feat(ISV-5783): use new SBOM generation workflow

jedinym · jedinym · commit 51115b80435b · 2025-05-14T09:54:29.000+02:00
The pipeline is refactored, so that the SBOM generation tasks are no longer dependent on `push-rpm-data-to-pyxis` and `populate-release-notes`. Signed-off-by: Martin Jediny <jedinym@proton.me>
diff --git a/pipelines/managed/rh-advisories/README.md b/pipelines/managed/rh-advisories/README.md
@@ -28,6 +28,11 @@ the rh-push-to-registry-redhat-io pipeline.
 | trustedArtifactsDebug           | Flag to enable debug logging in trusted artifacts. Set to a non-empty string to enable                                             | Yes      | ""                                                        |
 | dataDir                         | The location where data will be stored                                                                                             | Yes      | /var/workdir/release                                      |
 
+## Changes in 2.0.6
+* The `update-component-sbom` and `create-product-sbom` tasks are refactored to
+  use the new SBOM generation workflow. They no longer depend on
+  `push-rpm-data-to-pyxis` and `populate-release-notes`.
+
 ## Changes in 2.0.5
 * This pipeline is now using trusted artifacts. Therefore, we can remove the comments and timeouts
   added to workaround PVC contention issues.
diff --git a/pipelines/managed/rh-advisories/rh-advisories.yaml b/pipelines/managed/rh-advisories/rh-advisories.yaml
@@ -4,7 +4,7 @@ kind: Pipeline
 metadata:
   name: rh-advisories
   labels:
-    app.kubernetes.io/version: "2.0.5"
+    app.kubernetes.io/version: "2.0.6"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -706,14 +706,12 @@ spec:
         - name: data
           workspace: release-workspace
       params:
-        - name: sbomJsonPath
-          value: "$(tasks.populate-release-notes.results.sbomDataPath)"
-        - name: downloadedSbomPath
-          value: "$(tasks.push-rpm-data-to-pyxis.results.sbomPath)"
+        - name: snapshotSpec
+          value: "$(tasks.collect-data.results.snapshotSpec)"
         - name: ociStorage
           value: $(params.ociStorage)
         - name: sourceDataArtifact
-          value: "$(tasks.push-rpm-data-to-pyxis.results.sourceDataArtifact)"
+          value: "$(tasks.apply-mapping.results.sourceDataArtifact)"
         - name: subdirectory
           value: $(tasks.collect-data.results.subdirectory)
         - name: dataDir
@@ -726,17 +724,16 @@ spec:
           value: "$(params.taskGitRevision)"
       runAfter:
         - collect-data
+        - apply-mapping
         - collect-atlas-params
-        - push-rpm-data-to-pyxis
-        - populate-release-notes
     - name: upload-component-sbom
       when:
         - input: "$(tasks.collect-atlas-params.results.secretName)"
           operator: notin
           values: [""]
       params:
         - name: sbomDir
-          value: "$(tasks.push-rpm-data-to-pyxis.results.sbomPath)"
+          value: "$(tasks.update-component-sbom.results.sbomPath)"
         - name: atlasSecretName
           value: "$(tasks.collect-atlas-params.results.secretName)"
         - name: ssoTokenUrl
@@ -746,7 +743,7 @@ spec:
         - name: ociStorage
           value: $(params.ociStorage)
         - name: sourceDataArtifact
-          value: "$(tasks.apply-mapping.results.sourceDataArtifact)"
+          value: "$(tasks.update-component-sbom.results.sourceDataArtifact)"
         - name: subdirectory
           value: $(tasks.collect-data.results.subdirectory)
         - name: dataDir
@@ -893,7 +890,7 @@ spec:
         - name: ociStorage
           value: $(params.ociStorage)
         - name: sourceDataArtifact
-          value: "$(tasks.populate-release-notes.results.sourceDataArtifact)"
+          value: "$(tasks.apply-mapping.results.sourceDataArtifact)"
         - name: dataDir
           value: $(params.dataDir)
         - name: trustedArtifactsDebug
@@ -915,16 +912,17 @@ spec:
         - name: data
           workspace: release-workspace
       runAfter:
+        - apply-mapping
+        - collect-data
         - collect-atlas-params
-        - populate-release-notes
     - name: upload-product-sbom
       when:
         - input: "$(tasks.collect-atlas-params.results.secretName)"
           operator: notin
           values: [""]
       params:
         - name: sbomDir
-          value: "$(tasks.create-product-sbom.results.productSBOMPath)"
+          value: "$(tasks.create-product-sbom.results.sbomPath)"
         - name: atlasSecretName
           value: "$(tasks.collect-atlas-params.results.secretName)"
         - name: ssoTokenUrl
