From ed09b2f4719db413e7eed5645dd8851b51bbbc08 Mon Sep 17 00:00:00 2001
From: Misha Sugakov <537715+msugakov@users.noreply.github.com>
Date: Thu, 2 Jan 2025 13:57:29 +0100
Subject: [PATCH] ROX-27480: Use new revision of the fetch task (#1751)

---
 .konflux/scripts/fetch-scanner-data.sh  | 57 -------------------------
 .tekton/scanner-component-pipeline.yaml |  4 +-
 2 files changed, 2 insertions(+), 59 deletions(-)
 delete mode 100755 .konflux/scripts/fetch-scanner-data.sh

diff --git a/.konflux/scripts/fetch-scanner-data.sh b/.konflux/scripts/fetch-scanner-data.sh
deleted file mode 100755
index eae54ec16..000000000
--- a/.konflux/scripts/fetch-scanner-data.sh
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/usr/bin/env bash
-
-# This script is for downloading Scanner/Scanner-DB blobs that should be included in the container image.
-
-set -euo pipefail
-
-if [[ "$#" -lt "1" ]]; then
-  >&2 echo "Error: please pass target directory and blob filename(s) as command line arguments."
-  >&2 echo "For example:"
-  >&2 echo "    $(basename "${BASH_SOURCE[0]}") $(pwd) nvd-definitions.zip k8s-definitions.zip repo2cpe.zip genesis_manifests.json"
-  exit 1
-fi
-
-TARGET_DIR="$1"
-shift
-
-blobs=( "$@" )
-
-# Ensure that we download scanner data for a release if this is a tagged build.
-
-# First, try take git tag if it's a tagged commit.
-tag="$(git tag --points-at)"
-if [[ -z "${tag}" ]]; then
-  # If not, use latest.
-  SCANNER_DATA_VERSION="latest"
-  RETRY_TIMES=4
-elif [[ "$(wc -l <<< "${tag}")" -eq 1 ]]; then
-  # If there is exactly one tag on the commit, use that.
-  SCANNER_DATA_VERSION="${tag}"
-  RETRY_TIMES=1000
-else
-  >&2 echo -e "Error: the HEAD commit has multiple tags, don't know which one to choose:\n${tag}"
-  exit 5
-fi
-
-for blob in "${blobs[@]}"; do
-
-  url="https://storage.googleapis.com/definitions.stackrox.io/scanner-data/${SCANNER_DATA_VERSION}/${blob}"
-  dest="${TARGET_DIR}/blob-${blob}"
-
-  echo """
-Downloading ${url} > ${dest}, retrying ${RETRY_TIMES} times or until aborted by task timeout...
-If the download times out for a tagged build, it is likely because the blobs were not published by the GitHub Workflow.
-This usually takes about 1 hour after the tag is pushed.
-Go to https://github.com/stackrox/scanner/actions to debug.
-  """
-  curl --fail --no-progress-bar --show-error --retry "${RETRY_TIMES}" --retry-delay 10 --retry-all-errors \
-    --output "${dest}" \
-    "${url}"
-
-done
-
-if [[ "${#blobs[@]}" == "0" ]]; then
-  echo "No blobs specified in arguments. Will not download anything."
-fi
-
-echo "Done"
diff --git a/.tekton/scanner-component-pipeline.yaml b/.tekton/scanner-component-pipeline.yaml
index c71b5421d..6967eb8c4 100644
--- a/.tekton/scanner-component-pipeline.yaml
+++ b/.tekton/scanner-component-pipeline.yaml
@@ -200,7 +200,7 @@ spec:
       - name: name
         value: determine-image-tag
       - name: bundle
-        value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:886e1482c717078d11ba7c5d6fc4e8013e3740b4d1282ebe5534db62c9f19428
+        value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:940ba1653aed38d3dabd4751ce841750ce4eb03fb01968218787442d4b8676d7
       - name: kind
         value: task
       resolver: bundles
@@ -222,7 +222,7 @@ spec:
       - name: name
         value: fetch-scanner-v2-data
       - name: bundle
-        value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:886e1482c717078d11ba7c5d6fc4e8013e3740b4d1282ebe5534db62c9f19428
+        value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:940ba1653aed38d3dabd4751ce841750ce4eb03fb01968218787442d4b8676d7
       - name: kind
         value: task
       resolver: bundles