Update Konflux references

[red-hat-konflux]

This PR contains the following updates:

Package	Change	Notes
quay.io/konflux-ci/tekton-catalog/task-apply-tags	f44be1b -> ade0bf9
quay.io/konflux-ci/tekton-catalog/task-build-image-index	d94cad7 -> 0e90cf8
quay.io/konflux-ci/tekton-catalog/task-buildah-oci-ta	0.6 -> 0.7	⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta	0.6 -> 0.7	⚠️migration⚠️
quay.io/konflux-ci/tekton-catalog/task-clair-scan	a7cc183 -> 8ec7d7b
quay.io/konflux-ci/tekton-catalog/task-clamav-scan	b0bd597 -> f3d2d17
quay.io/konflux-ci/tekton-catalog/task-coverity-availability-check	db2b267 -> 3640087
quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check	f59175d -> 462baed
quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks	9568c51 -> 04f7559
quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta	3a920a8 -> ea64f5b
quay.io/konflux-ci/tekton-catalog/task-init	bbf313b -> 4072de8
quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta	970285e -> 9dbb38e
quay.io/konflux-ci/tekton-catalog/task-push-dockerfile-oci-ta	14fba04 -> 08bba4a
quay.io/konflux-ci/tekton-catalog/task-sast-coverity-check-oci-ta	cdbe1a9 -> 78f5244
quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta	f950c3c -> d44336d
quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta	181d63c -> 8ad28b7
quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta	1cf8f6f -> e5a8d3e
quay.io/konflux-ci/tekton-catalog/task-slack-webhook-notification	4e68fe2 -> 69945a3
quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta	2a290f9 -> f62ef32

---

Configuration

📅 Schedule: Branch creation - "after 5am on saturday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign paulovmr for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

Hi @red-hat-konflux[bot]. Thanks for your PR.

I'm waiting for a github.com member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Walkthrough

Updated Tekton task bundle image digests across three pipeline configuration files (.tekton/multiarch-pull-request-pipeline.yaml, .tekton/multiarch-push-pipeline.yaml, and .tekton/singlearch-push-pipeline.yaml). All changes replace existing sha256 digests with new values. No structural, control-flow, or behavioral modifications.

Changes

Cohort / File(s)

Summary

Tekton pipeline bundle digest updates .tekton/multiarch-pull-request-pipeline.yaml, .tekton/multiarch-push-pipeline.yaml, .tekton/singlearch-push-pipeline.yaml

Updated sha256 digests for Tekton task bundle references across multiple tasks including Slack notification, init, git-clone-oci-ta, prefetch-dependencies, buildah-remote-oci-ta, build-image-index, source-build-oci-ta, deprecated-image-check, clair-scan, ecosystem-cert-preflight-checks, sast-snyk-check-oci-ta, clamav-scan, sast-coverity-check-oci-ta, coverity-availability-check, sast-shell-check-oci-ta, sast-unicode-check-oci-ta, apply-tags, push-dockerfile-oci-ta, and rpms-signature-scan. No changes to task names, parameters, or control flow.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

• Verify sha256 digests are valid and well-formed
• Confirm digest updates correspond to intended task versions across all three files
• Spot-check for consistency and typos in digest values

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description provides a detailed table of package updates with before/after digests, but omits required sections from the template: How Has This Been Tested and the self-checklist items.	Add the 'How Has This Been Tested?' section with testing details and complete the self-checklist by checking relevant boxes or explaining why they don't apply.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: updating Konflux references (task bundle digests) across Tekton pipeline configuration files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[jiridanek]

/test-e2e

[jiridanek]

/ok-to-test

[jiridanek]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[openshift-ci]

@red-hat-konflux[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/images	496a50c	link	true	/test images

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.