running buildah-tssc Step: buildah-tssc Results: /workspace/source/source/results/buildah-tssc Custom root CA variable is not set. Make sure CA trust is established ========Running buildah-tssc:login --- Registry Auth Bypass Active --- ========Running buildah-tssc:build [1/2] STEP 1/3: FROM registry.access.redhat.com/ubi9/nodejs-22:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:a6a8b24d0ebf7c69aa002b6e09a307e5638a46e10f6d141e123cd73ea73b44d8 Copying blob sha256:e49a5008e833d53b5dcd8ffdcb995f66aecafd52bfee5233f16c0f3b161e3431 Copying blob sha256:15ff23c3b2e178cb3ea1caa12f6fbe9ba23536bf0d0c938ef17359ac61bb5174 Copying config sha256:ab32ff3847341698c9b154b3f8f5ba854317219d9396151d31fd04de24be2567 Writing manifest to image destination Storing signatures [1/2] STEP 2/3: COPY package.json package-lock.json* ./ [1/2] STEP 3/3: RUN if [ -f package-lock.json ]; then npm ci; else npm install; fi added 102 packages, and audited 103 packages in 2s 19 packages are looking for funding run `npm fund` for details found 0 vulnerabilities [2/2] STEP 1/6: FROM registry.access.redhat.com/ubi9/nodejs-22-minimal:latest Trying to pull registry.access.redhat.com/ubi9/nodejs-22-minimal:latest... Getting image source signatures Checking if image destination supports signatures Copying blob sha256:2b1e42162848cc0fe3406dc97ecab25501721cd92b1692fe441f25f3ed3c254f Copying blob sha256:c770e69088fa05bea8942da1c1e3fa6066cc7c288153d81443e0c9435861e0b1 Copying config sha256:304eaf317abbc88d6fd37c3adf94dd2a3b52a24f53f2b53d885a48f54290deb7 Writing manifest to image destination Storing signatures [2/2] STEP 2/6: COPY --from=0 /opt/app-root/src/node_modules /opt/app-root/src/node_modules [2/2] STEP 3/6: COPY . /opt/app-root/src [2/2] STEP 4/6: ENV NODE_ENV production [2/2] STEP 5/6: ENV PORT 3001 [2/2] STEP 6/6: CMD ["npm", "start"] [2/2] COMMIT quay.io/rhtap_qe/e2e-tests-nodejs-lrhhcaeh:on-pr-4e9e77519f5337cdcf0e3a467e63a943d5c77c72 Getting image source signatures Copying blob sha256:73dd5047f87493ec5a883a7efcc591fcf9fd17284490e83ae258105607396e34 Copying blob sha256:5456c0be68aec2de1367c20ffbad3fc7573764eaa3398a44ea59302046f87574 Copying blob sha256:fdae54c485a66ae6f9632b3d69f71095504eb9777a19142bae1a4e73f248febc Copying config sha256:3392426ecc113ce20d65922ed26227b350bf41e686b28223d619ea14541f3ca4 Writing manifest to image destination --> 3392426ecc11 Successfully tagged quay.io/rhtap_qe/e2e-tests-nodejs-lrhhcaeh:on-pr-4e9e77519f5337cdcf0e3a467e63a943d5c77c72 3392426ecc113ce20d65922ed26227b350bf41e686b28223d619ea14541f3ca4 Getting image source signatures Copying blob sha256:fdae54c485a66ae6f9632b3d69f71095504eb9777a19142bae1a4e73f248febc Copying blob sha256:5456c0be68aec2de1367c20ffbad3fc7573764eaa3398a44ea59302046f87574 Copying blob sha256:73dd5047f87493ec5a883a7efcc591fcf9fd17284490e83ae258105607396e34 Copying config sha256:3392426ecc113ce20d65922ed26227b350bf41e686b28223d619ea14541f3ca4 Writing manifest to image destination sha256:a284583d57160ee3a3e4ae8cb344e32612066e6051098692b5a795e2abb09cb7quay.io/rhtap_qe/e2e-tests-nodejs-lrhhcaeh:on-pr-4e9e77519f5337cdcf0e3a467e63a943d5c77c72Getting image source signatures Copying blob sha256:fdae54c485a66ae6f9632b3d69f71095504eb9777a19142bae1a4e73f248febc Copying blob sha256:73dd5047f87493ec5a883a7efcc591fcf9fd17284490e83ae258105607396e34 Copying blob sha256:5456c0be68aec2de1367c20ffbad3fc7573764eaa3398a44ea59302046f87574 Copying config sha256:3392426ecc113ce20d65922ed26227b350bf41e686b28223d619ea14541f3ca4 Writing manifest to image destination ========Running buildah-tssc:generate-sboms { "bom-ref": "af63bd4c8601b7f1", "type": "file", "name": "e2e-tests-nodejs-lrhhcaeh", "version": "4e9e77519f5337cdcf0e3a467e63a943d5c77c72" } { "bom-ref": "8efc90eea0a48930", "type": "container", "name": "quay.io/rhtap_qe/e2e-tests-nodejs-lrhhcaeh:on-pr-4e9e77519f5337cdcf0e3a467e63a943d5c77c72", "version": "sha256:a284583d57160ee3a3e4ae8cb344e32612066e6051098692b5a795e2abb09cb7" } ========RUNNING PYTHON ========Running buildah-tssc:upload-sbom There is a discussion in sigstore community triggered by https://github.com/sigstore/cosign/issues/3599. It is likely that cosign attach deprecation will be reverted. Please, ignore deprecation warning for now. WARNING: SBOM attachments are deprecated and support will be removed in a Cosign release soon after 2024-02-22 (see https://github.com/sigstore/cosign/issues/2755). Instead, please use SBOM attestations. WARNING: Attaching SBOMs this way does not sign them. To sign them, use 'cosign attest --predicate /workspace/source/source/results/temp/files/sbom-cyclonedx.json --key '. Uploading SBOM file for [quay.io/rhtap_qe/e2e-tests-nodejs-lrhhcaeh:on-pr-4e9e77519f5337cdcf0e3a467e63a943d5c77c72] to [quay.io/rhtap_qe/e2e-tests-nodejs-lrhhcaeh:sha256-a284583d57160ee3a3e4ae8cb344e32612066e6051098692b5a795e2abb09cb7.sbom] with mediaType [application/vnd.cyclonedx+json]. ========