chore(deps): update build#3653
Conversation
|
🤖 Finished Review · ✅ Success · Started 10:33 AM UTC · Completed 10:37 AM UTC |
Review — approvePR: #3653 — chore(deps): update build SummaryStandard automated Renovate dependency update bumping container image digests and tags across 23 Tekton task YAML files. All changes are mechanical 1:1 image reference substitutions — no logic, scripts, parameters, or code were modified. Images updated:
Review dimensions
Previous runReview — ✅ ApproveAutomated dependency update by Renovate — image reference changes only. Changes VerifiedThis PR updates container image references across 23 Tekton task definition files. All changes are mechanical 1:1 replacements of image digests/tags with no logic, API, or behavioral modifications.
Correctness
Security
Intent & Scope
Documentation
No findings. Previous run (2)Review — approveSummaryAutomated Renovate dependency update bumping container image digests and one minor version across 23 Tekton task definition files. All 48 changed lines are 1:1 image reference replacements — no logic, API, or behavioral changes. Changes verified
Analysis
Previous run (3)Review — Approve ✅Automated Renovate dependency update — all changes are mechanical 1:1 image reference replacements across 23 Tekton task YAML files. No logic, parameters, scripts, permissions, or task structure changes. Images updated
Verified
Previous run (4)Review — approvePR: #3653 — chore(deps): update build SummaryThis is a Renovate-managed dependency update that bumps container image digests and one minor version across Tekton task definitions. All changes are 1:1 line replacements of image references — no logic, parameter, or structural changes. Images updated:
AnalysisCorrectness — All changes are purely image reference swaps. No script logic, task parameters, or pipeline structure is modified. The Security — All images remain pinned by full Intent & coherence — The PR matches its declared purpose (automated dependency update). It is appropriately scoped to the Style/conventions — Image references follow the existing format exactly ( Documentation — No documentation changes needed for digest-only updates per project convention. Cross-repo contracts — No API, schema, or interface changes. Task signatures (parameters, results, workspaces) are unchanged. Verdict✅ Approve — Clean, mechanical dependency update. All images properly digest-pinned. No behavioral changes to any Tekton task. Previous run (5)Review — approveAutomated dependency digest/version update from Renovate — no logic changes detected. This PR updates container image references across 23 Tekton task and external-task YAML files. All changes are strictly mechanical: old Changes verified
Correctness
Security
Scope & intent
Documentation
No blocking findings. This is a clean dependency update. Previous run (6)Review — ✅ ApproveSummaryRoutine Renovate dependency update for the build group. All 37 changed files contain purely mechanical container image digest and version swaps with no logic, script, or configuration changes. The diff is perfectly symmetric (+64/−64). Images updated
Review dimensions
No findings. Previous run (7)Review — ✅ ApprovePR: #3653 — SummaryStandard automated dependency update from Renovate. All changes are mechanical image reference updates across Images updated
Review dimensionsCorrectness — All image references maintain Security — All images remain pinned by sha256 digest. No new privileges, security contexts, environment variables, or secret references are introduced. Images come from trusted first-party registries ( Intent & coherence — Standard Renovate-managed dependency update, appropriately scoped to image reference updates only. Files in Style/conventions — Image references follow the project's established Documentation — No documentation changes needed; these are image digest bumps with no user-facing behavior changes. Cross-repo contracts — No API, schema, or interface changes. Task parameters, results, and workspaces are unchanged. No findings. Previous run (8)Review — ✅ ApprovePR: #3653 — chore(deps): update build SummaryAutomated Renovate dependency update bumping container image references across 37 Tekton task YAML files. All changes are mechanical 1:1 substitutions of image digests/tags:
Review dimensions
No findings at any severity level. This is a safe, routine dependency update. Previous run (9)Review — approveScope: Automated dependency update (Renovate) bumping container image digest pins and one minor version across 37 Tekton task/pipeline YAML files. Changes verifiedAll 64 additions replace exactly one image reference each, with a corresponding deletion of the old reference. No task parameters, scripts, resource limits, volume mounts, or structural YAML were modified. The five image groups updated:
Correctness
Security
Scope & intent
PR body
No findings. This is a clean, mechanical dependency update. Previous run (10)Review — approveSummaryAutomated Renovate dependency update bumping container image digests and tags across 37 Tekton task YAML files. All changes are mechanical 1:1 image reference replacements. Images updated:
Checks performed
No findings at or above the configured severity threshold. Previous run (11)Review — ✅ ApprovePR: #3653 — Change SummaryThis is an automated Renovate dependency update that bumps container image references across Tekton task definitions in the Images updated:
Analysis
No findings at or above the Labels: Automated Renovate dependency digest/tag update for build-related Tekton tasks Previous run (12)Review — approvePR: #3653 — chore(deps): update build SummaryClean automated dependency update by Renovate. All 128 changed lines are 1:1 container image reference substitutions in Tekton task YAML files. No logic, scripts, parameters, permissions, or structural changes. Images updated:
Review dimensions
No blocking findings. This is a routine, well-formed dependency update. Previous run (13)Review — ✅ ApproveAutomated dependency digest/version bump — all changes are mechanical image reference replacements. SummaryThis Renovate-generated PR bumps container image references across 37 Tekton task definition files. Every change is a 1:1 swap of an old Images updated
Analysis
Previous run (14)Review — ✅ ApprovePR: #3653 — SummaryStandard Renovate dependency update bumping container image digests and one minor version across Tekton task definitions. All changes are mechanical 1:1 replacements of image references. Images updated:
Checks performed
No findings above the reporting threshold. Previous run (15)Review — ✅ ApprovePR: #3653 — chore(deps): update build SummaryThis is an automated Renovate dependency update PR that bumps container image references across Tekton task definitions. All changes are 1:1 image reference replacements with no logic, configuration, or behavioral changes. Images updated:
Review dimensionsCorrectness: All changes are mechanical digest/version replacements. Each old digest is consistently replaced by the same new digest across all files — no mismatches. The task-runner minor bump (2.0.0 → 2.1.0) is additive (adds git-lfs, updates tool versions) with no breaking changes per the changelog. Security: All images use Intent & coherence: This is a standard automated dependency update that matches the Style/conventions: Consistent with project conventions. Per Documentation currency: No documentation changes needed — image digest updates don't affect docs. Injection defense: PR body contains standard Renovate formatting with no instruction-like injection patterns detected. No findings. Previous run (16)ReviewVerdict: Approve This is a standard Renovate bot dependency update for the Changes verified
Correctness
Security
Scope & intent
No findingsNo blocking or notable issues identified. Previous run (17)ReviewVerdict: Approve SummaryThis is an automated Renovate dependency update PR that bumps container image digests and tags across 31 Tekton task definition YAML files. All changes are mechanical image reference updates — no logic, script, parameter, or structural YAML changes. ChangesFive container images are updated:
Analysis
No findings at severity Previous run (18)Review — ✅ ApproveAutomated dependency update by Renovate — image digest and tag bumps across 31 Tekton task YAML files. Changes reviewed
Evaluation
No findings at or above the Previous run (19)ReviewVerdict: approve SummaryThis is an automated Renovate dependency update PR that bumps container image references across 31 Tekton task YAML files. All changes are mechanical digest/tag updates with no logic, parameter, or script modifications. Images updated:
Correctness
Security
Scope & coherence
No findings. Labels: Automated Renovate dependency digest/version bumps for build-related container images Previous run (20)Review — approvePR: #3653 — Update build SummaryThis is a Renovate-managed dependency update PR that bumps container image references for three images used across Tekton task definitions:
AnalysisCorrectness — All 57 line changes are mechanical image reference replacements. Each old digest is consistently replaced with the corresponding new digest across all files in the PR scope. No script logic, task parameters, or configuration values are modified. The Security — All image references remain pinned by SHA256 digest, preserving supply-chain integrity. No new security contexts, privilege escalations, or RBAC changes. Images continue to come from the same trusted registry ( Intent & coherence — The PR scope exactly matches the Renovate Style/conventions — Image reference format ( Documentation — No documentation updates are needed for image digest bumps. Cross-repo contracts — The VerdictNo findings. This is a clean, well-scoped automated dependency update with consistent replacements and proper digest pinning. Previous run (21)ReviewVerdict: ✅ Approve This is a well-scoped Renovate bot dependency update for the Changes reviewed
Checks performed
Previous run (22)Review — approveAutomated dependency update from Renovate bot. All changes are mechanical image reference bumps — no logic, script, or parameter modifications. Changes reviewedThis PR updates container image references across 31 Tekton task YAML files in the
Verification
Previous run (23)Review — ✅ ApprovePR: #3653 — Update build SummaryThis is a standard Renovate dependency update PR that bumps container image digests and versions across 31 Tekton task YAML files. All changes are mechanical 1:1 substitutions of Images updated:
Review dimensions
Notes
Previous run (24)Review — Approve ✅PR #3653 — Update build (Renovate dependency digest/version bumps) SummaryThis is a mechanical Renovate bot dependency update that makes 64 line-for-line image reference replacements across 36 Tekton task YAML files. Three container images are updated:
Review dimensions
VerdictClean dependency update with no findings. All images remain pinned to content-addressable digests. The Previous run (25)Review — ✅ ApproveSummaryAutomated Renovate dependency update bumping container image digests and tags across 36 Tekton task YAML files. All changes are mechanical 1-line image reference substitutions with no behavioral code modifications. Images updated:
FindingsNo blocking findings across all review dimensions:
Previous run (26)Review — ✅ ApproveAutomated dependency update — image digest and minor version bumps across 36 Tekton task files. Changes verifiedThis Renovate PR updates four container images used in Tekton task steps within the
Checks performed
No findings at or above the reporting threshold. Previous run (27)Review of #3653 — Update buildVerdict: ✅ Approve This is a standard automated Renovate dependency update bumping container image digests and one minor version tag across 36 Tekton task YAML files. Changes reviewed
Reviewed dimensions
No findings at or above the reporting threshold. Previous run (28)Review — ✅ ApproveVerdict: Approve — automated dependency digest/tag update with no behavioral changes. SummaryThis is a Renovate-managed PR that updates image references across 36 Tekton task YAML files in the
AnalysisCorrectness: Every change is a 1:1 line substitution of an image reference — no script logic, task parameters, volume mounts, or resource specs are modified. The Security: All images use digest-pinned references ( Scope & consistency: The PR correctly covers all files in the No findings above the severity threshold. Previous run (29)Review — ✅ ApprovePR: #3653 — Update build SummaryThis is an automated Renovate dependency update that bumps container image references across the Images updated:
Analysis
No findings. |
338475d to
e850a4b
Compare
|
🤖 Finished Review · ✅ Success · Started 12:00 PM UTC · Completed 12:05 PM UTC |
|
Do NOT merge. We are in the middle of moving some build tasks out of build definitions. |
e850a4b to
3db8bd7
Compare
|
🤖 Finished Review · ✅ Success · Started 3:10 PM UTC · Completed 3:16 PM UTC |
3db8bd7 to
492e64b
Compare
|
🤖 Finished Review · ✅ Success · Started 6:58 PM UTC · Completed 7:07 PM UTC |
|
🤖 Finished Review · ✅ Success · Started 2:00 AM UTC · Completed 2:07 AM UTC |
|
🤖 Finished Review · ✅ Success · Started 8:27 AM UTC · Completed 8:31 AM UTC |
|
🤖 Finished Review · ✅ Success · Started 10:13 AM UTC · Completed 10:21 AM UTC |
|
🤖 Finished Review · ✅ Success · Started 10:24 AM UTC · Completed 10:28 AM UTC |
|
🤖 Finished Review · ✅ Success · Started 3:51 PM UTC · Completed 3:57 PM UTC |
|
🤖 Finished Review · ✅ Success · Started 4:15 PM UTC · Completed 4:20 PM UTC |
|
**Scenario: **
Inspecting Test ArtifactsTo inspect your test artifacts, follow these steps:
mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/konflux-test-storage/konflux-team/build-definitions:8735f02e39c651cf2e024ec681898e6d2d17ae77Test results analysis🚨 Error occurred while running the E2E tests, list of failed Spec(s): ➡️ [ Click to view logsExpected
:
to equal
: enterprise-contractOCI Artifact Browser URL<not enabled> |
|
🤖 Finished Review · ✅ Success · Started 7:39 AM UTC · Completed 7:44 AM UTC |
|
🤖 Finished Review · ✅ Success · Started 8:00 AM UTC · Completed 8:05 AM UTC |
|
**Scenario: **
Inspecting Test ArtifactsTo inspect your test artifacts, follow these steps:
mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/konflux-test-storage/konflux-team/build-definitions:0fe22392c64d271e27b98a788716b5fb21ae4768Test results analysis🚨 Error occurred while running the E2E tests, list of failed Spec(s): ➡️ [ Click to view logsExpected success, but got an error:
<*errors.errorString | 0xc007ee3040>:
CouldntGetTask: Pipeline build-templates-e2e/test-comp-wain-on-pull-request-mcmnz can't be Run; it contains Tasks that don't exist: Couldn't retrieve Task "resolver type bundles\nname = buildah-oci-ta\n": error requesting remote resource: error getting "bundleresolver" "build-templates-e2e/bundles-d558e3e18e4bd3070c45b81f31cdd9b7": cannot retrieve the oci image: GET https://quay.io/v2/konflux-ci/pull-request-builds/manifests/sha256:780292f418ba90be4d5104d091e89fe734ce33b888b7bb018b5b3f77bc07f28d: MANIFEST_UNKNOWN: manifest unknown; map[]
{
s: "CouldntGetTask: Pipeline build-templates-e2e/test-comp-wain-on-pull-request-mcmnz can't be Run; it contains Tasks that don't exist: Couldn't retrieve Task \"resolver type bundles\\nname = buildah-oci-ta\\n\": error requesting remote resource: error getting \"bundleresolver\" \"build-templates-e2e/bundles-d558e3e18e4bd3070c45b81f31cdd9b7\": cannot retrieve the oci image: GET https://quay.io/v2/konflux-ci/pull-request-builds/manifests/sha256:780292f418ba90be4d5104d091e89fe734ce33b888b7bb018b5b3f77bc07f28d: MANIFEST_UNKNOWN: manifest unknown; map[]",
}OCI Artifact Browser URL<not enabled> |
|
🤖 Finished Review · ✅ Success · Started 4:25 PM UTC · Completed 4:29 PM UTC |
|
🤖 Finished Review · ✅ Success · Started 4:47 PM UTC · Completed 4:55 PM UTC |
|
🤖 Finished Review · ✅ Success · Started 9:59 AM UTC · Completed 10:03 AM UTC |
|
🤖 Review · ❌ Terminated · Started 12:16 PM UTC · Ended 12:20 PM UTC |
|
**Scenario: **
Inspecting Test ArtifactsTo inspect your test artifacts, follow these steps:
mkdir -p oras-artifacts
cd oras-artifacts
oras pull quay.io/konflux-test-storage/konflux-team/build-definitions:efc20cafd921f59500f855f4ac0b6763ff4276f0Test results analysis🚨 Error occurred while running the E2E tests, list of failed Spec(s): ➡️ [ Click to view logsExpected success, but got an error:
<*errors.errorString | 0xc004b14c50>:
CouldntGetTask: Pipeline build-templates-e2e/test-comp-arvb-on-pull-request-zkpz4 can't be Run; it contains Tasks that don't exist: Couldn't retrieve Task "resolver type bundles\nname = build-image-index\n": error requesting remote resource: error getting "bundleresolver" "build-templates-e2e/bundles-b178be681a37b78d21387660b57ab443": cannot retrieve the oci image: GET https://quay.io/v2/konflux-ci/pull-request-builds/manifests/sha256:84afb0418eb199ca4320df43779d18cfc7a89609c657c3e74e00672df1088e5b: MANIFEST_UNKNOWN: manifest unknown; map[]
{
s: "CouldntGetTask: Pipeline build-templates-e2e/test-comp-arvb-on-pull-request-zkpz4 can't be Run; it contains Tasks that don't exist: Couldn't retrieve Task \"resolver type bundles\\nname = build-image-index\\n\": error requesting remote resource: error getting \"bundleresolver\" \"build-templates-e2e/bundles-b178be681a37b78d21387660b57ab443\": cannot retrieve the oci image: GET https://quay.io/v2/konflux-ci/pull-request-builds/manifests/sha256:84afb0418eb199ca4320df43779d18cfc7a89609c657c3e74e00672df1088e5b: MANIFEST_UNKNOWN: manifest unknown; map[]",
}OCI Artifact Browser URL<not enabled> |
|
🤖 Finished Review · ✅ Success · Started 5:37 PM UTC · Completed 5:45 PM UTC |
This PR contains the following updates:
7c51a35→a03e7980415613→185c379ae68489→185c3792.0.0→2.1.03ab8441→6387614421003a→06801170b11148→9992e785a6cbeb→e19d134e1e6252→d8e53d97c5575a→2dd5b3ed87faca→3c21766Warning
Some dependencies could not be looked up. Check the warning logs for more information.
Release Notes
konflux-ci/task-runner (quay.io/konflux-ci/task-runner)
v2.1.0Compare Source
Date: 2026-07-08
Installed Software
git-lfsadded (3.7.1-5.el10_2.5)cosign3.0.5 => 3.1.1huggingface-hub1.17.0 => 1.22.0oc4.21.0 => 4.22.0syft1.44.0 => 1.46.0awscli1.45.18 => 1.45.40coreutils-single9.5-7.el10 => 9.5-8.el10_2kubectl1.36.1 => 1.36.2olot0.1.17 => 0.1.18openssl3.5.5-3.el10_2 => 3.5.5-4.el10_2rsync3.4.1-6.el10_2 => 3.4.4-1.el10_2skopeo1.22.2-1.el10_2 => 1.22.2-2.el10_2tkn0.44.1 => 0.44.2yq4.53.2 => 4.53.3Added
git-lfsto support cloning LFS-enabled repositories in thegit-clone task and its derived production variants.
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.