From 1093fd592a97b24c42af7477d76cebbbbb4412d5 Mon Sep 17 00:00:00 2001
From: Lucas Garfield <lucas@redhat.com>
Date: Mon, 4 Nov 2024 11:29:28 -0600
Subject: [PATCH] Konflux: Add rpms-signature-scan task (HMS-4948)

Resolves HMS-4948. This task is mandatory as of November 1, 2024.
---
 .../image-builder-frontend-pull-request.yaml    | 17 +++++++++++++++++
 .tekton/image-builder-frontend-push.yaml        | 17 +++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/.tekton/image-builder-frontend-pull-request.yaml b/.tekton/image-builder-frontend-pull-request.yaml
index 09dedb13..86f6662c 100644
--- a/.tekton/image-builder-frontend-pull-request.yaml
+++ b/.tekton/image-builder-frontend-pull-request.yaml
@@ -384,6 +384,23 @@ spec:
       workspaces:
       - name: source
         workspace: workspace
+    - name: rpms-signature-scan
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
+      runAfter:
+      - build-container
+      taskRef:
+        params:
+        - name: name
+          value: rpms-signature-scan
+        - name: bundle
+          value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8
+        - name: kind
+          value: task
+        resolver: bundles
     - name: build-image-index
       params:
       - name: IMAGE
diff --git a/.tekton/image-builder-frontend-push.yaml b/.tekton/image-builder-frontend-push.yaml
index 3c92115e..3a51458b 100644
--- a/.tekton/image-builder-frontend-push.yaml
+++ b/.tekton/image-builder-frontend-push.yaml
@@ -381,6 +381,23 @@ spec:
       workspaces:
       - name: source
         workspace: workspace
+    - name: rpms-signature-scan
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
+      runAfter:
+      - build-container
+      taskRef:
+        params:
+        - name: name
+          value: rpms-signature-scan
+        - name: bundle
+          value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8
+        - name: kind
+          value: task
+        resolver: bundles
     - name: build-image-index
       params:
       - name: IMAGE