running buildah-tssc Step: buildah-tssc Results: /workspace/source/source/results/buildah-tssc Custom root CA variable is not set. Make sure CA trust is established ========Running buildah-tssc:login --- Registry Auth Bypass Active --- ========Running buildah-tssc:build [1/2] STEP 1/3: FROM registry.access.redhat.com/ubi9/nodejs-22:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:2139bd3423baa15d4ba3bcff7823794943673adc857a9f3a0b982b3c28ef5406 Copying blob sha256:c3a6b73ebcf8fae497bbbaf7aaf1d1bdcf798345f97e5fc3247486d03efe9955 Copying blob sha256:77389ce2d70f6fe2c577b220a23754bd433522dea83d3185e87c8545a7d3b09c Copying config sha256:4dee3d81f6be9e1c4abd11adb7367c8131577bc425e42144e723bd31dd1be441 Writing manifest to image destination Storing signatures [1/2] STEP 2/3: COPY package.json package-lock.json* ./ [1/2] STEP 3/3: RUN if [ -f package-lock.json ]; then npm ci; else npm install; fi added 102 packages, and audited 103 packages in 2s 19 packages are looking for funding run `npm fund` for details found 0 vulnerabilities [2/2] STEP 1/6: FROM registry.access.redhat.com/ubi9/nodejs-22-minimal:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22-minimal:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:0c701d626b4bd1b49a9896c3edb3e2335bc27ad4c8d82fbc0e82be1e2151ad04 Copying blob sha256:34f4a557df8123a31168a9ed57304a4ee0a79b26712d1770dcf7c798372b100b Copying config sha256:c7bab8fd7f910472f3fdbe0e3dac80cc0355bd0cba3c77ed9d6d0244af8ba298 Writing manifest to image destination Storing signatures [2/2] STEP 2/6: COPY --from=0 /opt/app-root/src/node_modules /opt/app-root/src/node_modules [2/2] STEP 3/6: COPY . /opt/app-root/src [2/2] STEP 4/6: ENV NODE_ENV production [2/2] STEP 5/6: ENV PORT 3001 [2/2] STEP 6/6: CMD ["npm", "start"] [2/2] COMMIT quay.io/rhtap_qe/e2e-tests-nodejs-yfktknzb:on-pr-eb2ba0188dd8b588701486ab54097cc320f8dcd3 Getting image source signatures Copying blob sha256:04b86c83948d73ca72be6df1f4ea9f256c75a011d543c3990e53d86b1de53b78 Copying blob sha256:2856991031bee26b5494d9a04d7eb9905d9078fc09f2ffaf08a23ae78a1bc359 Copying blob sha256:b1040eb908cee31e8df00bdebb8427e091346523c11944999bb599db8718e98b Copying config sha256:968b6b814c6fd6d89cf08ec1058d1d0c71151f7539c537db374d821d55a04630 Writing manifest to image destination --> 968b6b814c6f Successfully tagged quay.io/rhtap_qe/e2e-tests-nodejs-yfktknzb:on-pr-eb2ba0188dd8b588701486ab54097cc320f8dcd3 968b6b814c6fd6d89cf08ec1058d1d0c71151f7539c537db374d821d55a04630 Getting image source signatures Copying blob sha256:b1040eb908cee31e8df00bdebb8427e091346523c11944999bb599db8718e98b Copying blob sha256:04b86c83948d73ca72be6df1f4ea9f256c75a011d543c3990e53d86b1de53b78 Copying blob sha256:2856991031bee26b5494d9a04d7eb9905d9078fc09f2ffaf08a23ae78a1bc359 Copying config sha256:968b6b814c6fd6d89cf08ec1058d1d0c71151f7539c537db374d821d55a04630 Writing manifest to image destination sha256:9f1eec4b47404c5898cbb6ca8f451c866805569b05d038eded0e67f5310c3c98quay.io/rhtap_qe/e2e-tests-nodejs-yfktknzb:on-pr-eb2ba0188dd8b588701486ab54097cc320f8dcd3Getting image source signatures Copying blob sha256:b1040eb908cee31e8df00bdebb8427e091346523c11944999bb599db8718e98b Copying blob sha256:2856991031bee26b5494d9a04d7eb9905d9078fc09f2ffaf08a23ae78a1bc359 Copying blob sha256:04b86c83948d73ca72be6df1f4ea9f256c75a011d543c3990e53d86b1de53b78 Copying config sha256:968b6b814c6fd6d89cf08ec1058d1d0c71151f7539c537db374d821d55a04630 Writing manifest to image destination ========Running buildah-tssc:generate-sboms { "bom-ref": "af63bd4c8601b7f1", "type": "file", "name": "e2e-tests-nodejs-yfktknzb", "version": "eb2ba0188dd8b588701486ab54097cc320f8dcd3" } { "bom-ref": "0e99c6722481a01d", "type": "container", "name": "quay.io/rhtap_qe/e2e-tests-nodejs-yfktknzb:on-pr-eb2ba0188dd8b588701486ab54097cc320f8dcd3", "version": "sha256:9f1eec4b47404c5898cbb6ca8f451c866805569b05d038eded0e67f5310c3c98" } ========RUNNING PYTHON ========Running buildah-tssc:upload-sbom There is a discussion in sigstore community triggered by https://github.com/sigstore/cosign/issues/3599. It is likely that cosign attach deprecation will be reverted. Please, ignore deprecation warning for now. WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate /workspace/source/source/results/temp/files/sbom-cyclonedx.json --key '. Uploading SBOM file for [quay.io/rhtap_qe/e2e-tests-nodejs-yfktknzb:on-pr-eb2ba0188dd8b588701486ab54097cc320f8dcd3] to [quay.io/rhtap_qe/e2e-tests-nodejs-yfktknzb:sha256-9f1eec4b47404c5898cbb6ca8f451c866805569b05d038eded0e67f5310c3c98.sbom] with mediaType [application/vnd.cyclonedx+json]. ========