[release-v1.17] Update Konflux configurations (#1373)

* Generate dockerfiles with "./openshift/scripts/generate-dockerfiles.sh"

* [release-v1.17] Sync Konflux configurations

* Generate dockerfiles with "./openshift/scripts/generate-dockerfiles.sh"

* [release-v1.17] Sync Konflux configurations

---------

Co-authored-by: serverless-qe <[email protected]>
Co-authored-by: Kaustubh Pande <[email protected]>

Author: 3 people

.tekton/docker-build.yaml

@@ -13,20 +13,6 @@ spec:
 
     _Uses `buildah` to create a multi-platform container image leveraging [trusted artifacts](https://konflux-ci.dev/architecture/ADR/0036-trusted-artifacts.html). It also optionally creates a source image and runs some build-time tests. This pipeline requires that the [multi platform controller](https://github.com/konflux-ci/multi-platform-controller) is deployed and configured on your Konflux instance. Information is shared between tasks using OCI artifacts instead of PVCs. EC will pass the [`trusted_task.trusted`](https://conforma.dev/docs/policy/packages/release_trusted_task.html#trusted_task__trusted) policy as long as all data used to build the artifact is generated from trusted tasks.
     This pipeline is pushed as a Tekton bundle to [quay.io](https://quay.io/repository/konflux-ci/tekton-catalog/pipeline-docker-build-multi-platform-oci-ta?tab=tags)_
-  finally:
-  - name: show-sbom
-    params:
-    - name: IMAGE_URL
-      value: $(tasks.build-image-index.results.IMAGE_URL)
-    taskRef:
-      params:
-      - name: name
-        value: show-sbom
-      - name: bundle
-        value: quay.io/konflux-ci/tekton-catalog/task-show-sbom:0.1@sha256:beb0616db051952b4b861dd8c3e00fa1c0eccbd926feddf71194d3bb3ace9ce7
-      - name: kind
-        value: task
-      resolver: bundles
   params:
   - default:
     - linux/x86_64
@@ -86,7 +72,7 @@ spec:
     name: hermetic
     type: string
   - default: ""
-    description: Build dependencies to be prefetched by Cachi2
+    description: Build dependencies to be prefetched
     name: prefetch-input
     type: string
   - default: ""
@@ -98,6 +84,11 @@ spec:
     description: Add built image into an OCI image index
     name: build-image-index
     type: string
+  - default: docker
+    description: The format for the resulting image's mediaType. Valid values are
+      oci or docker.
+    name: buildah-format
+    type: string
   - default: []
     description: Array of --build-arg values ("arg=value" strings) for buildah
     name: build-args
@@ -111,10 +102,6 @@ spec:
       VMs
     name: privileged-nested
     type: string
-  - name: buildah-format
-    default: docker
-    type: string
-    description: The format for the resulting image's mediaType. Valid values are oci or docker.
   results:
   - description: ""
     name: IMAGE_URL
@@ -278,14 +265,16 @@ spec:
       value: $(params.build-args-file)
     - name: PRIVILEGED_NESTED
       value: $(params.privileged-nested)
+    - name: SOURCE_URL
+      value: $(tasks.clone-repository.results.url)
+    - name: BUILDAH_FORMAT
+      value: $(params.buildah-format)
     - name: SOURCE_ARTIFACT
       value: $(tasks.prefetch-dependencies.results.SOURCE_ARTIFACT)
     - name: CACHI2_ARTIFACT
       value: $(tasks.prefetch-dependencies.results.CACHI2_ARTIFACT)
     - name: IMAGE_APPEND_PLATFORM
       value: "true"
-    - name: BUILDAH_FORMAT
-      value: $(params.buildah-format)
     runAfter:
     - prefetch-dependencies
     taskRef:
@@ -412,7 +401,12 @@ spec:
       operator: in
       values:
       - "false"
-  - name: ecosystem-cert-preflight-checks
+  - matrix:
+      params:
+      - name: platform
+        value:
+        - $(params.build-platforms)
+    name: ecosystem-cert-preflight-checks
     params:
     - name: image-url
       value: $(tasks.build-image-index.results.IMAGE_URL)
@@ -432,12 +426,12 @@ spec:
       operator: in
       values:
       - "false"
-    matrix:
+  - matrix:
       params:
-      - name: platform
+      - name: image-arch
         value:
         - $(params.build-platforms)
-  - name: clamav-scan
+    name: clamav-scan
     params:
     - name: image-digest
       value: $(tasks.build-image-index.results.IMAGE_DIGEST)
@@ -459,11 +453,6 @@ spec:
       operator: in
       values:
       - "false"
-    matrix:
-      params:
-      - name: image-arch
-        value:
-        - $(params.build-platforms)
   - name: sast-shell-check
     params:
     - name: image-digest

.tekton/kn-plugin-func-func-util-117-pull-request.yaml

@@ -21,12 +21,13 @@ spec:
       value: openshift/ci-operator/knative-images/func-util/Dockerfile
     - name: build-args
       value:
+        - CLI_ARTIFACTS=registry.redhat.io/openshift4/ose-cli-artifacts-rhel9:v4.16
         - GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.23
-        - GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal
-        - JAVA_BUILDER=registry.access.redhat.com/ubi8/openjdk-21
-        - JAVA_RUNTIME=registry.access.redhat.com/ubi8/openjdk-21-runtime
-        - NODE_BUILDER=registry.access.redhat.com/ubi8/nodejs-20
-        - NODE_RUNTIME=registry.access.redhat.com/ubi8/nodejs-20
+        - GO_RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal
+        - JAVA_BUILDER=registry.access.redhat.com/ubi9/openjdk-21
+        - JAVA_RUNTIME=registry.access.redhat.com/ubi9/openjdk-21-runtime
+        - NODE_BUILDER=registry.access.redhat.com/ubi9/nodejs-20
+        - NODE_RUNTIME=registry.access.redhat.com/ubi9/nodejs-20
         - VERSION=1.37.0
     - name: git-url
       value: '{{source_url}}'

.tekton/kn-plugin-func-func-util-117-push.yaml

@@ -20,12 +20,13 @@ spec:
       value: openshift/ci-operator/knative-images/func-util/Dockerfile
     - name: build-args
       value:
+        - CLI_ARTIFACTS=registry.redhat.io/openshift4/ose-cli-artifacts-rhel9:v4.16
         - GO_BUILDER=brew.registry.redhat.io/rh-osbs/openshift-golang-builder:rhel_8_golang_1.23
-        - GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal
-        - JAVA_BUILDER=registry.access.redhat.com/ubi8/openjdk-21
-        - JAVA_RUNTIME=registry.access.redhat.com/ubi8/openjdk-21-runtime
-        - NODE_BUILDER=registry.access.redhat.com/ubi8/nodejs-20
-        - NODE_RUNTIME=registry.access.redhat.com/ubi8/nodejs-20
+        - GO_RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal
+        - JAVA_BUILDER=registry.access.redhat.com/ubi9/openjdk-21
+        - JAVA_RUNTIME=registry.access.redhat.com/ubi9/openjdk-21-runtime
+        - NODE_BUILDER=registry.access.redhat.com/ubi9/nodejs-20
+        - NODE_RUNTIME=registry.access.redhat.com/ubi9/nodejs-20
         - VERSION=1.37.0
     - name: git-url
       value: '{{source_url}}'

openshift/ci-operator/build-image/Dockerfile

@@ -1,17 +1,17 @@
 # DO NOT EDIT! Generated Dockerfile.
 
-FROM registry.ci.openshift.org/ocp/4.17:cli-artifacts as tools
+FROM registry.ci.openshift.org/ocp/4.19:cli-artifacts as tools
 
 # Dockerfile to bootstrap build and test in openshift-ci
 FROM registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.23-openshift-4.19 as builder
 
 ARG TARGETARCH
 
-COPY --from=tools /usr/share/openshift/linux_$TARGETARCH/oc.rhel8 /usr/bin/oc
+COPY --from=tools /usr/share/openshift/linux_$TARGETARCH/oc.rhel9 /usr/bin/oc
 
 RUN ln -s /usr/bin/oc /usr/bin/kubectl
 
-RUN yum install -y httpd-tools
+RUN dnf install -y httpd-tools
 
 RUN wget https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 && \
     chmod 700 ./get-helm-3

openshift/ci-operator/knative-images/func-util/Dockerfile

@@ -1,6 +1,6 @@
 # DO NOT EDIT! Generated Dockerfile for cmd/func-util.
 ARG GO_BUILDER=registry.ci.openshift.org/openshift/release:rhel-8-release-golang-1.23-openshift-4.19
-ARG GO_RUNTIME=registry.access.redhat.com/ubi8/ubi-minimal
+ARG GO_RUNTIME=registry.access.redhat.com/ubi9/ubi-minimal
 
 FROM $GO_BUILDER as builder
 
@@ -17,7 +17,7 @@ FROM $GO_RUNTIME
 
 ARG VERSION=knative-v1.17
 
-RUN microdnf install socat tar
+RUN microdnf install -y socat tar
 
 COPY --from=builder /usr/bin/main /usr/bin/func-util
 COPY LICENSE /licenses/
@@ -30,14 +30,15 @@ RUN ln -s /usr/bin/func-util /usr/local/bin/deploy && \
 USER 65532
 
 LABEL \
-      com.redhat.component="openshift-serverless-1-kn-plugin-func-func-util-rhel8-container" \
-      name="openshift-serverless-1/kn-plugin-func-func-util-rhel8" \
+      com.redhat.component="openshift-serverless-1-kn-plugin-func-func-util-rhel9-container" \
+      name="openshift-serverless-1/kn-plugin-func-func-util-rhel9" \
       version=$VERSION \
       summary="Red Hat OpenShift Serverless 1 Kn Plugin Func Func Util" \
       maintainer="[email protected]" \
       description="Red Hat OpenShift Serverless 1 Kn Plugin Func Func Util" \
       io.k8s.display-name="Red Hat OpenShift Serverless 1 Kn Plugin Func Func Util" \
       io.k8s.description="Red Hat OpenShift Serverless Kn Plugin Func Func Util" \
-      io.openshift.tags="func-util"
+      io.openshift.tags="func-util" \
+      cpe="cpe:/a:redhat:openshift_serverless:1.37::el9"
 
 ENTRYPOINT ["/usr/bin/bash"]