-
Bug
-
Resolution: Done
-
Blocker
-
None
-
ACM 2.14.0
Description of problem:
Take a look at your EC failures in your konflux pipelines. Here are a couple:
✕ [Violation] hermetic_build_task.build_task_hermetic
ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/klusterlet-addon-controller-acm-214@sha256:efedc04d43a54c4d0a238a098f1550a78a826362794047b47ae80a78c2aeceed
Reason: Build task was not invoked with the hermetic parameter set
Title: Build task called with hermetic param set
Description: Verify the build task in the PipelineRun attestation was invoked with the proper parameters to make the build
process hermetic. To exclude this rule add "hermetic_build_task.build_task_hermetic" to the `exclude` section of the policy
configuration.
Solution: Make sure the task that builds the image has a parameter named 'HERMETIC' and it's set to 'true'.
✕ [Violation] source_image.exists
ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/klusterlet-addon-controller-acm-214@sha256:efedc04d43a54c4d0a238a098f1550a78a826362794047b47ae80a78c2aeceed
Reason: No source image references found
Title: Exists
Description: Verify the source container image exists. To exclude this rule add "source_image.exists" to the `exclude` section
of the policy configuration.
✕ [Violation] tasks.required_tasks_found
ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/klusterlet-addon-controller-acm-214@sha256:efedc04d43a54c4d0a238a098f1550a78a826362794047b47ae80a78c2aeceed
Reason: One of "source-build", "source-build-oci-ta" tasks is missing
Terms: source-build, source-build-oci-ta
Title: All required tasks were included in the pipeline
Description: Ensure that the set of required tasks are included in the PipelineRun attestation. To exclude this rule add one or
more of "tasks.required_tasks_found:source-build", "tasks.required_tasks_found:source-build-oci-ta" to the `exclude` section of
the policy configuration.
Solution: Make sure all required tasks are in the build pipeline. The required task list is contained as
https://conforma.dev/docs/ec-cli/configuration.html#_data_sources under the key 'required-tasks'.
✕ [Violation] hermetic_build_task.build_task_hermetic
ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/klusterlet-addon-controller-acm-214@sha256:836836d9bf60989708c4375677781aa80097342a8ee23efec9c1b5e92e1d8c71
Reason: Build task was not invoked with the hermetic parameter set
Title: Build task called with hermetic param set
Description: Verify the build task in the PipelineRun attestation was invoked with the proper parameters to make the build
process hermetic. To exclude this rule add "hermetic_build_task.build_task_hermetic" to the `exclude` section of the policy
configuration.
Solution: Make sure the task that builds the image has a parameter named 'HERMETIC' and it's set to 'true'.
✕ [Violation] source_image.exists
ImageRef: quay.io/redhat-user-workloads/crt-redhat-acm-tenant/klusterlet-addon-controller-acm-214@sha256:836836d9bf60989708c4375677781aa80097342a8ee23efec9c1b5e92e1d8c71
Reason: No source image references found
Title: Exists
Description: Verify the source container image exists. To exclude this rule add "source_image.exists" to the `exclude` section
of the policy configuration.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
- ...
Actual results:
Expected results:
Additional info:
- clones
-
-
- Closed
-