Skip to content

Update Konflux references#224

Merged
openshift-merge-bot[bot] merged 1 commit into
mainfrom
konflux/references/main
Jul 13, 2026
Merged

Update Konflux references#224
openshift-merge-bot[bot] merged 1 commit into
mainfrom
konflux/references/main

Conversation

@red-hat-konflux-kflux-prd-rh02

@red-hat-konflux-kflux-prd-rh02 red-hat-konflux-kflux-prd-rh02 Bot commented Jul 11, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change
quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks (source, changelog) 3c4f60e2e5ebe0
quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta (source, changelog) 12cbcf0e5ba1f8
quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan (source, changelog) 65370cc9ad20a0
quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta (source, changelog) fc685d6f6a115e
quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta (source, changelog) fda2e51918327b
quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta (source, changelog) 5807ffe4961c44

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 05:00 AM and 11:59 PM, only on Saturday (* 5-23 * * 6)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Signed-off-by: red-hat-konflux-kflux-prd-rh02 <190377777+red-hat-konflux-kflux-prd-rh02[bot]@users.noreply.github.com>
@openshift-ci
openshift-ci Bot requested review from crizzo71 and tirthct July 11, 2026 08:04
@coderabbitai

coderabbitai Bot commented Jul 11, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

Three Tekton PipelineRun manifests update SHA256-pinned bundle references for Git clone, preflight, SAST, Unicode, Snyk, and RPM signature scan tasks. Task names, parameters, results, workspaces, wiring, and conditional execution remain unchanged.

Estimated code review effort: 2 (Simple) | ~10 minutes

🚥 Pre-merge checks | ✅ 11
✅ Passed checks (11 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Sec-02: Secrets In Log Output ✅ Passed PASS: Diff only retargets Tekton bundle SHAs in .tekton YAML; no slog/logr/zap/fmt.Print* calls or secret-bearing log fields were added (CWE-532).
No Hardcoded Secrets ✅ Passed PASS: No hardcoded creds (CWE-798/CWE-321); only SHA-256 bundle digests and templated secret refs like {{ git_auth_secret }}.
No Weak Cryptography ✅ Passed PASS: Diff only retargets Tekton bundle SHA256 digests; no md5/des/rc4, SHA1-for-security, ECB, custom crypto, or secret compares. No CWE-327/CWE-208 issue.
No Injection Vectors ✅ Passed PASS: The PR only updates Tekton bundle digests in .tekton YAML; no SQL/exec/template.HTML/yaml.Unmarshal changes, so no CWE-89/78/79/502 vector.
No Privileged Containers ✅ Passed Changed Tekton YAMLs only update pinned bundle digests; rg/diff found no privileged:true, hostNetwork/IPC/PID, allowPrivilegeEscalation:true, SYS_ADMIN, or runAsUser:0. No CWE-269/CWE-250 signal in...
No Pii Or Sensitive Data In Logs ✅ Passed Only bundle digest updates in .tekton/.yaml; no slog/logr/zap/fmt.Print or request-body logging added. No CWE-532 exposure.
Title check ✅ Passed Title matches the Konflux task reference pin updates (CWE-494).
Description check ✅ Passed Description lists the same Konflux task digest updates as the diff (CWE-494).
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch konflux/references/main
✨ Simplify code
  • Create PR with simplified code
  • Commit simplified code in branch konflux/references/main

Comment @coderabbitai help to get the list of available commands.

@hyperfleet-ci-bot

Copy link
Copy Markdown

Risk Score: 0 — risk/low

Signal Detail Points
PR size 30 lines +0
Sensitive paths none +0

Computed by hyperfleet-risk-scorer

@Ruclo

Ruclo commented Jul 13, 2026

Copy link
Copy Markdown

/retest

1 similar comment
@rafabene

Copy link
Copy Markdown
Member

/retest

@kuudori

kuudori commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

/test unit

@kuudori

kuudori commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

/test lint

@kuudori

kuudori commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

/test unit

@kuudori

kuudori commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

/lgtm

@openshift-ci

openshift-ci Bot commented Jul 13, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: kuudori

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-merge-bot
openshift-merge-bot Bot merged commit 80001e6 into main Jul 13, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants