running buildah-tssc Step: buildah-tssc Results: /workspace/source/source/results/buildah-tssc Custom root CA variable is not set. Make sure CA trust is established ========Running buildah-tssc:login --- Registry Auth Bypass Active --- ========Running buildah-tssc:build [1/2] STEP 1/3: FROM registry.access.redhat.com/ubi9/nodejs-22:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:582096acf723fc4ed6f7e071cf8ed3ebc7f6208c4252483aa36a86d8ada7962c Copying blob sha256:82802daa14561c6530ef7fb00bcb9f5af1d332869bbf459b54f53ad0728eb02b Copying blob sha256:4659f647ba9358e423d7a6d11b064756eae785fadb68f83b36a662a36dcc1d2d Copying config sha256:de2e6f236c519da903b7f179ea80c17883ba177e66995737c1f481990c01aec0 Writing manifest to image destination Storing signatures [1/2] STEP 2/3: COPY package.json package-lock.json* ./ [1/2] STEP 3/3: RUN if [ -f package-lock.json ]; then npm ci; else npm install; fi added 102 packages, and audited 103 packages in 4s 19 packages are looking for funding run `npm fund` for details 3 moderate severity vulnerabilities To address all issues, run: npm audit fix Run `npm audit` for details. [2/2] STEP 1/6: FROM registry.access.redhat.com/ubi9/nodejs-22-minimal:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22-minimal:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:20192c9ed207607c4d566baf1685ef6b2df874d8c73252bf3f225ccd15a2d68f Copying blob sha256:8af57f051b373375a1be8f892172089259ad624ed8452291226c539055e60228 Copying config sha256:ccd22d9877998c66934b2d2103bb01b32fd44c01e20b4b65f81ac207da9e9160 Writing manifest to image destination Storing signatures [2/2] STEP 2/6: COPY --from=0 /opt/app-root/src/node_modules /opt/app-root/src/node_modules [2/2] STEP 3/6: COPY . /opt/app-root/src [2/2] STEP 4/6: ENV NODE_ENV production [2/2] STEP 5/6: ENV PORT 3001 [2/2] STEP 6/6: CMD ["npm", "start"] [2/2] COMMIT quay.io/rhtap_qe/e2e-tests-nodejs-tyenzjzb:on-pr-3d8796945f607c06e729622fca83342c687f6a6c Getting image source signatures Copying blob sha256:eb31fffb4653a560fe98f0cdf1563599483471410f682eef43f925913573d867 Copying blob sha256:8ea24990fbb2c2de72af3fd91bf04b5a2718aaf99d9d53cebefcb16ea6dd5652 Copying blob sha256:30d2d02ca0982a58161cd3af5b5788043260bc1f61eea9a409ff7282ee9db1f4 Copying config sha256:12ca4f73aabcc48ae645c107d0ffc4bbe56a75a042c99ec3e7e47f8f9f0d61e5 Writing manifest to image destination --> 12ca4f73aabc Successfully tagged quay.io/rhtap_qe/e2e-tests-nodejs-tyenzjzb:on-pr-3d8796945f607c06e729622fca83342c687f6a6c 12ca4f73aabcc48ae645c107d0ffc4bbe56a75a042c99ec3e7e47f8f9f0d61e5 Getting image source signatures Copying blob sha256:30d2d02ca0982a58161cd3af5b5788043260bc1f61eea9a409ff7282ee9db1f4 Copying blob sha256:eb31fffb4653a560fe98f0cdf1563599483471410f682eef43f925913573d867 Copying blob sha256:8ea24990fbb2c2de72af3fd91bf04b5a2718aaf99d9d53cebefcb16ea6dd5652 Copying config sha256:12ca4f73aabcc48ae645c107d0ffc4bbe56a75a042c99ec3e7e47f8f9f0d61e5 Writing manifest to image destination sha256:17b351d8db7a3ead3055eb392eba1c6aca6f1e82f0841254ca45885af46fad7equay.io/rhtap_qe/e2e-tests-nodejs-tyenzjzb:on-pr-3d8796945f607c06e729622fca83342c687f6a6cGetting image source signatures Copying blob sha256:30d2d02ca0982a58161cd3af5b5788043260bc1f61eea9a409ff7282ee9db1f4 Copying blob sha256:eb31fffb4653a560fe98f0cdf1563599483471410f682eef43f925913573d867 Copying blob sha256:8ea24990fbb2c2de72af3fd91bf04b5a2718aaf99d9d53cebefcb16ea6dd5652 Copying config sha256:12ca4f73aabcc48ae645c107d0ffc4bbe56a75a042c99ec3e7e47f8f9f0d61e5 Writing manifest to image destination ========Running buildah-tssc:generate-sboms { "bom-ref": "af63bd4c8601b7f1", "type": "file", "name": "e2e-tests-nodejs-tyenzjzb", "version": "3d8796945f607c06e729622fca83342c687f6a6c" } { "bom-ref": "73ff6e87be08c088", "type": "container", "name": "quay.io/rhtap_qe/e2e-tests-nodejs-tyenzjzb:on-pr-3d8796945f607c06e729622fca83342c687f6a6c", "version": "sha256:17b351d8db7a3ead3055eb392eba1c6aca6f1e82f0841254ca45885af46fad7e" } ========RUNNING PYTHON ========Running buildah-tssc:upload-sbom There is a discussion in sigstore community triggered by https://github.com/sigstore/cosign/issues/3599. It is likely that cosign attach deprecation will be reverted. Please, ignore deprecation warning for now. WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate /workspace/source/source/results/temp/files/sbom-cyclonedx.json --key '. Uploading SBOM file for [quay.io/rhtap_qe/e2e-tests-nodejs-tyenzjzb:on-pr-3d8796945f607c06e729622fca83342c687f6a6c] to [quay.io/rhtap_qe/e2e-tests-nodejs-tyenzjzb:sha256-17b351d8db7a3ead3055eb392eba1c6aca6f1e82f0841254ca45885af46fad7e.sbom] with mediaType [application/vnd.cyclonedx+json]. ========