rhtap_qe/e2e-tests-nodejs-oxhdffvu:sha256-aa8cd9367ae356fcb7c988a5cb64b6daa8e53aed704350bb04ed5370063e931f.sbom] with mediaType [application/vnd.cyclonedx+json]. ========