redhat-appstudio · openshift-merge-bot · Nov 15, 2024 · Nov 15, 2024
diff --git a/pac/pipelines/gitops-pull-request-rhtap.yaml b/pac/pipelines/gitops-pull-request-rhtap.yaml
@@ -72,7 +72,7 @@ spec:
     workspaces:
     - name: source
       workspace: workspace
-  - name: verify-enteprise-contract
+  - name: verify-enterprise-contract
     params:
     - name: IMAGES
       value: $(tasks.get-images-to-verify.results.IMAGES_TO_VERIFY)

diff --git a/pac/tasks/acs-deploy-check.yaml b/pac/tasks/acs-deploy-check.yaml
@@ -50,7 +50,7 @@ spec:
       image: registry.redhat.io/openshift4/ose-cli:4.13@sha256:73df37794ffff7de1101016c23dc623e4990810390ebdabcbbfa065214352c7c
       script: |
         #!/usr/bin/env bash
-        echo "acs-image-scan $(context.taskRun.name)"
+        echo "acs-deploy-check $(context.taskRun.name)"
         oc annotate taskrun $(context.taskRun.name) task.results.format=application/json
         oc annotate taskrun $(context.taskRun.name) task.results.type=roxctl-deployment-check
         oc annotate taskrun $(context.taskRun.name) task.results.container=step-report

diff --git a/pac/tasks/acs-image-check.yaml b/pac/tasks/acs-image-check.yaml
@@ -46,7 +46,7 @@ spec:
       image: registry.redhat.io/openshift4/ose-cli:4.13@sha256:73df37794ffff7de1101016c23dc623e4990810390ebdabcbbfa065214352c7c
       script: |
         #!/usr/bin/env bash
-        echo "acs-image-scan $(context.taskRun.name)"
+        echo "acs-image-check $(context.taskRun.name)"
         oc annotate taskrun $(context.taskRun.name) task.results.format=application/json
         oc annotate taskrun $(context.taskRun.name) task.results.type=roxctl-image-check
         oc annotate taskrun $(context.taskRun.name) task.results.container=step-report

diff --git a/pac/tasks/acs-image-scan.yaml b/pac/tasks/acs-image-scan.yaml
@@ -129,20 +129,31 @@ spec:
         echo "roxctl image scan"
 
         IMAGE=${PARAM_IMAGE}@${PARAM_IMAGE_DIGEST}
-        ./roxctl image scan \
-          $( [ "${PARAM_INSECURE_SKIP_TLS_VERIFY}" = "true" ] && \
-          echo -n "--insecure-skip-tls-verify") \
-          -e "${ROX_CENTRAL_ENDPOINT}" --image "$IMAGE" --output json --force \
-          > roxctl_image_scan_output.json
-        image_scan_err_code=$?
-        cp roxctl_image_scan_output.json /steps-shared-folder/acs-image-scan.json
-        if [ $image_scan_err_code -ne 0 ]; then
-          cat roxctl_image_scan_output.json
-          note='ACS image scan failed to process the image. See the task logs for more details.'
-          echo $note
-          set_test_output_result ERROR "$note"
-          exit 2
-        fi
+        retry=3
+        while true; do
+          retry=$(( retry - 1 ))
+          ./roxctl image scan \
+            $( [ "${PARAM_INSECURE_SKIP_TLS_VERIFY}" = "true" ] && \
+            echo -n "--insecure-skip-tls-verify") \
+            -e "${ROX_CENTRAL_ENDPOINT}" --image "$IMAGE" --output json --force \
+            > roxctl_image_scan_output.json
+          image_scan_err_code=$?
+          cp -f roxctl_image_scan_output.json /steps-shared-folder/acs-image-scan.json
+          if [ $image_scan_err_code -ne 0 ]; then
+            cat roxctl_image_scan_output.json
+            if [ "$(grep -c "context deadline exceeded" roxctl_image_scan_output.json)" -ne 0 ] && [ $retry -gt 0 ]; then
+              echo "Retry in 5m"
+              sleep 300
+            else
+              note='ACS image scan failed to process the image. See the task logs for more details.'
+              echo "$note"
+              set_test_output_result ERROR "$note"
+              exit 2
+            fi
+          else
+            break
+          fi
+        done
 
         # Set SCAN_OUTPUT result
         critical=$(cat roxctl_image_scan_output.json | grep -oP '(?<="CRITICAL": )\d+')

diff --git a/pac/tasks/git-clone.yaml b/pac/tasks/git-clone.yaml
@@ -104,6 +104,10 @@ spec:
     name: url
   - description: The commit timestamp of the checkout
     name: commit-timestamp
+  - description: The precise URL that was fetched by this Task. This result uses Chains type hinting to include in the provenance.
+    name: CHAINS-GIT_URL
+  - description: The precise commit SHA that was fetched by this Task. This result uses Chains type hinting to include in the provenance.
+    name: CHAINS-GIT_COMMIT
   steps:
   - name: clone
     env:
@@ -245,8 +249,10 @@ spec:
         exit "${EXIT_CODE}"
       fi
       printf "%s" "${RESULT_SHA}" > "$(results.commit.path)"
+      printf "%s" "${RESULT_SHA}" > "$(results.CHAINS-GIT_COMMIT.path)"
       printf "%s" "${RESULT_SHA_SHORT}" > "$(results.short-commit.path)"
       printf "%s" "${PARAM_URL}" > "$(results.url.path)"
+      printf "%s" "${PARAM_URL}" > "$(results.CHAINS-GIT_URL.path)"
       printf "%s" "$(git log -1 --pretty=%ct)" > "$(results.commit-timestamp.path)"
 
       if [ "${PARAM_FETCH_TAGS}" = "true" ] ; then