From d39d73a2da23beb438378beeaf6507d5ad0749e4 Mon Sep 17 00:00:00 2001
From: "Lincoln Sward (he/they)" <lsward@redhat.com>
Date: Tue, 22 Oct 2024 14:30:45 -0400
Subject: [PATCH] TEAMNADO-7820 adding rpms signature scan to tekton pipeline
 (#206)

adding rpms signature scan to pull request and push yamls
---
 ...ubscription-inventory-ui-pull-request.yaml | 21 +++++++++++++++++++
 .tekton/subscription-inventory-ui-push.yaml   | 21 +++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/.tekton/subscription-inventory-ui-pull-request.yaml b/.tekton/subscription-inventory-ui-pull-request.yaml
index 55d6610..f4ed7b8 100644
--- a/.tekton/subscription-inventory-ui-pull-request.yaml
+++ b/.tekton/subscription-inventory-ui-pull-request.yaml
@@ -488,6 +488,27 @@ spec:
         workspaces:
           - name: workspace
             workspace: workspace
+      - name: rpms-signature-scan
+        when:
+        - input: $(params.skip-checks)
+          operator: in
+          values: ["false"]
+        runAfter:
+          - build-container
+        taskRef:
+          resolver: bundles
+          params:
+          - name: name
+            value: rpms-signature-scan
+          - name: bundle
+            value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8
+          - name: kind
+            value: task
+        params:
+        - name: image-url
+          value: $(tasks.build-container.results.IMAGE_URL)
+        - name: image-digest
+          value: $(tasks.build-container.results.IMAGE_DIGEST)
     workspaces:
       - name: workspace
       - name: git-auth
diff --git a/.tekton/subscription-inventory-ui-push.yaml b/.tekton/subscription-inventory-ui-push.yaml
index f1b18f7..4b82296 100644
--- a/.tekton/subscription-inventory-ui-push.yaml
+++ b/.tekton/subscription-inventory-ui-push.yaml
@@ -485,6 +485,27 @@ spec:
         workspaces:
           - name: workspace
             workspace: workspace
+      - name: rpms-signature-scan
+        when:
+        - input: $(params.skip-checks)
+          operator: in
+          values: ["false"]
+        runAfter:
+          - build-container
+        taskRef:
+          resolver: bundles
+          params:
+          - name: name
+            value: rpms-signature-scan
+          - name: bundle
+            value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8
+          - name: kind
+            value: task
+        params:
+        - name: image-url
+          value: $(tasks.build-container.results.IMAGE_URL)
+        - name: image-digest
+          value: $(tasks.build-container.results.IMAGE_DIGEST)
     workspaces:
       - name: workspace
       - name: git-auth