.tekton: add specific renovate pipelines

We have to add specific pipelines for Renovate when it pushes directly
to branch without creating a PR i.e when automergeType="branch" is set.
In thoses pipelines:
- we trigger them only on push and when the branch begins with
  "renovate/"
- we label the generated snapshot to not release them [1]
- we set an expiration date for the generated images

[1] konflux-ci/integration-service#1192

Author: jcapiitao

.tekton/coreos-assembler-renovate-push.yaml

@@ -0,0 +1,64 @@
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  annotations:
+    build.appstudio.openshift.io/repo: https://github.com/coreos/coreos-assembler?rev={{revision}}
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    pipelinesascode.tekton.dev/cancel-in-progress: "false"
+    pipelinesascode.tekton.dev/max-keep-runs: "3"
+    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
+      == "main" && ! "./tests/containers/***".pathChanged() && target_branch.startsWith("renovate/")
+  creationTimestamp: null
+  labels:
+    appstudio.openshift.io/application: coreos-assembler
+    appstudio.openshift.io/component: coreos-assembler
+    pipelines.appstudio.openshift.io/type: build
+    release.appstudio.openshift.io/auto-release: "false"
+  name: coreos-assembler-renovate-on-push
+  namespace: coreos-tenant
+spec:
+  params:
+  - name: git-url
+    value: '{{source_url}}'
+  - name: revision
+    value: '{{revision}}'
+  - name: output-image
+    value: quay.io/redhat-user-workloads/coreos-tenant/coreos-assembler:{{revision}}
+  - name: image-expires-after
+    value: 5d
+  - name: build-platforms
+    value:
+    - linux/x86_64
+  - name: dockerfile
+    value: Dockerfile
+  - name: path-context
+    value: .
+  - name: skip-checks
+    value: true
+  - name: hermetic
+    value: false
+  #- name: prefetch-input
+  #  value: '[{"type": "rpm", "path": "ci/hermetic"}, {"path": "ci/hermetic", "type": "generic"}]'
+  # Note: to be removed once rpm fully supported
+  # https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers
+  #- name: dev-package-managers
+  #  value: true
+  #- name: build-args
+  #  value: ["NO_NETWORK=1"]
+  pipelineRef:
+    params:
+    - name: bundle
+      value: quay.io/jcapitao/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta@sha256:a3993688715cba973af5e7fba95bc91f92673e8491f2524853736161974334fb
+    - name: name
+      value: docker-build-multi-platform-oci-ta
+    - name: kind
+      value: pipeline
+    resolver: bundles
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-coreos-assembler
+  workspaces:
+  - name: git-auth
+    secret:
+      secretName: '{{ git_auth_secret }}'
+status: {}

.tekton/kola-nfs-renovate-push.yaml

@@ -0,0 +1,66 @@
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  annotations:
+    build.appstudio.openshift.io/repo: https://github.com/coreos/coreos-assembler?rev={{revision}}
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    pipelinesascode.tekton.dev/cancel-in-progress: "false"
+    pipelinesascode.tekton.dev/max-keep-runs: "3"
+    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
+      == "main" &&
+      ("tests/containers/nfs/***".pathChanged() ||
+       "rpms.lock.yaml".pathChanged() ||
+       "ci/hermetic/artifacts.lock.yaml".pathChanged()
+      ) && target_branch.startsWith("renovate/")
+  creationTimestamp: null
+  labels:
+    appstudio.openshift.io/application: coreos-assembler
+    appstudio.openshift.io/component: kola-nfs
+    pipelines.appstudio.openshift.io/type: build
+    release.appstudio.openshift.io/auto-release: "false"
+  name: kola-nfs-renovate-on-push
+  namespace: coreos-tenant
+spec:
+  params:
+  - name: git-url
+    value: '{{source_url}}'
+  - name: revision
+    value: '{{revision}}'
+  - name: output-image
+    value: quay.io/redhat-user-workloads/coreos-tenant/kola-nfs:{{revision}}
+  - name: image-expires-after
+    value: 5d
+  - name: build-platforms
+    value:
+    - linux/x86_64
+  - name: dockerfile
+    value: Containerfile
+  - name: path-context
+    value: tests/containers/nfs
+  - name: skip-checks
+    value: true
+  - name: hermetic
+    value: false
+  #- name: prefetch-input
+  #  value: '[{"type": "rpm", "path": "ci/hermetic"}]'
+  # Note: to be removed once rpm fully supported
+  # https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers
+  - name: dev-package-managers
+    value: true
+  pipelineRef:
+    params:
+    - name: bundle
+      value: quay.io/jcapitao/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta@sha256:a3993688715cba973af5e7fba95bc91f92673e8491f2524853736161974334fb
+    - name: name
+      value: docker-build-multi-platform-oci-ta
+    - name: kind
+      value: pipeline
+    resolver: bundles
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-kola-nfs
+  workspaces:
+  - name: git-auth
+    secret:
+      secretName: '{{ git_auth_secret }}'
+status: {}

.tekton/kola-tang-renovate-push.yaml

@@ -0,0 +1,66 @@
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  annotations:
+    build.appstudio.openshift.io/repo: https://github.com/coreos/coreos-assembler?rev={{revision}}
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    pipelinesascode.tekton.dev/cancel-in-progress: "false"
+    pipelinesascode.tekton.dev/max-keep-runs: "3"
+    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
+      == "main" &&
+      ("tests/containers/tang/***".pathChanged() ||
+       "rpms.lock.yaml".pathChanged() ||
+       "ci/hermetic/artifacts.lock.yaml".pathChanged()
+      ) && target_branch.startsWith("renovate/")
+  creationTimestamp: null
+  labels:
+    appstudio.openshift.io/application: coreos-assembler
+    appstudio.openshift.io/component: kola-tang
+    pipelines.appstudio.openshift.io/type: build
+    release.appstudio.openshift.io/auto-release: "false"
+  name: kola-tang-renovate-on-push
+  namespace: coreos-tenant
+spec:
+  params:
+  - name: git-url
+    value: '{{source_url}}'
+  - name: revision
+    value: '{{revision}}'
+  - name: output-image
+    value: quay.io/redhat-user-workloads/coreos-tenant/kola-tang:{{revision}}
+  - name: image-expires-after
+    value: 5d
+  - name: build-platforms
+    value:
+    - linux/x86_64
+  - name: dockerfile
+    value: ./tests/containers/tang/Containerfile
+  - name: path-context
+    value: .
+  - name: skip-checks
+    value: true
+  - name: hermetic
+    value: false
+  #- name: prefetch-input
+  #  value: '[{"type": "rpm", "path": "ci/hermetic"}]'
+  # Note: to be removed once rpm fully supported
+  # https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers
+  - name: dev-package-managers
+    value: true
+  pipelineRef:
+    params:
+    - name: bundle
+      value: quay.io/jcapitao/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta@sha256:a3993688715cba973af5e7fba95bc91f92673e8491f2524853736161974334fb
+    - name: name
+      value: docker-build-multi-platform-oci-ta
+    - name: kind
+      value: pipeline
+    resolver: bundles
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-kola-tang
+  workspaces:
+  - name: git-auth
+    secret:
+      secretName: '{{ git_auth_secret }}'
+status: {}

.tekton/kola-targetcli-renovate-push.yaml

@@ -0,0 +1,66 @@
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  annotations:
+    build.appstudio.openshift.io/repo: https://github.com/coreos/coreos-assembler?rev={{revision}}
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    pipelinesascode.tekton.dev/cancel-in-progress: "false"
+    pipelinesascode.tekton.dev/max-keep-runs: "3"
+    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
+      == "main" &&
+      ("tests/containers/targetcli/***".pathChanged() ||
+       "rpms.lock.yaml".pathChanged() ||
+       "ci/hermetic/artifacts.lock.yaml".pathChanged()
+      ) && target_branch.startsWith("renovate/")
+  creationTimestamp: null
+  labels:
+    appstudio.openshift.io/application: coreos-assembler
+    appstudio.openshift.io/component: kola-targetcli
+    pipelines.appstudio.openshift.io/type: build
+    release.appstudio.openshift.io/auto-release: "false"
+  name: kola-targetcli-renovate-on-push
+  namespace: coreos-tenant
+spec:
+  params:
+  - name: git-url
+    value: '{{source_url}}'
+  - name: revision
+    value: '{{revision}}'
+  - name: output-image
+    value: quay.io/redhat-user-workloads/coreos-tenant/kola-targetcli:{{revision}}
+  - name: image-expires-after
+    value: 5d
+  - name: build-platforms
+    value:
+    - linux/x86_64
+  - name: dockerfile
+    value: ./tests/containers/targetcli/Containerfile
+  - name: path-context
+    value: .
+  - name: skip-checks
+    value: true
+  - name: hermetic
+    value: false
+  #- name: prefetch-input
+  #  value: '[{"type": "rpm", "path": "ci/hermetic"}]'
+  # Note: to be removed once rpm fully supported
+  # https://github.com/hermetoproject/hermeto?tab=readme-ov-file#package-managers
+  - name: dev-package-managers
+    value: true
+  pipelineRef:
+    params:
+    - name: bundle
+      value: quay.io/jcapitao/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta@sha256:a3993688715cba973af5e7fba95bc91f92673e8491f2524853736161974334fb
+    - name: name
+      value: docker-build-multi-platform-oci-ta
+    - name: kind
+      value: pipeline
+    resolver: bundles
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-kola-targetcli
+  workspaces:
+  - name: git-auth
+    secret:
+      secretName: '{{ git_auth_secret }}'
+status: {}