running buildah-tssc Step: buildah-tssc Results: /workspace/source/source/results/buildah-tssc Custom root CA variable is not set. Make sure CA trust is established ========Running buildah-tssc:login --- Registry Auth Bypass Active --- ========Running buildah-tssc:build [1/2] STEP 1/3: FROM registry.access.redhat.com/ubi9/nodejs-22:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:f25fafd6700480acb552f4425b41148ab5966b8a0304018566b36cb7b646dfe6 Copying blob sha256:1fe4dbeb24e643ae0b97dbb3ac5b85295ddd66e5ef84590f34e8d1d58ade71d1 Copying blob sha256:04033ddaa0d00cff66f7378146dd7863234b488ff14b787612a1a4b07dc9227d Copying config sha256:6f90a2d404bc31028ae3dc82010047e1e34688b7f0039610b9854b8521deee6e Writing manifest to image destination Storing signatures [1/2] STEP 2/3: COPY package.json package-lock.json* ./ [1/2] STEP 3/3: RUN if [ -f package-lock.json ]; then npm ci; else npm install; fi added 102 packages, and audited 103 packages in 2s 19 packages are looking for funding run `npm fund` for details found 0 vulnerabilities [2/2] STEP 1/6: FROM registry.access.redhat.com/ubi9/nodejs-22-minimal:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22-minimal:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:d71e443058dd20bed842097bdb0e8c03257a041f1672dd550043e1c5202b594b Copying blob sha256:506ce31776365fae45515fb4603e1b4cd9f533160c24bb2a7a51662fbf43622c Copying config sha256:1244ac6d0f53dedf6009040420a7bb4ad6d7b1b8a7ea558a4103d607edab8886 Writing manifest to image destination Storing signatures [2/2] STEP 2/6: COPY --from=0 /opt/app-root/src/node_modules /opt/app-root/src/node_modules [2/2] STEP 3/6: COPY . /opt/app-root/src [2/2] STEP 4/6: ENV NODE_ENV production [2/2] STEP 5/6: ENV PORT 3001 [2/2] STEP 6/6: CMD ["npm", "start"] [2/2] COMMIT quay.io/rhtap_qe/e2e-tests-nodejs-fzigbmlv:on-pr-fa9294a5ad921fd97c8ce09e736b279622cb7fcf Getting image source signatures Copying blob sha256:5ae199e355f6327e92a77defe42d08e438b66467b478b8f295e1ead3371aaf16 Copying blob sha256:e6614679a893233042c1a65a5865120e110af44e2c09678539863128569d7e37 Copying blob sha256:d3d01e9f6c208bfb7e171ca49942c149c0f9bde04acf5d3dbfb04079ee8f60df Copying config sha256:0a1be407a0b4fe3f8d588c0201a5b8482b4b3758261cec933ed0b57af36bd0d1 Writing manifest to image destination --> 0a1be407a0b4 Successfully tagged quay.io/rhtap_qe/e2e-tests-nodejs-fzigbmlv:on-pr-fa9294a5ad921fd97c8ce09e736b279622cb7fcf 0a1be407a0b4fe3f8d588c0201a5b8482b4b3758261cec933ed0b57af36bd0d1 Getting image source signatures Copying blob sha256:d3d01e9f6c208bfb7e171ca49942c149c0f9bde04acf5d3dbfb04079ee8f60df Copying blob sha256:5ae199e355f6327e92a77defe42d08e438b66467b478b8f295e1ead3371aaf16 Copying blob sha256:e6614679a893233042c1a65a5865120e110af44e2c09678539863128569d7e37 Copying config sha256:0a1be407a0b4fe3f8d588c0201a5b8482b4b3758261cec933ed0b57af36bd0d1 Writing manifest to image destination sha256:57a0cb9df7361a8de7f08d03a176d210d6c60d34b9ba8375964ed1ef2f439cddquay.io/rhtap_qe/e2e-tests-nodejs-fzigbmlv:on-pr-fa9294a5ad921fd97c8ce09e736b279622cb7fcfGetting image source signatures Copying blob sha256:d3d01e9f6c208bfb7e171ca49942c149c0f9bde04acf5d3dbfb04079ee8f60df Copying blob sha256:e6614679a893233042c1a65a5865120e110af44e2c09678539863128569d7e37 Copying blob sha256:5ae199e355f6327e92a77defe42d08e438b66467b478b8f295e1ead3371aaf16 Copying config sha256:0a1be407a0b4fe3f8d588c0201a5b8482b4b3758261cec933ed0b57af36bd0d1 Writing manifest to image destination ========Running buildah-tssc:generate-sboms { "bom-ref": "af63bd4c8601b7f1", "type": "file", "name": "e2e-tests-nodejs-fzigbmlv", "version": "fa9294a5ad921fd97c8ce09e736b279622cb7fcf" } { "bom-ref": "6519ff41314eb3b4", "type": "container", "name": "quay.io/rhtap_qe/e2e-tests-nodejs-fzigbmlv:on-pr-fa9294a5ad921fd97c8ce09e736b279622cb7fcf", "version": "sha256:57a0cb9df7361a8de7f08d03a176d210d6c60d34b9ba8375964ed1ef2f439cdd" } ========RUNNING PYTHON ========Running buildah-tssc:upload-sbom There is a discussion in sigstore community triggered by https://github.com/sigstore/cosign/issues/3599. It is likely that cosign attach deprecation will be reverted. Please, ignore deprecation warning for now. WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate /workspace/source/source/results/temp/files/sbom-cyclonedx.json --key '. Uploading SBOM file for [quay.io/rhtap_qe/e2e-tests-nodejs-fzigbmlv:on-pr-fa9294a5ad921fd97c8ce09e736b279622cb7fcf] to [quay.io/rhtap_qe/e2e-tests-nodejs-fzigbmlv:sha256-57a0cb9df7361a8de7f08d03a176d210d6c60d34b9ba8375964ed1ef2f439cdd.sbom] with mediaType [application/vnd.cyclonedx+json]. ========