TODO fix buildah

Author: jeffdyoung

deploy/tekton/deploy-user-namespace.sh

@@ -451,6 +451,23 @@ deploy_resources_only() {
     deploy_with_namespace "tasks.yaml" "📝 Deploying Tasks..."
     deploy_with_namespace "pipeline.yaml" "🔄 Deploying Pipeline..."
     deploy_with_namespace "triggers.yaml" "⚡ Deploying Triggers..."
+    
+    # Create the application configuration configmap
+    echo -e "${GREEN}⚙️  Creating application configuration...${NC}"
+    oc create configmap ${USERNAME}-ci-analysis-config \
+        --from-literal=OLLAMA_API_BASE="http://${USERNAME}-ollama-service:11434" \
+        --from-literal=GOOGLE_GENAI_USE_VERTEXAI="FALSE" \
+        --from-literal=PYTHONPATH="/app" \
+        -n $NAMESPACE \
+        --dry-run=client -o yaml | oc apply -f -
+        
+    # Grant SCC permissions for container builds (persistent)
+    echo -e "${GREEN}🔐 Configuring Security Context Constraints for buildah...${NC}"
+    if ! oc adm policy add-scc-to-user pipelines-scc system:serviceaccount:${NAMESPACE}:pipeline-service-account &> /dev/null; then
+        echo -e "${YELLOW}⚠️  SCC policy may already be applied or cluster permissions insufficient${NC}"
+    else
+        echo -e "${GREEN}✅ SCC permissions configured successfully${NC}"
+    fi
 
     # Note: pipeline-run.yaml is a template file, not deployed directly
     echo -e "${GREEN}📄 Pipeline Run template available for use${NC}"

deploy/tekton/pipeline.yaml

@@ -48,42 +48,37 @@ spec:
   tasks:
     - name: git-clone
       taskRef:
-        name: git-clone
-        kind: ClusterTask
-        apiVersion: tekton.dev/v1beta1
+        resolver: cluster
+        params:
+        - name: kind
+          value: task
+        - name: name
+          value: git-clone
+        - name: namespace
+          value: openshift-pipelines
       workspaces:
         - name: output
           workspace: shared-data
       params:
-        - name: url
+        - name: URL
           value: $(params.git-url)
-        - name: revision
+        - name: REVISION
           value: $(params.git-revision)
-        - name: deleteExisting
+        - name: DELETE_EXISTING
           value: "true"
 
-    - name: create-namespace
-      taskRef:
-        name: create-namespace
-        apiVersion: tekton.dev/v1beta1
-      runAfter:
-        - git-clone
-      workspaces:
-        - name: source
-          workspace: shared-data
-      params:
-        - name: target-namespace
-          value: $(params.target-namespace)
-        - name: user-prefix
-          value: $(params.user-prefix)
-
     - name: build-image
       taskRef:
-        name: buildah
-        kind: ClusterTask
-        apiVersion: tekton.dev/v1beta1
+        resolver: cluster
+        params:
+        - name: kind
+          value: task
+        - name: name
+          value: buildah
+        - name: namespace
+          value: openshift-pipelines
       runAfter:
-        - create-namespace
+        - git-clone
       workspaces:
         - name: source
           workspace: shared-data
@@ -96,8 +91,6 @@ spec:
           value: ./Dockerfile
         - name: CONTEXT
           value: .
-        - name: TLSVERIFY
-          value: "false"
 
     - name: deploy-ollama
       taskRef: