diff --git a/.tekton/release-service-pull-request.yaml b/.tekton/release-service-pull-request.yaml index 14dea319..64da3105 100644 --- a/.tekton/release-service-pull-request.yaml +++ b/.tekton/release-service-pull-request.yaml @@ -382,6 +382,29 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + when: + - input: $(params.skip-checks) + operator: in + values: ["false"] + runAfter: + - build-container + taskRef: + resolver: bundles + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.1@sha256:2279ad38076b4b3a3b0f525b371bd4a8bbc2f58192568857550842478486144c + - name: kind + value: task + params: + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: fail-unsigned + value: true workspaces: - name: workspace - name: git-auth diff --git a/.tekton/release-service-push.yaml b/.tekton/release-service-push.yaml index 9e0d76e6..79d4b6bc 100644 --- a/.tekton/release-service-push.yaml +++ b/.tekton/release-service-push.yaml @@ -377,6 +377,29 @@ spec: operator: in values: - "false" + - name: rpms-signature-scan + when: + - input: $(params.skip-checks) + operator: in + values: ["false"] + runAfter: + - build-container + taskRef: + resolver: bundles + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.1@sha256:2279ad38076b4b3a3b0f525b371bd4a8bbc2f58192568857550842478486144c + - name: kind + value: task + params: + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: fail-unsigned + value: true workspaces: - name: workspace - name: git-auth