running buildah-tssc Step: buildah-tssc Results: /workspace/source/source/results/buildah-tssc Custom root CA variable is not set. Make sure CA trust is established ========Running buildah-tssc:login --- Registry Auth Bypass Active --- ========Running buildah-tssc:build [1/2] STEP 1/3: FROM registry.access.redhat.com/ubi9/nodejs-22:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:8ca4e51dee8dfc39b1ee124ae18df36a4f0ab8daffc1385d2c00e9cd37252c1c Copying blob sha256:b66ab30abd6c3aa6e70bb84e4b3f0025035459b0fa3fc0d28bb37e057cde7b50 Copying blob sha256:45b10115c57ace5faafc3bcd0e634280e70c95bd3c0a576df4aa121f3ec5fc49 Copying config sha256:01453b7818b5c5e80c65efc9606a7a3d49d54537102b2807746f35131e934cf8 Writing manifest to image destination Storing signatures [1/2] STEP 2/3: COPY package.json package-lock.json* ./ [1/2] STEP 3/3: RUN if [ -f package-lock.json ]; then npm ci; else npm install; fi added 102 packages, and audited 103 packages in 2s 19 packages are looking for funding run `npm fund` for details found 0 vulnerabilities [2/2] STEP 1/6: FROM registry.access.redhat.com/ubi9/nodejs-22-minimal:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22-minimal:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:4d85fd73fb54b1c8fe1a3e5abdcbdba9354f75db720ea0fb757f64e35b5204b7 Copying blob sha256:c06b8ad3393fea673394e067fccddfc7ef6d8cee753eba4c4dcd5d67792bfd4b Copying config sha256:e9a1f594aaad6b0b7af9658f5c0e06a0fc15a3dd6b879a254c7d9580ecec60c4 Writing manifest to image destination Storing signatures [2/2] STEP 2/6: COPY --from=0 /opt/app-root/src/node_modules /opt/app-root/src/node_modules [2/2] STEP 3/6: COPY . /opt/app-root/src [2/2] STEP 4/6: ENV NODE_ENV production [2/2] STEP 5/6: ENV PORT 3001 [2/2] STEP 6/6: CMD ["npm", "start"] [2/2] COMMIT quay.io/rhtap_qe/e2e-tests-nodejs-kasmzvld:on-pr-814235725d1eaa20995d9c7c3c3512c868d97b16 Getting image source signatures Copying blob sha256:90702af73d0da1942162baacf9bd8942a069d972ae7e20595c07b590991de338 Copying blob sha256:2f674c30595c226c456efa23525b871f0e17e3f9ac8e48f6537043717400a09a Copying blob sha256:4424ad4f84f40d52fc10976f107e438e282935ca77d8588891440b4c269dfe77 Copying config sha256:f8fdff541b0bf5d8bd7efd5b4313f1a98baa161fb60e73a5b1a8c6b71c480db7 Writing manifest to image destination --> f8fdff541b0b Successfully tagged quay.io/rhtap_qe/e2e-tests-nodejs-kasmzvld:on-pr-814235725d1eaa20995d9c7c3c3512c868d97b16 f8fdff541b0bf5d8bd7efd5b4313f1a98baa161fb60e73a5b1a8c6b71c480db7 Getting image source signatures Copying blob sha256:4424ad4f84f40d52fc10976f107e438e282935ca77d8588891440b4c269dfe77 Copying blob sha256:2f674c30595c226c456efa23525b871f0e17e3f9ac8e48f6537043717400a09a Copying blob sha256:90702af73d0da1942162baacf9bd8942a069d972ae7e20595c07b590991de338 Copying config sha256:f8fdff541b0bf5d8bd7efd5b4313f1a98baa161fb60e73a5b1a8c6b71c480db7 Writing manifest to image destination sha256:2cc6a85af655f145345e0815d691d01e10b0f92da995df2519237fae0360dd55quay.io/rhtap_qe/e2e-tests-nodejs-kasmzvld:on-pr-814235725d1eaa20995d9c7c3c3512c868d97b16Getting image source signatures Copying blob sha256:4424ad4f84f40d52fc10976f107e438e282935ca77d8588891440b4c269dfe77 Copying blob sha256:90702af73d0da1942162baacf9bd8942a069d972ae7e20595c07b590991de338 Copying blob sha256:2f674c30595c226c456efa23525b871f0e17e3f9ac8e48f6537043717400a09a Copying config sha256:f8fdff541b0bf5d8bd7efd5b4313f1a98baa161fb60e73a5b1a8c6b71c480db7 Writing manifest to image destination ========Running buildah-tssc:generate-sboms { "bom-ref": "af63bd4c8601b7f1", "type": "file", "name": "e2e-tests-nodejs-kasmzvld", "version": "814235725d1eaa20995d9c7c3c3512c868d97b16" } { "bom-ref": "8fa93847ab7805a0", "type": "container", "name": "quay.io/rhtap_qe/e2e-tests-nodejs-kasmzvld:on-pr-814235725d1eaa20995d9c7c3c3512c868d97b16", "version": "sha256:2cc6a85af655f145345e0815d691d01e10b0f92da995df2519237fae0360dd55" } ========RUNNING PYTHON ========Running buildah-tssc:upload-sbom There is a discussion in sigstore community triggered by https://github.com/sigstore/cosign/issues/3599. It is likely that cosign attach deprecation will be reverted. Please, ignore deprecation warning for now. WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate /workspace/source/source/results/temp/files/sbom-cyclonedx.json --key '. Uploading SBOM file for [quay.io/rhtap_qe/e2e-tests-nodejs-kasmzvld:on-pr-814235725d1eaa20995d9c7c3c3512c868d97b16] to [quay.io/rhtap_qe/e2e-tests-nodejs-kasmzvld:sha256-2cc6a85af655f145345e0815d691d01e10b0f92da995df2519237fae0360dd55.sbom] with mediaType [application/vnd.cyclonedx+json]. ========