From c7b11eb22f4989709344a233e023c3d35c08f8df Mon Sep 17 00:00:00 2001
From: "rh-tap-build-team[bot]"
 <127938674+rh-tap-build-team[bot]@users.noreply.github.com>
Date: Thu, 26 Sep 2024 12:18:47 +0000
Subject: [PATCH 1/4] update
 task/generate-odcs-compose/0.1/generate-odcs-compose.yaml

---
 task/generate-odcs-compose/0.1/generate-odcs-compose.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/task/generate-odcs-compose/0.1/generate-odcs-compose.yaml b/task/generate-odcs-compose/0.1/generate-odcs-compose.yaml
index 93a7227fd..0decbb79e 100644
--- a/task/generate-odcs-compose/0.1/generate-odcs-compose.yaml
+++ b/task/generate-odcs-compose/0.1/generate-odcs-compose.yaml
@@ -21,7 +21,7 @@ spec:
       description: Directory to write the result .repo files.
   steps:
     - name: generate-odcs-compose
-      image: quay.io/redhat-appstudio/tools@sha256:130dbe49cc76ff4457cb53916a32b6b1330d86feeb95beaa3b443fd8ac5b47fa
+      image: quay.io/redhat-appstudio/tools@sha256:da85e5a57b1348a3556d40253198febdb1ed1854835dc890b2523b07db640158
       env:
         - name: CLIENT_ID
           valueFrom:

From de1c78f8d20c18f6ff2611b7fa4f12417250665b Mon Sep 17 00:00:00 2001
From: "rh-tap-build-team[bot]"
 <127938674+rh-tap-build-team[bot]@users.noreply.github.com>
Date: Thu, 26 Sep 2024 12:18:48 +0000
Subject: [PATCH 2/4] update
 task/generate-odcs-compose/0.2/generate-odcs-compose.yaml

---
 task/generate-odcs-compose/0.2/generate-odcs-compose.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/task/generate-odcs-compose/0.2/generate-odcs-compose.yaml b/task/generate-odcs-compose/0.2/generate-odcs-compose.yaml
index d8c5e99e2..c7aa17270 100644
--- a/task/generate-odcs-compose/0.2/generate-odcs-compose.yaml
+++ b/task/generate-odcs-compose/0.2/generate-odcs-compose.yaml
@@ -21,7 +21,7 @@ spec:
       description: Directory to write the result .repo files.
   steps:
     - name: generate-odcs-compose
-      image: quay.io/redhat-appstudio/tools@sha256:130dbe49cc76ff4457cb53916a32b6b1330d86feeb95beaa3b443fd8ac5b47fa
+      image: quay.io/redhat-appstudio/tools@sha256:da85e5a57b1348a3556d40253198febdb1ed1854835dc890b2523b07db640158
       env:
         - name: CLIENT_ID
           valueFrom:

From 799b42f758a8f77a481704fe2b4b3aecb6e0181a Mon Sep 17 00:00:00 2001
From: "rh-tap-build-team[bot]"
 <127938674+rh-tap-build-team[bot]@users.noreply.github.com>
Date: Thu, 26 Sep 2024 12:18:49 +0000
Subject: [PATCH 3/4] update task/rpms-signature-scan/0.1/README.md

---
 task/rpms-signature-scan/0.1/README.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/task/rpms-signature-scan/0.1/README.md b/task/rpms-signature-scan/0.1/README.md
index d8ee42012..d12018716 100644
--- a/task/rpms-signature-scan/0.1/README.md
+++ b/task/rpms-signature-scan/0.1/README.md
@@ -11,7 +11,8 @@ failing (the latter is useful when running inside a build pipeline which tests t
 
 | Name                     | Description                                                            | Defaults      | Required |
 |--------------------------|------------------------------------------------------------------------|---------------|----------|
-| image-url                | A reference to a container image                                       |               | true     |
+| image-url                | Image URL                                                              |               | true     |
+| image-digest             | Image digest to scan.                                                  |               | true     |
 | fail-unsigned            | [true \| false] If true fail if unsigned RPMs were found               | false         | false    |
 | workdir                  | Directory for storing temporary files                                  | /tmp          | false    |
 | ca-trust-config-map-name | The name of the ConfigMap to read CA bundle data from.                 | trusted-ca    | false    |
@@ -19,10 +20,11 @@ failing (the latter is useful when running inside a build pipeline which tests t
 
 ## Results:
 
-| Name              | Description              |
-|-------------------|--------------------------|
-| TEST_OUTPUT       | Tekton task test output  |
-| RPMS_DATA         | RPMs scanner results     |
+| Name              | Description                  |
+|-------------------|------------------------------|
+| TEST_OUTPUT       | Tekton task test output      |
+| RPMS_DATA         | RPMs scanner results         |
+| IMAGES_PROCESSED  | Images processed in the task |
 
 ## Source repository for image:
 https://github.com/redhat-appstudio/tools

From 0433d6a54c48751499eb8049a7957a515f4a8102 Mon Sep 17 00:00:00 2001
From: "rh-tap-build-team[bot]"
 <127938674+rh-tap-build-team[bot]@users.noreply.github.com>
Date: Thu, 26 Sep 2024 12:18:49 +0000
Subject: [PATCH 4/4] update
 task/rpms-signature-scan/0.1/rpms-signature-scan.yaml

---
 .../0.1/rpms-signature-scan.yaml                 | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/task/rpms-signature-scan/0.1/rpms-signature-scan.yaml b/task/rpms-signature-scan/0.1/rpms-signature-scan.yaml
index 5c65de8aa..fb19e1497 100644
--- a/task/rpms-signature-scan/0.1/rpms-signature-scan.yaml
+++ b/task/rpms-signature-scan/0.1/rpms-signature-scan.yaml
@@ -7,7 +7,10 @@ spec:
   params:
     - name: image-url
       type: string
-      description: "AppStudio container image"
+      description: Image URL
+    - name: image-digest
+      type: string
+      description: Image digest to scan
     - name: fail-unsigned
       type: string
       description: "[true | false] If true fail if unsigned RPMs were found"
@@ -31,6 +34,8 @@ spec:
       description: Tekton task test output.
     - name: RPMS_DATA
       description: Information about signed and unsigned RPMs
+    - name: IMAGES_PROCESSED
+      description: Images processed in the task.
   volumes:
     - name: workdir
       emptyDir: {}
@@ -43,7 +48,7 @@ spec:
         optional: true
   steps:
     - name: rpms-signature-scan
-      image: quay.io/redhat-appstudio/tools@sha256:130dbe49cc76ff4457cb53916a32b6b1330d86feeb95beaa3b443fd8ac5b47fa
+      image: quay.io/redhat-appstudio/tools@sha256:2ae975e79742691d678292a676715ed7ef48b0ee37c5725eea30bc8ae0a7a9af
       volumeMounts:
         - name: workdir
           mountPath: "$(params.workdir)"
@@ -54,6 +59,8 @@ spec:
       env:
         - name: IMAGE_URL
           value: "$(params.image-url)"
+        - name: IMAGE_DIGEST
+          value: "$(params.image-digest)"
         - name: FAIL_UNSIGNED
           value: "$(params.fail-unsigned)"
         - name: WORKDIR
@@ -64,7 +71,8 @@ spec:
         set -o pipefail
 
         rpm_verifier \
-          --input "${IMAGE_URL}" \
+          --image-url "${IMAGE_URL}" \
+          --image-digest "${IMAGE_DIGEST}" \
           --fail-unsigned "${FAIL_UNSIGNED}" \
           --workdir "${WORKDIR}" \
     - name: output-results
@@ -82,6 +90,7 @@ spec:
         source /utils.sh
         status=$(cat "${WORKDIR}"/status)
         rpms_data=$(cat "${WORKDIR}"/results)
+        images_processed=$(cat "${WORKDIR}"/images_processed)
         if [ "$status" == "ERROR" ]; then
           note="Task $(context.task.name) completed: Not all RPMs were confirmed to be signed. Refer to Tekton task output for details"
         else
@@ -91,3 +100,4 @@ spec:
         TEST_OUTPUT=$(make_result_json -r "$status" -t "$note")
         echo "${TEST_OUTPUT}" | tee "$(results.TEST_OUTPUT.path)"
         echo "${rpms_data}" | tee "$(results.RPMS_DATA.path)"
+        echo "${images_processed}" | tee "$(results.IMAGES_PROCESSED.path)"