Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From rhdh
Bumps Konflux Tekton task digests, applies MIGRATION.md pipeline fixes, and regenerates PipelineRuns for rhdh-plugin-catalog and RHDH midstream repos.
npx claudepluginhub redhat-developer/rhdh-skill --plugin rhdhHow this skill is triggered — by the user, by Claude, or both
Slash command
/rhdh:konflux-tekton-updatesThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
After a **minor** Konflux task tag bump, update `.tekton` pipelines and generators so builds keep working. Apply what each `MIGRATION.md` says; do **not** add drift tests that block future Konflux updates.
Constructs GitOps workflows using ArgoCD or Flux for Kubernetes. Generates manifests, sync policies, multi-environment promotion, RBAC, notifications, and CI updates for secure continuous deployment.
Implements GitOps continuous delivery with Argo CD or Flux: app-of-apps patterns, automated sync policies, drift detection, multi-environment promotion. For declarative Kubernetes management from Git.
Share bugs, ideas, or general feedback.
After a minor Konflux task tag bump, update .tekton pipelines and generators so builds keep working. Apply what each MIGRATION.md says; do not add drift tests that block future Konflux updates.
skopeo, jq (>= 1.7), yq. Optional: gh for PR creation from scripts.
| Script | Flag | Effect |
|---|---|---|
updateDigests.sh | --no-push / --nopush (-p) | Commit locally; no push/PR |
updateDigests.sh | --minor | Disables push; use with --no-push for clarity |
updateDigests.sh | --no-commit / -n | Preview only |
generatePipelineRunsForPlugins.sh | --nopush | Commit locally; no push |
generatePipelineRunsForPlugins.sh | --nocommit | Write YAML only |
generatePipelineRuns.sh does not commit or push.
Do not run digest/generator scripts without --no-push / --nopush unless the user explicitly requests a push.
| Marker in repo | Read |
|---|---|
.tekton/generatePipelineRunsForPlugins.sh | references/plugin-catalog.md |
.tekton-templates/rhdh-pipeline.yaml | references/rhdh-midstream.md — variant A (unified) |
.tekton-templates/rhdh-hub.yaml (no rhdh-pipeline.yaml) | references/rhdh-midstream.md — variant B (1.9 shared build-pipeline) |
If both plugin-catalog and midstream markers exist, apply changes only for the repo/branch you are on.
cd .tekton
./updateDigests.sh --minor --no-push
tag@sha256 in .tekton/*.yaml and .tekton-templates/*.yaml (via TEMPLATEPATH)..tekton/build-pipeline-rhdh-*.yaml.MIGRATION.md URLs under konflux-ci/build-definitions../updateDigests.sh --no-push -qReview git diff for quay.io/konflux-ci/tekton-catalog/task-* changes.
For each URL from updateDigests.sh (or from the diff):
MIGRATION.md.If PLRs still contain removed params (e.g. dev-package-managers) but templates are fixed, migrations are incomplete until step 3.
Always run after template or shared-pipeline migration edits (not optional when params changed):
cd .tekton
./generatePipelineRuns.sh -t <version>
| Branch example | -t value | PLR suffix |
|---|---|---|
rhdh-1-rhel-9 | 1 | rhdh-hub-1-push.yaml |
rhdh-1.9-rhel-9 | 1.9 | rhdh-hub-1-9-push.yaml |
rhdh-1.10-rhel-9 | 1.10 | rhdh-hub-1-10-push.yaml |
rhdh-rag-content-<N>-{push,pull}.yaml by hand (inline pipelineSpec, not generated).rhdh-hub.yaml / rhdh-operator.yaml; build-pipeline-*.yaml is edited directly, not by the generator.Commit migration + regen locally when ready; do not push until human review.
Human reviews the full diff (digest commit plus any migration/regen commits), then git push or opens a PR.
Use live MIGRATION.md as source of truth. Common cases:
| Task | Action |
|---|---|
prefetch-dependencies-oci-ta 0.2→0.3 | Remove dev-package-managers; add pipeline param enable-package-registry-proxy (default "true") and pass to prefetch task. Variant B: also add param on build-pipeline-rhdh-{hub,operator}.yaml tasks prefetch-dependencies-hub / prefetch-dependencies-operator, and on PLR spec.params in rhdh-hub.yaml / rhdh-operator.yaml. |
build-image-index 0.2→0.3 | Remove COMMIT_SHA / IMAGE_EXPIRES_AFTER from build-image-index task only; keep on buildah (build-container) and prefetch |
init 0.3→0.4 | No pipeline changes |
init 0.4.1→0.4.2 | Remove broken auto-added sast-target-dirs pipeline param if present |
--no-push / --nopush and human sign-off.dev-package-managers, COMMIT_SHA on build-image-index).generatePipelineRuns.sh after fixing templates while PLRs still reference old params.build-pipeline-*.yaml are the source of truth.verify_* guards that fail on the next Konflux bump.image-expires-after from PLRs only because build-image-index no longer uses it.1- in generatePipelineRunsForPlugins.sh Containerfile comments; use ${RHDH_XY_VERSION} so 1.10.0 becomes 1-10, not 1.