feat(ISV-5783): use new SBOM generation workflow

jedinym · jedinym · commit bcb0f4392a2b · 2025-05-12T09:41:44.000+02:00
The pipeline is refactored, so that the SBOM generation tasks are no longer dependent on `push-rpm-data-to-pyxis` and `populate-release-notes`. Signed-off-by: Martin Jediny <jedinym@proton.me>
diff --git a/pipelines/managed/rh-advisories/README.md b/pipelines/managed/rh-advisories/README.md
@@ -28,6 +28,11 @@ the rh-push-to-registry-redhat-io pipeline.
 | trustedArtifactsDebug           | Flag to enable debug logging in trusted artifacts. Set to a non-empty string to enable                                             | Yes      | ""                                                        |
 | dataDir                         | The location where data will be stored                                                                                             | Yes      | /var/workdir/release                                      |
 
+## Changes in 2.0.5
+* The `update-component-sbom` and `create-product-sbom` tasks are refactored to
+  use the new SBOM generation workflow. They no longer depend on
+  `push-rpm-data-to-pyxis` and `populate-release-notes`.
+
 ## Changes in 2.0.1
 * Temporarily allow the `upload-product-sbom` task to fail
   * The upload to S3 started giving us 503 errors. It will be investigated in ISV-5887
diff --git a/pipelines/managed/rh-advisories/rh-advisories.yaml b/pipelines/managed/rh-advisories/rh-advisories.yaml
@@ -4,7 +4,7 @@ kind: Pipeline
 metadata:
   name: rh-advisories
   labels:
-    app.kubernetes.io/version: "2.0.1"
+    app.kubernetes.io/version: "2.0.5"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -712,14 +712,12 @@ spec:
         - name: data
           workspace: release-workspace
       params:
-        - name: sbomJsonPath
-          value: "$(tasks.populate-release-notes.results.sbomDataPath)"
-        - name: downloadedSbomPath
-          value: "$(tasks.push-rpm-data-to-pyxis.results.sbomPath)"
+        - name: snapshotSpec
+          value: "$(tasks.collect-data.results.snapshotSpec)"
         - name: ociStorage
           value: $(params.ociStorage)
         - name: sourceDataArtifact
-          value: "$(tasks.push-rpm-data-to-pyxis.results.sourceDataArtifact)"
+          value: "$(tasks.apply-mapping.results.sourceDataArtifact)"
         - name: subdirectory
           value: $(tasks.collect-data.results.subdirectory)
         - name: dataDir
@@ -732,9 +730,8 @@ spec:
           value: "$(params.taskGitRevision)"
       runAfter:
         - collect-data
+        - apply-mapping
         - collect-atlas-params
-        - push-rpm-data-to-pyxis
-        - populate-release-notes
     - name: upload-component-sbom
       timeout: "4h"  # temp workaround until github.com/konflux-ci/release-service/issues/603 is fixed
       when:
@@ -743,7 +740,7 @@ spec:
           values: [""]
       params:
         - name: sbomDir
-          value: "$(tasks.push-rpm-data-to-pyxis.results.sbomPath)"
+          value: "$(tasks.update-component-sbom.results.sbomPath)"
         - name: atlasSecretName
           value: "$(tasks.collect-atlas-params.results.secretName)"
         - name: ssoTokenUrl
@@ -753,7 +750,7 @@ spec:
         - name: ociStorage
           value: $(params.ociStorage)
         - name: sourceDataArtifact
-          value: "$(tasks.apply-mapping.results.sourceDataArtifact)"
+          value: "$(tasks.update-component-sbom.results.sourceDataArtifact)"
         - name: subdirectory
           value: $(tasks.collect-data.results.subdirectory)
         - name: dataDir
@@ -904,7 +901,7 @@ spec:
         - name: ociStorage
           value: $(params.ociStorage)
         - name: sourceDataArtifact
-          value: "$(tasks.populate-release-notes.results.sourceDataArtifact)"
+          value: "$(tasks.apply-mapping.results.sourceDataArtifact)"
         - name: dataDir
           value: $(params.dataDir)
         - name: trustedArtifactsDebug
@@ -926,8 +923,9 @@ spec:
         - name: data
           workspace: release-workspace
       runAfter:
+        - apply-mapping
+        - collect-data
         - collect-atlas-params
-        - populate-release-notes
     - name: upload-product-sbom
       timeout: "4h"  # temp workaround until github.com/konflux-ci/release-service/issues/603 is fixed
       when:
@@ -936,7 +934,7 @@ spec:
           values: [""]
       params:
         - name: sbomDir
-          value: "$(tasks.create-product-sbom.results.productSBOMPath)"
+          value: "$(tasks.create-product-sbom.results.sbomPath)"
         - name: atlasSecretName
           value: "$(tasks.collect-atlas-params.results.secretName)"
         - name: ssoTokenUrl
