diff --git a/.tekton/policies-backend-pull-request.yaml b/.tekton/policies-backend-pull-request.yaml index 95aebad0..2f5c9351 100644 --- a/.tekton/policies-backend-pull-request.yaml +++ b/.tekton/policies-backend-pull-request.yaml @@ -283,6 +283,25 @@ spec: operator: in values: - "true" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: fail-unsigned + value: true + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: build-source-image params: - name: BINARY_IMAGE diff --git a/.tekton/policies-backend-push.yaml b/.tekton/policies-backend-push.yaml index 27c6eeed..712951fb 100644 --- a/.tekton/policies-backend-push.yaml +++ b/.tekton/policies-backend-push.yaml @@ -280,6 +280,25 @@ spec: operator: in values: - "true" + - name: rpms-signature-scan + params: + - name: image-digest + value: $(tasks.build-container.results.IMAGE_DIGEST) + - name: image-url + value: $(tasks.build-container.results.IMAGE_URL) + - name: fail-unsigned + value: true + runAfter: + - build-container + taskRef: + params: + - name: name + value: rpms-signature-scan + - name: bundle + value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:7aa4d3c95e2b963e82fdda392f7cb3d61e3dab035416cf4a3a34e43cf3c9c9b8 + - name: kind + value: task + resolver: bundles - name: build-source-image params: - name: BINARY_IMAGE