[release-v1.18] Sync Konflux configurations

Author: serverless-qe

.konflux/applications/serverless-operator-138/components/imagerepositories/kn-client-client-118.yaml renamed to .konflux/applications/serverless-operator-138/components/imagerepositories/kn-client-cli-artifacts-118.yaml

@@ -5,9 +5,9 @@ metadata:
     image-controller.appstudio.redhat.com/update-component-image: "true"
   labels:
     appstudio.redhat.com/application: serverless-operator-138
-    appstudio.redhat.com/component: kn-client-client-118
-  name: kn-client-client-118
+    appstudio.redhat.com/component: kn-client-cli-artifacts-118
+  name: kn-client-cli-artifacts-118
 spec:
   image:
-    name: serverless-operator-138/kn-client-client
+    name: serverless-operator-138/kn-client-cli-artifacts
     visibility: public

.konflux/applications/serverless-operator-138/components/kn-client-client-118.yaml renamed to .konflux/applications/serverless-operator-138/components/kn-client-cli-artifacts-118.yaml

@@ -4,14 +4,14 @@ metadata:
   annotations:
     build.appstudio.openshift.io/pipeline: '{"name":"docker-build","bundle":"latest"}'
     build.appstudio.openshift.io/request: configure-pac-no-mr
-  name: kn-client-client-118
+  name: kn-client-cli-artifacts-118
 spec:
-  componentName: kn-client-client-118
+  componentName: kn-client-cli-artifacts-118
   application: serverless-operator-138
 
   source:
     git:
       url: https://github.com/openshift-knative/client.git
       context: 
-      dockerfileUrl: openshift/ci-operator/knative-images/client/Dockerfile
+      dockerfileUrl: openshift/ci-operator/knative-images/cli-artifacts/Dockerfile
       revision: release-v1.18

.tekton/docker-build.yaml

@@ -1,7 +1,7 @@
 apiVersion: tekton.dev/v1
 kind: Pipeline
 metadata:
-  creationTimestamp:
+  creationTimestamp: null
   labels:
     pipelines.openshift.io/runtime: generic
     pipelines.openshift.io/strategy: docker
@@ -13,27 +13,14 @@ spec:
 
     _Uses `buildah` to create a multi-platform container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. This pipeline requires that the [multi platform controller](https://github.com/konflux-ci/multi-platform-controller) is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
     This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta?tab=tags)_
-  finally:
-  - name: show-sbom
-    params:
-    - name: IMAGE_URL
-      value: $(tasks.build-image-index.results.IMAGE_URL)
-    taskRef:
-      params:
-      - name: name
-        value: show-sbom
-      - name: bundle
-        value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7
-      - name: kind
-        value: task
-      resolver: bundles
   params:
   - default:
     - linux/x86_64
     - linux/arm64
     - linux/ppc64le
     - linux/s390x
-    description: List of platforms to build the container images on. The available set of values is determined by the configuration of the multi-platform-controller.
+    description: List of platforms to build the container images on. The available
+      set of values is determined by the configuration of the multi-platform-controller.
     name: build-platforms
     type: array
   - default: --all-projects --org=3e1a4cca-ebfb-495f-b64c-3cc960d566b4 --exclude=test*,vendor,third_party
@@ -45,7 +32,8 @@ spec:
     name: build-source-image
     type: string
   - default: "false"
-    description: 'Enable in-development package managers. WARNING: the behavior may change at any time without notice. Use at your own risk.'
+    description: 'Enable in-development package managers. WARNING: the behavior may
+      change at any time without notice. Use at your own risk.'
     name: prefetch-input-dev-package-managers
   - default: []
     description: Additional image tags
@@ -62,11 +50,13 @@ spec:
     name: output-image
     type: string
   - default: .
-    description: Path to the source code of an application's component from where to build image.
+    description: Path to the source code of an application's component from where
+      to build image.
     name: path-context
     type: string
   - default: Dockerfile
-    description: Path to the Dockerfile inside the context specified by parameter path-context
+    description: Path to the Dockerfile inside the context specified by parameter
+      path-context
     name: dockerfile
     type: string
   - default: "false"
@@ -82,17 +72,23 @@ spec:
     name: hermetic
     type: string
   - default: ""
-    description: Build dependencies to be prefetched by Cachi2
+    description: Build dependencies to be prefetched
     name: prefetch-input
     type: string
   - default: ""
-    description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
+    description: Image tag expiration time, time values could be something like 1h,
+      2d, 3w for hours, days, and weeks, respectively.
     name: image-expires-after
     type: string
   - default: "true"
     description: Add built image into an OCI image index
     name: build-image-index
     type: string
+  - default: docker
+    description: The format for the resulting image's mediaType. Valid values are
+      oci or docker.
+    name: buildah-format
+    type: string
   - default: []
     description: Array of --build-arg values ("arg=value" strings) for buildah
     name: build-args
@@ -102,13 +98,10 @@ spec:
     name: build-args-file
     type: string
   - default: "false"
-    description: Whether to enable privileged mode, should be used only with remote VMs
+    description: Whether to enable privileged mode, should be used only with remote
+      VMs
     name: privileged-nested
     type: string
-  - name: buildah-format
-    default: docker
-    type: string
-    description: The format for the resulting image's mediaType. Valid values are oci or docker.
   results:
   - description: ""
     name: IMAGE_URL
@@ -272,14 +265,16 @@ spec:
       value: $(params.build-args-file)
     - name: PRIVILEGED_NESTED
       value: $(params.privileged-nested)
+    - name: SOURCE_URL
+      value: $(tasks.clone-repository.results.url)
+    - name: BUILDAH_FORMAT
+      value: $(params.buildah-format)
     - name: SOURCE_ARTIFACT
       value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
     - name: CACHI2_ARTIFACT
       value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
     - name: IMAGE_APPEND_PLATFORM
       value: "true"
-    - name: BUILDAH_FORMAT
-      value: $(params.buildah-format)
     runAfter:
     - prefetch-dependencies
     taskRef:
@@ -406,7 +401,12 @@ spec:
       operator: in
       values:
       - "false"
-  - name: ecosystem-cert-preflight-checks
+  - matrix:
+      params:
+      - name: platform
+        value:
+        - $(params.build-platforms)
+    name: ecosystem-cert-preflight-checks
     params:
     - name: image-url
       value: $(tasks.build-image-index.results.IMAGE_URL)
@@ -426,7 +426,12 @@ spec:
       operator: in
       values:
       - "false"
-  - name: clamav-scan
+  - matrix:
+      params:
+      - name: image-arch
+        value:
+        - $(params.build-platforms)
+    name: clamav-scan
     params:
     - name: image-digest
       value: $(tasks.build-image-index.results.IMAGE_DIGEST)

.tekton/kn-client-cli-artifacts-118-pull-request.yaml

@@ -0,0 +1,63 @@
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  annotations:
+    build.appstudio.openshift.io/repo: https://github.com/openshift-knative/client?rev={{revision}}
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    pipelinesascode.tekton.dev/max-keep-runs: "3"
+    pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "release-v1.18" 
+  creationTimestamp: null
+  labels:
+    appstudio.openshift.io/application: serverless-operator-138
+    appstudio.openshift.io/component: kn-client-cli-artifacts-118
+    pipelines.appstudio.openshift.io/type: build
+  name: kn-client-cli-artifacts-118-on-pull-request
+  namespace: ocp-serverless-tenant
+spec:
+  params:
+    - name: dockerfile
+      value: openshift/ci-operator/knative-images/cli-artifacts/Dockerfile
+    - name: build-args
+      value:
+        - CLI_ARTIFACTS=brew.registry.redhat.io/rh-osbs/openshift-serverless-1-kn-cli-artifacts-rhel8:1.16.0
+        - GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_golang_1.24
+        - GO_RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal
+        - JAVA_BUILDER=registry.access.redhat.com/ubi9/openjdk-21
+        - JAVA_RUNTIME=registry.access.redhat.com/ubi9/openjdk-21-runtime
+        - NODE_BUILDER=registry.access.redhat.com/ubi9/nodejs-20
+        - NODE_RUNTIME=registry.access.redhat.com/ubi9/nodejs-20
+        - VERSION=1.38.0
+    - name: git-url
+      value: '{{source_url}}'
+    - name: hermetic
+      value: "true"
+    - name: image-expires-after
+      value: 5d
+    - name: output-image
+      value: quay.io/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-138/kn-client-cli-artifacts:on-pr-{{revision}}
+    - name: build-platforms
+      value:
+        - linux/x86_64
+    - name: revision
+      value: '{{revision}}'
+    - name: prefetch-input
+      value: '[{"path":".","type":"gomod"}]'
+  taskRunSpecs:
+    - pipelineTaskName: sast-shell-check
+      stepSpecs:
+        - name: sast-shell-check
+          computeResources:
+            requests:
+              memory: 4Gi
+            limits:
+              memory: 4Gi
+  pipelineRef:
+    name: docker-build
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-kn-client-cli-artifacts-118
+  workspaces:
+    - name: git-auth
+      secret:
+        secretName: '{{ git_auth_secret }}'

.tekton/kn-client-cli-artifacts-118-push.yaml

@@ -0,0 +1,62 @@
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  annotations:
+    build.appstudio.openshift.io/repo: https://github.com/openshift-knative/client?rev={{revision}}
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    pipelinesascode.tekton.dev/max-keep-runs: "3"
+    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "release-v1.18" 
+  creationTimestamp: null
+  labels:
+    appstudio.openshift.io/application: serverless-operator-138
+    appstudio.openshift.io/component: kn-client-cli-artifacts-118
+    pipelines.appstudio.openshift.io/type: build
+  name: kn-client-cli-artifacts-118-on-push
+  namespace: ocp-serverless-tenant
+spec:
+  params:
+    - name: dockerfile
+      value: openshift/ci-operator/knative-images/cli-artifacts/Dockerfile
+    - name: build-args
+      value:
+        - CLI_ARTIFACTS=brew.registry.redhat.io/rh-osbs/openshift-serverless-1-kn-cli-artifacts-rhel8:1.16.0
+        - GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_golang_1.24
+        - GO_RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal
+        - JAVA_BUILDER=registry.access.redhat.com/ubi9/openjdk-21
+        - JAVA_RUNTIME=registry.access.redhat.com/ubi9/openjdk-21-runtime
+        - NODE_BUILDER=registry.access.redhat.com/ubi9/nodejs-20
+        - NODE_RUNTIME=registry.access.redhat.com/ubi9/nodejs-20
+        - VERSION=1.38.0
+    - name: git-url
+      value: '{{source_url}}'
+    - name: hermetic
+      value: "true"
+    - name: output-image
+      value: quay.io/redhat-user-workloads/ocp-serverless-tenant/serverless-operator-138/kn-client-cli-artifacts:{{revision}}
+    - name: revision
+      value: '{{revision}}'
+    - name: additional-tags
+      value:
+        - $(context.pipelineRun.uid)-{{revision}}
+        - 1.38.0
+        - latest
+    - name: prefetch-input
+      value: '[{"path":".","type":"gomod"}]'
+  taskRunSpecs:
+    - pipelineTaskName: sast-shell-check
+      stepSpecs:
+        - name: sast-shell-check
+          computeResources:
+            requests:
+              memory: 4Gi
+            limits:
+              memory: 4Gi
+  pipelineRef:
+    name: docker-build
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-kn-client-cli-artifacts-118
+  workspaces:
+    - name: git-auth
+      secret:
+        secretName: '{{ git_auth_secret }}'

.tekton/kn-client-kn-118-pull-request.yaml

@@ -22,12 +22,12 @@ spec:
     - name: build-args
       value:
         - CLI_ARTIFACTS=brew.registry.redhat.io/rh-osbs/openshift-serverless-1-kn-cli-artifacts-rhel8:1.16.0
-        - GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.24
-        - GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal
-        - JAVA_BUILDER=registry.access.redhat.com/ubi8/openjdk-21
-        - JAVA_RUNTIME=registry.access.redhat.com/ubi8/openjdk-21-runtime
-        - NODE_BUILDER=registry.access.redhat.com/ubi8/nodejs-20
-        - NODE_RUNTIME=registry.access.redhat.com/ubi8/nodejs-20
+        - GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_golang_1.24
+        - GO_RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal
+        - JAVA_BUILDER=registry.access.redhat.com/ubi9/openjdk-21
+        - JAVA_RUNTIME=registry.access.redhat.com/ubi9/openjdk-21-runtime
+        - NODE_BUILDER=registry.access.redhat.com/ubi9/nodejs-20
+        - NODE_RUNTIME=registry.access.redhat.com/ubi9/nodejs-20
         - VERSION=1.38.0
     - name: git-url
       value: '{{source_url}}'

.tekton/kn-client-kn-118-push.yaml

@@ -21,12 +21,12 @@ spec:
     - name: build-args
       value:
         - CLI_ARTIFACTS=brew.registry.redhat.io/rh-osbs/openshift-serverless-1-kn-cli-artifacts-rhel8:1.16.0
-        - GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.24
-        - GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal
-        - JAVA_BUILDER=registry.access.redhat.com/ubi8/openjdk-21
-        - JAVA_RUNTIME=registry.access.redhat.com/ubi8/openjdk-21-runtime
-        - NODE_BUILDER=registry.access.redhat.com/ubi8/nodejs-20
-        - NODE_RUNTIME=registry.access.redhat.com/ubi8/nodejs-20
+        - GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_golang_1.24
+        - GO_RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal
+        - JAVA_BUILDER=registry.access.redhat.com/ubi9/openjdk-21
+        - JAVA_RUNTIME=registry.access.redhat.com/ubi9/openjdk-21-runtime
+        - NODE_BUILDER=registry.access.redhat.com/ubi9/nodejs-20
+        - NODE_RUNTIME=registry.access.redhat.com/ubi9/nodejs-20
         - VERSION=1.38.0
     - name: git-url
       value: '{{source_url}}'

.tekton/kn-client-test-grpc-ping-118-pull-request.yaml

@@ -22,12 +22,12 @@ spec:
     - name: build-args
       value:
         - CLI_ARTIFACTS=brew.registry.redhat.io/rh-osbs/openshift-serverless-1-kn-cli-artifacts-rhel8:1.16.0
-        - GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.24
-        - GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal
-        - JAVA_BUILDER=registry.access.redhat.com/ubi8/openjdk-21
-        - JAVA_RUNTIME=registry.access.redhat.com/ubi8/openjdk-21-runtime
-        - NODE_BUILDER=registry.access.redhat.com/ubi8/nodejs-20
-        - NODE_RUNTIME=registry.access.redhat.com/ubi8/nodejs-20
+        - GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_golang_1.24
+        - GO_RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal
+        - JAVA_BUILDER=registry.access.redhat.com/ubi9/openjdk-21
+        - JAVA_RUNTIME=registry.access.redhat.com/ubi9/openjdk-21-runtime
+        - NODE_BUILDER=registry.access.redhat.com/ubi9/nodejs-20
+        - NODE_RUNTIME=registry.access.redhat.com/ubi9/nodejs-20
         - VERSION=1.38.0
     - name: git-url
       value: '{{source_url}}'

.tekton/kn-client-test-grpc-ping-118-push.yaml

@@ -21,12 +21,12 @@ spec:
     - name: build-args
       value:
         - CLI_ARTIFACTS=brew.registry.redhat.io/rh-osbs/openshift-serverless-1-kn-cli-artifacts-rhel8:1.16.0
-        - GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.24
-        - GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal
-        - JAVA_BUILDER=registry.access.redhat.com/ubi8/openjdk-21
-        - JAVA_RUNTIME=registry.access.redhat.com/ubi8/openjdk-21-runtime
-        - NODE_BUILDER=registry.access.redhat.com/ubi8/nodejs-20
-        - NODE_RUNTIME=registry.access.redhat.com/ubi8/nodejs-20
+        - GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_golang_1.24
+        - GO_RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal
+        - JAVA_BUILDER=registry.access.redhat.com/ubi9/openjdk-21
+        - JAVA_RUNTIME=registry.access.redhat.com/ubi9/openjdk-21-runtime
+        - NODE_BUILDER=registry.access.redhat.com/ubi9/nodejs-20
+        - NODE_RUNTIME=registry.access.redhat.com/ubi9/nodejs-20
         - VERSION=1.38.0
     - name: git-url
       value: '{{source_url}}'