fix: Adding Product Version for CPE Label

[tommyd450]

PR Type

Enhancement

---

Description

• Add product-version parameter to Tekton pipeline configurations

• Set product version to 1.3 across all pipeline definitions

• Enables CPE label generation with product version information

---

Diagram Walkthrough

flowchart LR
  A["Tekton Pipeline Configs"] -- "Add product-version param" --> B["product-version: 1.3"]
  B -- "Used for" --> C["CPE Label Generation"]

Loading

File Walkthrough

Relevant files

Configuration changes

tuf-tool-pull-request.yaml Add product-version parameter                                                        .tekton/tuf-tool-pull-request.yaml Added product-version parameter with value 1.3 Parameter placed after release-version in spec params +2/-0      tuf-tool-push.yaml Add product-version parameter                                                        .tekton/tuf-tool-push.yaml Added product-version parameter with value 1.3 Parameter placed after release-version in spec params +2/-0      tuffer-pull-request.yaml Add product-version parameter                                                        .tekton/tuffer-pull-request.yaml Added product-version parameter with value 1.3 Parameter placed after release-version in spec params +2/-0      tuffer-push.yaml Add product-version parameter                                                        .tekton/tuffer-push.yaml Added product-version parameter with value 1.3 Parameter placed after release-version in spec params +2/-0

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
🟢	No security concerns identified No security vulnerabilities detected by AI analysis. Human verification advised for critical code.
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
🟢	No codebase code duplication found No new components were introduced in the PR code
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
🔴	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Unvalidated param type: The new product-version param sets value: 1.3 without quoting, which can be interpreted as a number instead of the expected string type in Tekton/Kubernetes resource schemas. Referred Code - name: product-version value: 1.3 Learn more about managing compliance generic rules or creating your own custom rules
⚪	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Potential type mismatch: The new Tekton param value: 1.3 is unquoted and may be parsed as a numeric rather than a string, potentially failing schema validation or causing unexpected runtime behavior. Referred Code - name: product-version value: 1.3 Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Enclose product version value in quotes Enclose the product-version value in quotes to ensure it is parsed as a string rather than a float. This prevents potential formatting or type errors and aligns with the format of release-version. .tekton/tuf-tool-pull-request.yaml [27-28] - name: product-version - value: 1.3 + value: "1.3" Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion correctly identifies that the version number 1.3 will be parsed as a float and recommends quoting it to ensure it's treated as a string, which is a best practice for version numbers and improves consistency.	Low
More