NO-JIRA: Konflux: Move mirrorSetYaml result to workspace to avoid termination message truncation

[alebedev87]

The fetch-config-files task stores mirror set data in Tekton results which are passed via the container termination message (4096 byte limit). The termination message is also used by Tekton for internal metadata (step timing, result type markers), further reducing the usable space to ~3072 bytes. With growing mirror entries, the combined results exceeded this limit, causing truncation and silently breaking downstream task variable resolution.

Move mirrorSetYaml to the shared-data workspace so it is written to a PVC file instead of a Tekton result. The serializedMirrorSetYaml and scorecardConfigImages results remain as Tekton results since they are consumed by remote step action refs.

Follow-up of #422.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

The pipeline configuration in .tekton/pipelines/deploy-fbc-operator.yaml is refactored to use a shared workspace for data exchange between tasks. A shared-data workspace is declared and bound to both fetch-config-files and get-unreleased-bundle tasks. The fetch-config-files task no longer exports mirrorSetYaml as a task result; instead, it writes the mirror set YAML file to the shared workspace. Correspondingly, get-unreleased-bundle is updated to read the mirror set YAML directly from the shared workspace file rather than from the previous task's result output.

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: moving mirrorSetYaml from Tekton results to workspace to prevent termination message truncation.
Description check	✅ Passed	The description provides detailed context about the problem (termination message size limits), the solution (moving mirrorSetYaml to workspace), and rationale for keeping other results unchanged.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	Pull request modifies a Tekton pipeline YAML file and contains no Ginkgo test files requiring test name validation.
Test Structure And Quality	✅ Passed	PR modifies only Tekton pipeline YAML file, not Go/Ginkgo test code, so check does not apply.
Microshift Test Compatibility	✅ Passed	This PR modifies only a Tekton pipeline configuration file and does not add any new Ginkgo e2e tests.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR only modifies Tekton pipeline configuration files and does not add any new Ginkgo e2e tests.
Topology-Aware Scheduling Compatibility	✅ Passed	Pull request modifies only Tekton pipeline definition file with no cluster topology constraints or scheduling rules.
Ote Binary Stdout Contract	✅ Passed	Pull request modifies only Tekton pipeline YAML configuration file with shell script logging commands, not Go source code compiled into the OTE binary. The operator binary entry point remains unchanged with proper controller-runtime zap logger usage.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR only modifies Tekton pipeline YAML configuration and does not introduce or modify any Ginkgo e2e tests.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Review rate limit: 9/10 reviews remaining, refill in 6 minutes.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[alebedev87]

/retest

[alebedev87]

get-unrelease-bundle is run again (4.16, 4.21). The fix is working. Dropping temporary commit.

[grzpiotrowski]

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: grzpiotrowski

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [grzpiotrowski]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[alebedev87]

Formally it's a continuation of #422. Let me try to link it to the same Jira ticket.

/retitle OCPBUGS-79591: Konflux: Move mirrorSetYaml result to workspace to avoid termination message truncation

[openshift-ci-robot]

@alebedev87: This pull request references Jira Issue OCPBUGS-79591, which is invalid:

• expected the bug to be in one of the following states: NEW, ASSIGNED, POST, but it is MODIFIED instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

The fetch-config-files task stores mirror set data in Tekton results which are passed via the container termination message (4096 byte limit). The termination message is also used by Tekton for internal metadata (step timing, result type markers), further reducing the usable space to ~3072 bytes. With growing mirror entries, the combined results exceeded this limit, causing truncation and silently breaking downstream task variable resolution.

Move mirrorSetYaml to the shared-data workspace so it is written to a PVC file instead of a Tekton result. The serializedMirrorSetYaml and scorecardConfigImages results remain as Tekton results since they are consumed by remote step action refs.

Follow-up of #422.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[alebedev87]

Wrong bug, https://redhat.atlassian.net/browse/OCPBUGS-76243 is the the right one but it's verified already. Let's link it to it anyway and then go with NO-JIRA.

/retitle OCPBUGS-76243: Konflux: Move mirrorSetYaml result to workspace to avoid termination message truncation

[openshift-ci-robot]

@alebedev87: This pull request references Jira Issue OCPBUGS-76243, which is invalid:

• expected the bug to be in one of the following states: NEW, ASSIGNED, POST, but it is Verified instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

The fetch-config-files task stores mirror set data in Tekton results which are passed via the container termination message (4096 byte limit). The termination message is also used by Tekton for internal metadata (step timing, result type markers), further reducing the usable space to ~3072 bytes. With growing mirror entries, the combined results exceeded this limit, causing truncation and silently breaking downstream task variable resolution.

Move mirrorSetYaml to the shared-data workspace so it is written to a PVC file instead of a Tekton result. The serializedMirrorSetYaml and scorecardConfigImages results remain as Tekton results since they are consumed by remote step action refs.

Follow-up of #422.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[alebedev87]

As explained in #424 (comment):

/retitle NO-JIRA: Konflux: Move mirrorSetYaml result to workspace to avoid termination message truncation

[openshift-ci-robot]

@alebedev87: This pull request explicitly references no jira issue.

Details

In response to this:

The fetch-config-files task stores mirror set data in Tekton results which are passed via the container termination message (4096 byte limit). The termination message is also used by Tekton for internal metadata (step timing, result type markers), further reducing the usable space to ~3072 bytes. With growing mirror entries, the combined results exceeded this limit, causing truncation and silently breaking downstream task variable resolution.

Move mirrorSetYaml to the shared-data workspace so it is written to a PVC file instead of a Tekton result. The serializedMirrorSetYaml and scorecardConfigImages results remain as Tekton results since they are consumed by remote step action refs.

Follow-up of #422.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[alebedev87]

/retest

[openshift-merge-bot]

/retest-required

Remaining retests: 0 against base HEAD 56ad342 and 2 for PR HEAD 16135ca in total

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.tekton/pipelines/deploy-fbc-operator.yaml:
- Around line 213-214: The current pipeline uses echo -n to write the mirror-set
YAML which can mangle raw YAML; replace the write step that references
mirror_set_yaml and the workspace file (currently using echo -n
"$mirror_set_yaml" > "$(workspaces.shared-data.path)/mirrorSetYaml") with a safe
write using printf '%s' to preserve the payload exactly (i.e., use printf '%s'
"$mirror_set_yaml" > "$(workspaces.shared-data.path)/mirrorSetYaml").

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: c89cffc5-52e7-4695-9acd-a46b85257497

📥 Commits

Reviewing files that changed from the base of the PR and between 178f370 and 6448c9a.

📒 Files selected for processing (1)

• .tekton/pipelines/deploy-fbc-operator.yaml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Use printf when persisting the mirror-set YAML.

echo -n is shell-dependent and can mangle raw YAML content in edge cases. printf '%s' preserves the payload exactly.

🔧 Safer write

-              echo -n "$mirror_set_yaml" > "$(workspaces.shared-data.path)/mirrorSetYaml"
+              printf '%s' "$mirror_set_yaml" > "$(workspaces.shared-data.path)/mirrorSetYaml"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	echo "Image mirror set: $mirror_set_yaml"
	echo -n "$mirror_set_yaml" > "$(workspaces.shared-data.path)/mirrorSetYaml"
	echo "Image mirror set: $mirror_set_yaml"
	printf '%s' "$mirror_set_yaml" > "$(workspaces.shared-data.path)/mirrorSetYaml"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.tekton/pipelines/deploy-fbc-operator.yaml around lines 213 - 214, The
current pipeline uses echo -n to write the mirror-set YAML which can mangle raw
YAML; replace the write step that references mirror_set_yaml and the workspace
file (currently using echo -n "$mirror_set_yaml" >
"$(workspaces.shared-data.path)/mirrorSetYaml") with a safe write using printf
'%s' to preserve the payload exactly (i.e., use printf '%s' "$mirror_set_yaml" >
"$(workspaces.shared-data.path)/mirrorSetYaml").

[alebedev87]

It's fine to not add the default newline used by echo into the mirrorSetYaml file. I bear in mind this suggestion but it should not be a problem.

[coderabbitai]

@alebedev87, understood — the concern was primarily about shell portability (echo -n is not POSIX-standard and behaves differently across shells), not just the trailing newline. That said, since the script uses #!/usr/bin/env bash and runs in a known container image, echo -n is consistent there. Happy to defer to your judgment.

[openshift-ci]

@alebedev87: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[grzpiotrowski]

/lgtm

[alebedev87]

/override "Red Hat Konflux / ext-dns-optr-fbc-v4-14-deploy-operator / external-dns-fbc-container-ext-dns-optr-fbc-v4-14"

Hiccups of the cluster provisioning on 4.14.

[openshift-ci]

@alebedev87: Overrode contexts on behalf of alebedev87: Red Hat Konflux / ext-dns-optr-fbc-v4-14-deploy-operator / external-dns-fbc-container-ext-dns-optr-fbc-v4-14

Details

In response to this:

/override "Red Hat Konflux / ext-dns-optr-fbc-v4-14-deploy-operator / external-dns-fbc-container-ext-dns-optr-fbc-v4-14"

Hiccups of the cluster provisioning on 4.14.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.