running buildah-tssc Step: buildah-tssc Results: /workspace/source/source/results/buildah-tssc Custom root CA variable is not set. Make sure CA trust is established ========Running buildah-tssc:login --- Registry Auth Bypass Active --- ========Running buildah-tssc:build [1/2] STEP 1/3: FROM registry.access.redhat.com/ubi9/nodejs-22:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:17780622bfd6e55c1ae4afa4f82780056e4fcf6b7f994a18eb4f22be22cabb59 Copying blob sha256:d91079001e41f3b5af846e11beb8d30c880ad1842142178f178894e7da4a2502 Copying blob sha256:32783d1461b3ee812011d36c3fce99c5071f644064d3655ca39124ccdb1fb88b Copying config sha256:21e88db6643e9b52dfc7cd05504b3e9bd6272db9b930623e689fbe6840ba6c3b Writing manifest to image destination Storing signatures [1/2] STEP 2/3: COPY package.json package-lock.json* ./ [1/2] STEP 3/3: RUN if [ -f package-lock.json ]; then npm ci; else npm install; fi added 102 packages, and audited 103 packages in 2s 19 packages are looking for funding run `npm fund` for details found 0 vulnerabilities [2/2] STEP 1/6: FROM registry.access.redhat.com/ubi9/nodejs-22-minimal:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22-minimal:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:c2bd3d9db966052fa16a55058dea6295ef135c0ea089cfb7b612f5e5981aba40 Copying blob sha256:cd8d59cb7a894fbcbefe70d3cdbc433492e715351e24e77b24a441609ab2de47 Copying config sha256:55505b4473b851a51bb01f8a9e380b506ae7f919bc561c6d760f543dafa1d207 Writing manifest to image destination Storing signatures [2/2] STEP 2/6: COPY --from=0 /opt/app-root/src/node_modules /opt/app-root/src/node_modules [2/2] STEP 3/6: COPY . /opt/app-root/src [2/2] STEP 4/6: ENV NODE_ENV production [2/2] STEP 5/6: ENV PORT 3001 [2/2] STEP 6/6: CMD ["npm", "start"] [2/2] COMMIT quay.io/rhtap_qe/e2e-tests-nodejs-kkyenzls:on-pr-80f5ac828dd0753ff76184dd558737ea4620e126 Getting image source signatures Copying blob sha256:80837ee43f1ea0f9498b45e2d484bbf5094f292e992df3f4bf5a2df601a639af Copying blob sha256:0255acae6356cf339150cf200f3327f575acbeaaa43a4f85357876b66ebb7fbc Copying blob sha256:3b56e45ad67a76676f7bfedddf4411058346b0fb867a419667c06e226ae24733 Copying config sha256:2e4811bb66cf210e4d4687d8f9c8072584b8b9ae3c679791038084e3d66f4bc4 Writing manifest to image destination --> 2e4811bb66cf Successfully tagged quay.io/rhtap_qe/e2e-tests-nodejs-kkyenzls:on-pr-80f5ac828dd0753ff76184dd558737ea4620e126 2e4811bb66cf210e4d4687d8f9c8072584b8b9ae3c679791038084e3d66f4bc4 Getting image source signatures Copying blob sha256:3b56e45ad67a76676f7bfedddf4411058346b0fb867a419667c06e226ae24733 Copying blob sha256:80837ee43f1ea0f9498b45e2d484bbf5094f292e992df3f4bf5a2df601a639af Copying blob sha256:0255acae6356cf339150cf200f3327f575acbeaaa43a4f85357876b66ebb7fbc Copying config sha256:2e4811bb66cf210e4d4687d8f9c8072584b8b9ae3c679791038084e3d66f4bc4 Writing manifest to image destination sha256:47de1b4923ec9842eee23ecfbbebfc523f84e3560799b947dfc977699b61d918quay.io/rhtap_qe/e2e-tests-nodejs-kkyenzls:on-pr-80f5ac828dd0753ff76184dd558737ea4620e126Getting image source signatures Copying blob sha256:3b56e45ad67a76676f7bfedddf4411058346b0fb867a419667c06e226ae24733 Copying blob sha256:80837ee43f1ea0f9498b45e2d484bbf5094f292e992df3f4bf5a2df601a639af Copying blob sha256:0255acae6356cf339150cf200f3327f575acbeaaa43a4f85357876b66ebb7fbc Copying config sha256:2e4811bb66cf210e4d4687d8f9c8072584b8b9ae3c679791038084e3d66f4bc4 Writing manifest to image destination ========Running buildah-tssc:generate-sboms { "bom-ref": "af63bd4c8601b7f1", "type": "file", "name": "e2e-tests-nodejs-kkyenzls", "version": "80f5ac828dd0753ff76184dd558737ea4620e126" } { "bom-ref": "5c2fdb9e8f9d8571", "type": "container", "name": "quay.io/rhtap_qe/e2e-tests-nodejs-kkyenzls:on-pr-80f5ac828dd0753ff76184dd558737ea4620e126", "version": "sha256:47de1b4923ec9842eee23ecfbbebfc523f84e3560799b947dfc977699b61d918" } ========RUNNING PYTHON ========Running buildah-tssc:upload-sbom There is a discussion in sigstore community triggered by https://github.com/sigstore/cosign/issues/3599. It is likely that cosign attach deprecation will be reverted. Please, ignore deprecation warning for now. WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate /workspace/source/source/results/temp/files/sbom-cyclonedx.json --key '. Uploading SBOM file for [quay.io/rhtap_qe/e2e-tests-nodejs-kkyenzls:on-pr-80f5ac828dd0753ff76184dd558737ea4620e126] to [quay.io/rhtap_qe/e2e-tests-nodejs-kkyenzls:sha256-47de1b4923ec9842eee23ecfbbebfc523f84e3560799b947dfc977699b61d918.sbom] with mediaType [application/vnd.cyclonedx+json]. ========