running buildah-tssc Step: buildah-tssc Results: /workspace/source/source/results/buildah-tssc Custom root CA variable is not set. Make sure CA trust is established ========Running buildah-tssc:login --- Registry Auth Bypass Active --- ========Running buildah-tssc:build [1/2] STEP 1/3: FROM registry.access.redhat.com/ubi9/nodejs-22:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:1fe4dbeb24e643ae0b97dbb3ac5b85295ddd66e5ef84590f34e8d1d58ade71d1 Copying blob sha256:04033ddaa0d00cff66f7378146dd7863234b488ff14b787612a1a4b07dc9227d Copying blob sha256:f25fafd6700480acb552f4425b41148ab5966b8a0304018566b36cb7b646dfe6 Copying config sha256:6f90a2d404bc31028ae3dc82010047e1e34688b7f0039610b9854b8521deee6e Writing manifest to image destination Storing signatures [1/2] STEP 2/3: COPY package.json package-lock.json* ./ [1/2] STEP 3/3: RUN if [ -f package-lock.json ]; then npm ci; else npm install; fi added 102 packages, and audited 103 packages in 2s 19 packages are looking for funding run `npm fund` for details found 0 vulnerabilities [2/2] STEP 1/6: FROM registry.access.redhat.com/ubi9/nodejs-22-minimal:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22-minimal:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:a100dc3ed1089d1d907a56a9ad6def530f21d8a235f3511a673c874152c59a8e Copying blob sha256:b1ed13c5ef0ac6dbcd255a5c1be9e3c9c2903872aa4ae5fa877850a48fdaee26 Copying config sha256:8ed08a39b74c71af3c2184f96f19330dea6a8db45a2f4e723fc72094360b9c85 Writing manifest to image destination Storing signatures [2/2] STEP 2/6: COPY --from=0 /opt/app-root/src/node_modules /opt/app-root/src/node_modules [2/2] STEP 3/6: COPY . /opt/app-root/src [2/2] STEP 4/6: ENV NODE_ENV production [2/2] STEP 5/6: ENV PORT 3001 [2/2] STEP 6/6: CMD ["npm", "start"] [2/2] COMMIT quay.io/rhtap_qe/e2e-tests-nodejs-bichrljz:on-pr-68f0489a6b0135fca50e8f90c420f1ee7049b833 Getting image source signatures Copying blob sha256:27c7566eccaf4e42effcd16dc400b419296b7b97f5d1c37a37292489b93ec316 Copying blob sha256:64ab7c75851e87c08dd0349c0561f290ec99ca4a40233bf66f523e9bb13ab9e8 Copying blob sha256:4d3d9ff241b7cba4746d86d3c38453b6fee08071054a5e9bc752604662d75ad5 Copying config sha256:39386c30dd468923e8a0ff7d132301f9c507ffc428103c0657c6ceef02b675c6 Writing manifest to image destination --> 39386c30dd46 Successfully tagged quay.io/rhtap_qe/e2e-tests-nodejs-bichrljz:on-pr-68f0489a6b0135fca50e8f90c420f1ee7049b833 39386c30dd468923e8a0ff7d132301f9c507ffc428103c0657c6ceef02b675c6 Getting image source signatures Copying blob sha256:4d3d9ff241b7cba4746d86d3c38453b6fee08071054a5e9bc752604662d75ad5 Copying blob sha256:64ab7c75851e87c08dd0349c0561f290ec99ca4a40233bf66f523e9bb13ab9e8 Copying blob sha256:27c7566eccaf4e42effcd16dc400b419296b7b97f5d1c37a37292489b93ec316 Copying config sha256:39386c30dd468923e8a0ff7d132301f9c507ffc428103c0657c6ceef02b675c6 Writing manifest to image destination sha256:cfe83006dc69a67b249cd0d939ab0b9f4396cfee706e47a731751f3e8af460c2quay.io/rhtap_qe/e2e-tests-nodejs-bichrljz:on-pr-68f0489a6b0135fca50e8f90c420f1ee7049b833Getting image source signatures Copying blob sha256:4d3d9ff241b7cba4746d86d3c38453b6fee08071054a5e9bc752604662d75ad5 Copying blob sha256:27c7566eccaf4e42effcd16dc400b419296b7b97f5d1c37a37292489b93ec316 Copying blob sha256:64ab7c75851e87c08dd0349c0561f290ec99ca4a40233bf66f523e9bb13ab9e8 Copying config sha256:39386c30dd468923e8a0ff7d132301f9c507ffc428103c0657c6ceef02b675c6 Writing manifest to image destination ========Running buildah-tssc:generate-sboms { "bom-ref": "af63bd4c8601b7f1", "type": "file", "name": "e2e-tests-nodejs-bichrljz", "version": "68f0489a6b0135fca50e8f90c420f1ee7049b833" } { "bom-ref": "01d00803c168883f", "type": "container", "name": "quay.io/rhtap_qe/e2e-tests-nodejs-bichrljz:on-pr-68f0489a6b0135fca50e8f90c420f1ee7049b833", "version": "sha256:cfe83006dc69a67b249cd0d939ab0b9f4396cfee706e47a731751f3e8af460c2" } ========RUNNING PYTHON ========Running buildah-tssc:upload-sbom There is a discussion in sigstore community triggered by https://github.com/sigstore/cosign/issues/3599. It is likely that cosign attach deprecation will be reverted. Please, ignore deprecation warning for now. WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate /workspace/source/source/results/temp/files/sbom-cyclonedx.json --key '. Uploading SBOM file for [quay.io/rhtap_qe/e2e-tests-nodejs-bichrljz:on-pr-68f0489a6b0135fca50e8f90c420f1ee7049b833] to [quay.io/rhtap_qe/e2e-tests-nodejs-bichrljz:sha256-cfe83006dc69a67b249cd0d939ab0b9f4396cfee706e47a731751f3e8af460c2.sbom] with mediaType [application/vnd.cyclonedx+json]. ========