Skip to content

ci(e2e): fix ko >=v0.19 SBOM push failure on plain-HTTP registry#3621

Merged
jkhelil merged 1 commit into
tektoncd:mainfrom
jkhelil:fix/ko-sbom-insecure-registry
Jun 30, 2026
Merged

ci(e2e): fix ko >=v0.19 SBOM push failure on plain-HTTP registry#3621
jkhelil merged 1 commit into
tektoncd:mainfrom
jkhelil:fix/ko-sbom-insecure-registry

Conversation

@jkhelil

@jkhelil jkhelil commented Jun 30, 2026

Copy link
Copy Markdown
Member

Changes

ko v0.19 unconditionally attempts HTTPS when writing SBOMs, which causes
the E2E job to fail with:

http: server gave HTTP response to HTTPS client

against the plain-HTTP KinD registry (registry.local:5000).

Root cause: ko-build/setup-ko (without a pinned version:) picked up
ko v0.19.1, which introduced mandatory SBOM writes via cosign. cosign uses
HTTPS by default and has no knowledge that registry.local:5000 is a plain
HTTP endpoint, so every SBOM push fails.

Fix: set KO_FLAGS=--insecure-registry in the e2e-matrix.yml job env.
This flag is already forwarded to ko apply via $(KO_FLAGS) in the
Makefile apply target — no Makefile change is required. The flag is scoped
to the CI job only; local make apply against production registries (quay.io,
ghcr.io) is unaffected.

The fix was verified locally by reproducing the failure against a custom-hostname
plain-HTTP registry and confirming success with the flag set.

Submitter Checklist

Release Notes

NONE

Made with Cursor

ko v0.19 unconditionally attempts HTTPS when writing SBOMs, causing
the E2E job to fail with "http: server gave HTTP response to HTTPS
client" against the plain-HTTP KinD registry (registry.local:5000).

Set KO_FLAGS=--insecure-registry in the e2e-matrix env block so that
both image pushes and SBOM writes use plain HTTP for the local
registry. The flag is already forwarded to `ko apply` via $(KO_FLAGS)
in the Makefile apply target, so no Makefile change is needed.

Signed-off-by: Jawed khelil <jkhelil@redhat.com>
Assisted-by: Claude Sonnet 4.6 (via Cursor)
Co-authored-by: Cursor <cursoragent@cursor.com>
@tekton-robot tekton-robot added the release-note-none Denotes a PR that doesnt merit a release note. label Jun 30, 2026
@tekton-robot tekton-robot requested review from khrm and pratap0007 June 30, 2026 06:05
@tekton-robot tekton-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jun 30, 2026
@pratap0007

Copy link
Copy Markdown
Contributor

/lgtm

@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jun 30, 2026
@pramodbindal

Copy link
Copy Markdown
Member

/approved

@pramodbindal

Copy link
Copy Markdown
Member

/approve

@tekton-robot

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pramodbindal

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 30, 2026
@jkhelil jkhelil merged commit 28b360a into tektoncd:main Jun 30, 2026
16 checks passed
@pratap0007

Copy link
Copy Markdown
Contributor

/cherry-pick release-v0.79.x

@jkhelil

jkhelil commented Jun 30, 2026

Copy link
Copy Markdown
Member Author

/cherry-pick release-v0.80.x

@tekton-robot

Copy link
Copy Markdown
Contributor

Cherry-pick to release-v0.80.x successful!

A new pull request has been created to cherry-pick this change to release-v0.80.x.

PR: #3629

Please review and merge the cherry-pick PR.

@jkhelil

jkhelil commented Jun 30, 2026

Copy link
Copy Markdown
Member Author

/cherry-pick release-v0.79.x

@tekton-robot

Copy link
Copy Markdown
Contributor

Cherry-pick to release-v0.79.x successful!

A new pull request has been created to cherry-pick this change to release-v0.79.x.

PR: #3630

Please review and merge the cherry-pick PR.

@jkhelil

jkhelil commented Jun 30, 2026

Copy link
Copy Markdown
Member Author

/cherry-pick release-v0.76.x

@jkhelil

jkhelil commented Jun 30, 2026

Copy link
Copy Markdown
Member Author

/cherry-pick release-v0.75.x

@tekton-robot

Copy link
Copy Markdown
Contributor

Cherry-pick to release-v0.76.x successful!

A new pull request has been created to cherry-pick this change to release-v0.76.x.

PR: #3640

Please review and merge the cherry-pick PR.

@tekton-robot

Copy link
Copy Markdown
Contributor

Cherry-pick to release-v0.75.x successful!

A new pull request has been created to cherry-pick this change to release-v0.75.x.

PR: #3641

Please review and merge the cherry-pick PR.

@pratap0007

Copy link
Copy Markdown
Contributor

/cherry-pick release-v0.78.x

@tekton-robot

Copy link
Copy Markdown
Contributor

Cherry-pick to release-v0.78.x successful!

A new pull request has been created to cherry-pick this change to release-v0.78.x.

PR: #3642

Please review and merge the cherry-pick PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesnt merit a release note. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants