From b72f901b42ed2704d45b94c3a30f76c17b005299 Mon Sep 17 00:00:00 2001
From: Vlad Bologa <vbologa@redhat.com>
Date: Mon, 22 Jun 2026 10:27:20 +0200
Subject: [PATCH] ROX-35107: Add Konflux pipeline check for post-quantum crypto
 policy

---
 .tekton/fact-component-pipeline.yaml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/.tekton/fact-component-pipeline.yaml b/.tekton/fact-component-pipeline.yaml
index cf63d9bb..ad3b5cbd 100644
--- a/.tekton/fact-component-pipeline.yaml
+++ b/.tekton/fact-component-pipeline.yaml
@@ -520,6 +520,25 @@ spec:
     - input: $(params.skip-checks)
       operator: in
       values: ["false"]
+  - name: verify-pq-crypto-policies
+    params:
+    - name: IMAGE_URL
+      value: $(tasks.build-image-index.results.IMAGE_URL)
+    - name: IMAGE_DIGEST
+      value: $(tasks.build-image-index.results.IMAGE_DIGEST)
+    taskRef:
+      params:
+      - name: name
+        value: verify-pq-crypto-policies
+      - name: bundle
+        value: quay.io/rhacs-eng/konflux-tasks:latest@sha256:4d05c7ad1bcf63015b6b67787e9f024466fd2c864b69f7939a1925e307afb9b0
+      - name: kind
+        value: task
+      resolver: bundles
+    when:
+    - input: $(params.skip-checks)
+      operator: in
+      values: ["false"]
   - name: push-dockerfile
     params:
     - name: IMAGE