From 8acbc18c63ecec9a048271816494f5bf57580ecb Mon Sep 17 00:00:00 2001 From: Tim Carter Date: Fri, 25 Oct 2024 14:57:01 +1100 Subject: [PATCH] Enable hermetic mode. --- deploy/tasks/buildah-oci-ta.yaml | 1 - pkg/reconciler/dependencybuild/buildrecipeyaml.go | 7 +++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/deploy/tasks/buildah-oci-ta.yaml b/deploy/tasks/buildah-oci-ta.yaml index ccef89b92..b83df09f4 100644 --- a/deploy/tasks/buildah-oci-ta.yaml +++ b/deploy/tasks/buildah-oci-ta.yaml @@ -524,7 +524,6 @@ spec: capabilities: add: - SETFCAP - - NET_ADMIN - name: sbom-syft-generate image: registry.access.redhat.com/rh-syft-tech-preview/syft-rhel9:1.4.1@sha256:34d7065427085a31dc4949bd283c001b91794d427e1e4cdf1b21ea4faf9fee3f workingDir: /var/workdir/source diff --git a/pkg/reconciler/dependencybuild/buildrecipeyaml.go b/pkg/reconciler/dependencybuild/buildrecipeyaml.go index fdfa314cc..007f0fee5 100644 --- a/pkg/reconciler/dependencybuild/buildrecipeyaml.go +++ b/pkg/reconciler/dependencybuild/buildrecipeyaml.go @@ -530,6 +530,13 @@ func createPipelineSpec(log logr.Logger, tool string, commitTime int64, jbsConfi StringVal: domainProxyImage, }, }, + { + Name: "HERMETIC", + Value: tektonpipeline.ParamValue{ + Type: tektonpipeline.ParamTypeString, + StringVal: "true", + }, + }, }, }}, ps.Tasks...)