From 14310ccb901b3f1eb8a79ed8d3568a1096297213 Mon Sep 17 00:00:00 2001
From: ccronca <ccota@redhat.com>
Date: Wed, 14 Aug 2024 14:48:22 +0200
Subject: [PATCH 1/2] fix(KONFLUX-3663): format Tekton PipelineRun files

Format PipelineRun files with yq for consistent indentation and format

Signed-off-by: ccronca <ccota@redhat.com>
---
 .tekton/rh-syft-pull-request.yaml | 12 ++++--------
 .tekton/rh-syft-push.yaml         | 12 ++++--------
 2 files changed, 8 insertions(+), 16 deletions(-)

diff --git a/.tekton/rh-syft-pull-request.yaml b/.tekton/rh-syft-pull-request.yaml
index 87c67abe1..6b7a83222 100644
--- a/.tekton/rh-syft-pull-request.yaml
+++ b/.tekton/rh-syft-pull-request.yaml
@@ -7,8 +7,7 @@ metadata:
     build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
-    pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
-      == "redhat-latest"
+    pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch == "redhat-latest"
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: rh-syft
@@ -87,13 +86,11 @@ spec:
       name: output-image
       type: string
     - default: .
-      description: Path to the source code of an application's component from where
-        to build image.
+      description: Path to the source code of an application's component from where to build image.
       name: path-context
       type: string
     - default: Dockerfile
-      description: Path to the Dockerfile inside the context specified by parameter
-        path-context
+      description: Path to the Dockerfile inside the context specified by parameter path-context
       name: dockerfile
       type: string
     - default: "false"
@@ -117,8 +114,7 @@ spec:
       name: java
       type: string
     - default: ""
-      description: Image tag expiration time, time values could be something like
-        1h, 2d, 3w for hours, days, and weeks, respectively.
+      description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
       name: image-expires-after
     - default: "false"
       description: Build a source image.
diff --git a/.tekton/rh-syft-push.yaml b/.tekton/rh-syft-push.yaml
index d091f75cd..127eb13cb 100644
--- a/.tekton/rh-syft-push.yaml
+++ b/.tekton/rh-syft-push.yaml
@@ -6,8 +6,7 @@ metadata:
     build.appstudio.redhat.com/commit_sha: '{{revision}}'
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
     pipelinesascode.tekton.dev/max-keep-runs: "3"
-    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
-      == "redhat-latest"
+    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "redhat-latest"
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: rh-syft
@@ -84,13 +83,11 @@ spec:
       name: output-image
       type: string
     - default: .
-      description: Path to the source code of an application's component from where
-        to build image.
+      description: Path to the source code of an application's component from where to build image.
       name: path-context
       type: string
     - default: Dockerfile
-      description: Path to the Dockerfile inside the context specified by parameter
-        path-context
+      description: Path to the Dockerfile inside the context specified by parameter path-context
       name: dockerfile
       type: string
     - default: "false"
@@ -114,8 +111,7 @@ spec:
       name: java
       type: string
     - default: ""
-      description: Image tag expiration time, time values could be something like
-        1h, 2d, 3w for hours, days, and weeks, respectively.
+      description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
       name: image-expires-after
     - default: "false"
       description: Build a source image.

From 62314990e3ddf30caf5c8d69c3ce7c3386c60f5d Mon Sep 17 00:00:00 2001
From: ccronca <ccota@redhat.com>
Date: Wed, 14 Aug 2024 14:48:22 +0200
Subject: [PATCH 2/2] fix(KONFLUX-3663): upload SAST results to quay.io

Configure the SAST task to upload SARIF results to quay.io for
long-term storage

Signed-off-by: ccronca <ccota@redhat.com>
---
 .tekton/rh-syft-pull-request.yaml | 6 +++++-
 .tekton/rh-syft-push.yaml         | 6 +++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/.tekton/rh-syft-pull-request.yaml b/.tekton/rh-syft-pull-request.yaml
index 6b7a83222..6880a1183 100644
--- a/.tekton/rh-syft-pull-request.yaml
+++ b/.tekton/rh-syft-pull-request.yaml
@@ -325,10 +325,14 @@ spec:
         - "false"
     - name: sast-snyk-check
       runAfter:
-      - clone-repository
+      - build-container
       params:
       - name: ARGS
         value: --report --project-name=redhat-appstudio/rh-syft
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
       taskRef:
         params:
         - name: name
diff --git a/.tekton/rh-syft-push.yaml b/.tekton/rh-syft-push.yaml
index 127eb13cb..3f1a44276 100644
--- a/.tekton/rh-syft-push.yaml
+++ b/.tekton/rh-syft-push.yaml
@@ -322,10 +322,14 @@ spec:
         - "false"
     - name: sast-snyk-check
       runAfter:
-      - clone-repository
+      - build-container
       params:
       - name: ARGS
         value: --report --project-name=redhat-appstudio/rh-syft
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
       taskRef:
         params:
         - name: name