fix: Use tlsVerify param in PipelineRun template for pack too (#3575)

* Use tlsVerify param in Pipeline template for pack too

* Use CNB_INSECURE_REGISTRIES in buildpack create task when TLSVERIFY is set to false

* Remove create task script and set CNB_INSECURE_REGISTRIES conditionally in template parsing

* Update createPipelineTemplatePAC to provision tlsVerify too

Author: creydr

pkg/pipelines/tekton/task-buildpack.yaml.tmpl

@@ -61,6 +61,9 @@ spec:
     - name: PLATFORM_DIR
       description: The name of the platform directory.
       default: empty-dir
+    - name: INSECURE_REGISTRIES
+      description: Registries to access without TLS verification
+      default: ""
   stepTemplate:
     env:
       - name: CNB_PLATFORM_API
@@ -199,6 +202,8 @@ spec:
       env:
         - name: DOCKER_CONFIG
           value: $(workspaces.dockerconfig.path)
+        - name: CNB_INSECURE_REGISTRIES
+          value: $(params.INSECURE_REGISTRIES)
       args:
         - "-app=$(workspaces.source.path)/$(params.SOURCE_SUBPATH)"
         - "-cache-dir=$(workspaces.cache.path)"

pkg/pipelines/tekton/templates.go

@@ -95,11 +95,19 @@ type templateData struct {
 // createPipelineTemplatePAC creates a Pipeline template used for PAC on-cluster build
 // it creates the resource in the project directory
 func createPipelineTemplatePAC(f fn.Function, labels map[string]string) error {
+	// Determine if TLS verification should be skipped
+	tlsVerify := "true"
+	if f.RegistryInsecure || isInsecureRegistry(f.Registry) {
+		tlsVerify = "false"
+	}
+
 	data := templateData{
 		FunctionName: f.Name,
 		Annotations:  f.Deploy.Annotations,
 		Labels:       labels,
 		PipelineName: getPipelineName(f),
+		TlsVerify:    tlsVerify,
+		Registry:     f.Registry,
 	}
 
 	for _, val := range []struct {
@@ -294,11 +302,19 @@ func createAndApplyPipelineTemplate(f fn.Function, namespace string, labels map[
 	// If Git is set up create fetch task and reference it from build task,
 	// otherwise sources have been already uploaded to workspace PVC.
 
+	// Determine if TLS verification should be skipped
+	tlsVerify := "true"
+	if f.RegistryInsecure || isInsecureRegistry(f.Registry) {
+		tlsVerify = "false"
+	}
+
 	data := templateData{
 		FunctionName: f.Name,
 		Annotations:  f.Deploy.Annotations,
 		Labels:       labels,
 		PipelineName: getPipelineName(f),
+		Registry:     f.Registry,
+		TlsVerify:    tlsVerify,
 	}
 
 	for _, val := range []struct {

pkg/pipelines/tekton/templates_pack.go

@@ -58,6 +58,10 @@ spec:
         - name: ENV_VARS
           value:
             - '$(params.buildEnvs[*])'
+        {{- if eq .TlsVerify "false"}}
+        - name: INSECURE_REGISTRIES
+          value: $(params.registry)
+        {{- end}}
       {{.FuncBuildpacksTaskRef}}
       workspaces:
         - name: source