Update Konflux references

[red-hat-konflux]

This PR contains the following updates:

Package	Change
quay.io/konflux-ci/tekton-catalog/task-build-image-index (source, changelog)	550afde → b33bfa8
quay.io/konflux-ci/tekton-catalog/task-buildah-remote-oci-ta (source, changelog)	f667d11 → 7700725
quay.io/konflux-ci/tekton-catalog/task-clair-scan (source, changelog)	cd49cde → 8fad4c2
quay.io/konflux-ci/tekton-catalog/task-clamav-scan (source, changelog)	171eca5 → 567cb66
quay.io/konflux-ci/tekton-catalog/task-deprecated-image-check (source, changelog)	5ff16b7 → e78d0d3
quay.io/konflux-ci/tekton-catalog/task-ecosystem-cert-preflight-checks (source, changelog)	2468c01 → 88f4fd6
quay.io/konflux-ci/tekton-catalog/task-fbc-fips-check-oci-ta (source, changelog)	54bcb48 → 23c6e30
quay.io/konflux-ci/tekton-catalog/task-fbc-target-index-pruning-check (source, changelog)	fcc6f1b → a7696d9
quay.io/konflux-ci/tekton-catalog/task-fips-operator-bundle-check-oci-ta (source, changelog)	8970351 → 761ad19
quay.io/konflux-ci/tekton-catalog/task-git-clone-oci-ta (source, changelog)	13d49df → d30f13d
quay.io/konflux-ci/tekton-catalog/task-init (source, changelog)	b797dd4 → 5a42324
quay.io/konflux-ci/tekton-catalog/task-prefetch-dependencies-oci-ta (source, changelog)	1b209c0 → 3dc78af
quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan (source, changelog)	ce4bace → 237c54b
quay.io/konflux-ci/tekton-catalog/task-run-opm-command-oci-ta (source, changelog)	c79858b → 6a7c758
quay.io/konflux-ci/tekton-catalog/task-sast-shell-check-oci-ta (source, changelog)	c4ef47e → 3cbb353
quay.io/konflux-ci/tekton-catalog/task-sast-snyk-check-oci-ta (source, changelog)	8f3ecbe → 0ebf28a
quay.io/konflux-ci/tekton-catalog/task-sast-unicode-check-oci-ta (source, changelog)	0854d92 → 2238120
quay.io/konflux-ci/tekton-catalog/task-source-build-oci-ta (source, changelog)	0917cfc → 8567bb7
quay.io/konflux-ci/tekton-catalog/task-validate-fbc (source, changelog)	291cbcc → 1775e82

---

Configuration

📅 Schedule: Branch creation - Between 05:00 AM and 11:59 PM, only on Saturday ( * 5-23 * * 6 ) (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

To execute skipped test pipelines write comment /ok-to-test.

---

Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

[raptorsun]

/lgtm
/retest

[openshift-ci]

New changes are detected. LGTM label has been removed.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 4a6d4f8d-e0a7-4e45-a359-6cd0db2423e6

📥 Commits

Reviewing files that changed from the base of the PR and between 940c4b5 and bc967af.

📒 Files selected for processing (18)

• .tekton/fbc-v4-16-pull-request.yaml
• .tekton/fbc-v4-16-push.yaml
• .tekton/fbc-v4-17-pull-request.yaml
• .tekton/fbc-v4-17-push.yaml
• .tekton/fbc-v4-18-pull-request.yaml
• .tekton/fbc-v4-18-push.yaml
• .tekton/fbc-v4-19-pull-request.yaml
• .tekton/fbc-v4-19-push.yaml
• .tekton/fbc-v4-20-pull-request.yaml
• .tekton/fbc-v4-20-push.yaml
• .tekton/fbc-v4-21-pull-request.yaml
• .tekton/fbc-v4-21-push.yaml
• .tekton/fbc-v4-22-pull-request.yaml
• .tekton/fbc-v4-22-push.yaml
• .tekton/lightspeed-operator-pull-request.yaml
• .tekton/lightspeed-operator-push.yaml
• .tekton/ols-bundle-pull-request.yaml
• .tekton/ols-bundle-push.yaml

✅ Files skipped from review due to trivial changes (1)

• .tekton/fbc-v4-22-push.yaml

🚧 Files skipped from review as they are similar to previous changes (17)

• .tekton/fbc-v4-22-pull-request.yaml
• .tekton/fbc-v4-21-push.yaml
• .tekton/fbc-v4-20-push.yaml
• .tekton/fbc-v4-19-pull-request.yaml
• .tekton/fbc-v4-20-pull-request.yaml
• .tekton/fbc-v4-19-push.yaml
• .tekton/fbc-v4-21-pull-request.yaml
• .tekton/fbc-v4-16-push.yaml
• .tekton/fbc-v4-18-pull-request.yaml
• .tekton/fbc-v4-17-pull-request.yaml
• .tekton/lightspeed-operator-pull-request.yaml
• .tekton/fbc-v4-17-push.yaml
• .tekton/ols-bundle-push.yaml
• .tekton/fbc-v4-16-pull-request.yaml
• .tekton/fbc-v4-18-push.yaml
• .tekton/ols-bundle-pull-request.yaml
• .tekton/lightspeed-operator-push.yaml

---

📝 Walkthrough

Walkthrough

Adds a new PipelineRun parameter sast-target-dirs (string, default ".") to multiple Tekton manifests, wires it into SAST tasks as TARGET_DIRS, and refreshes pinned taskRef bundle digests across many pipeline tasks. No other task wiring or conditional logic changed.

Changes

Tekton Pipeline SAST Configuration and Task Updates

Layer / File(s)

Summary

Pipeline parameter, SAST wiring, and bundle digest refresh .tekton/*-v4-16-{push,pull-request}.yaml, .tekton/*-v4-17-{push,pull-request}.yaml, .tekton/*-v4-18-{push,pull-request}.yaml, .tekton/*-v4-19-{push,pull-request}.yaml, .tekton/*-v4-20-{push,pull-request}.yaml, .tekton/*-v4-21-{push,pull-request}.yaml, .tekton/*-v4-22-{push,pull-request}.yaml, .tekton/lightspeed-operator-{push,pull-request}.yaml, .tekton/ols-bundle-{push,pull-request}.yaml

Defines sast-target-dirs (string, default .) in multiple PipelineRuns, wires TARGET_DIRS into SAST tasks (sast-shell-check, sast-unicode-check, sast-snyk-check where present), and updates pinned taskRef bundle SHA digests across initialization, git clone, prefetch, build/index/source-build, scanning, and validation tasks.

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested reviewers

• joshuawilson
• xrajesh

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Update Konflux references' accurately reflects the main change: updating Tekton task bundle references across multiple pipeline files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch konflux/references/main

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@red-hat-konflux[bot]: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.