diff --git a/.tekton/release-service-pull-request.yaml b/.tekton/release-service-pull-request.yaml index 14dea319..abf4187e 100644 --- a/.tekton/release-service-pull-request.yaml +++ b/.tekton/release-service-pull-request.yaml @@ -382,6 +382,29 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + when: + - input: $(params.skip-checks) + operator: in + values: ["false"] + runAfter: + - build-container + taskRef: + resolver: bundles + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.1@sha256:8e3515fdc0bbc0bcac994482a2396a8cd23e6a6fa9efaf3ec715ee312a376777 + - name: kind + value: task + params: + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: fail-unsigned + value: true workspaces: - name: workspace - name: git-auth diff --git a/.tekton/release-service-push.yaml b/.tekton/release-service-push.yaml index 9e0d76e6..38a40b6c 100644 --- a/.tekton/release-service-push.yaml +++ b/.tekton/release-service-push.yaml @@ -377,6 +377,29 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + when: + - input: $(params.skip-checks) + operator: in + values: ["false"] + runAfter: + - build-container + taskRef: + resolver: bundles + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.1@sha256:8e3515fdc0bbc0bcac994482a2396a8cd23e6a6fa9efaf3ec715ee312a376777 + - name: kind + value: task + params: + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: fail-unsigned + value: true workspaces: - name: workspace - name: git-auth