Skip to content

Update Konflux references#240

Merged
openshift-merge-bot[bot] merged 1 commit into
mainfrom
konflux/references/main
Jul 13, 2026
Merged

Update Konflux references#240
openshift-merge-bot[bot] merged 1 commit into
mainfrom
konflux/references/main

Conversation

@red-hat-konflux-kflux-prd-rh02

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change
quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks (source, changelog) 3c4f60e2e5ebe0
quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta (source, changelog) 12cbcf0e5ba1f8
quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan (source, changelog) 65370cc9ad20a0
quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta (source, changelog) fc685d6f6a115e
quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta (source, changelog) fda2e51918327b
quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta (source, changelog) 5807ffe4961c44

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 05:00 AM and 11:59 PM, only on Saturday (* 5-23 * * 6)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Signed-off-by: red-hat-konflux-kflux-prd-rh02 <190377777+red-hat-konflux-kflux-prd-rh02[bot]@users.noreply.github.com>
@openshift-ci
openshift-ci Bot requested review from crizzo71 and mbrudnoy July 11, 2026 08:04
@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

Updated pinned Tekton catalog task bundle SHA256 digests in the chart-push, push, and tag PipelineRuns. The changes cover git clone, ecosystem certification preflight, SAST Snyk, shell and Unicode checks, and RPM signature scanning. Pipeline parameters, task wiring, workspaces, ordering, and conditional logic remain unchanged.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 11
✅ Passed checks (11 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output ✅ Passed Only Tekton digest pins changed in three YAML files; no log statements with token/password/secret fields were introduced. CWE-532 not observed.
No Hardcoded Secrets ✅ Passed Only Tekton bundle digests changed; no hardcoded API keys/tokens/passwords/private keys, no user:pass@ URLs, and no string-literal secret assignments (CWE-798/CWE-259).
No Weak Cryptography ✅ Passed Only Tekton bundle digest pins changed; no md5/des/rc4, SHA1-for-security, ECB, custom crypto, or secret comparisons found. CWE-327/CWE-208 not implicated.
No Injection Vectors ✅ Passed Only Tekton bundle digest pins changed in .tekton PipelineRuns; no CWE-89/CWE-78/CWE-79/CWE-502 code paths were introduced.
No Privileged Containers ✅ Passed Only task bundle digests changed; no privileged: true, hostPID/Network/IPC, SYS_ADMIN, or root context in the touched Tekton manifests (CWE-250/269).
No Pii Or Sensitive Data In Logs ✅ Passed HEAD^..HEAD only updates Tekton bundle digests; no new slog/logr/zap/fmt.Print/echo lines or sensitive-data fields. CWE-532 not introduced.
Title check ✅ Passed The title matches the main change: updating pinned Konflux task references in Tekton PipelineRuns.
Description check ✅ Passed The description is directly related and enumerates the Konflux digest updates made in this PR.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch konflux/references/main
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch konflux/references/main

Comment @coderabbitai help to get the list of available commands.

@hyperfleet-ci-bot

Copy link
Copy Markdown

Risk Score: 0 — risk/low

Signal Detail Points
PR size 30 lines +0
Sensitive paths none +0

Computed by hyperfleet-risk-scorer

@rafabene

Copy link
Copy Markdown
Member

/lgtm

@openshift-ci

openshift-ci Bot commented Jul 13, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rafabene

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot
openshift-merge-bot Bot merged commit 7ad9849 into main Jul 13, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant