Skip to content

feat: use mobster tasks for SBOM manipulation #1032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: development
Choose a base branch
from
Draft

feat: use mobster tasks for SBOM manipulation #1032

wants to merge 4 commits into from

Conversation

jedinym
Copy link
Contributor

@jedinym jedinym commented Jun 11, 2025
edited
Loading

This PR migrates component-level SBOM updates and product-level SBOM creation in rh-advisories to Tekton tasks provided by mobster.

The previously used SBOM scripts in release-service-utils will be cleaned up as part of ISV-6000

Changes

  • The create-product-sbom and upload-product-sbom tasks were replaced by the create-product-sbom-ta Task using Mobster.
  • The update-component-sbom and upload-component-sbom tasks were replaced by the augment-component-sboms-ta Task using Mobster.

Relevant JIRAs

https://issues.redhat.com/browse/ISV-6051
https://issues.redhat.com/browse/ISV-5876

@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Jun 11, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@jedinym
Copy link
Contributor Author

jedinym commented Jun 11, 2025

/ok-to-test

@jedinym
Copy link
Contributor Author

jedinym commented Jun 16, 2025

/retest

1 similar comment
@jedinym
Copy link
Contributor Author

jedinym commented Jun 16, 2025

/retest

@jedinym
Copy link
Contributor Author

jedinym commented Jun 17, 2025

/retest

@jedinym
Copy link
Contributor Author

jedinym commented Jun 17, 2025

/retest

6 similar comments
@jedinym
Copy link
Contributor Author

jedinym commented Jun 17, 2025

/retest

@jedinym
Copy link
Contributor Author

jedinym commented Jun 17, 2025

/retest

@jedinym
Copy link
Contributor Author

jedinym commented Jun 18, 2025

/retest

@jedinym
Copy link
Contributor Author

jedinym commented Jun 18, 2025

/retest

@jedinym
Copy link
Contributor Author

jedinym commented Jun 18, 2025

/retest

@jedinym
Copy link
Contributor Author

jedinym commented Jun 19, 2025

/retest

@jedinym
Copy link
Contributor Author

jedinym commented Jun 19, 2025

/ok-to-test

@jedinym jedinym mentioned this pull request Jun 19, 2025
Merged
@jedinym jedinym changed the title feat(ISV-5875): use mobster task for component SBOMs feat(ISV-5876): use mobster task for component SBOMs Jun 19, 2025
@jedinym
Copy link
Contributor Author

jedinym commented Jun 23, 2025

/retest

@jedinym jedinym force-pushed the ISV-5875 branch 2 times, most recently from 05425f7 to 13b860e Compare June 25, 2025 08:29
@jedinym
Copy link
Contributor Author

jedinym commented Jun 25, 2025

/retest

1 similar comment
@jedinym
Copy link
Contributor Author

jedinym commented Jun 25, 2025

/retest

@jedinym jedinym changed the title feat(ISV-5876): use mobster task for component SBOMs feat: use mobster tasks for SBOM manipulation Jun 30, 2025
@jedinym jedinym force-pushed the ISV-5875 branch 2 times, most recently from 68523a7 to ef46cec Compare June 30, 2025 09:33
@jedinym
Copy link
Contributor Author

jedinym commented Jun 30, 2025

/retest

3 similar comments
@jedinym
Copy link
Contributor Author

jedinym commented Jun 30, 2025

/retest

@jedinym
Copy link
Contributor Author

jedinym commented Jun 30, 2025

/retest

@jedinym
Copy link
Contributor Author

jedinym commented Jun 30, 2025

/retest

@jedinym
feat: remove unused SBOM tasks
00bf58e 
Signed-off-by: Martin Jediny <[email protected]>
@jedinym
Copy link
Contributor Author

jedinym commented Jul 1, 2025

/retest

1 similar comment
@jedinym
Copy link
Contributor Author

jedinym commented Jul 1, 2025

/retest

@konflux-ci-qe-bot
Copy link

@jedinym: The following test has Failed, say /retest to rerun failed tests.

PipelineRun Name Status Rerun command Build Log Test Log
konflux-e2e-tests-catalog-fgxpl Failed /retest View Pipeline Log View Test Logs

Inspecting Test Artifacts

To inspect your test artifacts, follow these steps:

  1. Install ORAS (see the ORAS installation guide).
  2. Download artifacts with the following commands:
mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/konflux-test-storage/konflux-team/release-service-catalog:konflux-e2e-tests-catalog-fgxpl

Test results analysis

🚨 Error occurred while running the E2E tests, list of failed Spec(s):

➡️ [failed] [It] [release-pipelines-suite e2e tests for multi arch with rh-advisories pipeline] Multi arch test happy path Post-release verification verifies the multiarch release pipelinerun is running and succeeds [release-pipelines, rh-advisories, multiarch-advisories, multiArchAdvisories]

Click to view logs

PipelineRun managed-8bc8j failed
Expected
    : Pipelinerun 'managed-8bc8j' didn't succeed\nLogs from failed container 'managed-8bc8j-create-pyxis-image/step-create-trusted-artifact': \n2025/07/01 10:07:39 Skipping step because a previous step failed\n
to equal
    :

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
do-not-merge/work-in-progress ok-to-test
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jedinym @konflux-ci-qe-bot