running buildah-tssc Step: buildah-tssc Results: /workspace/source/source/results/buildah-tssc Custom root CA variable is not set. Make sure CA trust is established ========Running buildah-tssc:login --- Registry Auth Bypass Active --- ========Running buildah-tssc:build [1/2] STEP 1/4: FROM registry.access.redhat.com/ubi9/go-toolset:9.8-1782910875 Trying to pull registry.access.redhat.com/ubi9/go-toolset:9.8-1782910875... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:0f64062d29a65e9daf7ec2b81d4e0f75049f2477af8d99a1fc33c0ebade4bf7b Copying blob sha256:a65b1d5fa71f2275b83830542c74d937ba4151138631910bd375d577f8ceeed8 Copying blob sha256:3c81e64f14b93005a09f220277cdea760f9e8e28bed4b38af282dc54703108ce Copying blob sha256:9e467b4dd658511100caa2e4e2613ef962ee7dac6284100d625355af9540f993 Copying config sha256:1f7abcaf623a5452216b574f76472d76599b7a1c1cec531a04cccef51eddcf33 Writing manifest to image destination Storing signatures [1/2] STEP 2/4: COPY . . [1/2] STEP 3/4: RUN go mod download go: no module dependencies to download [1/2] STEP 4/4: RUN go build -buildvcs=false -o ./main [2/2] STEP 1/5: FROM registry.access.redhat.com/ubi9/ubi-micro:latest Trying to pull registry.access.redhat.com/ubi9/ubi-micro:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:467c53df85ca9327203be5317e52460f3d1ca5fe0ea4fe982b3145f58ceed714 Copying config sha256:cd39a5a508009b58a17bae6307b6cd16056a63b01382d235a10f31b9542af740 Writing manifest to image destination Storing signatures [2/2] STEP 2/5: COPY --from=0 /opt/app-root/src/main ./main [2/2] STEP 3/5: ENV PORT 8081 [2/2] STEP 4/5: EXPOSE 8081 [2/2] STEP 5/5: CMD [ "./main" ] [2/2] COMMIT quay.io/rhtap_qe/e2e-tests-go-bdmcjuon:on-pr-bca86c81c1560ea8dd05ad7bdb9d2be240e00dc0 Getting image source signatures Copying blob sha256:c7f0581deee3537883fe1e34d0d4a741a7a90c095427f2ababb4fba4dd6ead93 Copying blob sha256:877827ef4a1549e2060ce6aad3690d0be0846e8d004122ea81889c183268477d Copying config sha256:2940e017037b0502b6dba36a2d003764e6a94d70de5d87155ef29b5b390aec0e Writing manifest to image destination --> 2940e017037b Successfully tagged quay.io/rhtap_qe/e2e-tests-go-bdmcjuon:on-pr-bca86c81c1560ea8dd05ad7bdb9d2be240e00dc0 2940e017037b0502b6dba36a2d003764e6a94d70de5d87155ef29b5b390aec0e Getting image source signatures Copying blob sha256:877827ef4a1549e2060ce6aad3690d0be0846e8d004122ea81889c183268477d Copying blob sha256:c7f0581deee3537883fe1e34d0d4a741a7a90c095427f2ababb4fba4dd6ead93 Copying config sha256:2940e017037b0502b6dba36a2d003764e6a94d70de5d87155ef29b5b390aec0e Writing manifest to image destination sha256:b9c2b30a2892d0079d290c4c4ac821b398faf6912ef8ef38a323ff30a3778705quay.io/rhtap_qe/e2e-tests-go-bdmcjuon:on-pr-bca86c81c1560ea8dd05ad7bdb9d2be240e00dc0Getting image source signatures Copying blob sha256:877827ef4a1549e2060ce6aad3690d0be0846e8d004122ea81889c183268477d Copying blob sha256:c7f0581deee3537883fe1e34d0d4a741a7a90c095427f2ababb4fba4dd6ead93 Copying config sha256:2940e017037b0502b6dba36a2d003764e6a94d70de5d87155ef29b5b390aec0e Writing manifest to image destination ========Running buildah-tssc:generate-sboms { "bom-ref": "af63bd4c8601b7f1", "type": "file", "name": "e2e-tests-go-bdmcjuon", "version": "bca86c81c1560ea8dd05ad7bdb9d2be240e00dc0" } { "bom-ref": "1ca4d010c706f635", "type": "container", "name": "quay.io/rhtap_qe/e2e-tests-go-bdmcjuon:on-pr-bca86c81c1560ea8dd05ad7bdb9d2be240e00dc0", "version": "sha256:b9c2b30a2892d0079d290c4c4ac821b398faf6912ef8ef38a323ff30a3778705" } ========RUNNING PYTHON ========Running buildah-tssc:upload-sbom There is a discussion in sigstore community triggered by https://github.com/sigstore/cosign/issues/3599. It is likely that cosign attach deprecation will be reverted. Please, ignore deprecation warning for now. WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate /workspace/source/source/results/temp/files/sbom-cyclonedx.json --key '. Uploading SBOM file for [quay.io/rhtap_qe/e2e-tests-go-bdmcjuon:on-pr-bca86c81c1560ea8dd05ad7bdb9d2be240e00dc0] to [quay.io/rhtap_qe/e2e-tests-go-bdmcjuon:sha256-b9c2b30a2892d0079d290c4c4ac821b398faf6912ef8ef38a323ff30a3778705.sbom] with mediaType [application/vnd.cyclonedx+json]. ========