From 10633ef6d84be3a4c4c14f993f330451b3dcccb2 Mon Sep 17 00:00:00 2001
From: Daniel Rodowicz <drodowic@redhat.com>
Date: Fri, 15 Nov 2024 15:57:24 -0500
Subject: [PATCH] konflux: add rpms-signature-scan (#2359)

---
 ...ion-hub-galaxy-ng-master-pull-request.yaml | 22 +++++++++++++++++++
 .../automation-hub-galaxy-ng-master-push.yaml | 22 +++++++++++++++++++
 2 files changed, 44 insertions(+)

diff --git a/.tekton/automation-hub-galaxy-ng-master-pull-request.yaml b/.tekton/automation-hub-galaxy-ng-master-pull-request.yaml
index 6b8f1a7080..6868f7c83d 100644
--- a/.tekton/automation-hub-galaxy-ng-master-pull-request.yaml
+++ b/.tekton/automation-hub-galaxy-ng-master-pull-request.yaml
@@ -455,6 +455,28 @@ spec:
       workspaces:
       - name: workspace
         workspace: workspace
+    - name: rpms-signature-scan
+      params:
+      - name: image-url
+        value: $(tasks.build-image-index.results.IMAGE_URL)
+      - name: image-digest
+        value: $(tasks.build-image-index.results.IMAGE_DIGEST)
+      runAfter:
+      - build-image-index
+      taskRef:
+        params:
+        - name: name
+          value: rpms-signature-scan
+        - name: bundle
+          value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:0c9667fba291af05997397a32e5e938ccaa46e93a2e14bad228e64a6427c5545
+        - name: kind
+          value: task
+        resolver: bundles
+      when:
+      - input: $(params.skip-checks)
+        operator: in
+        values:
+        - "false"
     workspaces:
     - name: workspace
     - name: git-auth
diff --git a/.tekton/automation-hub-galaxy-ng-master-push.yaml b/.tekton/automation-hub-galaxy-ng-master-push.yaml
index 6748bc92a0..3e69739f56 100644
--- a/.tekton/automation-hub-galaxy-ng-master-push.yaml
+++ b/.tekton/automation-hub-galaxy-ng-master-push.yaml
@@ -452,6 +452,28 @@ spec:
       workspaces:
       - name: workspace
         workspace: workspace
+    - name: rpms-signature-scan
+      params:
+      - name: image-url
+        value: $(tasks.build-image-index.results.IMAGE_URL)
+      - name: image-digest
+        value: $(tasks.build-image-index.results.IMAGE_DIGEST)
+      runAfter:
+      - build-image-index
+      taskRef:
+        params:
+        - name: name
+          value: rpms-signature-scan
+        - name: bundle
+          value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:0c9667fba291af05997397a32e5e938ccaa46e93a2e14bad228e64a6427c5545
+        - name: kind
+          value: task
+        resolver: bundles
+      when:
+      - input: $(params.skip-checks)
+        operator: in
+        values:
+        - "false"
     workspaces:
     - name: workspace
     - name: git-auth