🤖 [RHTAS-build-bot] [release-1.2] Update Component images

[JasonPowr]

This PR contains the following changes

Image	Old SHA	New SHA
registry.redhat.io/rhtas/rekor-search-ui-rhel9	fe31830	2d5b39c
registry.redhat.io/rhtas/fulcio-rhel9	6270ba2	2417087
registry.redhat.io/rhtas/certificate-transparency-rhel9	eb38e98	c7c6f0f
registry.redhat.io/rhtas/client-server-rhel9	1c2201d	c81aaa8
registry.redhat.io/rhtas/timestamp-authority-rhel9	5316035	71a3899
registry.redhat.io/rhtas/rekor-server-rhel9	02fbd47	405b309
registry.redhat.io/rhtas/trillian-logserver-rhel9	12b438e	d5000a4
registry.redhat.io/rhtas/trillian-database-rhel9	6406338	0c9bb35
registry.redhat.io/rhtas/rekor-backfill-redis-rhel9	09b4aee	aa83559
registry.redhat.io/rhtas/segment-reporting-rhel9	c22cdb9	aaa6ddc
registry.redhat.io/rhtas/trillian-logsigner-rhel9	1d782a1	c95a757
registry.redhat.io/rhtas/tuffer-rhel9	a93df32	0c30481
registry.redhat.io/rhtas/trillian-redis-rhel9	fc018a4	880b92a

---

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Synchronize RHTAS component image digests by updating SHA references in both default and internal environment configuration files.

File-Level Changes

Change	Details	Files
Updated RHTAS component image digests	rekor-search-ui: fe31830 → 05e1a6f fulcio: 6270ba2 → 85f602f certificate-transparency: eb38e98 → 651a5a4 client-server: 1c2201d → f95046a timestamp-authority: 5316035 → be62342 rekor-server: 02fbd47 → af2a790 trillian-logserver: 12b438e → bf52213 trillian-database: 6406338 → 275c853 rekor-backfill-redis: 09b4aee → 1e98cb1 segment-reporting: c22cdb9 → e1790a0 trillian-logsigner: 1d782a1 → 8df6045 tuffer: a93df32 → 67c4e51 trillian-redis: fc018a4 → eac4382	config/default/images.env internal/images/images.env

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey there - I've reviewed your changes - here's some feedback:

• Verify that deployment configurations (e.g., Helm charts or Kubernetes manifests) are referencing these updated SHAs to ensure they’re actually being used.
• Consider centralizing image SHA definitions to a single file or templating mechanism to avoid maintaining duplicated entries across config/default and internal/images.env.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- Verify that deployment configurations (e.g., Helm charts or Kubernetes manifests) are referencing these updated SHAs to ensure they’re actually being used.
- Consider centralizing image SHA definitions to a single file or templating mechanism to avoid maintaining duplicated entries across config/default and internal/images.env.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[qodo-merge-pro]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed
⚪	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: No runtime code: The PR only updates image digest environment variables and does not add or modify application logic where auditing could be implemented or evaluated. Referred Code RELATED_IMAGE_TRILLIAN_LOG_SIGNER=registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8df604518ee7386685697830489d1d0d5c944cacb2296b12392439d9c30aa376 RELATED_IMAGE_TRILLIAN_LOG_SERVER=registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:bf52213433e1bf4a62a9567689ceb85c0cce5f23764fb9075585492318d8f710 RELATED_IMAGE_TRILLIAN_DB=registry.redhat.io/rhtas/trillian-database-rhel9@sha256:275c85358945e72696c9543c6b6d31dd9e934daa16d7864213448bf38fec6d0a RELATED_IMAGE_TRILLIAN_NETCAT=registry.redhat.io/openshift4/ose-tools-rhel9@sha256:f97d492713266a4840e090322e73bc576e1bf9fffbe544e3b1f2bb87d3a4c49a RELATED_IMAGE_FULCIO_SERVER=registry.redhat.io/rhtas/fulcio-rhel9@sha256:85f602f5cd1642d687a448f2a819245f477cfd82ab840f9825d0de4d6dba1c24 RELATED_IMAGE_REKOR_REDIS=registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:eac4382a9eb32371c9d0374680b060bcdadacf11791a113290258e4d15eabe2b RELATED_IMAGE_REKOR_SERVER=registry.redhat.io/rhtas/rekor-server-rhel9@sha256:af2a7907c2a4578c92622b024cfc7ca0061750b7d2306c032ac8a538695c635c RELATED_IMAGE_REKOR_SEARCH_UI=registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:05e1a6f982efa42f0d55c27a078de393f64408996bcaaabe4694f7725ca2a84f RELATED_IMAGE_BACKFILL_REDIS=registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:1e98cb18937a89462965dca898904d632011c515ae245e25d591f321548a0974 RELATED_IMAGE_TUF=registry.redhat.io/rhtas/tuffer-rhel9@sha256:67c4e5112658294c8e1b417f586aac7e8ec8f7c0492f81d9024da5a1a3283206 RELATED_IMAGE_CTLOG=registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:651a5a412592819a96051ebaf39d02e24c61a1064c0236b01a0777297b66a685 RELATED_IMAGE_HTTP_SERVER=registry.redhat.io/ubi9/httpd-24@sha256:86a1a8b0d12c31c007dd411f7076a0cab2cc952ab8a0de74666fa09900c9fb86 RELATED_IMAGE_SEGMENT_REPORTING=registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:e1790a0cac5eadef484e10d8f3f7ef6af9bdfabec4ab9fcc35c5ebd42b0205b3 RELATED_IMAGE_TIMESTAMP_AUTHORITY=registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:be623422f3f636c39397a66416b02a79f1d59cf593ca258e1701d1728755dde9 RELATED_IMAGE_CLIENT_SERVER=registry.redhat.io/rhtas/client-server-rhel9@sha256:f95046aba6fee4259df560bc1e69e83063b7a9b67e63efe43d4a46580b1809ae
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Not applicable here: Only environment variable values are updated; no error handling logic is introduced or modified in this diff to assess compliance. Referred Code RELATED_IMAGE_TRILLIAN_LOG_SIGNER=registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8df604518ee7386685697830489d1d0d5c944cacb2296b12392439d9c30aa376 RELATED_IMAGE_TRILLIAN_LOG_SERVER=registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:bf52213433e1bf4a62a9567689ceb85c0cce5f23764fb9075585492318d8f710 RELATED_IMAGE_TRILLIAN_DB=registry.redhat.io/rhtas/trillian-database-rhel9@sha256:275c85358945e72696c9543c6b6d31dd9e934daa16d7864213448bf38fec6d0a RELATED_IMAGE_TRILLIAN_NETCAT=registry.redhat.io/openshift4/ose-tools-rhel9@sha256:f97d492713266a4840e090322e73bc576e1bf9fffbe544e3b1f2bb87d3a4c49a RELATED_IMAGE_FULCIO_SERVER=registry.redhat.io/rhtas/fulcio-rhel9@sha256:85f602f5cd1642d687a448f2a819245f477cfd82ab840f9825d0de4d6dba1c24 RELATED_IMAGE_REKOR_REDIS=registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:eac4382a9eb32371c9d0374680b060bcdadacf11791a113290258e4d15eabe2b RELATED_IMAGE_REKOR_SERVER=registry.redhat.io/rhtas/rekor-server-rhel9@sha256:af2a7907c2a4578c92622b024cfc7ca0061750b7d2306c032ac8a538695c635c RELATED_IMAGE_REKOR_SEARCH_UI=registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:05e1a6f982efa42f0d55c27a078de393f64408996bcaaabe4694f7725ca2a84f RELATED_IMAGE_BACKFILL_REDIS=registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:1e98cb18937a89462965dca898904d632011c515ae245e25d591f321548a0974 RELATED_IMAGE_TUF=registry.redhat.io/rhtas/tuffer-rhel9@sha256:67c4e5112658294c8e1b417f586aac7e8ec8f7c0492f81d9024da5a1a3283206 RELATED_IMAGE_CTLOG=registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:651a5a412592819a96051ebaf39d02e24c61a1064c0236b01a0777297b66a685 RELATED_IMAGE_HTTP_SERVER=registry.redhat.io/ubi9/httpd-24@sha256:86a1a8b0d12c31c007dd411f7076a0cab2cc952ab8a0de74666fa09900c9fb86 RELATED_IMAGE_SEGMENT_REPORTING=registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:e1790a0cac5eadef484e10d8f3f7ef6af9bdfabec4ab9fcc35c5ebd42b0205b3 RELATED_IMAGE_TIMESTAMP_AUTHORITY=registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:be623422f3f636c39397a66416b02a79f1d59cf593ca258e1701d1728755dde9 RELATED_IMAGE_CLIENT_SERVER=registry.redhat.io/rhtas/client-server-rhel9@sha256:f95046aba6fee4259df560bc1e69e83063b7a9b67e63efe43d4a46580b1809ae
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: No user errors: The changes only update image references and do not affect user-facing error messages, so compliance cannot be determined from this diff. Referred Code RELATED_IMAGE_TRILLIAN_LOG_SIGNER=registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8df604518ee7386685697830489d1d0d5c944cacb2296b12392439d9c30aa376 RELATED_IMAGE_TRILLIAN_LOG_SERVER=registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:bf52213433e1bf4a62a9567689ceb85c0cce5f23764fb9075585492318d8f710 RELATED_IMAGE_TRILLIAN_DB=registry.redhat.io/rhtas/trillian-database-rhel9@sha256:275c85358945e72696c9543c6b6d31dd9e934daa16d7864213448bf38fec6d0a RELATED_IMAGE_TRILLIAN_NETCAT=registry.redhat.io/openshift4/ose-tools-rhel9@sha256:f97d492713266a4840e090322e73bc576e1bf9fffbe544e3b1f2bb87d3a4c49a RELATED_IMAGE_FULCIO_SERVER=registry.redhat.io/rhtas/fulcio-rhel9@sha256:85f602f5cd1642d687a448f2a819245f477cfd82ab840f9825d0de4d6dba1c24 RELATED_IMAGE_REKOR_REDIS=registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:eac4382a9eb32371c9d0374680b060bcdadacf11791a113290258e4d15eabe2b RELATED_IMAGE_REKOR_SERVER=registry.redhat.io/rhtas/rekor-server-rhel9@sha256:af2a7907c2a4578c92622b024cfc7ca0061750b7d2306c032ac8a538695c635c RELATED_IMAGE_REKOR_SEARCH_UI=registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:05e1a6f982efa42f0d55c27a078de393f64408996bcaaabe4694f7725ca2a84f RELATED_IMAGE_BACKFILL_REDIS=registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:1e98cb18937a89462965dca898904d632011c515ae245e25d591f321548a0974 RELATED_IMAGE_TUF=registry.redhat.io/rhtas/tuffer-rhel9@sha256:67c4e5112658294c8e1b417f586aac7e8ec8f7c0492f81d9024da5a1a3283206 RELATED_IMAGE_CTLOG=registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:651a5a412592819a96051ebaf39d02e24c61a1064c0236b01a0777297b66a685 RELATED_IMAGE_HTTP_SERVER=registry.redhat.io/ubi9/httpd-24@sha256:86a1a8b0d12c31c007dd411f7076a0cab2cc952ab8a0de74666fa09900c9fb86 RELATED_IMAGE_SEGMENT_REPORTING=registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:e1790a0cac5eadef484e10d8f3f7ef6af9bdfabec4ab9fcc35c5ebd42b0205b3 RELATED_IMAGE_TIMESTAMP_AUTHORITY=registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:be623422f3f636c39397a66416b02a79f1d59cf593ca258e1701d1728755dde9 RELATED_IMAGE_CLIENT_SERVER=registry.redhat.io/rhtas/client-server-rhel9@sha256:f95046aba6fee4259df560bc1e69e83063b7a9b67e63efe43d4a46580b1809ae
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Config only change: The diff only updates container image digests and does not modify any input handling code, so validation and data-handling compliance cannot be assessed here. Referred Code RELATED_IMAGE_TRILLIAN_LOG_SIGNER=registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:8df604518ee7386685697830489d1d0d5c944cacb2296b12392439d9c30aa376 RELATED_IMAGE_TRILLIAN_LOG_SERVER=registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:bf52213433e1bf4a62a9567689ceb85c0cce5f23764fb9075585492318d8f710 RELATED_IMAGE_TRILLIAN_DB=registry.redhat.io/rhtas/trillian-database-rhel9@sha256:275c85358945e72696c9543c6b6d31dd9e934daa16d7864213448bf38fec6d0a RELATED_IMAGE_TRILLIAN_NETCAT=registry.redhat.io/openshift4/ose-tools-rhel9@sha256:f97d492713266a4840e090322e73bc576e1bf9fffbe544e3b1f2bb87d3a4c49a RELATED_IMAGE_FULCIO_SERVER=registry.redhat.io/rhtas/fulcio-rhel9@sha256:85f602f5cd1642d687a448f2a819245f477cfd82ab840f9825d0de4d6dba1c24 RELATED_IMAGE_REKOR_REDIS=registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:eac4382a9eb32371c9d0374680b060bcdadacf11791a113290258e4d15eabe2b RELATED_IMAGE_REKOR_SERVER=registry.redhat.io/rhtas/rekor-server-rhel9@sha256:af2a7907c2a4578c92622b024cfc7ca0061750b7d2306c032ac8a538695c635c RELATED_IMAGE_REKOR_SEARCH_UI=registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:05e1a6f982efa42f0d55c27a078de393f64408996bcaaabe4694f7725ca2a84f RELATED_IMAGE_BACKFILL_REDIS=registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:1e98cb18937a89462965dca898904d632011c515ae245e25d591f321548a0974 RELATED_IMAGE_TUF=registry.redhat.io/rhtas/tuffer-rhel9@sha256:67c4e5112658294c8e1b417f586aac7e8ec8f7c0492f81d9024da5a1a3283206 RELATED_IMAGE_CTLOG=registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:651a5a412592819a96051ebaf39d02e24c61a1064c0236b01a0777297b66a685 RELATED_IMAGE_HTTP_SERVER=registry.redhat.io/ubi9/httpd-24@sha256:86a1a8b0d12c31c007dd411f7076a0cab2cc952ab8a0de74666fa09900c9fb86 RELATED_IMAGE_SEGMENT_REPORTING=registry.redhat.io/rhtas/segment-reporting-rhel9@sha256:e1790a0cac5eadef484e10d8f3f7ef6af9bdfabec4ab9fcc35c5ebd42b0205b3 RELATED_IMAGE_TIMESTAMP_AUTHORITY=registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:be623422f3f636c39397a66416b02a79f1d59cf593ca258e1701d1728755dde9 RELATED_IMAGE_CLIENT_SERVER=registry.redhat.io/rhtas/client-server-rhel9@sha256:f95046aba6fee4259df560bc1e69e83063b7a9b67e63efe43d4a46580b1809ae
Update

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-merge-pro]

PR Code Suggestions ✨

No code suggestions found for the PR.

[qodo-merge-pro]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Build-fbc

Failed stage: Build catalog [❌]

Failure summary: The action failed while validating/processing the Operator index (OLM bundle) for package rhtas-operator on channel stable. - Fatal error: multiple channel heads found in the graph for stable: rhtas-operator.v1.2.0 and rhtas-operator.v1.2.1 (a channel must have exactly one head). - The index tool aborted with "invalid index" and exit code 1, causing the workflow to fail. - Note: Log also indicates rhtas-operator.v1.0.2 is deprecated and suggests upgrading to rhtas-operator.v1.1.1, but the failure is due to the duplicate channel heads, not deprecation.

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 508: }, 509: { 510: "reference": { 511: "schema": "olm.bundle", 512: "name": "rhtas-operator.v1.0.2" 513: }, 514: "message": "rhtas-operator.v1.0.2 is deprecated. Uninstall and install rhtas-operator.v1.1.1 for support." 515: } 516: ] 517: } 518: { 519: "schema": "olm.bundle", 520: "image": "ttl.sh/securesign/bundle-secure-sign-6742:1h" 521: } 522: time="2025-11-04T16:00:39Z" level=fatal msg="invalid index:\n└── invalid package \"rhtas-operator\":\n └── invalid channel \"stable\":\n └── multiple channel heads found in graph: rhtas-operator.v1.2.0, rhtas-operator.v1.2.1" 523: ##[error]Process completed with exit code 1. 524: Post job cleanup.