release-draft-oci task: wget fails to query GitHub API due to untrusted CA certificates

[vdemeester]

Problem

During the Tekton Pipelines v1.10.0 release, the create-draft-release-oci task failed to enrich release notes with PR details from the GitHub API. The wget calls to api.github.com fail with TLS certificate errors:

ERROR: The certificate of 'api.github.com' is not trusted.
ERROR: The certificate of 'api.github.com' hasn't got a known issuer.

This affects multiple PRs (#9426, #9398, #9390, #9386, #9367, #9278, #9043, #9009) — their descriptions are missing from the generated draft release notes.

The pipeline still reports Succeeded because the wget errors are non-fatal, but the release notes are incomplete and require manual editing.

Root Cause

The base image used in the create-draft-release-oci task has stale/outdated CA certificates, so TLS validation against api.github.com fails.

Expected Behavior

The task image should have up-to-date CA certificates so that GitHub API calls succeed and release notes are automatically enriched with PR titles and descriptions.

Environment

• Cluster: dogfooding (OKE/Oracle)
• Namespace: default
• PipelineRun: release-draft-oci-run-5hglj
• TaskRun: release-draft-oci-run-5hglj-create-draft-release
• Release: Tekton Pipelines v1.10.0