[bot:main] update konflux configuration

Author: openshift-pipelines-bot

.github/workflows/auto-merge-upstream-main.yaml

@@ -0,0 +1,29 @@
+# Generated for Konflux Application openshift-pipelines-core-main by openshift-pipelines/hack. DO NOT EDIT
+name: auto-merge-upstream-main
+
+on:
+  workflow_dispatch: {}
+  schedule:
+  - cron: "*/30 * * * *" # At every 30 minutes
+
+jobs:
+  auto-approve:
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'openshift-pipelines' # do not run this elsewhere
+    permissions:
+      pull-requests: write
+    steps:
+    - name: Checkout the current repo
+      uses: actions/checkout@v4
+    - name: auto-merge-upstream-main
+      run: |
+        gh auth status
+        git config user.name openshift-pipelines-bot
+        git config user.email [email protected]
+        # Approve and merge pull-request with no reviews
+        for p in $(gh pr list --search "head:actions/update/sources-main" --json "number" | jq ".[].number"); do
+          gh pr merge --rebase --delete-branch --auto $p
+        done
+      env:
+        GH_TOKEN: ${{ secrets.OPENSHIFT_PIPELINES_ROBOT }}
+

.github/workflows/update-sources-main.yaml

@@ -0,0 +1,75 @@
+# Generated for Konflux Application openshift-pipelines-core-main by openshift-pipelines/hack. DO NOT EDIT
+name: update-sources-main
+
+on:
+  workflow_dispatch: {}
+  schedule:
+  - cron: "0 1 * * *" # At 1AM everyday
+
+jobs:
+
+  update-sources:
+    runs-on: ubuntu-latest
+    if: github.repository_owner == 'openshift-pipelines' # do not run this elsewhere
+    permissions:
+      contents: write
+      pull-requests: write
+    steps:
+    - name: Checkout the current repo
+      uses: actions/checkout@v4
+      with:
+        ref: main
+
+    - name: Clone tektoncd/chains
+      run: |
+        rm -fR upstream
+        git clone https://github.com/tektoncd/chains upstream
+        pushd upstream
+        git checkout -B main origin/main
+        popd
+
+
+    - name: Commit new changes
+      run: |
+        git config user.name openshift-pipelines-bot
+        git config user.email [email protected]
+        git checkout -b actions/update/sources-main
+        touch head
+        pushd upstream
+        OLD_COMMIT=$(cat ../head)
+        NEW_COMMIT=$(git rev-parse HEAD)
+        echo Previous commit: ${OLD_COMMIT}
+        git show --stat ${OLD_COMMIT}
+        echo New commit: ${NEW_COMMIT}
+        git show --stat ${NEW_COMMIT}
+        git diff --stat ${NEW_COMMIT}..${OLD_COMMIT} > /tmp/diff.txt
+        git rev-parse HEAD > ../head
+        popd
+        rm -rf upstream/.git
+        git add -f upstream head .konflux
+
+        if [[ -z $(git status --porcelain --untracked-files=no) ]]; then
+          echo "No change, exiting"
+          exit 0
+        fi
+
+        git commit -F- <<EOF
+        [bot] Update main from tektoncd/chains to ${NEW_COMMIT}
+
+            $ git diff --stat ${NEW_COMMIT}..${OLD_COMMIT}
+        $(cat /tmp/diff.txt | sed 's/^/    /' | head -c 55555)
+        
+        https://github.com/tektoncd/chains/compare/${NEW_COMMIT}..${OLD_COMMIT}
+        EOF
+        
+        git push -f origin actions/update/sources-main
+
+        if [ "$(gh pr list --base main --head actions/update/sources-main --json url --jq 'length')" = "0" ]; then
+          echo "creating PR..."
+          gh pr create -B main -H actions/update/sources-main --label=automated --label=upstream --fill
+        else
+          echo "a PR already exists, editing..."
+          gh pr edit --title "[bot] Update main from tektoncd/chains to ${NEW_COMMIT}" --body "$(cat /tmp/diff.txt | sed 's/^/    /' | head -c 55555)"
+        fi
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.tekton/tektoncd-chains-main-controller-pull-request.yaml

@@ -0,0 +1,51 @@
+# Generated for Konflux Application openshift-pipelines-core-main by openshift-pipelines/hack. DO NOT EDIT
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  annotations:
+    #pipelinesascode.tekton.dev/cancel-in-progress: "true" # Cancel in-progress pipelines
+    pipelinesascode.tekton.dev/pipeline: "https://raw.githubusercontent.com/openshift-pipelines/operator/refs/heads/main/.tekton/docker-build-ta.yaml"
+    build.appstudio.openshift.io/repo: https://github.com/openshift-pipelines/tektoncd-chains.git?rev={{revision}}
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/pull_request_number: '{{pull_request_number}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    pipelinesascode.tekton.dev/max-keep-runs: "3"
+    pipelinesascode.tekton.dev/on-cel-expression: event == "pull_request" && target_branch
+      == "main" &&
+      ("upstream/***".pathChanged() || ".konflux/patches/***".pathChanged() || ".konflux/rpms/***".pathChanged() ||
+      ".konflux/dockerfiles/controller.Dockerfile".pathChanged() ||
+      ".tekton/tektoncd-chains-main-controller-pull-request.yaml".pathChanged())
+  creationTimestamp: null
+  labels:
+    appstudio.openshift.io/application: openshift-pipelines-core-main
+    appstudio.openshift.io/component: tektoncd-chains-main-controller
+    pipelines.appstudio.openshift.io/type: build
+  name: tektoncd-chains-main-controller-on-pull-request
+  namespace: tekton-ecosystem-tenant
+spec:
+  params:
+  - name: git-url
+    value: '{{source_url}}'
+  - name: revision
+    value: '{{revision}}'
+  - name: output-image
+    value: quay.io/redhat-user-workloads/tekton-ecosystem-tenant/main/chains-controller-rhel9:on-pr-{{revision}}
+  - name: image-expires-after
+    value: 5d
+  - name: dockerfile
+    value: .konflux/dockerfiles/controller.Dockerfile
+  - name: build-platforms
+    value:
+    - linux/x86_64
+  - name: prefetch-input
+    value: |
+      {"type": "rpm", "path": ".konflux/rpms"}
+  pipelineRef:
+    name: docker-build-ta
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-tektoncd-chains-main-controller
+  workspaces:
+  - name: git-auth
+    secret:
+      secretName: '{{ git_auth_secret }}'
+status: {}

.tekton/tektoncd-chains-main-controller-push.yaml

@@ -0,0 +1,49 @@
+# Generated for Konflux Application openshift-pipelines-core-main by openshift-pipelines/hack. DO NOT EDIT
+apiVersion: tekton.dev/v1
+kind: PipelineRun
+metadata:
+  annotations:
+    pipelinesascode.tekton.dev/cancel-in-progress: "true" # Cancel in-progress pipelines
+    pipelinesascode.tekton.dev/pipeline: "https://raw.githubusercontent.com/openshift-pipelines/operator/refs/heads/main/.tekton/docker-build-ta.yaml"
+    build.appstudio.openshift.io/repo: https://github.com/openshift-pipelines/tektoncd-chains.git?rev={{revision}}
+    build.appstudio.redhat.com/commit_sha: '{{revision}}'
+    build.appstudio.redhat.com/target_branch: '{{target_branch}}'
+    pipelinesascode.tekton.dev/max-keep-runs: "3"
+    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch
+      == "main" &&
+      ("upstream/***".pathChanged() || ".konflux/patches/***".pathChanged() || ".konflux/rpms/***".pathChanged() ||
+      ".konflux/dockerfiles/controller.Dockerfile".pathChanged() ||
+      ".tekton/tektoncd-chains-main-controller-push.yaml".pathChanged())
+  creationTimestamp: null
+  labels:
+    appstudio.openshift.io/application: openshift-pipelines-core-main
+    appstudio.openshift.io/component: tektoncd-chains-main-controller
+    pipelines.appstudio.openshift.io/type: build
+  name: tektoncd-chains-main-controller-on-push
+  namespace: tekton-ecosystem-tenant
+spec:
+  params:
+  - name: git-url
+    value: '{{source_url}}'
+  - name: revision
+    value: '{{revision}}'
+  - name: output-image
+    value: quay.io/redhat-user-workloads/tekton-ecosystem-tenant/main/chains-controller-rhel9:{{revision}}
+  - name: dockerfile
+    value: .konflux/dockerfiles/controller.Dockerfile
+  - name: build-platforms
+    value:
+      - linux/x86_64
+      - linux-m2xlarge/arm64
+  - name: prefetch-input
+    value: |
+      {"type": "rpm", "path": ".konflux/rpms"}
+  pipelineRef:
+    name: docker-build-ta
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-tektoncd-chains-main-controller
+  workspaces:
+  - name: git-auth
+    secret:
+      secretName: '{{ git_auth_secret }}'
+status: {}