fix: Use tlsVerify param in PipelineRun template for pack too

[creydr]

Currently we use the tlsVerify param only in the pipeline arguments for the s2i pipelines. This leads to issues when on remote builds using insecure registries with the pack builder.
This PR addresses it and passes the tlsVerify arg to the pack PipelineRun too. When set, it sets the CNB_INSECURE_REGISTRIES env var before building the image.

[knative-prow]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: creydr
Once this PR has been reviewed and has the lgtm label, please assign gauron99 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[creydr]

/cc @matejvasek

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 56.23%. Comparing base (67c3fd2) to head (6d737b1).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3575      +/-   ##
==========================================
+ Coverage   56.13%   56.23%   +0.09%     
==========================================
  Files         180      180              
  Lines       20465    20465              
==========================================
+ Hits        11489    11509      +20     
+ Misses       7781     7756      -25     
- Partials     1195     1200       +5     

Flag	Coverage Δ
e2e	36.10% <ø> (-0.01%)	⬇️
e2e go	32.55% <ø> (ø)
e2e node	28.36% <ø> (ø)
e2e python	32.91% <ø> (ø)
e2e quarkus	28.50% <ø> (+0.02%)	⬆️
e2e rust	27.92% <ø> (+0.01%)	⬆️
e2e springboot	26.38% <ø> (+0.02%)	⬆️
e2e typescript	28.47% <ø> (-0.03%)	⬇️
e2e-config-ci	18.14% <ø> (?)
integration	17.42% <ø> (ø)
unit macos-14	43.37% <ø> (ø)
unit macos-latest	43.37% <ø> (ø)
unit ubuntu-24.04-arm	43.57% <ø> (ø)
unit ubuntu-latest	44.25% <ø> (ø)
unit windows-latest	43.39% <ø> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[gauron99]

Could we instead of converting this to a script create a new parameter like INSECURE_REGISTRY (passed to create step as a env var) which could be resolved before this template is applied? I think we could have a conditional assignment to this new variable. We can assign some registryInsecure param which gets then assigned here in template to CNB_INSECURE_REGISTRIES and if tls verify is true, we assign empty string, making it a no-op.

Im pretty sure it should work. Looks a bit cleaner to me. Maybe Im wrong 😄 feel free to way in @lkingland @matejvasek

[creydr]

Yeah, I was thinking about something like that too, but decided initially against it, because I thought we need to do this check anyhow somewhere and in this template I thought it would not "disturb" the other code. But I can do it and then see...