From eeef1d6eb0deefe34b5b385263b52e04443c86a7 Mon Sep 17 00:00:00 2001
From: Olivier Cazade <ocazade@redhat.com>
Date: Wed, 18 Sep 2024 07:54:13 +0000
Subject: [PATCH] Addressing konflux error and fixing multi arch build with
 podman 5.2 (#719)

---
 .tekton/flowlogs-pipeline-pull-request.yaml | 24 +-------------------
 .tekton/flowlogs-pipeline-push.yaml         | 25 ++-------------------
 Makefile                                    |  2 +-
 contrib/docker/Dockerfile                   |  8 +++----
 hack/update-build.sh                        |  3 +++
 5 files changed, 10 insertions(+), 52 deletions(-)

diff --git a/.tekton/flowlogs-pipeline-pull-request.yaml b/.tekton/flowlogs-pipeline-pull-request.yaml
index 2f65143a7..97465686f 100644
--- a/.tekton/flowlogs-pipeline-pull-request.yaml
+++ b/.tekton/flowlogs-pipeline-pull-request.yaml
@@ -94,7 +94,7 @@ spec:
       description: Skip checks against built image
       name: skip-checks
       type: string
-    - default: "false"
+    - default: "true"
       description: Execute the build with network isolation
       name: hermetic
       type: string
@@ -405,28 +405,6 @@ spec:
         operator: in
         values:
         - "false"
-    - name: sbom-json-check
-      params:
-      - name: IMAGE_URL
-        value: $(tasks.build-container.results.IMAGE_URL)
-      - name: IMAGE_DIGEST
-        value: $(tasks.build-container.results.IMAGE_DIGEST)
-      runAfter:
-      - build-container
-      taskRef:
-        params:
-        - name: name
-          value: sbom-json-check
-        - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:acc9cb8a714f33c0e48d6ca219b6bd0191f09cdd767af4ef3a35d0a5cac53b5d
-        - name: kind
-          value: task
-        resolver: bundles
-      when:
-      - input: $(params.skip-checks)
-        operator: in
-        values:
-        - "false"
     - name: apply-tags
       params:
       - name: IMAGE
diff --git a/.tekton/flowlogs-pipeline-push.yaml b/.tekton/flowlogs-pipeline-push.yaml
index 89b6c56bc..fea43b42e 100644
--- a/.tekton/flowlogs-pipeline-push.yaml
+++ b/.tekton/flowlogs-pipeline-push.yaml
@@ -6,6 +6,7 @@ metadata:
     build.appstudio.redhat.com/commit_sha: '{{revision}}'
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
+    build.appstudio.openshift.io/build-nudge-files: "hack/container_digest.sh"
     pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
       == "main"
   creationTimestamp: null
@@ -91,7 +92,7 @@ spec:
       description: Skip checks against built image
       name: skip-checks
       type: string
-    - default: "false"
+    - default: "true"
       description: Execute the build with network isolation
       name: hermetic
       type: string
@@ -402,28 +403,6 @@ spec:
         operator: in
         values:
         - "false"
-    - name: sbom-json-check
-      params:
-      - name: IMAGE_URL
-        value: $(tasks.build-container.results.IMAGE_URL)
-      - name: IMAGE_DIGEST
-        value: $(tasks.build-container.results.IMAGE_DIGEST)
-      runAfter:
-      - build-container
-      taskRef:
-        params:
-        - name: name
-          value: sbom-json-check
-        - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:acc9cb8a714f33c0e48d6ca219b6bd0191f09cdd767af4ef3a35d0a5cac53b5d
-        - name: kind
-          value: task
-        resolver: bundles
-      when:
-      - input: $(params.skip-checks)
-        operator: in
-        values:
-        - "false"
     - name: apply-tags
       params:
       - name: IMAGE
diff --git a/Makefile b/Makefile
index 4d8285033..0300cd8c0 100644
--- a/Makefile
+++ b/Makefile
@@ -60,7 +60,7 @@ FORCE: ;
 # build a single arch target provided as argument
 define build_target
 	echo 'building image for arch $(1)'; \
-	DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --load --build-arg TARGETPLATFORM=linux/$(1) --build-arg TARGETARCH=$(1) --build-arg BUILDPLATFORM=linux/amd64 ${OCI_BUILD_OPTS} -t ${IMAGE}-$(1) -f contrib/docker/Dockerfile .;
+	DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --load --build-arg TARGETARCH=$(1) ${OCI_BUILD_OPTS} -t ${IMAGE}-$(1) -f contrib/docker/Dockerfile .;
 endef
 
 # push a single arch target image
diff --git a/contrib/docker/Dockerfile b/contrib/docker/Dockerfile
index 96a49bf9a..f92d8ea56 100644
--- a/contrib/docker/Dockerfile
+++ b/contrib/docker/Dockerfile
@@ -1,9 +1,7 @@
 # We do not use --platform feature to auto fill this ARG because of incompatibility between podman and docker
-ARG TARGETPLATFORM=linux/amd64
-ARG BUILDPLATFORM=linux/amd64
-FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22 as builder
+ARG TARGETARCH
+FROM docker.io/library/golang:1.22 as builder
 
-ARG TARGETPLATFORM
 ARG TARGETARCH=amd64
 WORKDIR /app
 
@@ -22,7 +20,7 @@ RUN git status --porcelain
 RUN GOARCH=$TARGETARCH make build_code
 
 # final stage
-FROM  --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM  --platform=linux/$TARGETARCH registry.access.redhat.com/ubi9/ubi-minimal:9.4
 
 COPY --from=builder /app/flowlogs-pipeline /app/
 COPY --from=builder /app/confgenerator /app/
diff --git a/hack/update-build.sh b/hack/update-build.sh
index c2f9b1eab..ec0384d8e 100755
--- a/hack/update-build.sh
+++ b/hack/update-build.sh
@@ -16,3 +16,6 @@ LABEL io.openshift.tags="network-observability-flowlogs-pipeline"
 LABEL upstream-vcs-ref="${COMMIT}"
 LABEL upstream-vcs-type="git"
 EOF
+
+
+sed -i 's/\(FROM.*\)docker.io\/library\/golang:1.22\(.*\)/\1brew.registry.redhat.io\/rh-osbs\/openshift-golang-builder:v1.22.5-202407301806.g4c8b32d.el9\2/g' ${CONTAINER_FILE}