Skip to content

ROX-24468: Retag ScannerV2 and Collector containers#13079

Merged
msugakov merged 32 commits intomasterfrom
misha/ROX-24468-konflux-retag-take-three
Nov 8, 2024
Merged

ROX-24468: Retag ScannerV2 and Collector containers#13079
msugakov merged 32 commits intomasterfrom
misha/ROX-24468-konflux-retag-take-three

Conversation

@msugakov
Copy link
Contributor

@msugakov msugakov commented Oct 22, 2024
edited
Loading

Description

See the ticket ROX-24468.
This also addresses ROX-26471.

Why invent our own task? Release pipelines have something similar https://github.com/konflux-ci/release-service-catalog/blob/development/tasks/push-snapshot/push-snapshot.yaml but that works with Snapshots and we need to copy at the image level and I don't see an easy way to adapt. Eventually, the logic is not that terrible so I hope we'd be ok to maintain it.

Replaces #12724 and #12430.

User-facing documentation

  • CHANGELOG is updated OR update is not needed
  • documentation PR is created and is linked above OR is not needed

Testing and quality

  • the change is production ready: the change is GA or otherwise the functionality is gated by a feature flag
  • CI results are inspected

Automated testing

No change to automated testing.

How I validated my change

  • Manual validation (will post logs).

@openshift-ci
Copy link

openshift-ci bot commented Oct 22, 2024

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@rhacs-bot
Copy link
Contributor

rhacs-bot commented Oct 22, 2024
edited
Loading

Images are ready for the commit at 659424a.

To use with deploy scripts, first export MAIN_IMAGE_TAG=4.7.x-96-g659424aaf3.

@msugakov msugakov force-pushed the misha/ROX-24468-konflux-retag-take-three branch from be99942 to e4fc9ce Compare October 22, 2024 11:14
@msugakov msugakov mentioned this pull request Oct 22, 2024
Closed
9 tasks
@msugakov msugakov force-pushed the misha/ROX-24468-konflux-retag-take-three branch from 40e4641 to f7992d6 Compare October 22, 2024 12:38
@codecov
Copy link

codecov bot commented Oct 22, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 48.50%. Comparing base (e4bcdff) to head (659424a).
Report is 8 commits behind head on master.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master   #13079      +/-   ##
==========================================
- Coverage   48.50%   48.50%   -0.01%     
==========================================
  Files        2468     2468              
  Lines      178017   178017              
==========================================
- Hits        86351    86348       -3     
- Misses      84735    84737       +2     
- Partials     6931     6932       +1
Flag Coverage Δ
go-unit-tests 48.50% <ø> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@msugakov msugakov force-pushed the misha/ROX-24468-konflux-retag-take-three branch 5 times, most recently from f363482 to 989e9e3 Compare October 22, 2024 17:59
msugakov
msugakov commented Oct 24, 2024
View reviewed changes
@msugakov msugakov force-pushed the misha/ROX-24468-konflux-retag-take-three branch 2 times, most recently from 3749ee0 to 6659ba8 Compare October 25, 2024 12:09
@msugakov msugakov marked this pull request as ready for review October 25, 2024 12:28
@msugakov msugakov requested a review from a team as a code owner October 25, 2024 12:28
@msugakov
Copy link
Contributor Author

msugakov commented Oct 25, 2024

I think this is ready for review, although collector-*-retag pipelines are failing due to 3.20.0-fast images absent, that's our familiar ROX-26026.

@msugakov msugakov requested a review from tommartensen October 28, 2024 14:10
This was referenced Oct 30, 2024
Merged
Merged
@msugakov msugakov marked this pull request as draft October 31, 2024 16:58
@msugakov msugakov force-pushed the misha/ROX-24468-konflux-retag-take-three branch from 6659ba8 to 1c39d81 Compare October 31, 2024 19:34
@msugakov msugakov added the backport-for-4.6-konflux-release https://redhat-internal.slack.com/archives/C05TS9N0S7L/p1730134914487439 label Oct 31, 2024
@msugakov msugakov force-pushed the misha/ROX-24468-konflux-retag-take-three branch 2 times, most recently from f3f15c1 to 978ae6d Compare November 4, 2024 09:56
tommartensen
tommartensen requested changes Nov 4, 2024
View reviewed changes
Copy link
Contributor

@tommartensen tommartensen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly tiny remarks, great work so far!

@msugakov msugakov force-pushed the misha/ROX-24468-konflux-retag-take-three branch from 978ae6d to 38a4487 Compare November 4, 2024 14:36
@msugakov msugakov force-pushed the misha/ROX-24468-konflux-retag-take-three branch from 052c4a1 to 659424a Compare November 7, 2024 19:15
@msugakov
Copy link
Contributor Author

msugakov commented Nov 8, 2024

/retest main-on-push

@msugakov
Copy link
Contributor Author

msugakov commented Nov 8, 2024

/retest operator-on-push

@msugakov
Copy link
Contributor Author

msugakov commented Nov 8, 2024

/retest operator-bundle-on-push

@stackrox stackrox deleted a comment from openshift-ci bot Nov 8, 2024
@stackrox stackrox deleted a comment from openshift-ci bot Nov 8, 2024
@stackrox stackrox deleted a comment from openshift-ci bot Nov 8, 2024
@msugakov
Copy link
Contributor Author

msugakov commented Nov 8, 2024
edited
Loading

Comparing for scanner-slim

Oras for index image

$ diff -ys <( oras discover quay.io/rhacs-eng/scanner-slim:$(make scanner-tag)-fast ) <( oras discover quay.io/rhacs-eng/scanner-slim:$(make tag)-fast )
quay.io/rhacs-eng/scanner-slim@sha256:4b3d783ca13ed918cb74149	quay.io/rhacs-eng/scanner-slim@sha256:4b3d783ca13ed918cb74149
├── application/sarif+json					├── application/sarif+json
│   └── sha256:51692ce623a4bcb522de1c09ce33b7c6e89f2a5fa46731	│   └── sha256:51692ce623a4bcb522de1c09ce33b7c6e89f2a5fa46731
├── application/vnd.clamav					├── application/vnd.clamav
│   └── sha256:0a612f4f7e257d26567194408255d9c6c3193d59985b21	│   └── sha256:0a612f4f7e257d26567194408255d9c6c3193d59985b21
└── <unknown>							└── <unknown>
    ├── sha256:6cabaad9b0d358b476807079e0baae391bb0d0f762d32d	    ├── sha256:6cabaad9b0d358b476807079e0baae391bb0d0f762d32d
    │   └── application/vnd.redhat.clair-report+json		    │   └── application/vnd.redhat.clair-report+json
    │       └── sha256:fb6816210e8dad512bbb2b5e04b0df6bc6240a	    │       └── sha256:fb6816210e8dad512bbb2b5e04b0df6bc6240a
    ├── sha256:ba05d98f38444d7249ba32916efeaac6b0f84fd7bc3ab2	    ├── sha256:ba05d98f38444d7249ba32916efeaac6b0f84fd7bc3ab2
    │   └── application/vnd.redhat.clair-report+json		    │   └── application/vnd.redhat.clair-report+json
    │       └── sha256:bccb8d250da55f8a6083ca89cfad3a20bc39d1	    │       └── sha256:bccb8d250da55f8a6083ca89cfad3a20bc39d1
    ├── sha256:dc6e990de54c5893eb607a9293596caa4af3c1a766ab23	    ├── sha256:dc6e990de54c5893eb607a9293596caa4af3c1a766ab23
    │   └── application/vnd.redhat.clair-report+json		    │   └── application/vnd.redhat.clair-report+json
    │       └── sha256:0cf7ceeaa61a9a3b8e794aab95b3c5458cf7fe	    │       └── sha256:0cf7ceeaa61a9a3b8e794aab95b3c5458cf7fe
    └── sha256:15ae1a32886b9bcf99ca2a10aa8b12098a83aa5d55a3cb	    └── sha256:15ae1a32886b9bcf99ca2a10aa8b12098a83aa5d55a3cb
        └── application/vnd.redhat.clair-report+json		        └── application/vnd.redhat.clair-report+json
            └── sha256:543cee78b5b827f1841320811bbe9ad89d0a1d	            └── sha256:543cee78b5b827f1841320811bbe9ad89d0a1d
Files /proc/self/fd/11 and /proc/self/fd/13 are identical

Cosign for index image

$ diff -s <( cosign tree quay.io/rhacs-eng/scanner-slim:$(make scanner-tag)-fast ) <( cosign tree quay.io/rhacs-eng/scanner-slim:$(make tag)-fast )
1c1
< 📦 Supply Chain Security Related artifacts for an image: quay.io/rhacs-eng/scanner-slim:2.35.x-6-g1e53e32922-fast
---
> 📦 Supply Chain Security Related artifacts for an image: quay.io/rhacs-eng/scanner-slim:4.7.x-96-g659424aaf3-fast

$ diff -ys <( cosign tree quay.io/rhacs-eng/scanner-slim:$(make scanner-tag)-fast ) <( cosign tree quay.io/rhacs-eng/scanner-slim:$(make tag)-fast )
📦 Supply Chain Security Related artifacts for an image: quay |	📦 Supply Chain Security Related artifacts for an image: quay
└── 💾 Attestations for an image tag: quay.io/rhacs-eng/scann	└── 💾 Attestations for an image tag: quay.io/rhacs-eng/scann
   ├── 🍒 sha256:c763aee2ae5eadc008b45758d26ffe68a9e5a6e81b92	   ├── 🍒 sha256:c763aee2ae5eadc008b45758d26ffe68a9e5a6e81b92
   ├── 🍒 sha256:64962ce5be05b247e2d27c3cb9db340e83c783d2a54d	   ├── 🍒 sha256:64962ce5be05b247e2d27c3cb9db340e83c783d2a54d
   ├── 🍒 sha256:155ff49ee7fdfb31d139950050f2c4ddd83920ae8fdd	   ├── 🍒 sha256:155ff49ee7fdfb31d139950050f2c4ddd83920ae8fdd
   ├── 🍒 sha256:f67a24e4ab125461f3a2bd42f370d4c1df04facf13c6	   ├── 🍒 sha256:f67a24e4ab125461f3a2bd42f370d4c1df04facf13c6
   ├── 🍒 sha256:5366230028a4a2edb2543bb355090f9ab5ed5ae3dcde	   ├── 🍒 sha256:5366230028a4a2edb2543bb355090f9ab5ed5ae3dcde
   ├── 🍒 sha256:fd2e04abc6b3ac718b2baa30240d0ac7c374763ba8c7	   ├── 🍒 sha256:fd2e04abc6b3ac718b2baa30240d0ac7c374763ba8c7
   └── 🍒 sha256:ffd7ebed5c4e35727cbf6bb2893ff16a061ca96c749d	   └── 🍒 sha256:ffd7ebed5c4e35727cbf6bb2893ff16a061ca96c749d
└── 🔐 Signatures for an image tag: quay.io/rhacs-eng/scanner	└── 🔐 Signatures for an image tag: quay.io/rhacs-eng/scanner
   ├── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab	   ├── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab
   ├── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab	   ├── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab
   ├── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab	   ├── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab
   ├── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab	   ├── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab
   ├── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab	   ├── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab
   ├── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab	   ├── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab
   └── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab	   └── 🍒 sha256:f07e36e89b0778b015711a18b063219bec07fd91b1ab

Source image

It's just there because it does not need copying

$ skopeo inspect --retry-times=10 --format '{{.Digest}}' --no-tags "docker://quay.io/rhacs-eng/scanner-slim:$(make tag)-fast"
sha256:4b3d783ca13ed918cb74149cfdcbef0db63441b2dea81cd25b4bfe7110fd12cc

$ cosign tree quay.io/rhacs-eng/scanner-slim:sha256-4b3d783ca13ed918cb74149cfdcbef0db63441b2dea81cd25b4bfe7110fd12cc.src
📦 Supply Chain Security Related artifacts for an image: quay.io/rhacs-eng/scanner-slim:sha256-4b3d783ca13ed918cb74149cfdcbef0db63441b2dea81cd25b4bfe7110fd12cc.src
└── 💾 Attestations for an image tag: quay.io/rhacs-eng/scanner-slim:sha256-981e62ff231be5f137a6c2f29c9b9c12bfcc1cb5ac7baa04517fce893fa06ddd.att
   └── 🍒 sha256:c763aee2ae5eadc008b45758d26ffe68a9e5a6e81b925f136915d9326d7746b0
└── 🔐 Signatures for an image tag: quay.io/rhacs-eng/scanner-slim:sha256-981e62ff231be5f137a6c2f29c9b9c12bfcc1cb5ac7baa04517fce893fa06ddd.sig
   └── 🍒 sha256:8f5ca8e246f499d71638b946477cea509c47c46fa0ab09b720e6cb2fea6c1a5e

$ oras discover quay.io/rhacs-eng/scanner-slim:sha256-4b3d783ca13ed918cb74149cfdcbef0db63441b2dea81cd25b4bfe7110fd12cc.src
quay.io/rhacs-eng/scanner-slim@sha256:981e62ff231be5f137a6c2f29c9b9c12bfcc1cb5ac7baa04517fce893fa06ddd
# nothing's printed

Oras for one of per-arch images

$ skopeo inspect --retry-times=10 --format '{{.Digest}}' --no-tags "docker://quay.io/rhacs-eng/scanner-slim:$(make scanner-tag)-fast-ppc64le"
sha256:dc6e990de54c5893eb607a9293596caa4af3c1a766ab23ed0ca837417f286f4b

$ oras discover quay.io/rhacs-eng/scanner-slim@sha256:dc6e990de54c5893eb607a9293596caa4af3c1a766ab23ed0ca837417f286f4b    
quay.io/rhacs-eng/scanner-slim@sha256:dc6e990de54c5893eb607a9293596caa4af3c1a766ab23ed0ca837417f286f4b
└── application/vnd.redhat.clair-report+json
    └── sha256:0cf7ceeaa61a9a3b8e794aab95b3c5458cf7fe435d141000847ce5ad1658f4b4

$ cosign tree quay.io/rhacs-eng/scanner-slim@sha256:dc6e990de54c5893eb607a9293596caa4af3c1a766ab23ed0ca837417f286f4b
📦 Supply Chain Security Related artifacts for an image: quay.io/rhacs-eng/scanner-slim@sha256:dc6e990de54c5893eb607a9293596caa4af3c1a766ab23ed0ca837417f286f4b
└── 💾 Attestations for an image tag: quay.io/rhacs-eng/scanner-slim:sha256-dc6e990de54c5893eb607a9293596caa4af3c1a766ab23ed0ca837417f286f4b.att
   └── 🍒 sha256:c763aee2ae5eadc008b45758d26ffe68a9e5a6e81b925f136915d9326d7746b0
└── 🔐 Signatures for an image tag: quay.io/rhacs-eng/scanner-slim:sha256-dc6e990de54c5893eb607a9293596caa4af3c1a766ab23ed0ca837417f286f4b.sig
   ├── 🍒 sha256:7056caea5ff40230a1a3d3cd82f30c7fcb98e5c6a39df08df836e6e25434e534
   ├── 🍒 sha256:7056caea5ff40230a1a3d3cd82f30c7fcb98e5c6a39df08df836e6e25434e534
   └── 🍒 sha256:7056caea5ff40230a1a3d3cd82f30c7fcb98e5c6a39df08df836e6e25434e534
└── 📦 SBOMs for an image tag: quay.io/rhacs-eng/scanner-slim:sha256-dc6e990de54c5893eb607a9293596caa4af3c1a766ab23ed0ca837417f286f4b.sbom
   └── 🍒 sha256:d0d2da350c55dbfb0be5eebe14869241f5d5799edb88cd2d6e92ac62d07e85a5

Since the repo did not change, there's just one image for both original and re-tagged index images.

@msugakov
Copy link
Contributor Author

msugakov commented Nov 8, 2024

Comparing for collector-slim

Oras for index image

$ diff -ys <( oras discover quay.io/rhacs-eng/collector:$(make collector-tag)-fast ) <( oras discover quay.io/rhacs-eng/collector-slim:$(make tag)-fast )
quay.io/rhacs-eng/collector@sha256:b4569f7dd50110d66fc66e5d19 |	quay.io/rhacs-eng/collector-slim@sha256:b4569f7dd50110d66fc66
├── application/vnd.clamav				      <
│   └── sha256:d1234b7d3bf288571a131164889d690ad5ffc79a836c22 <
├── application/sarif+json					├── application/sarif+json
│   └── sha256:9fc633b998e8447178279cdb60349368ed953054854c39	│   └── sha256:9fc633b998e8447178279cdb60349368ed953054854c39
							      >	├── application/vnd.clamav
							      >	│   └── sha256:d1234b7d3bf288571a131164889d690ad5ffc79a836c22
└── <unknown>							└── <unknown>
    ├── sha256:4fb5e3abe036e6a1cae3600f5448cdde545fa95dac124c	    ├── sha256:4fb5e3abe036e6a1cae3600f5448cdde545fa95dac124c
    │   └── application/vnd.redhat.clair-report+json		    │   └── application/vnd.redhat.clair-report+json
    │       └── sha256:fa95161b9aabf9c99931cfe241a67083efe395	    │       └── sha256:fa95161b9aabf9c99931cfe241a67083efe395
    ├── sha256:1cab9e5b50fe2a5ed0d917a65612a387e96c1e436316ca	    ├── sha256:1cab9e5b50fe2a5ed0d917a65612a387e96c1e436316ca
    │   └── application/vnd.redhat.clair-report+json		    │   └── application/vnd.redhat.clair-report+json
    │       └── sha256:ed30c56ec5d904d163e963b5ee93dd3c3a954a	    │       └── sha256:ed30c56ec5d904d163e963b5ee93dd3c3a954a
    ├── sha256:fba18acaf0f972ae343c9286b1750321cb5caa0d414608	    ├── sha256:fba18acaf0f972ae343c9286b1750321cb5caa0d414608
    │   └── application/vnd.redhat.clair-report+json		    │   └── application/vnd.redhat.clair-report+json
    │       └── sha256:858714790e9d5665d47b6099f13901185caf0e	    │       └── sha256:858714790e9d5665d47b6099f13901185caf0e
    └── sha256:d791596eb6374239c006e19579954343ffd14eed8a34de	    └── sha256:d791596eb6374239c006e19579954343ffd14eed8a34de
        └── application/vnd.redhat.clair-report+json		        └── application/vnd.redhat.clair-report+json
            └── sha256:2eacd0686078464c2c4d174e6d58fac82c5773	            └── sha256:2eacd0686078464c2c4d174e6d58fac82c5773

Just ordering of elements is different.

Cosign for index image

$ diff -ys <( cosign tree quay.io/rhacs-eng/collector:$(make collector-tag)-fast ) <( cosign tree quay.io/rhacs-eng/collector-slim:$(make tag)-fast )
📦 Supply Chain Security Related artifacts for an image: quay |	📦 Supply Chain Security Related artifacts for an image: quay
└── 💾 Attestations for an image tag: quay.io/rhacs-eng/colle |	└── 💾 Attestations for an image tag: quay.io/rhacs-eng/colle
   ├── 🍒 sha256:8fb46cff9621d3d04cf00571547c1baaff88ce061a2a	   ├── 🍒 sha256:8fb46cff9621d3d04cf00571547c1baaff88ce061a2a
   └── 🍒 sha256:c8b8e08862c104e4179b14041da9594da9baae5ca744 |	   └── 🍒 sha256:40274263f586201f64ee70cb9803509713c534b2be43
└── 🔐 Signatures for an image tag: quay.io/rhacs-eng/collect |	└── 🔐 Signatures for an image tag: quay.io/rhacs-eng/collect
   ├── 🍒 sha256:35cbbb04c10b6772f7aea5aa0e051e225aa6433cbfeb	   ├── 🍒 sha256:35cbbb04c10b6772f7aea5aa0e051e225aa6433cbfeb
   └── 🍒 sha256:35cbbb04c10b6772f7aea5aa0e051e225aa6433cbfeb |	   └── 🍒 sha256:df2d5d808d2eba863d0a1412806aaff06d1c33a22328

Two items match, two don't.

$ diff -ys <( cosign download signature quay.io/rhacs-eng/collector:$(make collector-tag)-fast | jq ) <( cosign download signature quay.io/rhacs-eng/collector-slim:$(make tag)-fast | jq )
{								{
  "Base64Signature": "MEUCIHk6mdzoCMXgpnG6iG1ZokGqfGuQ2f9kRIm	  "Base64Signature": "MEUCIHk6mdzoCMXgpnG6iG1ZokGqfGuQ2f9kRIm
  "Payload": "eyJjcml0aWNhbCI6eyJpZGVudGl0eSI6eyJkb2NrZXItcmV	  "Payload": "eyJjcml0aWNhbCI6eyJpZGVudGl0eSI6eyJkb2NrZXItcmV
  "Cert": null,							  "Cert": null,
  "Chain": null,						  "Chain": null,
  "Bundle": null,						  "Bundle": null,
  "RFC3161Timestamp": null					  "RFC3161Timestamp": null
}								}
{								{
  "Base64Signature": "MEYCIQCwpsLsMB8IE7C/4VR+Sg+XsGQ5NM37+LK |	  "Base64Signature": "MEYCIQC+ldxfcSVHBZ2d4eKta0Zp+uohNbV7ql3
  "Payload": "eyJjcml0aWNhbCI6eyJpZGVudGl0eSI6eyJkb2NrZXItcmV |	  "Payload": "eyJjcml0aWNhbCI6eyJpZGVudGl0eSI6eyJkb2NrZXItcmV
  "Cert": null,							  "Cert": null,
  "Chain": null,						  "Chain": null,
  "Bundle": null,						  "Bundle": null,
  "RFC3161Timestamp": null					  "RFC3161Timestamp": null
}

Not sure what to do with that since base64 data is binary. Let's just see what EC tells eventually.

$ diff -ys <( cosign download attestation quay.io/rhacs-eng/collector:$(make collector-tag)-fast | sort | jq ) <( cosign download attestation quay.io/rhacs-eng/collector-slim:$(make tag)-fast | sort | jq )
{								{
  "payloadType": "application/vnd.in-toto+json",		  "payloadType": "application/vnd.in-toto+json",
  "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1	  "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1
  "signatures": [						  "signatures": [
    {								    {
      "keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvG	      "keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvG
      "sig": "MEYCIQD9UfYLpO1wfwfw1OJIoJMm49zZ5JH6H9CX07sIgzU	      "sig": "MEYCIQD9UfYLpO1wfwfw1OJIoJMm49zZ5JH6H9CX07sIgzU
    }								    }
  ]								  ]
}								}
{								{
  "payloadType": "application/vnd.in-toto+json",		  "payloadType": "application/vnd.in-toto+json",
  "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1 |	  "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1
  "signatures": [						  "signatures": [
    {								    {
      "keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvG	      "keyid": "SHA256:IhiN7gY+Z3uSSd7tmj6w5Zfhqafzdhm3DZjIvG
      "sig": "MEUCIDrqE+smc/NKA2xx6RyQuYRGjrzbMBHsnzU8uzzPzTQ |	      "sig": "MEQCIEq2sy1m3mJgzl2tZPi2SVNb6bOV8a1vVFAm0CCTIzQ
    }								    }
  ]								  ]
}								}

$ diff -ys <( cosign download attestation quay.io/rhacs-eng/collector:$(make collector-tag)-fast | sort | jq -r '.payload' | tail -n 1 | base64 -d - | jq ) <( cosign download attestation quay.io/rhacs-eng/collector-slim:$(make tag)-fast | sort | jq -r '.payload' | tail -n 1 | base64 -d - | jq ) 
{								{
  "_type": "https://in-toto.io/Statement/v0.1",			  "_type": "https://in-toto.io/Statement/v0.1",
  "subject": [							  "subject": [
    {								    {
      "name": "quay.io/rhacs-eng/collector",		      |	      "name": "quay.io/rhacs-eng/collector-slim",
      "digest": {						      "digest": {
        "sha256": "b4569f7dd50110d66fc66e5d19fbfbf65a783a1e94	        "sha256": "b4569f7dd50110d66fc66e5d19fbfbf65a783a1e94
      }								      }
    }								    }
  ],								  ],
  "predicateType": "https://slsa.dev/provenance/v0.2",		  "predicateType": "https://slsa.dev/provenance/v0.2",
  "predicate": {						  "predicate": {
    "buildConfig": {						    "buildConfig": {
      "tasks": [						      "tasks": [
        {							        {
          "finishedOn": "2024-11-07T19:17:57Z",		      |	          "finishedOn": "2024-11-07T19:18:46Z",
          "invocation": {					          "invocation": {
            "configSource": {},					            "configSource": {},
            "environment": {					            "environment": {
              "annotations": {					              "annotations": {
                "build.appstudio.openshift.io/repo": "https:/	                "build.appstudio.openshift.io/repo": "https:/
                "build.appstudio.redhat.com/commit_sha": "659	                "build.appstudio.redhat.com/commit_sha": "659
                "build.appstudio.redhat.com/pull_request_numb	                "build.appstudio.redhat.com/pull_request_numb
                "build.appstudio.redhat.com/target_branch": "	                "build.appstudio.redhat.com/target_branch": "
                "pipeline.tekton.dev/release": "96db451",	                "pipeline.tekton.dev/release": "96db451",
                "pipelinesascode.tekton.dev/branch": "master"	                "pipelinesascode.tekton.dev/branch": "master"
                "pipelinesascode.tekton.dev/check-run-id": "3 |	                "pipelinesascode.tekton.dev/check-run-id": "3
                "pipelinesascode.tekton.dev/controller-info":	                "pipelinesascode.tekton.dev/controller-info":
                "pipelinesascode.tekton.dev/event-type": "pul	                "pipelinesascode.tekton.dev/event-type": "pul
                "pipelinesascode.tekton.dev/git-auth-secret": |	                "pipelinesascode.tekton.dev/git-auth-secret":
                "pipelinesascode.tekton.dev/git-provider": "g	                "pipelinesascode.tekton.dev/git-provider": "g
                "pipelinesascode.tekton.dev/installation-id":	                "pipelinesascode.tekton.dev/installation-id":
                "pipelinesascode.tekton.dev/log-url": "https: |	                "pipelinesascode.tekton.dev/log-url": "https:
                "pipelinesascode.tekton.dev/max-keep-runs": "	                "pipelinesascode.tekton.dev/max-keep-runs": "
                "pipelinesascode.tekton.dev/on-cel-expression	                "pipelinesascode.tekton.dev/on-cel-expression
                "pipelinesascode.tekton.dev/original-prname": |	                "pipelinesascode.tekton.dev/original-prname":
                "pipelinesascode.tekton.dev/pull-request": "1	                "pipelinesascode.tekton.dev/pull-request": "1
                "pipelinesascode.tekton.dev/repo-url": "https	                "pipelinesascode.tekton.dev/repo-url": "https
                "pipelinesascode.tekton.dev/repository": "mai	                "pipelinesascode.tekton.dev/repository": "mai
                "pipelinesascode.tekton.dev/sender": "msugako	                "pipelinesascode.tekton.dev/sender": "msugako
                "pipelinesascode.tekton.dev/sha": "659424aaf3	                "pipelinesascode.tekton.dev/sha": "659424aaf3
                "pipelinesascode.tekton.dev/sha-title": "Appl	                "pipelinesascode.tekton.dev/sha-title": "Appl
                "pipelinesascode.tekton.dev/sha-url": "https:	                "pipelinesascode.tekton.dev/sha-url": "https:
                "pipelinesascode.tekton.dev/source-branch": "	                "pipelinesascode.tekton.dev/source-branch": "
                "pipelinesascode.tekton.dev/source-repo-url":	                "pipelinesascode.tekton.dev/source-repo-url":
                "pipelinesascode.tekton.dev/state": "started"	                "pipelinesascode.tekton.dev/state": "started"
                "pipelinesascode.tekton.dev/url-org": "stackr	                "pipelinesascode.tekton.dev/url-org": "stackr
                "pipelinesascode.tekton.dev/url-repository": 	                "pipelinesascode.tekton.dev/url-repository": 
                "results.tekton.dev/recordSummaryAnnotations"	                "results.tekton.dev/recordSummaryAnnotations"
                "tekton.dev/categories": "Git",			                "tekton.dev/categories": "Git",
                "tekton.dev/displayName": "git clone oci trus	                "tekton.dev/displayName": "git clone oci trus
                "tekton.dev/pipelines.minVersion": "0.21.0",	                "tekton.dev/pipelines.minVersion": "0.21.0",
                "tekton.dev/platforms": "linux/amd64,linux/s3	                "tekton.dev/platforms": "linux/amd64,linux/s3
                "tekton.dev/tags": "git",			                "tekton.dev/tags": "git",
                "tekton.dev/taskrunSpanContext": "{\"tracepar |	                "tekton.dev/taskrunSpanContext": "{\"tracepar
                "test.appstudio.openshift.io/pr-group": "mish	                "test.appstudio.openshift.io/pr-group": "mish
              },						              },
              "labels": {					              "labels": {
                "app.kubernetes.io/managed-by": "pipelinesasc	                "app.kubernetes.io/managed-by": "pipelinesasc
                "app.kubernetes.io/version": "v0.28.0",		                "app.kubernetes.io/version": "v0.28.0",
                "appstudio.openshift.io/application": "acs",	                "appstudio.openshift.io/application": "acs",
                "appstudio.openshift.io/component": "collecto |	                "appstudio.openshift.io/component": "collecto
                "pipelines.appstudio.openshift.io/type": "bui	                "pipelines.appstudio.openshift.io/type": "bui
                "pipelinesascode.tekton.dev/check-run-id": "3 |	                "pipelinesascode.tekton.dev/check-run-id": "3
                "pipelinesascode.tekton.dev/event-type": "pul	                "pipelinesascode.tekton.dev/event-type": "pul
                "pipelinesascode.tekton.dev/original-prname": |	                "pipelinesascode.tekton.dev/original-prname":
                "pipelinesascode.tekton.dev/pull-request": "1	                "pipelinesascode.tekton.dev/pull-request": "1
                "pipelinesascode.tekton.dev/repository": "mai	                "pipelinesascode.tekton.dev/repository": "mai
                "pipelinesascode.tekton.dev/sha": "659424aaf3	                "pipelinesascode.tekton.dev/sha": "659424aaf3
                "pipelinesascode.tekton.dev/state": "started"	                "pipelinesascode.tekton.dev/state": "started"
                "pipelinesascode.tekton.dev/url-org": "stackr	                "pipelinesascode.tekton.dev/url-org": "stackr
                "pipelinesascode.tekton.dev/url-repository": 	                "pipelinesascode.tekton.dev/url-repository": 
                "tekton.dev/memberOf": "tasks",			                "tekton.dev/memberOf": "tasks",
                "tekton.dev/pipeline": "collector-full-retagg |	                "tekton.dev/pipeline": "collector-slim-retagg
                "tekton.dev/pipelineRun": "collector-full-ret |	                "tekton.dev/pipelineRun": "collector-slim-ret
                "tekton.dev/pipelineRunUID": "f9bf6752-458c-4 |	                "tekton.dev/pipelineRunUID": "04377ef5-3c9d-4
                "tekton.dev/pipelineTask": "clone-repository"	                "tekton.dev/pipelineTask": "clone-repository"
                "tekton.dev/task": "git-clone-oci-ta",		                "tekton.dev/task": "git-clone-oci-ta",
                "test.appstudio.openshift.io/pr-group-sha": "	                "test.appstudio.openshift.io/pr-group-sha": "
              }							              }
            },							            },
            "parameters": {					            "parameters": {
              "caTrustConfigMapKey": "ca-bundle.crt",		              "caTrustConfigMapKey": "ca-bundle.crt",
              "caTrustConfigMapName": "trusted-ca",		              "caTrustConfigMapName": "trusted-ca",
              "depth": "0",					              "depth": "0",
              "enableSymlinkCheck": "true",			              "enableSymlinkCheck": "true",
              "fetchTags": "true",				              "fetchTags": "true",
              "httpProxy": "",					              "httpProxy": "",
              "httpsProxy": "",					              "httpsProxy": "",
              "noProxy": "",					              "noProxy": "",
              "ociArtifactExpiresAfter": "1d",			              "ociArtifactExpiresAfter": "1d",
              "ociStorage": "quay.io/rhacs-eng/collector:konf |	              "ociStorage": "quay.io/rhacs-eng/collector-slim
              "refspec": "",					              "refspec": "",
              "revision": "659424aaf3f7ef8d175bce05424aa5c933	              "revision": "659424aaf3f7ef8d175bce05424aa5c933
              "sparseCheckoutDirectories": "",			              "sparseCheckoutDirectories": "",
              "sslVerify": "true",				              "sslVerify": "true",
              "submodules": "true",				              "submodules": "true",
              "url": "https://github.com/stackrox/stackrox",	              "url": "https://github.com/stackrox/stackrox",
              "userHome": "/tekton/home",			              "userHome": "/tekton/home",
              "verbose": "false"				              "verbose": "false"
            }							            }
          },							          },
          "name": "clone-repository",				          "name": "clone-repository",
          "ref": {						          "ref": {
            "params": [						            "params": [
              {							              {
                "name": "name",					                "name": "name",
                "value": "git-clone-oci-ta"			                "value": "git-clone-oci-ta"
              },						              },
              {							              {
                "name": "bundle",				                "name": "bundle",
                "value": "quay.io/konflux-ci/tekton-catalog/t	                "value": "quay.io/konflux-ci/tekton-catalog/t
              },						              },
              {							              {
                "name": "kind",					                "name": "kind",
                "value": "task"					                "value": "task"
              }							              }
            ],							            ],
            "resolver": "bundles"				            "resolver": "bundles"
          },							          },
          "results": [						          "results": [
            {							            {
              "name": "commit",					              "name": "commit",
              "type": "string",					              "type": "string",
              "value": "659424aaf3f7ef8d175bce05424aa5c9334fc	              "value": "659424aaf3f7ef8d175bce05424aa5c9334fc
            },							            },
            {							            {
              "name": "commit-timestamp",			              "name": "commit-timestamp",
              "type": "string",					              "type": "string",
              "value": "1731004655"				              "value": "1731004655"
            },							            },
            {							            {
              "name": "url",					              "name": "url",
              "type": "string",					              "type": "string",
              "value": "https://github.com/stackrox/stackrox"	              "value": "https://github.com/stackrox/stackrox"
            },							            },
            {							            {
              "name": "SOURCE_ARTIFACT",			              "name": "SOURCE_ARTIFACT",
              "type": "string",					              "type": "string",
              "value": "oci:quay.io/rhacs-eng/collector@sha25 |	              "value": "oci:quay.io/rhacs-eng/collector-slim@
            }							            }
          ],							          ],
          "serviceAccountName": "appstudio-pipeline",		          "serviceAccountName": "appstudio-pipeline",
          "startedOn": "2024-11-07T19:15:48Z",		      |	          "startedOn": "2024-11-07T19:15:54Z",
          "status": "Succeeded",				          "status": "Succeeded",
          "steps": [						          "steps": [
            {							            {
              "annotations": null,				              "annotations": null,
              "arguments": null,				              "arguments": null,
              "entryPoint": "#!/usr/bin/env sh\nset -eu\n\nif	              "entryPoint": "#!/usr/bin/env sh\nset -eu\n\nif
              "environment": {					              "environment": {
                "container": "clone",				                "container": "clone",
                "image": "oci://quay.io/konflux-ci/git-clone@	                "image": "oci://quay.io/konflux-ci/git-clone@
              }							              }
            },							            },
            {							            {
              "annotations": null,				              "annotations": null,
              "arguments": null,				              "arguments": null,
              "entryPoint": "#!/usr/bin/env bash\nset -euo pi	              "entryPoint": "#!/usr/bin/env bash\nset -euo pi
              "environment": {					              "environment": {
                "container": "symlink-check",			                "container": "symlink-check",
                "image": "oci://quay.io/konflux-ci/git-clone@	                "image": "oci://quay.io/konflux-ci/git-clone@
              }							              }
            },							            },
            {							            {
              "annotations": null,				              "annotations": null,
              "arguments": [					              "arguments": [
                "create",					                "create",
                "--store",					                "--store",
                "quay.io/rhacs-eng/collector:konflux-659424aa |	                "quay.io/rhacs-eng/collector-slim:konflux-659
                "/tekton/results/SOURCE_ARTIFACT=/var/workdir	                "/tekton/results/SOURCE_ARTIFACT=/var/workdir
              ],						              ],
              "entryPoint": "",					              "entryPoint": "",
              "environment": {					              "environment": {
                "container": "create-trusted-artifact",		                "container": "create-trusted-artifact",
                "image": "oci://quay.io/redhat-appstudio/buil	                "image": "oci://quay.io/redhat-appstudio/buil
              }							              }
            }							            }
          ]							          ]
        },							        },
        {							        {
          "after": [						          "after": [
            "clone-repository"					            "clone-repository"
          ],							          ],
          "finishedOn": "2024-11-07T19:19:21Z",		      |	          "finishedOn": "2024-11-07T19:19:11Z",
          "invocation": {					          "invocation": {
            "configSource": {},					            "configSource": {},
            "environment": {					            "environment": {
              "annotations": {					              "annotations": {
                "build.appstudio.openshift.io/repo": "https:/	                "build.appstudio.openshift.io/repo": "https:/
                "build.appstudio.redhat.com/commit_sha": "659	                "build.appstudio.redhat.com/commit_sha": "659
                "build.appstudio.redhat.com/pull_request_numb	                "build.appstudio.redhat.com/pull_request_numb
                "build.appstudio.redhat.com/target_branch": "	                "build.appstudio.redhat.com/target_branch": "
                "pipeline.tekton.dev/release": "96db451",	                "pipeline.tekton.dev/release": "96db451",
                "pipelinesascode.tekton.dev/branch": "master"	                "pipelinesascode.tekton.dev/branch": "master"
                "pipelinesascode.tekton.dev/check-run-id": "3 |	                "pipelinesascode.tekton.dev/check-run-id": "3
                "pipelinesascode.tekton.dev/controller-info":	                "pipelinesascode.tekton.dev/controller-info":
                "pipelinesascode.tekton.dev/event-type": "pul	                "pipelinesascode.tekton.dev/event-type": "pul
                "pipelinesascode.tekton.dev/git-auth-secret": |	                "pipelinesascode.tekton.dev/git-auth-secret":
                "pipelinesascode.tekton.dev/git-provider": "g	                "pipelinesascode.tekton.dev/git-provider": "g
                "pipelinesascode.tekton.dev/installation-id":	                "pipelinesascode.tekton.dev/installation-id":
                "pipelinesascode.tekton.dev/log-url": "https: |	                "pipelinesascode.tekton.dev/log-url": "https:
                "pipelinesascode.tekton.dev/max-keep-runs": "	                "pipelinesascode.tekton.dev/max-keep-runs": "
                "pipelinesascode.tekton.dev/on-cel-expression	                "pipelinesascode.tekton.dev/on-cel-expression
                "pipelinesascode.tekton.dev/original-prname": |	                "pipelinesascode.tekton.dev/original-prname":
                "pipelinesascode.tekton.dev/pull-request": "1	                "pipelinesascode.tekton.dev/pull-request": "1
                "pipelinesascode.tekton.dev/repo-url": "https	                "pipelinesascode.tekton.dev/repo-url": "https
                "pipelinesascode.tekton.dev/repository": "mai	                "pipelinesascode.tekton.dev/repository": "mai
                "pipelinesascode.tekton.dev/sender": "msugako	                "pipelinesascode.tekton.dev/sender": "msugako
                "pipelinesascode.tekton.dev/sha": "659424aaf3	                "pipelinesascode.tekton.dev/sha": "659424aaf3
                "pipelinesascode.tekton.dev/sha-title": "Appl	                "pipelinesascode.tekton.dev/sha-title": "Appl
                "pipelinesascode.tekton.dev/sha-url": "https:	                "pipelinesascode.tekton.dev/sha-url": "https:
                "pipelinesascode.tekton.dev/source-branch": "	                "pipelinesascode.tekton.dev/source-branch": "
                "pipelinesascode.tekton.dev/source-repo-url":	                "pipelinesascode.tekton.dev/source-repo-url":
                "pipelinesascode.tekton.dev/state": "started"	                "pipelinesascode.tekton.dev/state": "started"
                "pipelinesascode.tekton.dev/url-org": "stackr	                "pipelinesascode.tekton.dev/url-org": "stackr
                "pipelinesascode.tekton.dev/url-repository": 	                "pipelinesascode.tekton.dev/url-repository": 
                "results.tekton.dev/recordSummaryAnnotations"	                "results.tekton.dev/recordSummaryAnnotations"
                "tekton.dev/taskrunSpanContext": "{\"tracepar |	                "tekton.dev/taskrunSpanContext": "{\"tracepar
                "test.appstudio.openshift.io/pr-group": "mish	                "test.appstudio.openshift.io/pr-group": "mish
              },						              },
              "labels": {					              "labels": {
                "app.kubernetes.io/managed-by": "pipelinesasc	                "app.kubernetes.io/managed-by": "pipelinesasc
                "app.kubernetes.io/version": "v0.28.0",		                "app.kubernetes.io/version": "v0.28.0",
                "appstudio.openshift.io/application": "acs",	                "appstudio.openshift.io/application": "acs",
                "appstudio.openshift.io/component": "collecto |	                "appstudio.openshift.io/component": "collecto
                "pipelines.appstudio.openshift.io/type": "bui	                "pipelines.appstudio.openshift.io/type": "bui
                "pipelinesascode.tekton.dev/check-run-id": "3 |	                "pipelinesascode.tekton.dev/check-run-id": "3
                "pipelinesascode.tekton.dev/event-type": "pul	                "pipelinesascode.tekton.dev/event-type": "pul
                "pipelinesascode.tekton.dev/original-prname": |	                "pipelinesascode.tekton.dev/original-prname":
                "pipelinesascode.tekton.dev/pull-request": "1	                "pipelinesascode.tekton.dev/pull-request": "1
                "pipelinesascode.tekton.dev/repository": "mai	                "pipelinesascode.tekton.dev/repository": "mai
                "pipelinesascode.tekton.dev/sha": "659424aaf3	                "pipelinesascode.tekton.dev/sha": "659424aaf3
                "pipelinesascode.tekton.dev/state": "started"	                "pipelinesascode.tekton.dev/state": "started"
                "pipelinesascode.tekton.dev/url-org": "stackr	                "pipelinesascode.tekton.dev/url-org": "stackr
                "pipelinesascode.tekton.dev/url-repository": 	                "pipelinesascode.tekton.dev/url-repository": 
                "tekton.dev/memberOf": "tasks",			                "tekton.dev/memberOf": "tasks",
                "tekton.dev/pipeline": "collector-full-retagg |	                "tekton.dev/pipeline": "collector-slim-retagg
                "tekton.dev/pipelineRun": "collector-full-ret |	                "tekton.dev/pipelineRun": "collector-slim-ret
                "tekton.dev/pipelineRunUID": "f9bf6752-458c-4 |	                "tekton.dev/pipelineRunUID": "04377ef5-3c9d-4
                "tekton.dev/pipelineTask": "determine-output-	                "tekton.dev/pipelineTask": "determine-output-
                "test.appstudio.openshift.io/pr-group-sha": "	                "test.appstudio.openshift.io/pr-group-sha": "
              }							              }
            },							            },
            "parameters": {					            "parameters": {
              "MAKEFILE_DIRECTORY": ".",			              "MAKEFILE_DIRECTORY": ".",
              "MAKEFILE_TARGET": "tag",				              "MAKEFILE_TARGET": "tag",
              "SOURCE_ARTIFACT": "oci:quay.io/rhacs-eng/colle |	              "SOURCE_ARTIFACT": "oci:quay.io/rhacs-eng/colle
              "TAG_SUFFIX": "-fast"				              "TAG_SUFFIX": "-fast"
            }							            }
          },							          },
          "name": "determine-output-image-tag",			          "name": "determine-output-image-tag",
          "ref": {},						          "ref": {},
          "results": [						          "results": [
            {							            {
              "name": "IMAGE_TAG",				              "name": "IMAGE_TAG",
              "type": "string",					              "type": "string",
              "value": "4.7.x-96-g659424aaf3-fast"		              "value": "4.7.x-96-g659424aaf3-fast"
            }							            }
          ],							          ],
          "serviceAccountName": "appstudio-pipeline",		          "serviceAccountName": "appstudio-pipeline",
          "startedOn": "2024-11-07T19:18:05Z",		      |	          "startedOn": "2024-11-07T19:18:47Z",
          "status": "Succeeded",				          "status": "Succeeded",
          "steps": [						          "steps": [
            {							            {
              "annotations": null,				              "annotations": null,
              "arguments": [					              "arguments": [
                "use",						                "use",
                "oci:quay.io/rhacs-eng/collector@sha256:bcef4 |	                "oci:quay.io/rhacs-eng/collector-slim@sha256:
              ],						              ],
              "entryPoint": "",					              "entryPoint": "",
              "environment": {					              "environment": {
                "container": "use-trusted-artifact",		                "container": "use-trusted-artifact",
                "image": "oci://quay.io/redhat-appstudio/buil	                "image": "oci://quay.io/redhat-appstudio/buil
              }							              }
            },							            },
            {							            {
              "annotations": null,				              "annotations": null,
              "arguments": null,				              "arguments": null,
              "entryPoint": "#!/usr/bin/env bash\nset -euo pi	              "entryPoint": "#!/usr/bin/env bash\nset -euo pi
              "environment": {					              "environment": {
                "container": "determine-image-tag",		                "container": "determine-image-tag",
                "image": "oci://registry.access.redhat.com/ub	                "image": "oci://registry.access.redhat.com/ub
              }							              }
            }							            }
          ]							          ]
        },							        },
        {							        {
          "after": [						          "after": [
            "clone-repository"					            "clone-repository"
          ],							          ],
          "finishedOn": "2024-11-07T19:18:29Z",		      |	          "finishedOn": "2024-11-07T19:19:15Z",
          "invocation": {					          "invocation": {
            "configSource": {},					            "configSource": {},
            "environment": {					            "environment": {
              "annotations": {					              "annotations": {
                "build.appstudio.openshift.io/repo": "https:/	                "build.appstudio.openshift.io/repo": "https:/
                "build.appstudio.redhat.com/commit_sha": "659	                "build.appstudio.redhat.com/commit_sha": "659
                "build.appstudio.redhat.com/pull_request_numb	                "build.appstudio.redhat.com/pull_request_numb
                "build.appstudio.redhat.com/target_branch": "	                "build.appstudio.redhat.com/target_branch": "
                "pipeline.tekton.dev/release": "96db451",	                "pipeline.tekton.dev/release": "96db451",
                "pipelinesascode.tekton.dev/branch": "master"	                "pipelinesascode.tekton.dev/branch": "master"
                "pipelinesascode.tekton.dev/check-run-id": "3 |	                "pipelinesascode.tekton.dev/check-run-id": "3
                "pipelinesascode.tekton.dev/controller-info":	                "pipelinesascode.tekton.dev/controller-info":
                "pipelinesascode.tekton.dev/event-type": "pul	                "pipelinesascode.tekton.dev/event-type": "pul
                "pipelinesascode.tekton.dev/git-auth-secret": |	                "pipelinesascode.tekton.dev/git-auth-secret":
                "pipelinesascode.tekton.dev/git-provider": "g	                "pipelinesascode.tekton.dev/git-provider": "g
                "pipelinesascode.tekton.dev/installation-id":	                "pipelinesascode.tekton.dev/installation-id":
                "pipelinesascode.tekton.dev/log-url": "https: |	                "pipelinesascode.tekton.dev/log-url": "https:
                "pipelinesascode.tekton.dev/max-keep-runs": "	                "pipelinesascode.tekton.dev/max-keep-runs": "
                "pipelinesascode.tekton.dev/on-cel-expression	                "pipelinesascode.tekton.dev/on-cel-expression
                "pipelinesascode.tekton.dev/original-prname": |	                "pipelinesascode.tekton.dev/original-prname":
                "pipelinesascode.tekton.dev/pull-request": "1	                "pipelinesascode.tekton.dev/pull-request": "1
                "pipelinesascode.tekton.dev/repo-url": "https	                "pipelinesascode.tekton.dev/repo-url": "https
                "pipelinesascode.tekton.dev/repository": "mai	                "pipelinesascode.tekton.dev/repository": "mai
                "pipelinesascode.tekton.dev/sender": "msugako	                "pipelinesascode.tekton.dev/sender": "msugako
                "pipelinesascode.tekton.dev/sha": "659424aaf3	                "pipelinesascode.tekton.dev/sha": "659424aaf3
                "pipelinesascode.tekton.dev/sha-title": "Appl	                "pipelinesascode.tekton.dev/sha-title": "Appl
                "pipelinesascode.tekton.dev/sha-url": "https:	                "pipelinesascode.tekton.dev/sha-url": "https:
                "pipelinesascode.tekton.dev/source-branch": "	                "pipelinesascode.tekton.dev/source-branch": "
                "pipelinesascode.tekton.dev/source-repo-url":	                "pipelinesascode.tekton.dev/source-repo-url":
                "pipelinesascode.tekton.dev/state": "started"	                "pipelinesascode.tekton.dev/state": "started"
                "pipelinesascode.tekton.dev/url-org": "stackr	                "pipelinesascode.tekton.dev/url-org": "stackr
                "pipelinesascode.tekton.dev/url-repository": 	                "pipelinesascode.tekton.dev/url-repository": 
                "results.tekton.dev/recordSummaryAnnotations"	                "results.tekton.dev/recordSummaryAnnotations"
                "tekton.dev/taskrunSpanContext": "{\"tracepar |	                "tekton.dev/taskrunSpanContext": "{\"tracepar
                "test.appstudio.openshift.io/pr-group": "mish	                "test.appstudio.openshift.io/pr-group": "mish
              },						              },
              "labels": {					              "labels": {
                "app.kubernetes.io/managed-by": "pipelinesasc	                "app.kubernetes.io/managed-by": "pipelinesasc
                "app.kubernetes.io/version": "v0.28.0",		                "app.kubernetes.io/version": "v0.28.0",
                "appstudio.openshift.io/application": "acs",	                "appstudio.openshift.io/application": "acs",
                "appstudio.openshift.io/component": "collecto |	                "appstudio.openshift.io/component": "collecto
                "pipelines.appstudio.openshift.io/type": "bui	                "pipelines.appstudio.openshift.io/type": "bui
                "pipelinesascode.tekton.dev/check-run-id": "3 |	                "pipelinesascode.tekton.dev/check-run-id": "3
                "pipelinesascode.tekton.dev/event-type": "pul	                "pipelinesascode.tekton.dev/event-type": "pul
                "pipelinesascode.tekton.dev/original-prname": |	                "pipelinesascode.tekton.dev/original-prname":
                "pipelinesascode.tekton.dev/pull-request": "1	                "pipelinesascode.tekton.dev/pull-request": "1
                "pipelinesascode.tekton.dev/repository": "mai	                "pipelinesascode.tekton.dev/repository": "mai
                "pipelinesascode.tekton.dev/sha": "659424aaf3	                "pipelinesascode.tekton.dev/sha": "659424aaf3
                "pipelinesascode.tekton.dev/state": "started"	                "pipelinesascode.tekton.dev/state": "started"
                "pipelinesascode.tekton.dev/url-org": "stackr	                "pipelinesascode.tekton.dev/url-org": "stackr
                "pipelinesascode.tekton.dev/url-repository": 	                "pipelinesascode.tekton.dev/url-repository": 
                "tekton.dev/memberOf": "tasks",			                "tekton.dev/memberOf": "tasks",
                "tekton.dev/pipeline": "collector-full-retagg |	                "tekton.dev/pipeline": "collector-slim-retagg
                "tekton.dev/pipelineRun": "collector-full-ret |	                "tekton.dev/pipelineRun": "collector-slim-ret
                "tekton.dev/pipelineRunUID": "f9bf6752-458c-4 |	                "tekton.dev/pipelineRunUID": "04377ef5-3c9d-4
                "tekton.dev/pipelineTask": "determine-input-i	                "tekton.dev/pipelineTask": "determine-input-i
                "test.appstudio.openshift.io/pr-group-sha": "	                "test.appstudio.openshift.io/pr-group-sha": "
              }							              }
            },							            },
            "parameters": {					            "parameters": {
              "MAKEFILE_DIRECTORY": ".",			              "MAKEFILE_DIRECTORY": ".",
              "MAKEFILE_TARGET": "collector-tag",		              "MAKEFILE_TARGET": "collector-tag",
              "SOURCE_ARTIFACT": "oci:quay.io/rhacs-eng/colle |	              "SOURCE_ARTIFACT": "oci:quay.io/rhacs-eng/colle
              "TAG_SUFFIX": "-fast"				              "TAG_SUFFIX": "-fast"
            }							            }
          },							          },
          "name": "determine-input-image-tag",			          "name": "determine-input-image-tag",
          "ref": {},						          "ref": {},
          "results": [						          "results": [
            {							            {
              "name": "IMAGE_TAG",				              "name": "IMAGE_TAG",
              "type": "string",					              "type": "string",
              "value": "3.20.x-33-gf1748e6301-fast"		              "value": "3.20.x-33-gf1748e6301-fast"
            }							            }
          ],							          ],
          "serviceAccountName": "appstudio-pipeline",		          "serviceAccountName": "appstudio-pipeline",
          "startedOn": "2024-11-07T19:18:06Z",		      |	          "startedOn": "2024-11-07T19:18:47Z",
          "status": "Succeeded",				          "status": "Succeeded",
          "steps": [						          "steps": [
            {							            {
              "annotations": null,				              "annotations": null,
              "arguments": [					              "arguments": [
                "use",						                "use",
                "oci:quay.io/rhacs-eng/collector@sha256:bcef4 |	                "oci:quay.io/rhacs-eng/collector-slim@sha256:
              ],						              ],
              "entryPoint": "",					              "entryPoint": "",
              "environment": {					              "environment": {
                "container": "use-trusted-artifact",		                "container": "use-trusted-artifact",
                "image": "oci://quay.io/redhat-appstudio/buil	                "image": "oci://quay.io/redhat-appstudio/buil
              }							              }
            },							            },
            {							            {
              "annotations": null,				              "annotations": null,
              "arguments": null,				              "arguments": null,
              "entryPoint": "#!/usr/bin/env bash\nset -euo pi	              "entryPoint": "#!/usr/bin/env bash\nset -euo pi
              "environment": {					              "environment": {
                "container": "determine-image-tag",		                "container": "determine-image-tag",
                "image": "oci://registry.access.redhat.com/ub |	                "image": "oci://registry.access.redhat.com/ub
              }							              }
            }							            }
          ]							          ]
        },							        },
        {							        {
          "after": [						          "after": [
            "determine-input-image-tag",			            "determine-input-image-tag",
            "determine-output-image-tag"			            "determine-output-image-tag"
          ],							          ],
          "finishedOn": "2024-11-07T19:20:13Z",		      |	          "finishedOn": "2024-11-07T19:20:27Z",
          "invocation": {					          "invocation": {
            "configSource": {},					            "configSource": {},
            "environment": {					            "environment": {
              "annotations": {					              "annotations": {
                "build.appstudio.openshift.io/repo": "https:/	                "build.appstudio.openshift.io/repo": "https:/
                "build.appstudio.redhat.com/commit_sha": "659	                "build.appstudio.redhat.com/commit_sha": "659
                "build.appstudio.redhat.com/pull_request_numb	                "build.appstudio.redhat.com/pull_request_numb
                "build.appstudio.redhat.com/target_branch": "	                "build.appstudio.redhat.com/target_branch": "
                "pipeline.tekton.dev/release": "96db451",	                "pipeline.tekton.dev/release": "96db451",
                "pipelinesascode.tekton.dev/branch": "master"	                "pipelinesascode.tekton.dev/branch": "master"
                "pipelinesascode.tekton.dev/check-run-id": "3 |	                "pipelinesascode.tekton.dev/check-run-id": "3
                "pipelinesascode.tekton.dev/controller-info":	                "pipelinesascode.tekton.dev/controller-info":
                "pipelinesascode.tekton.dev/event-type": "pul	                "pipelinesascode.tekton.dev/event-type": "pul
                "pipelinesascode.tekton.dev/git-auth-secret": |	                "pipelinesascode.tekton.dev/git-auth-secret":
                "pipelinesascode.tekton.dev/git-provider": "g	                "pipelinesascode.tekton.dev/git-provider": "g
                "pipelinesascode.tekton.dev/installation-id":	                "pipelinesascode.tekton.dev/installation-id":
                "pipelinesascode.tekton.dev/log-url": "https: |	                "pipelinesascode.tekton.dev/log-url": "https:
                "pipelinesascode.tekton.dev/max-keep-runs": "	                "pipelinesascode.tekton.dev/max-keep-runs": "
                "pipelinesascode.tekton.dev/on-cel-expression	                "pipelinesascode.tekton.dev/on-cel-expression
                "pipelinesascode.tekton.dev/original-prname": |	                "pipelinesascode.tekton.dev/original-prname":
                "pipelinesascode.tekton.dev/pull-request": "1	                "pipelinesascode.tekton.dev/pull-request": "1
                "pipelinesascode.tekton.dev/repo-url": "https	                "pipelinesascode.tekton.dev/repo-url": "https
                "pipelinesascode.tekton.dev/repository": "mai	                "pipelinesascode.tekton.dev/repository": "mai
                "pipelinesascode.tekton.dev/sender": "msugako	                "pipelinesascode.tekton.dev/sender": "msugako
                "pipelinesascode.tekton.dev/sha": "659424aaf3	                "pipelinesascode.tekton.dev/sha": "659424aaf3
                "pipelinesascode.tekton.dev/sha-title": "Appl	                "pipelinesascode.tekton.dev/sha-title": "Appl
                "pipelinesascode.tekton.dev/sha-url": "https:	                "pipelinesascode.tekton.dev/sha-url": "https:
                "pipelinesascode.tekton.dev/source-branch": "	                "pipelinesascode.tekton.dev/source-branch": "
                "pipelinesascode.tekton.dev/source-repo-url":	                "pipelinesascode.tekton.dev/source-repo-url":
                "pipelinesascode.tekton.dev/state": "started"	                "pipelinesascode.tekton.dev/state": "started"
                "pipelinesascode.tekton.dev/url-org": "stackr	                "pipelinesascode.tekton.dev/url-org": "stackr
                "pipelinesascode.tekton.dev/url-repository": 	                "pipelinesascode.tekton.dev/url-repository": 
                "results.tekton.dev/recordSummaryAnnotations"	                "results.tekton.dev/recordSummaryAnnotations"
                "tekton.dev/taskrunSpanContext": "{\"tracepar |	                "tekton.dev/taskrunSpanContext": "{\"tracepar
                "test.appstudio.openshift.io/pr-group": "mish	                "test.appstudio.openshift.io/pr-group": "mish
              },						              },
              "labels": {					              "labels": {
                "app.kubernetes.io/managed-by": "pipelinesasc	                "app.kubernetes.io/managed-by": "pipelinesasc
                "app.kubernetes.io/version": "v0.28.0",		                "app.kubernetes.io/version": "v0.28.0",
                "appstudio.openshift.io/application": "acs",	                "appstudio.openshift.io/application": "acs",
                "appstudio.openshift.io/component": "collecto |	                "appstudio.openshift.io/component": "collecto
                "pipelines.appstudio.openshift.io/type": "bui	                "pipelines.appstudio.openshift.io/type": "bui
                "pipelinesascode.tekton.dev/check-run-id": "3 |	                "pipelinesascode.tekton.dev/check-run-id": "3
                "pipelinesascode.tekton.dev/event-type": "pul	                "pipelinesascode.tekton.dev/event-type": "pul
                "pipelinesascode.tekton.dev/original-prname": |	                "pipelinesascode.tekton.dev/original-prname":
                "pipelinesascode.tekton.dev/pull-request": "1	                "pipelinesascode.tekton.dev/pull-request": "1
                "pipelinesascode.tekton.dev/repository": "mai	                "pipelinesascode.tekton.dev/repository": "mai
                "pipelinesascode.tekton.dev/sha": "659424aaf3	                "pipelinesascode.tekton.dev/sha": "659424aaf3
                "pipelinesascode.tekton.dev/state": "started"	                "pipelinesascode.tekton.dev/state": "started"
                "pipelinesascode.tekton.dev/url-org": "stackr	                "pipelinesascode.tekton.dev/url-org": "stackr
                "pipelinesascode.tekton.dev/url-repository": 	                "pipelinesascode.tekton.dev/url-repository": 
                "tekton.dev/memberOf": "tasks",			                "tekton.dev/memberOf": "tasks",
                "tekton.dev/pipeline": "collector-full-retagg |	                "tekton.dev/pipeline": "collector-slim-retagg
                "tekton.dev/pipelineRun": "collector-full-ret |	                "tekton.dev/pipelineRun": "collector-slim-ret
                "tekton.dev/pipelineRunUID": "f9bf6752-458c-4 |	                "tekton.dev/pipelineRunUID": "04377ef5-3c9d-4
                "tekton.dev/pipelineTask": "retag-image",	                "tekton.dev/pipelineTask": "retag-image",
                "test.appstudio.openshift.io/pr-group-sha": "	                "test.appstudio.openshift.io/pr-group-sha": "
              }							              }
            },							            },
            "parameters": {					            "parameters": {
              "INPUT_IMAGE_REPO": "quay.io/rhacs-eng/collecto	              "INPUT_IMAGE_REPO": "quay.io/rhacs-eng/collecto
              "INPUT_IMAGE_TAG": "3.20.x-33-gf1748e6301-fast"	              "INPUT_IMAGE_TAG": "3.20.x-33-gf1748e6301-fast"
              "OUTPUT_IMAGE_REPO": "quay.io/rhacs-eng/collect |	              "OUTPUT_IMAGE_REPO": "quay.io/rhacs-eng/collect
              "OUTPUT_IMAGE_TAG": "4.7.x-96-g659424aaf3-fast"	              "OUTPUT_IMAGE_TAG": "4.7.x-96-g659424aaf3-fast"
            }							            }
          },							          },
          "name": "retag-image",				          "name": "retag-image",
          "ref": {},						          "ref": {},
          "results": [						          "results": [
            {							            {
              "name": "IMAGE_DIGEST",				              "name": "IMAGE_DIGEST",
              "type": "string",					              "type": "string",
              "value": "sha256:b4569f7dd50110d66fc66e5d19fbfb	              "value": "sha256:b4569f7dd50110d66fc66e5d19fbfb
            },							            },
            {							            {
              "name": "IMAGE_REF",				              "name": "IMAGE_REF",
              "type": "string",					              "type": "string",
              "value": "quay.io/rhacs-eng/collector:4.7.x-96- |	              "value": "quay.io/rhacs-eng/collector-slim:4.7.
            },							            },
            {							            {
              "name": "IMAGE_URL",				              "name": "IMAGE_URL",
              "type": "string",					              "type": "string",
              "value": "quay.io/rhacs-eng/collector:4.7.x-96- |	              "value": "quay.io/rhacs-eng/collector-slim:4.7.
            }							            }
          ],							          ],
          "serviceAccountName": "appstudio-pipeline",		          "serviceAccountName": "appstudio-pipeline",
          "startedOn": "2024-11-07T19:19:30Z",		      |	          "startedOn": "2024-11-07T19:19:16Z",
          "status": "Succeeded",				          "status": "Succeeded",
          "steps": [						          "steps": [
            {							            {
              "annotations": null,				              "annotations": null,
              "arguments": null,				              "arguments": null,
              "entryPoint": "#!/usr/bin/env bash\nset -euo pi |	              "entryPoint": "#!/usr/bin/env bash\nset -euo pi
              "environment": {					              "environment": {
                "container": "retag-image",			                "container": "retag-image",
                "image": "oci://quay.io/konflux-ci/release-se	                "image": "oci://quay.io/konflux-ci/release-se
              }							              }
            }							            }
          ]							          ]
        },							        },
        {							        {
          "after": [						          "after": [
            "retag-image"					            "retag-image"
          ],							          ],
          "finishedOn": "2024-11-07T19:20:28Z",		      |	          "finishedOn": "2024-11-07T19:20:39Z",
          "invocation": {					          "invocation": {
            "configSource": {},					            "configSource": {},
            "environment": {					            "environment": {
              "annotations": {					              "annotations": {
                "build.appstudio.openshift.io/repo": "https:/	                "build.appstudio.openshift.io/repo": "https:/
                "build.appstudio.redhat.com/commit_sha": "659	                "build.appstudio.redhat.com/commit_sha": "659
                "build.appstudio.redhat.com/pull_request_numb	                "build.appstudio.redhat.com/pull_request_numb
                "build.appstudio.redhat.com/target_branch": "	                "build.appstudio.redhat.com/target_branch": "
                "pipeline.tekton.dev/release": "96db451",	                "pipeline.tekton.dev/release": "96db451",
                "pipelinesascode.tekton.dev/branch": "master"	                "pipelinesascode.tekton.dev/branch": "master"
                "pipelinesascode.tekton.dev/check-run-id": "3 |	                "pipelinesascode.tekton.dev/check-run-id": "3
                "pipelinesascode.tekton.dev/controller-info":	                "pipelinesascode.tekton.dev/controller-info":
                "pipelinesascode.tekton.dev/event-type": "pul	                "pipelinesascode.tekton.dev/event-type": "pul
                "pipelinesascode.tekton.dev/git-auth-secret": |	                "pipelinesascode.tekton.dev/git-auth-secret":
                "pipelinesascode.tekton.dev/git-provider": "g	                "pipelinesascode.tekton.dev/git-provider": "g
                "pipelinesascode.tekton.dev/installation-id":	                "pipelinesascode.tekton.dev/installation-id":
                "pipelinesascode.tekton.dev/log-url": "https: |	                "pipelinesascode.tekton.dev/log-url": "https:
                "pipelinesascode.tekton.dev/max-keep-runs": "	                "pipelinesascode.tekton.dev/max-keep-runs": "
                "pipelinesascode.tekton.dev/on-cel-expression	                "pipelinesascode.tekton.dev/on-cel-expression
                "pipelinesascode.tekton.dev/original-prname": |	                "pipelinesascode.tekton.dev/original-prname":
                "pipelinesascode.tekton.dev/pull-request": "1	                "pipelinesascode.tekton.dev/pull-request": "1
                "pipelinesascode.tekton.dev/repo-url": "https	                "pipelinesascode.tekton.dev/repo-url": "https
                "pipelinesascode.tekton.dev/repository": "mai	                "pipelinesascode.tekton.dev/repository": "mai
                "pipelinesascode.tekton.dev/sender": "msugako	                "pipelinesascode.tekton.dev/sender": "msugako
                "pipelinesascode.tekton.dev/sha": "659424aaf3	                "pipelinesascode.tekton.dev/sha": "659424aaf3
                "pipelinesascode.tekton.dev/sha-title": "Appl	                "pipelinesascode.tekton.dev/sha-title": "Appl
                "pipelinesascode.tekton.dev/sha-url": "https:	                "pipelinesascode.tekton.dev/sha-url": "https:
                "pipelinesascode.tekton.dev/source-branch": "	                "pipelinesascode.tekton.dev/source-branch": "
                "pipelinesascode.tekton.dev/source-repo-url":	                "pipelinesascode.tekton.dev/source-repo-url":
                "pipelinesascode.tekton.dev/state": "started"	                "pipelinesascode.tekton.dev/state": "started"
                "pipelinesascode.tekton.dev/url-org": "stackr	                "pipelinesascode.tekton.dev/url-org": "stackr
                "pipelinesascode.tekton.dev/url-repository": 	                "pipelinesascode.tekton.dev/url-repository": 
                "results.tekton.dev/recordSummaryAnnotations"	                "results.tekton.dev/recordSummaryAnnotations"
                "tekton.dev/pipelines.minVersion": "0.12.1",	                "tekton.dev/pipelines.minVersion": "0.12.1",
                "tekton.dev/tags": "konflux",			                "tekton.dev/tags": "konflux",
                "tekton.dev/taskrunSpanContext": "{\"tracepar |	                "tekton.dev/taskrunSpanContext": "{\"tracepar
                "test.appstudio.openshift.io/pr-group": "mish	                "test.appstudio.openshift.io/pr-group": "mish
              },						              },
              "labels": {					              "labels": {
                "app.kubernetes.io/managed-by": "pipelinesasc	                "app.kubernetes.io/managed-by": "pipelinesasc
                "app.kubernetes.io/version": "v0.28.0",		                "app.kubernetes.io/version": "v0.28.0",
                "appstudio.openshift.io/application": "acs",	                "appstudio.openshift.io/application": "acs",
                "appstudio.openshift.io/component": "collecto |	                "appstudio.openshift.io/component": "collecto
                "pipelines.appstudio.openshift.io/type": "bui	                "pipelines.appstudio.openshift.io/type": "bui
                "pipelinesascode.tekton.dev/check-run-id": "3 |	                "pipelinesascode.tekton.dev/check-run-id": "3
                "pipelinesascode.tekton.dev/event-type": "pul	                "pipelinesascode.tekton.dev/event-type": "pul
                "pipelinesascode.tekton.dev/original-prname": |	                "pipelinesascode.tekton.dev/original-prname":
                "pipelinesascode.tekton.dev/pull-request": "1	                "pipelinesascode.tekton.dev/pull-request": "1
                "pipelinesascode.tekton.dev/repository": "mai	                "pipelinesascode.tekton.dev/repository": "mai
                "pipelinesascode.tekton.dev/sha": "659424aaf3	                "pipelinesascode.tekton.dev/sha": "659424aaf3
                "pipelinesascode.tekton.dev/state": "started"	                "pipelinesascode.tekton.dev/state": "started"
                "pipelinesascode.tekton.dev/url-org": "stackr	                "pipelinesascode.tekton.dev/url-org": "stackr
                "pipelinesascode.tekton.dev/url-repository": 	                "pipelinesascode.tekton.dev/url-repository": 
                "tekton.dev/memberOf": "finally",		                "tekton.dev/memberOf": "finally",
                "tekton.dev/pipeline": "collector-full-retagg |	                "tekton.dev/pipeline": "collector-slim-retagg
                "tekton.dev/pipelineRun": "collector-full-ret |	                "tekton.dev/pipelineRun": "collector-slim-ret
                "tekton.dev/pipelineRunUID": "f9bf6752-458c-4 |	                "tekton.dev/pipelineRunUID": "04377ef5-3c9d-4
                "tekton.dev/pipelineTask": "show-sbom",		                "tekton.dev/pipelineTask": "show-sbom",
                "tekton.dev/task": "show-sbom",			                "tekton.dev/task": "show-sbom",
                "test.appstudio.openshift.io/pr-group-sha": "	                "test.appstudio.openshift.io/pr-group-sha": "
              }							              }
            },							            },
            "parameters": {					            "parameters": {
              "CA_TRUST_CONFIG_MAP_KEY": "ca-bundle.crt",	              "CA_TRUST_CONFIG_MAP_KEY": "ca-bundle.crt",
              "CA_TRUST_CONFIG_MAP_NAME": "trusted-ca",		              "CA_TRUST_CONFIG_MAP_NAME": "trusted-ca",
              "IMAGE_URL": "quay.io/rhacs-eng/collector:4.7.x |	              "IMAGE_URL": "quay.io/rhacs-eng/collector-slim:
              "PLATFORM": "linux/amd64"				              "PLATFORM": "linux/amd64"
            }							            }
          },							          },
          "name": "show-sbom",					          "name": "show-sbom",
          "ref": {						          "ref": {
            "params": [						            "params": [
              {							              {
                "name": "name",					                "name": "name",
                "value": "show-sbom"				                "value": "show-sbom"
              },						              },
              {							              {
                "name": "bundle",				                "name": "bundle",
                "value": "quay.io/konflux-ci/tekton-catalog/t	                "value": "quay.io/konflux-ci/tekton-catalog/t
              },						              },
              {							              {
                "name": "kind",					                "name": "kind",
                "value": "task"					                "value": "task"
              }							              }
            ],							            ],
            "resolver": "bundles"				            "resolver": "bundles"
          },							          },
          "serviceAccountName": "appstudio-pipeline",		          "serviceAccountName": "appstudio-pipeline",
          "startedOn": "2024-11-07T19:20:14Z",		      |	          "startedOn": "2024-11-07T19:20:27Z",
          "status": "Succeeded",				          "status": "Succeeded",
          "steps": [						          "steps": [
            {							            {
              "annotations": null,				              "annotations": null,
              "arguments": null,				              "arguments": null,
              "entryPoint": "#!/bin/bash\n\ndownload_sbom_wit	              "entryPoint": "#!/bin/bash\n\ndownload_sbom_wit
              "environment": {					              "environment": {
                "container": "show-sbom",			                "container": "show-sbom",
                "image": "oci://quay.io/konflux-ci/appstudio-	                "image": "oci://quay.io/konflux-ci/appstudio-
              }							              }
            }							            }
          ]							          ]
        }							        }
      ]								      ]
    },								    },
    "buildType": "tekton.dev/v1beta1/PipelineRun",		    "buildType": "tekton.dev/v1beta1/PipelineRun",
    "builder": {						    "builder": {
      "id": "https://tekton.dev/chains/v2"			      "id": "https://tekton.dev/chains/v2"
    },								    },
    "invocation": {						    "invocation": {
      "configSource": {},					      "configSource": {},
      "environment": {						      "environment": {
        "annotations": {					        "annotations": {
          "build.appstudio.openshift.io/repo": "https://githu	          "build.appstudio.openshift.io/repo": "https://githu
          "build.appstudio.redhat.com/commit_sha": "659424aaf	          "build.appstudio.redhat.com/commit_sha": "659424aaf
          "build.appstudio.redhat.com/pull_request_number": "	          "build.appstudio.redhat.com/pull_request_number": "
          "build.appstudio.redhat.com/target_branch": "master	          "build.appstudio.redhat.com/target_branch": "master
          "pipelinesascode.tekton.dev/branch": "master",	          "pipelinesascode.tekton.dev/branch": "master",
          "pipelinesascode.tekton.dev/check-run-id": "3267613 |	          "pipelinesascode.tekton.dev/check-run-id": "3267614
          "pipelinesascode.tekton.dev/controller-info": "{\"n	          "pipelinesascode.tekton.dev/controller-info": "{\"n
          "pipelinesascode.tekton.dev/event-type": "pull_requ	          "pipelinesascode.tekton.dev/event-type": "pull_requ
          "pipelinesascode.tekton.dev/git-auth-secret": "pac- |	          "pipelinesascode.tekton.dev/git-auth-secret": "pac-
          "pipelinesascode.tekton.dev/git-provider": "github"	          "pipelinesascode.tekton.dev/git-provider": "github"
          "pipelinesascode.tekton.dev/installation-id": "4151	          "pipelinesascode.tekton.dev/installation-id": "4151
          "pipelinesascode.tekton.dev/log-url": "https://cons |	          "pipelinesascode.tekton.dev/log-url": "https://cons
          "pipelinesascode.tekton.dev/max-keep-runs": "500",	          "pipelinesascode.tekton.dev/max-keep-runs": "500",
          "pipelinesascode.tekton.dev/on-cel-expression": "(e	          "pipelinesascode.tekton.dev/on-cel-expression": "(e
          "pipelinesascode.tekton.dev/original-prname": "coll |	          "pipelinesascode.tekton.dev/original-prname": "coll
          "pipelinesascode.tekton.dev/pull-request": "13079",	          "pipelinesascode.tekton.dev/pull-request": "13079",
          "pipelinesascode.tekton.dev/repo-url": "https://git	          "pipelinesascode.tekton.dev/repo-url": "https://git
          "pipelinesascode.tekton.dev/repository": "main",	          "pipelinesascode.tekton.dev/repository": "main",
          "pipelinesascode.tekton.dev/sender": "msugakov",	          "pipelinesascode.tekton.dev/sender": "msugakov",
          "pipelinesascode.tekton.dev/sha": "659424aaf3f7ef8d	          "pipelinesascode.tekton.dev/sha": "659424aaf3f7ef8d
          "pipelinesascode.tekton.dev/sha-title": "Apply comm	          "pipelinesascode.tekton.dev/sha-title": "Apply comm
          "pipelinesascode.tekton.dev/sha-url": "https://gith	          "pipelinesascode.tekton.dev/sha-url": "https://gith
          "pipelinesascode.tekton.dev/source-branch": "misha/	          "pipelinesascode.tekton.dev/source-branch": "misha/
          "pipelinesascode.tekton.dev/source-repo-url": "http	          "pipelinesascode.tekton.dev/source-repo-url": "http
          "pipelinesascode.tekton.dev/state": "completed",	          "pipelinesascode.tekton.dev/state": "completed",
          "pipelinesascode.tekton.dev/url-org": "stackrox",	          "pipelinesascode.tekton.dev/url-org": "stackrox",
          "pipelinesascode.tekton.dev/url-repository": "stack	          "pipelinesascode.tekton.dev/url-repository": "stack
          "results.tekton.dev/recordSummaryAnnotations": "{\"	          "results.tekton.dev/recordSummaryAnnotations": "{\"
          "test.appstudio.openshift.io/pr-group": "misha/ROX-	          "test.appstudio.openshift.io/pr-group": "misha/ROX-
        },							        },
        "labels": {						        "labels": {
          "app.kubernetes.io/managed-by": "pipelinesascode.te	          "app.kubernetes.io/managed-by": "pipelinesascode.te
          "app.kubernetes.io/version": "v0.28.0",		          "app.kubernetes.io/version": "v0.28.0",
          "appstudio.openshift.io/application": "acs",		          "appstudio.openshift.io/application": "acs",
          "appstudio.openshift.io/component": "collector-full |	          "appstudio.openshift.io/component": "collector-slim
          "pipelines.appstudio.openshift.io/type": "build",	          "pipelines.appstudio.openshift.io/type": "build",
          "pipelinesascode.tekton.dev/check-run-id": "3267613 |	          "pipelinesascode.tekton.dev/check-run-id": "3267614
          "pipelinesascode.tekton.dev/event-type": "pull_requ	          "pipelinesascode.tekton.dev/event-type": "pull_requ
          "pipelinesascode.tekton.dev/original-prname": "coll |	          "pipelinesascode.tekton.dev/original-prname": "coll
          "pipelinesascode.tekton.dev/pull-request": "13079",	          "pipelinesascode.tekton.dev/pull-request": "13079",
          "pipelinesascode.tekton.dev/repository": "main",	          "pipelinesascode.tekton.dev/repository": "main",
          "pipelinesascode.tekton.dev/sha": "659424aaf3f7ef8d	          "pipelinesascode.tekton.dev/sha": "659424aaf3f7ef8d
          "pipelinesascode.tekton.dev/state": "completed",	          "pipelinesascode.tekton.dev/state": "completed",
          "pipelinesascode.tekton.dev/url-org": "stackrox",	          "pipelinesascode.tekton.dev/url-org": "stackrox",
          "pipelinesascode.tekton.dev/url-repository": "stack	          "pipelinesascode.tekton.dev/url-repository": "stack
          "tekton.dev/pipeline": "collector-full-retagged-on- |	          "tekton.dev/pipeline": "collector-slim-retagged-on-
          "test.appstudio.openshift.io/pr-group-sha": "f2efe4	          "test.appstudio.openshift.io/pr-group-sha": "f2efe4
        }							        }
      },							      },
      "parameters": {						      "parameters": {
        "clone-depth": "0",					        "clone-depth": "0",
        "clone-fetch-tags": "true",				        "clone-fetch-tags": "true",
        "git-url": "https://github.com/stackrox/stackrox",	        "git-url": "https://github.com/stackrox/stackrox",
        "image-tag-suffix": "-fast",				        "image-tag-suffix": "-fast",
        "input-image-repo": "quay.io/rhacs-eng/collector",	        "input-image-repo": "quay.io/rhacs-eng/collector",
        "input-image-tag-makefile-target": "collector-tag",	        "input-image-tag-makefile-target": "collector-tag",
        "oci-artifact-expires-after": "1d",			        "oci-artifact-expires-after": "1d",
        "output-image-repo": "quay.io/rhacs-eng/collector",   |	        "output-image-repo": "quay.io/rhacs-eng/collector-sli
        "revision": "659424aaf3f7ef8d175bce05424aa5c9334fc763	        "revision": "659424aaf3f7ef8d175bce05424aa5c9334fc763
      }								      }
    },								    },
    "materials": [						    "materials": [
      {								      {
        "digest": {						        "digest": {
          "sha256": "4e53ebd9242f05ca55bfc8d58b3363d8b9d9bc3a	          "sha256": "4e53ebd9242f05ca55bfc8d58b3363d8b9d9bc3a
        },							        },
        "uri": "oci://quay.io/konflux-ci/git-clone"		        "uri": "oci://quay.io/konflux-ci/git-clone"
      },							      },
      {								      {
        "digest": {						        "digest": {
          "sha256": "c3d440309b1a24cdfa8a2c89b668ca56952185f5	          "sha256": "c3d440309b1a24cdfa8a2c89b668ca56952185f5
        },							        },
        "uri": "oci://quay.io/redhat-appstudio/build-trusted-	        "uri": "oci://quay.io/redhat-appstudio/build-trusted-
      },							      },
      {								      {
        "digest": {						        "digest": {
          "sha256": "0e897921ea083450e8db518888159fd926ff1042	          "sha256": "0e897921ea083450e8db518888159fd926ff1042
        },							        },
        "uri": "oci://quay.io/redhat-appstudio/build-trusted-	        "uri": "oci://quay.io/redhat-appstudio/build-trusted-
      },							      },
      {								      {
        "digest": {						        "digest": {
          "sha256": "8990388831e1b41c9a67389e4b691dae8b1283f7	          "sha256": "8990388831e1b41c9a67389e4b691dae8b1283f7
        },							        },
        "uri": "oci://registry.access.redhat.com/ubi8"		        "uri": "oci://registry.access.redhat.com/ubi8"
      },							      },
      {								      {
        "digest": {						        "digest": {
          "sha256": "8990388831e1b41c9a67389e4b691dae8b1283f7 <
        },						      <
        "uri": "oci://registry.access.redhat.com/ubi8/ubi"    <
      },						      <
      {							      <
        "digest": {					      <
          "sha256": "870d060d927cc07c57819d7e0cbf42bd8b6d5c90	          "sha256": "870d060d927cc07c57819d7e0cbf42bd8b6d5c90
        },							        },
        "uri": "oci://quay.io/konflux-ci/release-service-util	        "uri": "oci://quay.io/konflux-ci/release-service-util
      },							      },
      {								      {
        "digest": {						        "digest": {
          "sha256": "24179f0efd06c65d16868c2d7eb82573cce8e435	          "sha256": "24179f0efd06c65d16868c2d7eb82573cce8e435
        },							        },
        "uri": "oci://quay.io/konflux-ci/appstudio-utils"	        "uri": "oci://quay.io/konflux-ci/appstudio-utils"
      },							      },
      {								      {
        "digest": {						        "digest": {
          "sha1": "659424aaf3f7ef8d175bce05424aa5c9334fc763"	          "sha1": "659424aaf3f7ef8d175bce05424aa5c9334fc763"
        },							        },
        "uri": "git+https://github.com/stackrox/stackrox.git"	        "uri": "git+https://github.com/stackrox/stackrox.git"
      }								      }
    ],								    ],
    "metadata": {						    "metadata": {
      "buildFinishedOn": "2024-11-07T19:20:28Z",	      |	      "buildFinishedOn": "2024-11-07T19:20:39Z",
      "buildStartedOn": "2024-11-07T19:15:28Z",			      "buildStartedOn": "2024-11-07T19:15:28Z",
      "completeness": {						      "completeness": {
        "environment": false,					        "environment": false,
        "materials": false,					        "materials": false,
        "parameters": false					        "parameters": false
      },							      },
      "reproducible": false					      "reproducible": false
    }								    }
  }								  }
}								}

Repo name, image tag and dates differ. On the left, there's an extra mention of UBI. I can't spot anything abnormal.
Maybe it's fine?

Source image

It's just there because it does not need copying

$ skopeo inspect --retry-times=10 --format '{{.Digest}}' --no-tags "docker://quay.io/rhacs-eng/collector:$(make collector-tag)-fast" 
sha256:b4569f7dd50110d66fc66e5d19fbfbf65a783a1e94a4b01f3a22177419bb006

$ diff -ys <( cosign tree quay.io/rhacs-eng/collector:sha256-b4569f7dd50110d66fc66e5d19fbfbf65a783a1e94a4b01f3a22177419bb0060.src ) <( cosign tree quay.io/rhacs-eng/collector-slim:sha256-b4569f7dd50110d66fc66e5d19fbfbf65a783a1e94a4b01f3a22177419bb0060.src )
📦 Supply Chain Security Related artifacts for an image: quay |	📦 Supply Chain Security Related artifacts for an image: quay
└── 💾 Attestations for an image tag: quay.io/rhacs-eng/colle |	└── 💾 Attestations for an image tag: quay.io/rhacs-eng/colle
   └── 🍒 sha256:8fb46cff9621d3d04cf00571547c1baaff88ce061a2a	   └── 🍒 sha256:8fb46cff9621d3d04cf00571547c1baaff88ce061a2a
└── 🔐 Signatures for an image tag: quay.io/rhacs-eng/collect |	└── 🔐 Signatures for an image tag: quay.io/rhacs-eng/collect
   └── 🍒 sha256:22a2063040c51aafc6ea606f2252c738ab5800a53f57	   └── 🍒 sha256:22a2063040c51aafc6ea606f2252c738ab5800a53f57

I.e. the actual content is the same.

$ diff -ys <( oras discover quay.io/rhacs-eng/collector:sha256-b4569f7dd50110d66fc66e5d19fbfbf65a783a1e94a4b01f3a22177419bb0060.src ) <( oras discover quay.io/rhacs-eng/collector-slim:sha256-b4569f7dd50110d66fc66e5d19fbfbf65a783a1e94a4b01f3a22177419bb0060.src )
quay.io/rhacs-eng/collector@sha256:db09088e2bfd5e5006db57ec5b |	quay.io/rhacs-eng/collector-slim@sha256:db09088e2bfd5e5006db5

No content on both sides.

Oras for one of per-arch images

$ skopeo inspect --retry-times=10 --format '{{.Digest}}' --no-tags "docker://quay.io/rhacs-eng/collector:$(make collector-tag)-fast-ppc64le"
sha256:fba18acaf0f972ae343c9286b1750321cb5caa0d414608321291cf8beaf0974c

$ diff -ys <( oras discover quay.io/rhacs-eng/collector@sha256:fba18acaf0f972ae343c9286b1750321cb5caa0d414608321291cf8beaf0974c ) <( oras discover quay.io/rhacs-eng/collector-slim@sha256:fba18acaf0f972ae343c9286b1750321cb5caa0d414608321291cf8beaf0974c )
quay.io/rhacs-eng/collector@sha256:fba18acaf0f972ae343c9286b1 |	quay.io/rhacs-eng/collector-slim@sha256:fba18acaf0f972ae343c9
└── application/vnd.redhat.clair-report+json			└── application/vnd.redhat.clair-report+json
    └── sha256:858714790e9d5665d47b6099f13901185caf0e1b1f12d6	    └── sha256:858714790e9d5665d47b6099f13901185caf0e1b1f12d6

Content matches.

$ diff -ys <( cosign tree quay.io/rhacs-eng/collector@sha256:fba18acaf0f972ae343c9286b1750321cb5caa0d414608321291cf8beaf0974c ) <( cosign tree quay.io/rhacs-eng/collector-slim@sha256:fba18acaf0f972ae343c9286b1750321cb5caa0d414608321291cf8beaf0974c )
📦 Supply Chain Security Related artifacts for an image: quay |	📦 Supply Chain Security Related artifacts for an image: quay
└── 📦 SBOMs for an image tag: quay.io/rhacs-eng/collector:sh |	└── 📦 SBOMs for an image tag: quay.io/rhacs-eng/collector-sl
   └── 🍒 sha256:539f8de976a40c7b9a718e6d685ab3377737f12d8648	   └── 🍒 sha256:539f8de976a40c7b9a718e6d685ab3377737f12d8648
└── 💾 Attestations for an image tag: quay.io/rhacs-eng/colle |	└── 💾 Attestations for an image tag: quay.io/rhacs-eng/colle
   └── 🍒 sha256:8fb46cff9621d3d04cf00571547c1baaff88ce061a2a	   └── 🍒 sha256:8fb46cff9621d3d04cf00571547c1baaff88ce061a2a
└── 🔐 Signatures for an image tag: quay.io/rhacs-eng/collect |	└── 🔐 Signatures for an image tag: quay.io/rhacs-eng/collect
   ├── 🍒 sha256:aa665f72cd47e712b0d078851d9b5bea8cc154ed9da9	   ├── 🍒 sha256:aa665f72cd47e712b0d078851d9b5bea8cc154ed9da9
   ├── 🍒 sha256:aa665f72cd47e712b0d078851d9b5bea8cc154ed9da9	   ├── 🍒 sha256:aa665f72cd47e712b0d078851d9b5bea8cc154ed9da9
   ├── 🍒 sha256:aa665f72cd47e712b0d078851d9b5bea8cc154ed9da9	   ├── 🍒 sha256:aa665f72cd47e712b0d078851d9b5bea8cc154ed9da9
   └── 🍒 sha256:aa665f72cd47e712b0d078851d9b5bea8cc154ed9da9	   └── 🍒 sha256:aa665f72cd47e712b0d078851d9b5bea8cc154ed9da9

Here too.

@msugakov
Copy link
Contributor Author

msugakov commented Nov 8, 2024

I have access to EC at the moment and it does not look great, but I'm going to merge it and follow-up in the task because this PR has been open for too long and at this point builds complete fine.

@msugakov msugakov changed the title ROX-24468: Retag ScannerV2 and Collector containers (take 3) ROX-24468: Retag ScannerV2 and Collector containers Nov 8, 2024
@msugakov msugakov merged commit 38516fa into master Nov 8, 2024
@msugakov msugakov deleted the misha/ROX-24468-konflux-retag-take-three branch November 8, 2024 11:02
@tommartensen
Copy link
Contributor

tommartensen commented Nov 8, 2024

I have access to EC at the moment and it does not look great, but I'm going to merge it and follow-up in the task because this PR has been open for too long and at this point builds complete fine.

We can try to get help from #konflux-users for these open issues.

aaa5kameric pushed a commit that referenced this pull request Nov 14, 2024
@msugakov @aaa5kameric
ROX-24468: Retag ScannerV2 and Collector containers (#13079)
593ba7d
@msugakov msugakov mentioned this pull request Nov 14, 2024
Merged
4 tasks
ajheflin pushed a commit that referenced this pull request Jun 24, 2025
@msugakov @ajheflin
ROX-24468: Retag ScannerV2 and Collector containers (#13079)
574b6f1
@ajheflin ajheflin mentioned this pull request Jun 24, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tommartensen tommartensen tommartensen approved these changes

Assignees

No one assigned

Labels

backport-for-4.6-konflux-release https://redhat-internal.slack.com/archives/C05TS9N0S7L/p1730134914487439

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@msugakov @rhacs-bot @tommartensen