From b804d7b66194217f8f4c965ee82547933f4a4d83 Mon Sep 17 00:00:00 2001 From: serverless-qe Date: Wed, 28 Jan 2026 07:02:36 +0000 Subject: [PATCH 1/2] Generate dockerfiles with "make generate-release" --- openshift/ci-operator/knative-images/kn/Dockerfile | 11 +++++++---- .../knative-test-images/grpc-ping/Dockerfile | 7 +++++-- .../knative-test-images/helloworld/Dockerfile | 7 +++++-- .../knative-test-images/servingcontainer/Dockerfile | 7 +++++-- .../knative-test-images/sidecarcontainer/Dockerfile | 7 +++++-- 5 files changed, 27 insertions(+), 12 deletions(-) diff --git a/openshift/ci-operator/knative-images/kn/Dockerfile b/openshift/ci-operator/knative-images/kn/Dockerfile index 92327097c5..882ffa002f 100755 --- a/openshift/ci-operator/knative-images/kn/Dockerfile +++ b/openshift/ci-operator/knative-images/kn/Dockerfile @@ -24,14 +24,17 @@ COPY LICENSE /licenses/ USER 65532 LABEL \ - com.redhat.component="openshift-serverless-1-client-kn-rhel8-container" \ - name="openshift-serverless-1/client-kn-rhel8" \ + com.redhat.component="openshift-serverless-1-kn-client-kn-rhel8-container" \ + name="openshift-serverless-1/kn-client-kn-rhel8" \ version=$VERSION \ summary="Red Hat OpenShift Serverless 1 Client Kn" \ maintainer="serverless-support@redhat.com" \ description="Red Hat OpenShift Serverless 1 Client Kn" \ io.k8s.display-name="Red Hat OpenShift Serverless 1 Client Kn" \ io.k8s.description="Red Hat OpenShift Serverless Client Kn" \ - io.openshift.tags="kn" - + io.openshift.tags="kn" \ + vendor="Red Hat, Inc." \ + release=$VERSION \ + cpe="cpe:/a:redhat:openshift_serverless:1.35::el8" + ENTRYPOINT ["/ko-app/kn"] diff --git a/openshift/ci-operator/knative-test-images/grpc-ping/Dockerfile b/openshift/ci-operator/knative-test-images/grpc-ping/Dockerfile index cdc65186ec..a4da4b4e9b 100755 --- a/openshift/ci-operator/knative-test-images/grpc-ping/Dockerfile +++ b/openshift/ci-operator/knative-test-images/grpc-ping/Dockerfile @@ -30,6 +30,9 @@ LABEL \ description="Red Hat OpenShift Serverless 1 Client Vendor Knative.Dev Serving Test Test Images Grpc Ping" \ io.k8s.display-name="Red Hat OpenShift Serverless 1 Client Vendor Knative.Dev Serving Test Test Images Grpc Ping" \ io.k8s.description="Red Hat OpenShift Serverless Client Vendor Knative.Dev Serving Test Test Images Grpc Ping" \ - io.openshift.tags="vendor-knative.dev-serving-test-test-images-grpc-ping" - + io.openshift.tags="vendor-knative.dev-serving-test-test-images-grpc-ping" \ + vendor="Red Hat, Inc." \ + release=$VERSION \ + cpe="cpe:/a:redhat:openshift_serverless:1.35::el8" + ENTRYPOINT ["/ko-app/grpc-ping"] diff --git a/openshift/ci-operator/knative-test-images/helloworld/Dockerfile b/openshift/ci-operator/knative-test-images/helloworld/Dockerfile index 1c6056fb75..38fee52a12 100755 --- a/openshift/ci-operator/knative-test-images/helloworld/Dockerfile +++ b/openshift/ci-operator/knative-test-images/helloworld/Dockerfile @@ -30,6 +30,9 @@ LABEL \ description="Red Hat OpenShift Serverless 1 Client Test Test Images Helloworld" \ io.k8s.display-name="Red Hat OpenShift Serverless 1 Client Test Test Images Helloworld" \ io.k8s.description="Red Hat OpenShift Serverless Client Test Test Images Helloworld" \ - io.openshift.tags="test-test-images-helloworld" - + io.openshift.tags="test-test-images-helloworld" \ + vendor="Red Hat, Inc." \ + release=$VERSION \ + cpe="cpe:/a:redhat:openshift_serverless:1.35::el8" + ENTRYPOINT ["/ko-app/helloworld"] diff --git a/openshift/ci-operator/knative-test-images/servingcontainer/Dockerfile b/openshift/ci-operator/knative-test-images/servingcontainer/Dockerfile index 31ad933b14..80c3c329d0 100755 --- a/openshift/ci-operator/knative-test-images/servingcontainer/Dockerfile +++ b/openshift/ci-operator/knative-test-images/servingcontainer/Dockerfile @@ -30,6 +30,9 @@ LABEL \ description="Red Hat OpenShift Serverless 1 Client Vendor Knative.Dev Serving Test Test Images Multicontainer Servingcontainer" \ io.k8s.display-name="Red Hat OpenShift Serverless 1 Client Vendor Knative.Dev Serving Test Test Images Multicontainer Servingcontainer" \ io.k8s.description="Red Hat OpenShift Serverless Client Vendor Knative.Dev Serving Test Test Images Multicontainer Servingcontainer" \ - io.openshift.tags="vendor-knative.dev-serving-test-test-images-multicontainer-servingcontainer" - + io.openshift.tags="vendor-knative.dev-serving-test-test-images-multicontainer-servingcontainer" \ + vendor="Red Hat, Inc." \ + release=$VERSION \ + cpe="cpe:/a:redhat:openshift_serverless:1.35::el8" + ENTRYPOINT ["/ko-app/servingcontainer"] diff --git a/openshift/ci-operator/knative-test-images/sidecarcontainer/Dockerfile b/openshift/ci-operator/knative-test-images/sidecarcontainer/Dockerfile index 67709c3f22..5f52e56e29 100755 --- a/openshift/ci-operator/knative-test-images/sidecarcontainer/Dockerfile +++ b/openshift/ci-operator/knative-test-images/sidecarcontainer/Dockerfile @@ -30,6 +30,9 @@ LABEL \ description="Red Hat OpenShift Serverless 1 Client Vendor Knative.Dev Serving Test Test Images Multicontainer Sidecarcontainer" \ io.k8s.display-name="Red Hat OpenShift Serverless 1 Client Vendor Knative.Dev Serving Test Test Images Multicontainer Sidecarcontainer" \ io.k8s.description="Red Hat OpenShift Serverless Client Vendor Knative.Dev Serving Test Test Images Multicontainer Sidecarcontainer" \ - io.openshift.tags="vendor-knative.dev-serving-test-test-images-multicontainer-sidecarcontainer" - + io.openshift.tags="vendor-knative.dev-serving-test-test-images-multicontainer-sidecarcontainer" \ + vendor="Red Hat, Inc." \ + release=$VERSION \ + cpe="cpe:/a:redhat:openshift_serverless:1.35::el8" + ENTRYPOINT ["/ko-app/sidecarcontainer"] From 1a35afa03ca7c189310b6da5701a90d33b35e7c2 Mon Sep 17 00:00:00 2001 From: serverless-qe Date: Wed, 28 Jan 2026 07:02:37 +0000 Subject: [PATCH 2/2] [release-v1.15] Sync Konflux configurations --- .tekton/docker-build.yaml | 70 +++++++++++++++++++++------------------ 1 file changed, 38 insertions(+), 32 deletions(-) diff --git a/.tekton/docker-build.yaml b/.tekton/docker-build.yaml index f86eb7ba2f..d5ebff29a4 100755 --- a/.tekton/docker-build.yaml +++ b/.tekton/docker-build.yaml @@ -1,7 +1,6 @@ apiVersion: tekton.dev/v1 kind: Pipeline metadata: - creationTimestamp: labels: pipelines.openshift.io/runtime: generic pipelines.openshift.io/strategy: docker @@ -13,27 +12,14 @@ spec: _Uses `buildah` to create a multi-platform container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. This pipeline requires that the [multi platform controller](https://github.com/konflux-ci/multi-platform-controller) is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks. This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta?tab=tags)_ - finally: - - name: show-sbom - params: - - name: IMAGE_URL - value: $(tasks.build-image-index.results.IMAGE_URL) - taskRef: - params: - - name: name - value: show-sbom - - name: bundle - value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7 - - name: kind - value: task - resolver: bundles params: - default: - linux/x86_64 - linux/arm64 - linux/ppc64le - linux/s390x - description: List of platforms to build the container images on. The available set of values is determined by the configuration of the multi-platform-controller. + description: List of platforms to build the container images on. The available + set of values is determined by the configuration of the multi-platform-controller. name: build-platforms type: array - default: --all-projects --org=3e1a4cca-ebfb-495f-b64c-3cc960d566b4 --exclude=test*,vendor,third_party @@ -45,7 +31,8 @@ spec: name: build-source-image type: string - default: "false" - description: 'Enable in-development package managers. WARNING: the behavior may change at any time without notice. Use at your own risk.' + description: 'Enable in-development package managers. WARNING: the behavior may + change at any time without notice. Use at your own risk.' name: prefetch-input-dev-package-managers - default: [] description: Additional image tags @@ -62,11 +49,13 @@ spec: name: output-image type: string - default: . - description: Path to the source code of an application's component from where to build image. + description: Path to the source code of an application's component from where + to build image. name: path-context type: string - default: Dockerfile - description: Path to the Dockerfile inside the context specified by parameter path-context + description: Path to the Dockerfile inside the context specified by parameter + path-context name: dockerfile type: string - default: "false" @@ -82,17 +71,26 @@ spec: name: hermetic type: string - default: "" - description: Build dependencies to be prefetched by Cachi2 + description: Build dependencies to be prefetched name: prefetch-input type: string - default: "" - description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively. + description: Image tag expiration time, time values could be something like 1h, + 2d, 3w for hours, days, and weeks, respectively. name: image-expires-after type: string - default: "true" description: Add built image into an OCI image index name: build-image-index type: string + - default: docker + description: The format for the resulting image's mediaType. Valid values are + oci or docker. + name: buildah-format + type: string + - default: "false" + description: Enable cache proxy configuration + name: enable-cache-proxy - default: [] description: Array of --build-arg values ("arg=value" strings) for buildah name: build-args @@ -102,13 +100,10 @@ spec: name: build-args-file type: string - default: "false" - description: Whether to enable privileged mode, should be used only with remote VMs + description: Whether to enable privileged mode, should be used only with remote + VMs name: privileged-nested type: string - - name: enable-cache-proxy - default: 'false' - description: Enable cache proxy configuration - type: string results: - description: "" name: IMAGE_URL @@ -274,16 +269,20 @@ spec: value: $(params.build-args-file) - name: PRIVILEGED_NESTED value: $(params.privileged-nested) + - name: SOURCE_URL + value: $(tasks.clone-repository.results.url) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) + - name: HTTP_PROXY + value: $(tasks.init.results.http-proxy) + - name: NO_PROXY + value: $(tasks.init.results.no-proxy) - name: SOURCE_ARTIFACT value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT) - name: CACHI2_ARTIFACT value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT) - name: IMAGE_APPEND_PLATFORM value: "true" - - name: HTTP_PROXY - value: $(tasks.init.results.http-proxy) - - name: NO_PROXY - value: $(tasks.init.results.no-proxy) runAfter: - prefetch-dependencies taskRef: @@ -313,6 +312,8 @@ spec: - name: IMAGES value: - $(tasks.build-images.results.IMAGE_REF[*]) + - name: BUILDAH_FORMAT + value: $(params.buildah-format) runAfter: - build-images taskRef: @@ -408,7 +409,12 @@ spec: operator: in values: - "false" - - name: ecosystem-cert-preflight-checks + - matrix: + params: + - name: platform + value: + - $(params.build-platforms) + name: ecosystem-cert-preflight-checks params: - name: image-url value: $(tasks.build-image-index.results.IMAGE_URL) @@ -543,7 +549,7 @@ spec: - name: name value: rpms-signature-scan - name: bundle - value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:49ff6d117c3e9dc3966d1244e118e168b3501742ec14c3a4161a276ff48d04d5 + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:f2df541f49b5310f343b55f58b0881a46a2b46c5df39a9c34563c5042b106f6f - name: kind value: task resolver: bundles