From 308b9fcf32e8d84304f4ef5db9acddc9133be0df Mon Sep 17 00:00:00 2001
From: clyang82 <chuyang@redhat.com>
Date: Thu, 12 Dec 2024 10:59:43 +0800
Subject: [PATCH] Fix Enterprise Contract Check

Signed-off-by: clyang82 <chuyang@redhat.com>
---
 .tekton/maestro-main-pull-request.yaml | 22 ++++++++++++++++++++++
 .tekton/maestro-main-push.yaml         | 22 ++++++++++++++++++++++
 2 files changed, 44 insertions(+)

diff --git a/.tekton/maestro-main-pull-request.yaml b/.tekton/maestro-main-pull-request.yaml
index 2628c97c..5dae26ca 100644
--- a/.tekton/maestro-main-pull-request.yaml
+++ b/.tekton/maestro-main-pull-request.yaml
@@ -377,6 +377,28 @@ spec:
         operator: in
         values:
         - "false"
+    - name: rpms-signature-scan
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
+      runAfter:
+      - build-container
+      taskRef:
+        params:
+        - name: name
+          value: rpms-signature-scan
+        - name: bundle
+          value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:8f3b23bf1b0ef55cc79d28604d2397a0101ac9c0c42ae26e26532eb2778c801b
+        - name: kind
+          value: task
+        resolver: bundles
+      when:
+      - input: $(params.skip-checks)
+        operator: in
+        values:
+        - "false"
     workspaces:
     - name: workspace
     - name: git-auth
diff --git a/.tekton/maestro-main-push.yaml b/.tekton/maestro-main-push.yaml
index c8a28eb4..24ec306f 100644
--- a/.tekton/maestro-main-push.yaml
+++ b/.tekton/maestro-main-push.yaml
@@ -374,6 +374,28 @@ spec:
         operator: in
         values:
         - "false"
+      - name: rpms-signature-scan
+      params:
+      - name: image-digest
+        value: $(tasks.build-container.results.IMAGE_DIGEST)
+      - name: image-url
+        value: $(tasks.build-container.results.IMAGE_URL)
+      runAfter:
+      - build-container
+      taskRef:
+        params:
+        - name: name
+          value: rpms-signature-scan
+        - name: bundle
+          value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:8f3b23bf1b0ef55cc79d28604d2397a0101ac9c0c42ae26e26532eb2778c801b
+        - name: kind
+          value: task
+        resolver: bundles
+      when:
+      - input: $(params.skip-checks)
+        operator: in
+        values:
+        - "false"
     workspaces:
     - name: workspace
     - name: git-auth