From f4d51bdeff942c41b01823ad5174cb5604afad49 Mon Sep 17 00:00:00 2001
From: Rakshitha-Kamath <Rakshitha.Kamath@ibm.com>
Date: Thu, 16 Oct 2025 12:52:17 +0530
Subject: [PATCH] This PR contains the following changes

[1] Update konflux references and hermetic build
[2] Seperate Dockerfile for IBM SPS build

Signed-off-by: Rakshitha-Kamath <Rakshitha.Kamath@ibm.com>
---
 .gitmodules                            |  2 +-
 .tekton/promtail-6-1-pull-request.yaml | 18 +++++++--------
 .tekton/promtail-6-1-push.yaml         | 18 +++++++--------
 Dockerfile                             | 31 ++++++++++----------------
 Dockerfile_IBM                         | 29 ++++++++++++++++++++++++
 loki                                   |  2 +-
 6 files changed, 61 insertions(+), 39 deletions(-)
 create mode 100644 Dockerfile_IBM

diff --git a/.gitmodules b/.gitmodules
index 2e53915..d9fc65b 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,4 +1,4 @@
 [submodule "loki"]
 	path = loki
 	url = https://github.com/ibmstorage/loki.git
-	branch = release-8.1
+	branch = release-6.1
diff --git a/.tekton/promtail-6-1-pull-request.yaml b/.tekton/promtail-6-1-pull-request.yaml
index 72f3706..7c08ea3 100644
--- a/.tekton/promtail-6-1-pull-request.yaml
+++ b/.tekton/promtail-6-1-pull-request.yaml
@@ -82,7 +82,7 @@ spec:
       description: Skip checks against built image
       name: skip-checks
       type: string
-    - default: "false"
+    - default: "true"
       description: Execute the build with network isolation
       name: hermetic
       type: string
@@ -94,7 +94,7 @@ spec:
       description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
       name: image-expires-after
       type: string
-    - default: "false"
+    - default: "true"
       description: Build a source image.
       name: build-source-image
       type: string
@@ -171,7 +171,7 @@ spec:
         - name: name
           value: git-clone-oci-ta
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3a920a83fc0135aaae2730fe9d446eb2da2ffc9d63a34bceea04afd24653bdee
+          value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0d80f66610efd1f957700f61dcd5080689321b10ad544e136d58fc4673290d1b
         - name: kind
           value: task
         resolver: bundles
@@ -200,7 +200,7 @@ spec:
         - name: name
           value: prefetch-dependencies-oci-ta
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:970285e3b0495961199523b566e0dd92ec2e29bedbcf61d8fc67106b06d0f923
+          value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:dc82a7270aace9b1c26f7e96f8ccab2752e53d32980c41a45e1733baad76cde6
         - name: kind
           value: task
         resolver: bundles
@@ -252,7 +252,7 @@ spec:
         - name: name
           value: buildah-remote-oci-ta
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.6@sha256:ac05dabe8b6b446f974cf2b6ef1079cfaa9443d7078c2ebe3ec79aa650e1b5b2
+          value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:5e59c05455619580f4383010726f7db8440ecf6959882e9053ac697dd6d277fd
         - name: kind
           value: task
         resolver: bundles
@@ -309,7 +309,7 @@ spec:
         - name: name
           value: source-build-oci-ta
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:2a290f91fdccf4c9ef726a1605163bc14904e1dbf9837ac6d2621caddd10f98e
+          value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:36d44f2924f60da00a079a9ab7ce25ad8b2ad593c16d90509203c125ff0ccd46
         - name: kind
           value: task
         resolver: bundles
@@ -382,7 +382,7 @@ spec:
         - name: name
           value: ecosystem-cert-preflight-checks
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9568c51a5158d534248908b9b561cf67d2826ed4ea164ffd95628bb42380e6ec
+          value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dae8e28761cee4ab0baf04ab9f8f1a4b3cee3c7decf461fda2bacc5c01652a60
         - name: kind
           value: task
         resolver: bundles
@@ -608,7 +608,7 @@ spec:
         - name: name
           value: push-dockerfile-oci-ta
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:14fba04580b236e4206a904b86ee2fd8eeaa4163f7619a9c2602d361e4f74c51
+          value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:2bc5b3afc5de56da0f06eac60b65e86f6b861b16a63f48579fc0bac7d657e14c
         - name: kind
           value: task
         resolver: bundles
@@ -625,7 +625,7 @@ spec:
         - name: name
           value: rpms-signature-scan
         - name: bundle
-          value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:7d1c087d7d33dd97effb3b4c9f3788e4c3138da2032040d69da6929e9a3aaceb
+          value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120
         - name: kind
           value: task
         resolver: bundles
diff --git a/.tekton/promtail-6-1-push.yaml b/.tekton/promtail-6-1-push.yaml
index 89fbeb5..8154377 100644
--- a/.tekton/promtail-6-1-push.yaml
+++ b/.tekton/promtail-6-1-push.yaml
@@ -79,7 +79,7 @@ spec:
       description: Skip checks against built image
       name: skip-checks
       type: string
-    - default: "false"
+    - default: "true"
       description: Execute the build with network isolation
       name: hermetic
       type: string
@@ -91,7 +91,7 @@ spec:
       description: Image tag expiration time, time values could be something like 1h, 2d, 3w for hours, days, and weeks, respectively.
       name: image-expires-after
       type: string
-    - default: "false"
+    - default: "true"
       description: Build a source image.
       name: build-source-image
       type: string
@@ -168,7 +168,7 @@ spec:
         - name: name
           value: git-clone-oci-ta
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:3a920a83fc0135aaae2730fe9d446eb2da2ffc9d63a34bceea04afd24653bdee
+          value: quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta:0.1@sha256:0d80f66610efd1f957700f61dcd5080689321b10ad544e136d58fc4673290d1b
         - name: kind
           value: task
         resolver: bundles
@@ -197,7 +197,7 @@ spec:
         - name: name
           value: prefetch-dependencies-oci-ta
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:970285e3b0495961199523b566e0dd92ec2e29bedbcf61d8fc67106b06d0f923
+          value: quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta:0.2@sha256:dc82a7270aace9b1c26f7e96f8ccab2752e53d32980c41a45e1733baad76cde6
         - name: kind
           value: task
         resolver: bundles
@@ -249,7 +249,7 @@ spec:
         - name: name
           value: buildah-remote-oci-ta
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.6@sha256:ac05dabe8b6b446f974cf2b6ef1079cfaa9443d7078c2ebe3ec79aa650e1b5b2
+          value: quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta:0.5@sha256:5e59c05455619580f4383010726f7db8440ecf6959882e9053ac697dd6d277fd
         - name: kind
           value: task
         resolver: bundles
@@ -306,7 +306,7 @@ spec:
         - name: name
           value: source-build-oci-ta
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:2a290f91fdccf4c9ef726a1605163bc14904e1dbf9837ac6d2621caddd10f98e
+          value: quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta:0.3@sha256:36d44f2924f60da00a079a9ab7ce25ad8b2ad593c16d90509203c125ff0ccd46
         - name: kind
           value: task
         resolver: bundles
@@ -379,7 +379,7 @@ spec:
         - name: name
           value: ecosystem-cert-preflight-checks
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:9568c51a5158d534248908b9b561cf67d2826ed4ea164ffd95628bb42380e6ec
+          value: quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks:0.2@sha256:dae8e28761cee4ab0baf04ab9f8f1a4b3cee3c7decf461fda2bacc5c01652a60
         - name: kind
           value: task
         resolver: bundles
@@ -604,7 +604,7 @@ spec:
         - name: name
           value: push-dockerfile-oci-ta
         - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:14fba04580b236e4206a904b86ee2fd8eeaa4163f7619a9c2602d361e4f74c51
+          value: quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta:0.1@sha256:2bc5b3afc5de56da0f06eac60b65e86f6b861b16a63f48579fc0bac7d657e14c
         - name: kind
           value: task
         resolver: bundles
@@ -621,7 +621,7 @@ spec:
         - name: name
           value: rpms-signature-scan
         - name: bundle
-          value: quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2@sha256:7d1c087d7d33dd97effb3b4c9f3788e4c3138da2032040d69da6929e9a3aaceb
+          value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:1b6c20ab3dbfb0972803d3ebcb2fa72642e59400c77bd66dfd82028bdd09e120
         - name: kind
           value: task
         resolver: bundles
diff --git a/Dockerfile b/Dockerfile
index 7c882ca..7c38e59 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,31 +1,24 @@
-ARG REMOTE_SOURCE=loki
-ARG REMOTE_SOURCE_DIR=/go/app
-
-FROM --platform=$BUILDPLATFORM quay.io/projectquay/golang:1.24 AS builder
-
-# Build Arguments
-ARG REMOTE_SOURCE
-ARG REMOTE_SOURCE_DIR
-
-COPY $REMOTE_SOURCE $REMOTE_SOURCE_DIR
-WORKDIR $REMOTE_SOURCE_DIR
+FROM brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_9_golang_1.24 AS builder
+COPY loki loki
+WORKDIR loki
 RUN make clean && make BUILD_IN_CONTAINER=false promtail
 
 
-FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi9-minimal:latest
-
-# Build Arguments
-ARG REMOTE_SOURCE
-ARG REMOTE_SOURCE_DIR
-
+FROM registry.redhat.io/ubi9-minimal:latest
+# Standard Red Hat labels
 LABEL com.redhat.component="promtail-container"
 LABEL name="promtail"
 LABEL version="v2.4.0"
 LABEL summary="Provides promtail container"
 LABEL io.k8s.display-name="Promtail container"
+LABEL io.k8s.description="promtail-container"
+LABEL io.openshift.tags="rhceph ceph dashboard loki"
 LABEL maintainer="Guillaume Abrioux <gabrioux@redhat.com>"
 LABEL description="Responsible for gathering logs and sending them to Loki"
-COPY --from=builder $REMOTE_SOURCE_DIR/clients/cmd/promtail/promtail /usr/bin/promtail
-COPY --from=builder $REMOTE_SOURCE_DIR/clients/cmd/promtail/promtail-docker-config.yaml /etc/promtail/config.yml
+LABEL cpe=cpe:/a:redhat:ceph_storage:9::el9
+LABEL org.opencontainers.image.created="${BUILD_DATE}"
+
+COPY --from=builder /loki/clients/cmd/promtail/promtail /usr/bin/promtail
+COPY --from=builder /loki/clients/cmd/promtail/promtail-docker-config.yaml /etc/promtail/config.yml
 ENTRYPOINT ["/usr/bin/promtail"]
 CMD ["-config.file=/etc/promtail/config.yml"]
diff --git a/Dockerfile_IBM b/Dockerfile_IBM
new file mode 100644
index 0000000..afa463b
--- /dev/null
+++ b/Dockerfile_IBM
@@ -0,0 +1,29 @@
+# Build stage 1
+ARG BASE_IMAGE=registry.redhat.io/ubi9/go-toolset:latest
+
+FROM ${BASE_IMAGE} AS builder
+USER root
+ARG REMOTE_SOURCE_DIR
+COPY loki $REMOTE_SOURCE_DIR/loki
+WORKDIR $REMOTE_SOURCE_DIR/loki
+RUN make clean && make BUILD_IN_CONTAINER=false promtail
+
+FROM registry.redhat.io/ubi9-minimal:latest
+ARG REMOTE_SOURCE_DIR
+# Standard Red Hat labels
+LABEL com.redhat.component="promtail-container"
+LABEL name="promtail"
+LABEL version="v2.4.0"
+LABEL summary="Provides promtail container"
+LABEL io.k8s.display-name="Promtail container"
+LABEL io.k8s.description="promtail-container"
+LABEL io.openshift.tags="rhceph ceph dashboard loki"
+LABEL maintainer="Guillaume Abrioux <gabrioux@redhat.com>"
+LABEL description="Responsible for gathering logs and sending them to Loki"
+LABEL cpe=cpe:/a:redhat:ceph_storage:9::el9
+LABEL org.opencontainers.image.created="${BUILD_DATE}"
+
+COPY --from=builder $REMOTE_SOURCE_DIR/loki/clients/cmd/promtail/promtail /usr/bin/promtail
+COPY --from=builder $REMOTE_SOURCE_DIR/loki/clients/cmd/promtail/promtail-docker-config.yaml /etc/promtail/config.yml
+ENTRYPOINT ["/usr/bin/promtail"]
+CMD ["-config.file=/etc/promtail/config.yml"]
diff --git a/loki b/loki
index af52a69..3987933 160000
--- a/loki
+++ b/loki
@@ -1 +1 @@
-Subproject commit af52a690ce73867bbf9cecbf2d279c578aa99d2d
+Subproject commit 3987933cdb1b0cc61c37c258895d3571e67478c7