show-sbom task runs unconditionally and may fail when build is skipped

[coderabbitai]

Problem Description

The show-sbom task in the multiarch-pull-request-pipeline runs unconditionally in the finally section and references $(tasks.build-image-index.results.IMAGE_URL).

When the init task sets build to "false", the entire build path (build-images → build-image-index) is skipped, meaning no results are produced. The show-sbom task will then receive an empty string for IMAGE_URL, which typically causes scanner tasks to fail fast and turn the entire PipelineRun red.

Expected Behavior

The show-sbom task should only run when the build path actually executes and produces an image index.

Current Behavior

The task runs unconditionally and may fail with empty IMAGE_URL when builds are skipped.

References

• Pull Request: RHOAIENG-30439: tekton: factor out the common multiarch-pull-request-pipeline into its own file #1501
• Comment: RHOAIENG-30439: tekton: factor out the common multiarch-pull-request-pipeline into its own file #1501 (comment)

Additional Context

This issue was identified during review of the pipeline refactoring in PR #1501. The fix would involve adding appropriate conditional execution logic to the show-sbom task similar to other build-dependent tasks.