Revisit image tags in BuildAh sample build strategy

[SaschaSchwarze0]

Changes

BuildAh image tags are based on the BuildAh version (e. g. v1.35.3) and are mutable, meaning the tag that you consume gets rebuilt by the BuildAh team regularly to address vulnerabilities.

Recently, the BuildAh team also added immutable tags which are never rebuilt, but may be removed. https://lists.podman.io/archives/list/podman@lists.podman.io/thread/FP6I3OAHRYXDV5S7NFZHNJBV7AQQZHPD/

Especially the fact that those might get removed is imo meaning that we should not use them in our sample build strategies.

I therefore adjust our update script to filter out those tags to make sure we won't get PRs like https://github.com/shipwright-io/build/pull/1599/files again.

I am also changing the BuildAh step of our build strategies to use imagePullPolicy=Always to ensure the latest available image is always pulled.

Submitter Checklist

• [ ] Includes tests if functionality changed/was added
• [ ] Includes docs if changes are user-facing
• [x] Set a kind label on this PR
• [x] Release notes block has been filled in, or marked NONE

See the contributor guide for details on coding conventions, github and prow interactions, and the code review process.

Release Notes

The sample build strategies now uses imagePullPolicy=Always for the BuildAh steps to ensure the latest available image version is always used

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: HeavyWombat, qu1queee

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/shipwright-io/build/blob/main/OWNERS)~~ [HeavyWombat,qu1queee] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment