Skip to content

[cherry-pick: release-v0.79.x] ci(e2e): fix ko >=v0.19 SBOM push failure on plain-HTTP registry#3630

Merged
tekton-robot merged 1 commit into
release-v0.79.xfrom
cherry-pick-3621-to-release-v0.79.x
Jun 30, 2026
Merged

[cherry-pick: release-v0.79.x] ci(e2e): fix ko >=v0.19 SBOM push failure on plain-HTTP registry#3630
tekton-robot merged 1 commit into
release-v0.79.xfrom
cherry-pick-3621-to-release-v0.79.x

Conversation

@tekton-robot

Copy link
Copy Markdown
Contributor

This is a cherry-pick of #3621


Changes

ko v0.19 unconditionally attempts HTTPS when writing SBOMs, which causes
the E2E job to fail with:

http: server gave HTTP response to HTTPS client

against the plain-HTTP KinD registry (registry.local:5000).

Root cause: ko-build/setup-ko (without a pinned version:) picked up
ko v0.19.1, which introduced mandatory SBOM writes via cosign. cosign uses
HTTPS by default and has no knowledge that registry.local:5000 is a plain
HTTP endpoint, so every SBOM push fails.

Fix: set KO_FLAGS=--insecure-registry in the e2e-matrix.yml job env.
This flag is already forwarded to ko apply via $(KO_FLAGS) in the
Makefile apply target — no Makefile change is required. The flag is scoped
to the CI job only; local make apply against production registries (quay.io,
ghcr.io) is unaffected.

The fix was verified locally by reproducing the failure against a custom-hostname
plain-HTTP registry and confirming success with the flag set.

Submitter Checklist

Release Notes

NONE

Made with Cursor

ko v0.19 unconditionally attempts HTTPS when writing SBOMs, causing
the E2E job to fail with "http: server gave HTTP response to HTTPS
client" against the plain-HTTP KinD registry (registry.local:5000).

Set KO_FLAGS=--insecure-registry in the e2e-matrix env block so that
both image pushes and SBOM writes use plain HTTP for the local
registry. The flag is already forwarded to `ko apply` via $(KO_FLAGS)
in the Makefile apply target, so no Makefile change is needed.

Signed-off-by: Jawed khelil <jkhelil@redhat.com>
Assisted-by: Claude Sonnet 4.6 (via Cursor)
Co-authored-by: Cursor <cursoragent@cursor.com>
@tekton-robot tekton-robot added the release-note-none Denotes a PR that doesnt merit a release note. label Jun 30, 2026
@tekton-robot tekton-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jun 30, 2026
@pratap0007

Copy link
Copy Markdown
Contributor

/retest

@jkhelil

jkhelil commented Jun 30, 2026

Copy link
Copy Markdown
Member

/approve

@jkhelil

jkhelil commented Jun 30, 2026

Copy link
Copy Markdown
Member

/lgtm

@tekton-robot

Copy link
Copy Markdown
Contributor Author

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jkhelil

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@tekton-robot tekton-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 30, 2026
@tekton-robot tekton-robot added the lgtm Indicates that a PR is ready to be merged. label Jun 30, 2026
@tekton-robot tekton-robot merged commit 59cb0a4 into release-v0.79.x Jun 30, 2026
18 of 21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesnt merit a release note. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants