From 08acd9645e096f35fe135fa539e5928e7be569ee Mon Sep 17 00:00:00 2001
From: Tomas Nevrlka <tnevrlka@redhat.com>
Date: Thu, 7 Nov 2024 16:26:51 +0100
Subject: [PATCH] add rpms-signature-scan task

- rpms-signature-scan task is now mandatory
and causes enterprise-contracts to fail
---
 .tekton/build-pipeline.yaml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/.tekton/build-pipeline.yaml b/.tekton/build-pipeline.yaml
index c7a8fd4..af4b368 100644
--- a/.tekton/build-pipeline.yaml
+++ b/.tekton/build-pipeline.yaml
@@ -433,6 +433,28 @@ spec:
         - name: kind
           value: task
         resolver: bundles
+    - name: rpms-signature-scan
+      params:
+        - name: image-url
+          value: $(tasks.build-image-index.results.IMAGE_URL)
+        - name: image-digest
+          value: $(tasks.build-image-index.results.IMAGE_DIGEST)
+      runAfter:
+        - build-image-index
+      taskRef:
+        params:
+          - name: name
+            value: rpms-signature-scan
+          - name: bundle
+            value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8
+          - name: kind
+            value: task
+        resolver: bundles
+      when:
+        - input: $(params.skip-checks)
+          operator: in
+          values:
+            - "false"
     params:
     - name: git-url
       type: string