chore(deps): update konflux references

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Notes
quay.io/konflux-ci/tekton-catalog/task-apply-tags (source, changelog)	510b6d2 → a291081
quay.io/konflux-ci/tekton-catalog/task-build-image-index (source, changelog)	0.2 → 0.3	⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta (source, changelog)	ce89532 → 681d9f6
quay.io/konflux-ci/tekton-catalog/task-clair-scan (source, changelog)	59dec30 → cd49cde
quay.io/konflux-ci/tekton-catalog/task-clamav-scan (source, changelog)	9f18b21 → 567cb66
quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check (source, changelog)	de35caf → 8b50144
quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check (source, changelog)	5ff16b7 → 57d1f55
quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks (source, changelog)	b4ac586 → 25dcef1
quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta (source, changelog)	2c388d2 → 13d49df
quay.io/konflux-ci/tekton-catalog/task-init (source, changelog)	288f310 → b797dd4
quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta (source, changelog)	a579d00 → 1b209c0
quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta (source, changelog)	1bc2d0f → 7855471
quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan (source, changelog)	35a4ccd → 1d807f6
quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta (source, changelog)	47f4e2d → e92d00e
quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta (source, changelog)	6f047f5 → c4ef47e
quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta (source, changelog)	d83becb → 8f3ecbe
quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta (source, changelog)	5500681 → 90efa58
quay.io/konflux-ci/tekton-catalog/task-show-sbom (source, changelog)	04994df → a7346ed
quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta (source, changelog)	362f047 → 0917cfc

---

Release Notes

konflux-ci/build-definitions (quay.io/konflux-ci/tekton-catalog/task-build-image-index)

v0.3

Changed

• The task now uses konflux-build-cli for the build step instead of an inline bash
  implementation. This provides more robust error handling and simplified maintenance.
• When ALWAYS_BUILD_INDEX is false and multiple images are provided, the task now
  creates an image index instead of failing. The previous behavior (failing with an error)
  was not useful.
• Image reference validation is now stricter and will fail earlier for invalid formats.

Removed

• COMMIT_SHA parameter (was not used by the task implementation)
• IMAGE_EXPIRES_AFTER parameter (was not used by the task implementation)

Added

• Started tracking changes in this file.

---

Configuration

📅 Schedule: Branch creation - Between 05:00 AM and 11:59 PM, only on Saturday ( * 5-23 * * 6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Updated two Tekton PipelineRun YAMLs to bump several taskRef.bundle SHA256 digests (most tags unchanged), advance task-build-image-index tag from 0.2 → 0.3, and remove COMMIT_SHA and IMAGE_EXPIRES_AFTER parameter bindings from the build-image-index task invocation.

Changes

Cohort / File(s)

Summary

Tekton PipelineRun digest pins .tekton/widget-layout-backend-cfb93-pull-request.yaml, .tekton/widget-layout-backend-cfb93-push.yaml

Updated pinned taskRef.bundle SHA256 digests for multiple Tekton tasks while keeping task names and most bundle tags. In ...-push.yaml the task-build-image-index bundle tag was bumped from 0.2 → 0.3. Removed COMMIT_SHA ($(tasks.clone-repository.results.commit)) and IMAGE_EXPIRES_AFTER ($(params.image-expires-after)) parameter bindings from the build-image-index task; remaining params are IMAGE, ALWAYS_BUILD_INDEX, IMAGES, and BUILDAH_FORMAT.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	PR description lacks required sections from template: missing RHCLOUD issue reference, testing instructions, reviewer notes, and checklist.	Add RHCLOUD issue link, testing instructions, reviewer notes about COMMIT_SHA/IMAGE_EXPIRES_AFTER removal, and complete the checklist items.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'chore(deps): update konflux references' clearly and concisely describes the main change: updating multiple Konflux/Tekton task image digests and bundle references.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/references/master

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}