feat: add ctlog-monitor component

[fghanmi]

rekor-monitor application includes rekor-monitor and ctlog-monitor components

Summary by Sourcery

Add Konflux application configuration for the rekor-monitor service and its related components.

New Features:

• Introduce ImageRepository definitions for the rekor-monitor and ctlog-monitor images with SBOM webhook notifications.
• Define rekor-monitor and ctlog-monitor components sourced from the securesign/rekor-monitor GitHub repository.
• Create a rekor-monitor Application and kustomization tying together application, components, and image repositories.

[sourcery-ai]

Reviewer's Guide

Adds a new Konflux Application configuration for the rekor-monitor project, defining Application, Components, and ImageRepositories for both rekor-monitor and ctlog-monitor, wired into kustomize.

Sequence diagram for image build and SBOM webhook for rekor-monitor and ctlog-monitor

sequenceDiagram
  actor Developer
  participant GitHub as GitHub_repo_securesign_rekor_monitor
  participant AppStudio as Konflux_AppStudio
  participant Pipeline as BuildPipeline_docker_build_oci_ta
  participant Registry as Quay_rhtas_tenant
  participant Bombino as Bombino_API

  Developer->>GitHub: Push changes to main
  GitHub-->>AppStudio: Notify commit on securesign/rekor-monitor
  AppStudio->>Pipeline: Trigger build for rekor-monitor component
  AppStudio->>Pipeline: Trigger build for ctlog-monitor component

  Pipeline->>Registry: Push image rhtas-tenant/rekor-monitor
  Pipeline->>Registry: Push image rhtas-tenant/ctlog-monitor

  Registry-->>Bombino: repo_push webhook for rekor-monitor SBOM
  Registry-->>Bombino: repo_push webhook for ctlog-monitor SBOM

  Bombino-->>Registry: Acknowledge SBOM event reception

Loading

File-Level Changes

Change	Details	Files
Introduce ImageRepository definitions for rekor-monitor and ctlog-monitor with SBOM push webhooks to Bombino.	Create public ImageRepository for the rekor-monitor image under rhtas-tenant/rekor-monitor. Create public ImageRepository for the ctlog-monitor image under rhtas-tenant/ctlog-monitor. Configure repo_push webhook notifications to the Bombino SBOM API for both repositories.	konflux-configs/base/application/rekor-monitor/base/imagerepository.yaml
Define Components for rekor-monitor and ctlog-monitor sourced from the securesign/rekor-monitor GitHub repository using specific Dockerfiles and build pipeline annotations.	Add Component for rekor-monitor pointing to the securesign/rekor-monitor repo and Dockerfile.rekor-monitor.rh on main branch. Add Component for ctlog-monitor pointing to the same repo with context ./ and Dockerfile.ctlog-monitor.rh on main branch. Annotate both Components to use the docker-build-oci-ta build pipeline bundle and GitHub as the git provider.	konflux-configs/base/application/rekor-monitor/base/component.yaml
Wire up the rekor-monitor Application and its resources into kustomize.	Create an Application resource named rekor-monitor with display name "rekor-monitor (main)". Create a kustomization that references application, component, and imagerepository manifests and includes the shared base application component.	konflux-configs/base/application/rekor-monitor/base/application.yaml konflux-configs/base/application/rekor-monitor/base/kustomization.yaml

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• There are trailing spaces after kind: ImageRepository in imagerepository.yaml; removing them will avoid noisy diffs and potential formatting issues with strict tooling.
• The Bombino webhook notification block is duplicated for both rekor-monitor and ctlog-monitor image repositories; consider extracting this into a shared kustomize component or base to keep the configuration DRY and easier to maintain.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- There are trailing spaces after `kind: ImageRepository` in `imagerepository.yaml`; removing them will avoid noisy diffs and potential formatting issues with strict tooling.
- The Bombino webhook notification block is duplicated for both `rekor-monitor` and `ctlog-monitor` image repositories; consider extracting this into a shared kustomize component or base to keep the configuration DRY and easier to maintain.

## Individual Comments

### Comment 1
<location> `konflux-configs/base/application/rekor-monitor/base/imagerepository.yaml:4` </location>
<code_context>
+---
+
+apiVersion: appstudio.redhat.com/v1alpha1
+kind: ImageRepository 
+metadata:
+  name: rekor-monitor
</code_context>

<issue_to_address>
**issue (bug_risk):** Remove trailing whitespace from the `kind` value to avoid potential API deserialization issues.

`kind` is set to `ImageRepository ` with a trailing space. Kubernetes does exact string matching on `kind`, so this may cause the resource to be rejected as an unknown type. Please remove the trailing space so it reads `ImageRepository`.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

issue (bug_risk): Remove trailing whitespace from the kind value to avoid potential API deserialization issues.

kind is set to ImageRepository with a trailing space. Kubernetes does exact string matching on kind, so this may cause the resource to be rejected as an unknown type. Please remove the trailing space so it reads ImageRepository.

[github-actions]

Configuration Diff

4 document(s) impacted:

+ 0 added
- 0 removed
! 4 modified

Diff

@@ spec.description @@
# projctl.konflux.dev/v1beta1/Project/rhtas-tenant/rekor-monitor
! ± value change in multiline text (one insert, one deletion)
- Rekor Monitor provides monitoring capabilities for Rekor transparency log.
+ Rekor Monitor provides monitoring capabilities for the Rekor and Certificate transparency logs.

@@ spec.resources @@
# projctl.konflux.dev/v1beta1/ProjectDevelopmentStreamTemplate/rhtas-tenant/rekor-monitor-template
! - two list entries removed:
- - apiVersion: appstudio.redhat.com/v1alpha1
-   kind: Component
-   metadata:
-     name: {{.component}}{{.nameSuffix}}
-     annotations:
-       build.appstudio.openshift.io/pipeline: "{\"name\":\"docker-build-oci-ta\",\"bundle\":\"latest\"}"
-       git-provider: github
-       git-provider-url: "https://github.com"
-       mintmaker.appstudio.redhat.com/disabled: {{.mintmakerDisabled}}
-   spec:
-     source:
-       git:
-         url: "https://github.com/securesign/rekor-monitor"
-         dockerfileUrl: Dockerfile.rh
-         revision: {{.branch}}
-     application: {{.application}}{{.nameSuffix}}
-     componentName: {{.component}}
- - apiVersion: appstudio.redhat.com/v1alpha1
-   kind: ImageRepository
-   metadata:
-     name: imagerepository-for-{{.application}}{{.nameSuffix}}-{{.component}}
-     labels:
-       appstudio.redhat.com/component: {{.component}}{{.nameSuffix}}
-   spec:
-     image:
-       name: rhtas-tenant/rekor-monitor
-       visibility: public
-     notifications:
-     - config:
-         url: "https://bombino.api.redhat.com/v1/sbom/quay/push"
-       event: repo_push
-       method: webhook
-       title: SBOM-event-to-Bombino
! + four list entries added:
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: Component
+     metadata:
+       name: {{.rekor-monitor-component}}{{.nameSuffix}}
+       annotations:
+         build.appstudio.openshift.io/pipeline: "{\"name\":\"docker-build-oci-ta\",\"bundle\":\"latest\"}"
+         git-provider: github
+         git-provider-url: "https://github.com"
+         mintmaker.appstudio.redhat.com/disabled: {{.mintmakerDisabled}}
+     spec:
+       source:
+         git:
+           url: "https://github.com/securesign/rekor-monitor"
+           dockerfileUrl: Dockerfile.rekor-monitor.rh
+           revision: {{.branch}}
+       application: {{.application}}{{.nameSuffix}}
+       componentName: {{.rekor-monitor-component}}
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: Component
+     metadata:
+       name: {{.ctlog-monitor-component}}{{.nameSuffix}}
+       annotations:
+         build.appstudio.openshift.io/pipeline: "{\"name\":\"docker-build-oci-ta\",\"bundle\":\"latest\"}"
+         git-provider: github
+         git-provider-url: "https://github.com"
+         mintmaker.appstudio.redhat.com/disabled: {{.mintmakerDisabled}}
+     spec:
+       source:
+         git:
+           url: "https://github.com/securesign/rekor-monitor"
+           dockerfileUrl: Dockerfile.ctlog-monitor.rh
+           revision: {{.branch}}
+       application: {{.application}}{{.nameSuffix}}
+       componentName: {{.ctlog-monitor-component}}
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: ImageRepository
+     metadata:
+       name: imagerepository-for-{{.application}}{{.nameSuffix}}-{{.rekor-monitor-component}}
+       labels:
+         appstudio.redhat.com/component: {{.rekor-monitor-component}}{{.nameSuffix}}
+     spec:
+       image:
+         name: rhtas-tenant/rekor-monitor
+         visibility: public
+       notifications:
+       - config:
+           url: "https://bombino.api.redhat.com/v1/sbom/quay/push"
+         event: repo_push
+         method: webhook
+         title: SBOM-event-to-Bombino
+   - apiVersion: appstudio.redhat.com/v1alpha1
+     kind: ImageRepository
+     metadata:
+       name: imagerepository-for-{{.application}}{{.nameSuffix}}-{{.ctlog-monitor-component}}
+       labels:
+         appstudio.redhat.com/component: {{.ctlog-monitor-component}}{{.nameSuffix}}
+     spec:
+       image:
+         name: rhtas-tenant/ctlog-monitor
+         visibility: public
+       notifications:
+       - config:
+           url: "https://bombino.api.redhat.com/v1/sbom/quay/push"
+         event: repo_push
+         method: webhook
+         title: SBOM-event-to-Bombino

@@ spec.resources.appstudio.redhat.com/v1alpha1/Application/{{.application}}{{.nameSuffix}}.spec.displayName @@
# projctl.konflux.dev/v1beta1/ProjectDevelopmentStreamTemplate/rhtas-tenant/rekor-monitor-template
! ± value change
- {{.component}} ({{.version}})
+ {{.application}} ({{.version}})

@@ spec.variables @@
# projctl.konflux.dev/v1beta1/ProjectDevelopmentStreamTemplate/rhtas-tenant/rekor-monitor-template
! - one list entry removed:
- - name: component
-   defaultValue: rekor-monitor
-   description: "The component name"
! + two list entries added:
+   - name: rekor-monitor-component
+     defaultValue: rekor-monitor
+     description: "The rekor-monitor component name"
+   - name: ctlog-monitor-component
+     defaultValue: ctlog-monitor
+     description: "The ctlog-monitor component name"

---

_{📦 Artifacts: base-output.yaml, head-output.yaml, dyff-output.txt}

[osmman]

rekor-monitor application is currently managed by Project manifest because it is multistream project (1.3.x and main). Please make your changes in here https://github.com/securesign/pipelines/tree/main/konflux-configs/base/project/overlay/rekor-monitor