feat(ISV-5571): ignore SBOM-related task errors in rh-advisories

Instability in Atlas should not fail the whole pipeline. This change
ensures that the pipeline will continue even if the request to upload
to Atlas fails.

Signed-off-by: Wai Cheang <[email protected]>

tasks/managed/upload-sbom-to-atlas/README.md

@@ -14,6 +14,9 @@ Supports both CycloneDX and SPDX format.
 | supportedCycloneDxVersion | If the SBOM uses a higher CycloneDX version, `syft convert` in the task will convert all SBOMs to this CycloneDX version before uploading them to Atlas. If the SBOM is already in this version or lower, it will be uploaded as is. | Yes      | 1.4                                                                           |
 | supportedSpdxVersion      | If the SBOM uses a higher SPDX version, `syft convert` in the task will convert all SBOMs to this SPDX version before uploading them to Atlas. If the SBOM is already in this version or lower, it will be uploaded as is.           | Yes      | 2.3                                                                           |
 
+## Changes in 0.2.1
+Ignore error (but output a message) if upload request to Atlas fails.
+
 ## Changes in 0.2.0
 Remove option to skip uploading SBOMs. Skipping will be handled via Tekton.
 Rename productSBOMPath parameter to sbomDir. Use SBOM file names as Atlas IDs.

tasks/managed/upload-sbom-to-atlas/upload-sbom-to-atlas.yaml

@@ -4,7 +4,7 @@ kind: Task
 metadata:
   name: upload-sbom-to-atlas
   labels:
-    app.kubernetes.io/version: "0.2.0"
+    app.kubernetes.io/version: "0.2.1"
   annotations:
     tekton.dev/pipelines.minVersion: "0.12.1"
     tekton.dev/tags: release
@@ -229,6 +229,7 @@ spec:
             -H "transfer-encoding: chunked" \
             -H "content-type: application/json" \
             --data "@$supported_version_of_sbom" \
-            "$bombasticApiUrl/api/v1/sbom?id=$sbom_id"
+            "$bombasticApiUrl/api/v1/sbom?id=$sbom_id" \
+            || (echo "SBOM upload to Atlas has failed!")
 
         done