1. Proposed title of this feature request
Provide Red Hat maintained maven Container Image
2. What is the nature and description of the request?
In https://hub-preview.tekton.dev/detail/65 and https://developers.redhat.com/blog/2020/02/26/speed-up-maven-builds-in-tekton-pipelines/ the Container Image gcr.io/cloud-builders/mvn is being used to run maven builds. This Image is not trusted and it's not clear what the update policy is, if and how it will be available, etc. There is also an official an maintained maven Image available on hub.docker.io but even here it's not clear how it's maintained, retention policy, etc.
This is why a Red Hat provided maven Container Image is required, as customers require a trusted, secured, maintained stack when using OpenShift Pipelines and building artifacts using maven.
3. Why does the customer need this? (List the business requirements here)
Having a completely maintained and trusted build chain is key for Red Hat customers and it's therefore not possible to use non-Red Hat provided container Images when creating artifacts using maven. This is the reason why customers require a specific maven container Image that is managed by Red Hat to have this trusted build chain.
4. List any affected packages or components.
OpenShift Pipelines with maven builds
- is incorporated by
-
SRVKP-1045 Update Task library in 1.5
- Closed