chore(KFLUXVNGD-148): Add custom certificate support for git clone task

Add param to support the custom certificate support for
git-clone-oci-ta task to connect to internal registry.

Jira-Url: https://issues.redhat.com/browse/KFLUXVNGD-155
Signed-off-by: Homaja Marisetty <[email protected]>

Author: hmariset

task-generator/trusted-artifacts/golden/git-clone/ta.yaml

@@ -265,6 +265,10 @@ spec:
     volumeMounts:
       - name: workdir
         mountPath: /var/workdir
+      - mountPath: /etc/pki/tls/certs/ca-custom-bundle.crt
+        name: trusted-ca
+        readOnly: true
+        subPath: ca-bundle.crt
     args:
       - create
       - --store

task-generator/trusted-artifacts/ta.go

@@ -159,6 +159,12 @@ func perform(task *pipeline.Task, recipe *Recipe) error {
 		Name:      "workdir",
 		MountPath: "/var/workdir",
 	}
+	trustedVolumeMount := core.VolumeMount{
+		Name:      "trusted-ca",
+		MountPath: "/etc/pki/tls/certs/ca-custom-bundle.crt",
+		SubPath:   "ca-bundle.crt",
+		ReadOnly:  true,
+	}
 	if len(recipe.AddVolumeMount) == 0 {
 		recipe.AddVolumeMount = []core.VolumeMount{workdirVolumeMount}
 	}
@@ -348,7 +354,7 @@ func perform(task *pipeline.Task, recipe *Recipe) error {
 		}
 
 		if task.Spec.StepTemplate == nil && !recipe.PreferStepTemplate {
-			create.VolumeMounts = []core.VolumeMount{workdirVolumeMount}
+			create.VolumeMounts = []core.VolumeMount{workdirVolumeMount, trustedVolumeMount}
 		}
 		task.Spec.Steps = append(task.Spec.Steps, create)
 	}

task/git-clone-oci-ta/0.1/git-clone-oci-ta.yaml

@@ -307,6 +307,10 @@ spec:
       volumeMounts:
         - mountPath: /var/workdir
           name: workdir
+        - mountPath: /etc/pki/tls/certs/ca-custom-bundle.crt
+          name: trusted-ca
+          readOnly: true
+          subPath: ca-bundle.crt
       env:
         - name: IMAGE_EXPIRES_AFTER
           value: $(params.ociArtifactExpiresAfter)