Skip to content

Update Konflux references#1642

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/references/main
Open

Update Konflux references#1642
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/references/main

Conversation

@red-hat-konflux
Copy link
Copy Markdown
Contributor

@red-hat-konflux red-hat-konflux Bot commented Feb 7, 2026
edited
Loading

This PR contains the following updates:

Package Change Notes
quay.io/konflux-ci/tekton-catalog/task-apply-tags (source, changelog) 0.20.3 ⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-build-image-index (source, changelog) 0.20.3 ⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta (source, changelog) 0.70.9 ⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-clair-scan (source, changelog) ee558db8fad4c2
quay.io/konflux-ci/tekton-catalog/task-clamav-scan (source, changelog) f3d2d17567cb66
quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check (source, changelog) 462baede78d0d3
quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks (source, changelog) 04f75599c30072
quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta (source, changelog) 0a89e1ad30f13d
quay.io/konflux-ci/tekton-catalog/task-init (source, changelog) 0.20.4 ⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta (source, changelog) 0.20.3 ⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta (source, changelog) 0.10.3 ⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta (source, changelog) 8ad28b78f3ecbe
quay.io/konflux-ci/tekton-catalog/task-show-sbom (source, changelog) beb0616a7346ed
quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta (source, changelog) 4abb2db0917cfc

Release Notes

konflux-ci/build-definitions (quay.io/konflux-ci/tekton-catalog/task-apply-tags)

v0.3

  • Switched from bash implementation to Konflux Build CLI.
  • Deprecated older 0.1 and 0.2 versions.
konflux-ci/build-definitions (quay.io/konflux-ci/tekton-catalog/task-build-image-index)

v0.3

Changed
  • The task now uses konflux-build-cli for the build step instead of an inline bash
    implementation. This provides more robust error handling and simplified maintenance.
  • When ALWAYS_BUILD_INDEX is false and multiple images are provided, the task now
    creates an image index instead of failing. The previous behavior (failing with an error)
    was not useful.
  • Image reference validation is now stricter and will fail earlier for invalid formats.
Removed
  • COMMIT_SHA parameter (was not used by the task implementation)
  • IMAGE_EXPIRES_AFTER parameter (was not used by the task implementation)
Added
  • Started tracking changes in this file.
konflux-ci/build-definitions (quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta)

v0.9

Fixed
  • Version bump to stay in sync with buildah-remote-oci-ta. The remote variant now has --fail
    flag and error handling on the curl call that retrieves the SSH key from the OTP server.

v0.8

Fixed
  • Platform build arguments (BUILDPLATFORM, TARGETPLATFORM) now correctly include CPU variant
    for ARM architectures (e.g., linux/arm/v7 or linux/arm64/v8 instead of just linux/arm
    or linux/arm64).
konflux-ci/build-definitions (quay.io/konflux-ci/tekton-catalog/task-init)

v0.4

  • Pipeline upgrade: Remove PipelineRun parameter sast-target-dirs with invalid attributes from PipelineRun .spec.params definition

v0.3

  • Remove params image-url, rebuild and skip-checks
  • Remove task result build
konflux-ci/build-definitions (quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta)

v0.3

  • Added enable-package-registry-proxy parameter to enable use of the package registry proxy when prefetching dependencies.
  • Added SERVICE_CA_TRUST_CONFIG_MAP_NAME and SERVICE_CA_TRUST_CONFIG_MAP_KEY parameters to mount the OpenShift service CA for verifying TLS connections to in-cluster services such as the package registry proxy.
konflux-ci/build-definitions (quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta)

v0.3

Fixed
  • Use Dockerfile as the file name in the uploaded artifact, regardless of the name of the actual file.

v0.2

Removed
  • BREAKING: Support for Dockerfile downloading in Konflux Build Pipeline.

Configuration

📅 Schedule: Branch creation - Between 05:00 AM and 11:59 PM, only on Saturday ( * 5-23 * * 6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch 2 times, most recently from 4942073 to 894a7fa Compare February 21, 2026 08:57
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch from 894a7fa to 5b179e7 Compare February 28, 2026 05:18
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch 2 times, most recently from 73f2151 to e11884c Compare March 14, 2026 05:29
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch 2 times, most recently from 53f9285 to 266c52d Compare March 28, 2026 05:35
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch 2 times, most recently from 3b71952 to f878cde Compare April 10, 2026 01:34
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch 2 times, most recently from db64528 to 273808e Compare April 18, 2026 05:34
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch from 273808e to 7499a58 Compare April 25, 2026 05:49
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch from 7499a58 to 0be85e3 Compare May 2, 2026 05:49
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch from 0be85e3 to 27ef8d3 Compare May 9, 2026 05:51
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch from 27ef8d3 to ee9c6dc Compare May 16, 2026 05:56
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 16, 2026
edited
Loading

Mend Scan Results

Status: ⚠️ Findings detected

⚠️ SCA findings detected

⚠️ SAST findings detected

SCA scan output 
 keycloak-installed-adapter-25.0.3.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
		|-- undertow-core-2.2.24.Final.jar [1 CRITICAL, 11 HIGH, 3 MEDIUM]
		|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
		|-- keycloak-adapter-core-25.0.3.jar [1 MEDIUM]
			|-- jackson-core-2.19.2.jar [1 HIGH]
			|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
			|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
			|-- keycloak-crypto-default-25.0.3.jar
				|-- bcpkix-jdk18on-1.74.jar [2 MEDIUM]
					|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
					|-- bcutil-jdk18on-1.74.jar
						|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
				|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
				|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
				|-- keycloak-server-spi-private-25.0.3.jar [1 HIGH, 4 MEDIUM, 1 LOW]
					|-- guava-28.1-jre.jar [1 MEDIUM, 1 LOW]
					|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
				|-- keycloak-server-spi-25.0.3.jar
					|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
		|-- keycloak-adapter-spi-25.0.3.jar
			|-- bcprov-jdk18on-1.74.jar [2 CRITICAL, 3 HIGH, 4 MEDIUM]
		|-- keycloak-core-25.0.3.jar [1 HIGH, 3 MEDIUM, 2 LOW]
			|-- jackson-core-2.19.2.jar [1 HIGH]
			|-- keycloak-common-25.0.3.jar [2 MEDIUM]
|-- common-3.4.1-SNAPSHOT.jar
	|-- jackson-dataformat-yaml-2.19.2.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- pom-manipulation-common-lite-5.3.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- pnc-common-3.5.0.jar
		|-- jsoup-1.22.2.jar
			|-- netty-codec-http-4.1.84.Final.jar [3 HIGH, 9 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [1 MEDIUM]
|-- config-3.4.1-SNAPSHOT.jar
	|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- jackson-databind-2.19.2.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
|-- opentelemetry-ext-cli-java-2.0.0.jar
	|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
	|-- opentelemetry-exporter-otlp-1.51.0.jar
		|-- opentelemetry-exporter-otlp-common-1.51.0.jar
			|-- opentelemetry-exporter-common-1.51.0.jar
				|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
		|-- opentelemetry-sdk-logs-1.51.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
		|-- opentelemetry-sdk-metrics-1.51.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
	|-- opentelemetry-sdk-1.51.0.jar
		|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
		|-- opentelemetry-sdk-common-1.51.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
		|-- opentelemetry-sdk-trace-1.51.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
	|-- opentelemetry-semconv-1.29.0-alpha.jar
		|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
|-- rest-client-3.4.5.jar
	|-- jackson-datatype-jdk8-2.12.6.redhat-00001.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
	|-- json-patch-1.13.jar
		|-- guava-28.1-jre.jar [1 MEDIUM, 1 LOW]
	|-- vertx-core-3.9.14.jar [1 MEDIUM]
		|-- jackson-core-2.19.2.jar [1 HIGH]
		|-- netty-buffer-4.1.84.Final.jar
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
		|-- netty-codec-http2-4.1.84.Final.jar [4 HIGH, 1 MEDIUM]
			|-- netty-codec-http-4.1.84.Final.jar [3 HIGH, 9 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [1 MEDIUM]
		|-- netty-codec-http-4.1.84.Final.jar [3 HIGH, 9 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [1 MEDIUM]
		|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
		|-- netty-handler-proxy-4.1.84.Final.jar [1 MEDIUM]
			|-- netty-codec-http-4.1.84.Final.jar [3 HIGH, 9 MEDIUM]
			|-- netty-codec-socks-4.1.84.Final.jar
				|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
				|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [1 MEDIUM]
		|-- netty-handler-4.1.84.Final.jar [1 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-transport-native-unix-common-4.1.84.Final.jar
				|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
		|-- netty-resolver-dns-4.1.84.Final.jar
			|-- netty-codec-dns-4.1.84.Final.jar [1 HIGH]
				|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
				|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-codec-4.1.84.Final.jar [1 HIGH, 1 MEDIUM]
				|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
			|-- netty-handler-4.1.84.Final.jar [1 MEDIUM]
		|-- netty-resolver-4.1.84.Final.jar
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
		|-- netty-transport-4.1.84.Final.jar
			|-- netty-common-4.1.84.Final.jar [2 MEDIUM]
	|-- common-3.4.5.jar
		|-- opentelemetry-instrumentation-annotations-2.23.0.jar
			|-- opentelemetry-api-1.51.0.jar [1 MEDIUM]
	|-- rest-api-3.4.5-java-client.jar
		|-- undertow-core-2.2.24.Final.jar [1 CRITICAL, 11 HIGH, 3 MEDIUM]
			|-- xnio-api-3.8.7.Final.jar [2 HIGH]
			|-- xnio-nio-3.8.7.Final.jar
				|-- xnio-api-3.8.7.Final.jar [2 HIGH]
	|-- resteasy-jackson2-provider-3.15.6.Final.jar
		|-- jackson-core-2.19.2.jar [1 HIGH]
		|-- jackson-jaxrs-json-provider-2.11.3.jar
			|-- jackson-jaxrs-base-2.11.3.jar
				|-- jackson-core-2.19.2.jar [1 HIGH]
			|-- jackson-module-jaxb-annotations-2.11.3.jar
				|-- jackson-core-2.19.2.jar [1 HIGH]
		|-- json-patch-1.9.jar
			|-- jackson-coreutils-1.6.jar
				|-- guava-28.1-jre.jar [1 MEDIUM, 1 LOW]
		|-- guava-28.1-jre.jar [1 MEDIUM, 1 LOW]


No Policy violations were detected

Project 'bacon' was updated, for more information, visit the Mend platform: https://ibmets.whitesourcesoftware.com/app/orgs/Enterprise%20Applications/applications/summary?project=f85d9f1a-b4b0-47cd-8126-d6bf70df9ffc
Or the Core UI: https://ibmets.whitesourcesoftware.com/Wss/WSS.html#!project;token=6d0c058f67e84d0886f851d7173c47c7ca091a6fdb1242cdbb51128e57035c41

Mend AI scan succeeded.

Support Token: 2b2f98f149daa44ef9efecc159af2b8851779516271257
SAST scan output 
warning: 'sha1' method of 'hashlib' uses a non-recommended hash algorithm. (bacon_install.py:188)
warning: 'KeycloakClientException' method could be abused to reveal sensitive internal information. (pig/src/main/java/org/jboss/pnc/bacon/pig/impl/addons/camel/TreeParser.java:246)

Full logs and artifacts

@red-hat-konflux
Update Konflux references
1ad82c2 
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/references/main branch from ee9c6dc to 1ad82c2 Compare May 23, 2026 05:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants