Addressing konflux error and fixing multi arch build with podman 5.2

.snyk

@@ -0,0 +1,6 @@
+# Snyk guide: https://docs.snyk.io/snyk-cli/commands/ignore
+exclude:
+  global:
+    # ignore tests
+    - "**/*_test.go"
+    - "test/**"

.tekton/network-observability-console-plugin-pull-request.yaml

@@ -94,11 +94,11 @@ spec:
       description: Skip checks against built image
       name: skip-checks
       type: string
-    - default: "false"
+    - default: "true"
       description: Execute the build with network isolation
       name: hermetic
       type: string
-    - default: ""
+    - default: "{\"type\":\"npm\", \"path\":\"./web\"}"
       description: Build dependencies to be prefetched by Cachi2
       name: prefetch-input
       type: string
@@ -203,6 +203,8 @@ spec:
       params:
       - name: input
         value: $(params.prefetch-input)
+      - name: dev-package-managers
+        value: true
       runAfter:
       - clone-repository
       - update-downstream
@@ -405,28 +407,6 @@ spec:
         operator: in
         values:
         - "false"
-    - name: sbom-json-check
-      params:
-      - name: IMAGE_URL
-        value: $(tasks.build-container.results.IMAGE_URL)
-      - name: IMAGE_DIGEST
-        value: $(tasks.build-container.results.IMAGE_DIGEST)
-      runAfter:
-      - build-container
-      taskRef:
-        params:
-        - name: name
-          value: sbom-json-check
-        - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:acc9cb8a714f33c0e48d6ca219b6bd0191f09cdd767af4ef3a35d0a5cac53b5d
-        - name: kind
-          value: task
-        resolver: bundles
-      when:
-      - input: $(params.skip-checks)
-        operator: in
-        values:
-        - "false"
     - name: apply-tags
       params:
       - name: IMAGE

.tekton/network-observability-console-plugin-push.yaml

@@ -5,6 +5,7 @@ metadata:
     build.appstudio.openshift.io/repo: https://github.com/netobserv/network-observability-console-plugin?rev={{revision}}
     build.appstudio.redhat.com/commit_sha: '{{revision}}'
     build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    build.appstudio.openshift.io/build-nudge-files: "hack/container_digest.sh"
     pipelinesascode.tekton.dev/max-keep-runs: "3"
     pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
       == "main"
@@ -91,11 +92,11 @@ spec:
       description: Skip checks against built image
       name: skip-checks
       type: string
-    - default: "false"
+    - default: "true"
       description: Execute the build with network isolation
       name: hermetic
       type: string
-    - default: ""
+    - default: "{\"type\":\"npm\", \"path\":\"./web\"}"
       description: Build dependencies to be prefetched by Cachi2
       name: prefetch-input
       type: string
@@ -402,28 +403,6 @@ spec:
         operator: in
         values:
         - "false"
-    - name: sbom-json-check
-      params:
-      - name: IMAGE_URL
-        value: $(tasks.build-container.results.IMAGE_URL)
-      - name: IMAGE_DIGEST
-        value: $(tasks.build-container.results.IMAGE_DIGEST)
-      runAfter:
-      - build-container
-      taskRef:
-        params:
-        - name: name
-          value: sbom-json-check
-        - name: bundle
-          value: quay.io/konflux-ci/tekton-catalog/task-sbom-json-check:0.1@sha256:acc9cb8a714f33c0e48d6ca219b6bd0191f09cdd767af4ef3a35d0a5cac53b5d
-        - name: kind
-          value: task
-        resolver: bundles
-      when:
-      - input: $(params.skip-checks)
-        operator: in
-        values:
-        - "false"
     - name: apply-tags
       params:
       - name: IMAGE

Dockerfile

@@ -1,9 +1,6 @@
 # We do not use --platform feature to auto fill this ARG because of incompatibility between podman and docker
-ARG BUILDSCRIPT=
-ARG LDFLAGS=
-ARG TARGETPLATFORM=linux/amd64
-ARG BUILDPLATFORM=linux/amd64
-FROM --platform=$BUILDPLATFORM docker.io/library/node:18-alpine as web-builder
+ARG TARGETARCH
+FROM docker.io/library/node:18-alpine as web-builder
 
 USER node
 
@@ -15,7 +12,7 @@ WORKDIR /opt/app-root
 COPY --chown=node web/package.json web/package.json
 COPY --chown=node web/package-lock.json web/package-lock.json
 WORKDIR /opt/app-root/web
-RUN npm ci
+RUN CYPRESS_INSTALL_BINARY=0 npm --legacy-peer-deps ci
 
 WORKDIR /opt/app-root
 COPY --chown=node web web
@@ -25,7 +22,7 @@ WORKDIR /opt/app-root/web
 RUN npm run format-all
 RUN npm run build$BUILDSCRIPT
 
-FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.22 as go-builder
+FROM docker.io/library/golang:1.22 as go-builder
 
 ARG TARGETPLATFORM
 ARG TARGETARCH=amd64
@@ -41,7 +38,7 @@ COPY pkg/ pkg/
 
 RUN CGO_ENABLED=0 GOARCH=$TARGETARCH go build -ldflags "$LDFLAGS" -mod vendor -o plugin-backend cmd/plugin-backend.go
 
-FROM  --platform=$TARGETPLATFORM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM  --platform=linux/$TARGETARCH registry.access.redhat.com/ubi9/ubi-minimal:9.4
 
 COPY --from=web-builder /opt/app-root/web/dist ./web/dist
 COPY --from=go-builder /opt/app-root/plugin-backend ./

Makefile

@@ -59,7 +59,7 @@ BUILD_FLAGS ?= -ldflags "${LDFLAGS}"
 # build a single arch target provided as argument
 define build_target
 	echo 'building image for arch $(1)'; \
-	DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --ulimit nofile=20480:20480 --load --build-arg LDFLAGS="${LDFLAGS}" --build-arg BUILDSCRIPT=${BUILDSCRIPT} --build-arg TARGETPLATFORM=linux/$(1) --build-arg TARGETARCH=$(1) --build-arg BUILDPLATFORM=linux/amd64 ${OCI_BUILD_OPTS} -t ${IMAGE}-$(1) -f Dockerfile .;
+	DOCKER_BUILDKIT=1 $(OCI_BIN) buildx build --ulimit nofile=20480:20480 --load --build-arg LDFLAGS="${LDFLAGS}" --build-arg BUILDSCRIPT=${BUILDSCRIPT} --build-arg TARGETARCH=$(1) ${OCI_BUILD_OPTS} -t ${IMAGE}-$(1) -f Dockerfile .;
 endef
 
 # push a single arch target image
@@ -122,7 +122,7 @@ start: YQ build-backend install-frontend ## Run backend and frontend
 	$(YQ) '.server.port |= 9002 | .server.metricsPort |= 9003 | .loki.useMocks |= false' ./config/sample-config.yaml > ./config/config.yaml
 	@echo "### Starting backend on http://localhost:9002"
 	bash -c "trap 'fuser -k 9002/tcp' EXIT; \
-					./plugin-backend $(CMDLINE_ARGS) & cd web && npm run start" 
+					./plugin-backend $(CMDLINE_ARGS) & cd web && npm run start"
 
 .PHONY: start-backend
 start-backend: YQ build-backend
@@ -159,7 +159,7 @@ fmt-frontend: i18n ## Run frontend i18n and fmt
 lint-frontend: ## Lint frontend code
 	@echo "### Linting frontend code"
 	cd web && npm run lint
-	
+
 .PHONY: test-frontend
 test-frontend: ## Test frontend using jest
 	@echo "### Testing frontend"

hack/update-build.sh

@@ -15,4 +15,11 @@ LABEL maintainer="[email protected]"
 LABEL io.openshift.tags="network-observability-console-plugin"
 LABEL upstream-vcs-ref="${COMMIT}"
 LABEL upstream-vcs-type="git"
+LABEL description="Based on Openshift Console dynamic plugin, this plugin implement the console elements for Network Observability."
 EOF
+
+sed -i 's/\(FROM.*\)docker.io\/library\/golang:1.22\(.*\)/\1brew.registry.redhat.io\/rh-osbs\/openshift-golang-builder:v1.22.5-202407301806.g4c8b32d.el9\2/g' ./Dockerfile
+sed -i 's/\(FROM.*\)docker.io\/library\/node:18-alpine\(.*\)/\1registry.access.redhat.com\/ubi9\/nodejs-18:1-108.1716477799\2/g' ./Dockerfile
+
+sed -i 's/USER node//g' ./Dockerfile
+sed -i 's/--chown=node/--chown=default/g' ./Dockerfile