From d1e2a4b5aae88d5bec8baaf27986f3980c24efa3 Mon Sep 17 00:00:00 2001
From: Wei Shi <wshi@redhat.com>
Date: Tue, 2 Dec 2025 14:44:36 +0800
Subject: [PATCH] Konflux build pipeline service account migration

https://issues.redhat.com/browse/KONFLUX-5207

Signed-off-by: Wei Shi <wshi@redhat.com>
---
 .tekton/bootc-image-builder-pull-request.yaml | 12 +++++++-----
 .tekton/bootc-image-builder-push.yaml         | 15 ++++++++-------
 2 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/.tekton/bootc-image-builder-pull-request.yaml b/.tekton/bootc-image-builder-pull-request.yaml
index 3bbd7be56..aca1eba40 100644
--- a/.tekton/bootc-image-builder-pull-request.yaml
+++ b/.tekton/bootc-image-builder-pull-request.yaml
@@ -513,12 +513,12 @@ spec:
               - "false"
       - name: sast-snyk-check
         params:
-        - name: image-digest
-          value: $(tasks.build-container.results.IMAGE_DIGEST)
-        - name: image-url
-          value: $(tasks.build-container.results.IMAGE_URL)
+          - name: image-digest
+            value: $(tasks.build-container.results.IMAGE_DIGEST)
+          - name: image-url
+            value: $(tasks.build-container.results.IMAGE_URL)
         runAfter:
-        - build-container
+          - build-container
         taskRef:
           params:
             - name: name
@@ -584,6 +584,8 @@ spec:
       - name: workspace-amd64
       - name: git-auth
         optional: true
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-bootc-image-builder
   workspaces:
     - name: workspace-amd64
       volumeClaimTemplate:
diff --git a/.tekton/bootc-image-builder-push.yaml b/.tekton/bootc-image-builder-push.yaml
index 637dd1f93..d4820c5c2 100644
--- a/.tekton/bootc-image-builder-push.yaml
+++ b/.tekton/bootc-image-builder-push.yaml
@@ -6,8 +6,7 @@ metadata:
     build.appstudio.redhat.com/commit_sha: "{{revision}}"
     build.appstudio.redhat.com/target_branch: "{{target_branch}}"
     pipelinesascode.tekton.dev/max-keep-runs: "3"
-    pipelinesascode.tekton.dev/on-cel-expression:
-      event == "push" && target_branch == "main" && files.all.exists(x,!x.startsWith(".tekton/"))
+    pipelinesascode.tekton.dev/on-cel-expression: event == "push" && target_branch == "main" && files.all.exists(x,!x.startsWith(".tekton/"))
   creationTimestamp: null
   labels:
     appstudio.openshift.io/application: bootc-image-builder
@@ -601,12 +600,12 @@ spec:
               - "false"
       - name: sast-snyk-check
         params:
-        - name: image-digest
-          value: $(tasks.build-container.results.IMAGE_DIGEST)
-        - name: image-url
-          value: $(tasks.build-container.results.IMAGE_URL)
+          - name: image-digest
+            value: $(tasks.build-container.results.IMAGE_DIGEST)
+          - name: image-url
+            value: $(tasks.build-container.results.IMAGE_URL)
         runAfter:
-        - build-container
+          - build-container
         taskRef:
           params:
             - name: name
@@ -672,6 +671,8 @@ spec:
       - name: workspace-amd64
       - name: git-auth
         optional: true
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-bootc-image-builder
   workspaces:
     - name: workspace-amd64
       volumeClaimTemplate: