Skip to content

chore(deps): update konflux references#835

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/references/main
Open

chore(deps): update konflux references#835
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/references/main

Conversation

@red-hat-konflux
Copy link
Copy Markdown
Contributor

@red-hat-konflux red-hat-konflux Bot commented May 9, 2026
edited
Loading

This PR contains the following updates:

Package Change
quay.io/konflux-ci/tekton-catalog/task-build-image-index (source, changelog) 550afdeb33bfa8
quay.io/konflux-ci/tekton-catalog/task-buildah (source, changelog) 62f09c53fc8080
quay.io/konflux-ci/tekton-catalog/task-clair-scan (source, changelog) cd49cde8fad4c2
quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check (source, changelog) 57d1f55e78d0d3
quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks (source, changelog) 25dcef188f4fd6
quay.io/konflux-ci/tekton-catalog/task-git-clone (source, changelog) 7db7ad9fedaacb
quay.io/konflux-ci/tekton-catalog/task-init (source, changelog) b797dd45a42324
quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies (source, changelog) 44eb23cd127e05
quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan (source, changelog) 1d807f6237c54b
quay.io/konflux-ci/tekton-catalog/task-sast-shell-check (source, changelog) 2cd09c9ffc6d57
quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check (source, changelog) 566753c8beb3a1
quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check (source, changelog) c162d9d7631757
quay.io/konflux-ci/tekton-catalog/task-source-build (source, changelog) df999472f846d3

Configuration

📅 Schedule: Branch creation - Between 05:00 AM and 11:59 PM, only on Saturday ( * 5-23 * * 6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@sourcery-ai
Copy link
Copy Markdown

sourcery-ai Bot commented May 9, 2026
edited
Loading

Reviewer's Guide

Updates Konflux Tekton task bundle digests in the ROS backend PR and push pipelines and introduces a configurable SAST target directories parameter that is wired into existing SAST-related tasks.

Sequence diagram for configurable SAST target directories in ROS backend Tekton pipelines

sequenceDiagram
  actor Developer
  participant TektonPipeline as TektonPipeline_ros_backend
  participant TaskBuild as Task_build_image_index
  participant TaskDeprecated as Task_deprecated_image_check
  participant TaskClair as Task_clair_scan
  participant TaskEco as Task_ecosystem_cert_preflight_checks

  Developer->>TektonPipeline: Start pipeline with sast-target-dirs
  TektonPipeline->>TektonPipeline: Read param sast-target-dirs (default .)

  TektonPipeline->>TaskBuild: Run build-image-index
  TaskBuild-->>TektonPipeline: IMAGE_URL, IMAGE_DIGEST

  TektonPipeline->>TaskDeprecated: Run deprecated-image-check
  Note over TektonPipeline,TaskDeprecated: Pass IMAGE_URL, IMAGE_DIGEST and TARGET_DIRS = sast-target-dirs

  TektonPipeline->>TaskClair: Run clair-scan
  Note over TektonPipeline,TaskClair: Pass IMAGE_URL, IMAGE_DIGEST and TARGET_DIRS = sast-target-dirs

  TektonPipeline->>TaskEco: Run ecosystem-cert-preflight-checks
  Note over TektonPipeline,TaskEco: Pass IMAGE_URL, IMAGE_DIGEST and TARGET_DIRS = sast-target-dirs

  TaskDeprecated-->>TektonPipeline: SAST scan result
  TaskClair-->>TektonPipeline: Vulnerability scan result
  TaskEco-->>TektonPipeline: Preflight checks result

  TektonPipeline-->>Developer: Combined pipeline status
Loading

File-Level Changes

Change Details Files
Add a configurable SAST target directories parameter and pass it through to SAST tasks in both PR and push pipelines.
  • Introduce a new string Pipeline parameter sast-target-dirs with default . and descriptive help text.
  • Thread the new parameter into SAST task invocations by setting the TARGET_DIRS task parameter from $(params.sast-target-dirs) for all relevant scan tasks.
  • Apply these changes consistently in both .tekton/ros-backend-pull-request.yaml and .tekton/ros-backend-push.yaml.
 .tekton/ros-backend-pull-request.yaml
.tekton/ros-backend-push.yaml
Update Konflux Tekton catalog task bundle image digests to newer revisions in the ROS backend pipelines.
  • Bump the task-init:0.4 bundle sha256 digest to the latest Konflux reference in both pipelines.
  • Bump the task-prefetch-dependencies:0.3 bundle sha256 digest to the latest Konflux reference in both pipelines.
  • Bump the task-rpms-signature-scan:0.2 bundle sha256 digest to the latest Konflux reference in both pipelines.
  • Bump the task-deprecated-image-check:0.5 bundle sha256 digest to the latest Konflux reference in both pipelines.
  • Bump the task-clair-scan:0.3 bundle sha256 digest to the latest Konflux reference in both pipelines.
  • Bump the task-ecosystem-cert-preflight-checks:0.2 bundle sha256 digest to the latest Konflux reference in both pipelines.
 .tekton/ros-backend-pull-request.yaml
.tekton/ros-backend-push.yaml
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch from f6388aa to cbe5e11 Compare May 9, 2026 05:42
sourcery-ai[bot]
sourcery-ai Bot reviewed May 9, 2026
View reviewed changes
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've reviewed your changes and they look great!

Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch 2 times, most recently from ff7692f to 252cf49 Compare May 16, 2026 05:48
@codecov-commenter
Copy link
Copy Markdown

codecov-commenter commented May 16, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.84%. Comparing base (82ada53) to head (252cf49).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #835   +/-   ##
=======================================
  Coverage   69.84%   69.84%           
=======================================
  Files          48       48           
  Lines        2849     2849           
=======================================
  Hits         1990     1990           
  Misses        859      859
Flag Coverage Δ
unittests 69.84% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch 2 times, most recently from 41db7f0 to ef6bd9c Compare May 23, 2026 05:50
@red-hat-konflux
chore(deps): update konflux references
658eabd 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch from ef6bd9c to 658eabd Compare May 30, 2026 05:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@codecov-commenter