konflux-ci · scoheb · Jul 12, 2025 · Jul 7, 2025
@@ -55,7 +55,7 @@ spec:
       description: Name of this Task Run to be made available to caller
   steps:
     - name: create-advisory
-      image: quay.io/konflux-ci/release-service-utils:20e010a0dde28e31826ce91914d5852d73437fc2
+      image: quay.io/konflux-ci/release-service-utils:7addbf5630418cea87bf66df33a05fdd57e43728
       computeResources:
         limits:
           memory: 256Mi
@@ -171,7 +171,9 @@ spec:
             exit 1
           fi
           CONTENT_FILE=/tmp/content.json
-          jq -c "${spec_content_type} // []" <<< "$ADVISORY_JSON" > "$CONTENT_FILE"
+          # Write the advisory JSON parameter to a file to avoid argument length limits
+          printf '%s' "$ADVISORY_JSON" | base64 --decode | gunzip > /tmp/advisory_decoded.json
+          jq -c "${spec_content_type} // []" /tmp/advisory_decoded.json > "$CONTENT_FILE"
 
           # Use ISO 8601 format in UTC/Zulu time, e.g. 2024-03-06T17:27:38Z
           SHIP_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
@@ -243,14 +245,16 @@ spec:
               fi
           done
 
-          NEW_ADVISORY_JSON=$(echo "$ADVISORY_JSON" | jq --slurpfile new_content "$CONTENT_FILE" \
-            "${spec_content_type} = \$new_content[0]")
+          NEW_ADVISORY_JSON=$(jq --slurpfile new_content "$CONTENT_FILE" \
+            "${spec_content_type} = \$new_content[0]" /tmp/advisory_decoded.json)
 
           signingKey=$(kubectl get configmap "$(params.config_map_name)" -o jsonpath="{.data.SIG_KEY_NAME}")
-          advisoryJsonWithKey=$(jq -c --arg key "$signingKey" \
-            "${spec_content_type}[] += {\"signingKey\": \$key}" <<< "$NEW_ADVISORY_JSON")
+          # Write to temp file to avoid argument length limits
+          echo "$NEW_ADVISORY_JSON" > /tmp/new_advisory.json
+          jq -c --arg key "$signingKey" \
+            "${spec_content_type}[] += {\"signingKey\": \$key}" /tmp/new_advisory.json > /tmp/advisory_with_key.json
 
-          LIVE_ID=$(jq -r '.live_id' <<< "$ADVISORY_JSON" )
+          LIVE_ID=$(jq -r '.live_id' /tmp/advisory_decoded.json)
           if [[ "$LIVE_ID" == null ]]; then
             # write keytab to file
             echo -n "${SERVICE_ACCOUNT_KEYTAB}" | base64 --decode > /tmp/keytab
@@ -284,12 +288,13 @@ spec:
           ADVISORY_NAME="${YEAR}:${ADVISORY_NUM}"
 
           # Prepare variables for the advisory template
-          DATA=$(jq -c '{"advisory":{"spec":.}}' <<< "$advisoryJsonWithKey")
-          DATA=$(jq -c --arg advisory_name "$ADVISORY_NAME" --arg advisory_ship_date "$SHIP_DATE" \
-            '$ARGS.named + .' <<< "$DATA")
+          # Write to file to avoid argument length limits
+          jq -c '{"advisory":{"spec":.}}' /tmp/advisory_with_key.json > /tmp/template_data.json
+          jq -c --arg advisory_name "$ADVISORY_NAME" --arg advisory_ship_date "$SHIP_DATE" \
+            '$ARGS.named + .' /tmp/template_data.json > /tmp/template_data_final.json
 
-          # Create advisory file
-          /home/utils/apply_template.py -o "$ADVISORY_FILEPATH" --data "$DATA" \
+          # Create advisory file using the updated apply_template.py with --data-file option
+          /home/utils/apply_template.py -o "$ADVISORY_FILEPATH" --data-file /tmp/template_data_final.json \
             --verbose --template /home/templates/advisory.yaml.jinja
 
           cat "$ADVISORY_FILEPATH"
@@ -302,6 +307,6 @@ spec:
           echo "Pushing to ${REPO_BRANCH}..."
           git_push_with_retries --branch $REPO_BRANCH --retries 5 --url origin 2> "$STDERR_FILE"
           # Construct the advisory url on customer portal to report back to the user as a result
-          ADVISORY_TYPE=$(jq -r '.type' <<< "$ADVISORY_JSON" )
+          ADVISORY_TYPE=$(jq -r '.type' /tmp/advisory_decoded.json)
           ADVISORY_URL="${ADVISORY_URL_PREFIX}/${ADVISORY_TYPE}-${ADVISORY_NAME}"
           ADVISORY_INTERNAL_URL="${GIT_REPO//\.git/}/-/raw/${REPO_BRANCH}/${ADVISORY_FILEPATH}"
@@ -14,14 +14,16 @@ spec:
       params:
         - name: advisory_json
           value: >-
-            {"product_id":123,"product_name":"Red Hat Product","product_version":"1.2.3","product_stream":"tp1",
-            "cpe":"cpe:/a:example:product:el8","type":"RHSA","synopsis":"test synopsis","topic":"test topic",
-            "description":"test description","solution":"test solution","references":["https://docs.example.com/notes"],
-            "content":{"images":[{"containerImage":"quay.io/example/openstack@sha256:abdeNEW",
-            "repository":"rhosp16-rhel8/openstack","tags":["latest"],"architecture":"amd64",
-            "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
-            "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}}]},
-            "live_id":999}
+            H4sIAAAAAAAAA2VS32vCMBB+318hedZmrU5mYMwxBPcyhoPtYYhk6dkG2yRLUlGK//surfNHF0rLffflu++uVxNjdVoJv5IpYXEy7J8AxUsgjCwg7c257721MDkTtmCd1Ao5cZREw4uM8xZ4iQlvYtK/6V0cIkxQxTejnMGOl6YAdrzIoLhHGb9vOIv5+xNGbq+0cdIFOXC+d4qRqI0Uf3gbdKql4ISVxrc+G94lhOq6qC6zp7hPLKzBghKApb9I7r1xjNJUCxcdfUdCl1RpvEiW3Ta18qA8YTWRJc8ajbpBuVRgXwKGNX8qvo+kpkdBqg0o57nYTF3Ok7sx498pvM4+u31ZMNpJr+0eRWyunYnHA5vj/M4SYUA8a8wXPDSHJgm3IpcehK9sqM/LdDzqipvKFpgzm4z999WaEik8nj2s8MJDt5UrV+hFbMMQarKWO8Bdq69rPn/MBsltkgxwB0eBZrDYcW6Nk0wXXGW0/UTaZnRHFXga/ksyjaMYH7I84FkeOv0UcgvNfk8mk8PNL2XtKx/zAgAA
+          # advisory_json string before `gzip -c|base64 -w 0` encoding:
+          # {"product_id":123,"product_name":"Red Hat Product","product_version":"1.2.3","product_stream":"tp1",
+          # "cpe":"cpe:/a:example:product:el8","type":"RHSA","synopsis":"test synopsis","topic":"test topic",
+          # "description":"test description","solution":"test solution","references":["https://docs.example.com/notes"],
+          # "content":{"images":[{"containerImage":"quay.io/example/openstack@sha256:abdeNEW",
+          # "repository":"rhosp16-rhel8/openstack","tags":["latest"],"architecture":"amd64",
+          # "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
+          # "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}}]},
+          # "live_id":999}
         - name: application
           value: "test-app"
         - name: origin
@@ -50,7 +52,7 @@ spec:
             type: string
         steps:
           - name: check-result
-            image: quay.io/konflux-ci/release-service-utils:26e22ecf2c23e7ec8134fede3b40a6e6aef8ac20
+            image: quay.io/konflux-ci/release-service-utils:7addbf5630418cea87bf66df33a05fdd57e43728
             script: |
               #!/usr/bin/env bash
               set -eux

@@ -14,14 +14,16 @@ spec:
       params:
         - name: advisory_json
           value: >-
-            {"product_id":123,"product_name":"Red Hat Product","product_version":"1.2.3","product_stream":"tp1",
-            "cpe":"cpe:/a:example:product:el8","type":"RHSA","synopsis":"test synopsis","topic":"test topic",
-            "description":"test description","solution":"test solution","references":["https://docs.example.com/notes"],
-            "content":{"images":[{"containerImage":"quay.io/example/openstack@sha256:abdefail",
-            "repository":"rhosp16-rhel8/openstack","tags":["latest"],"architecture":"amd64",
-            "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
-            "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}}]},
-            "live_id":1452}
+            H4sIAAAAAAAAA2VS30vDMBB+318x8rw1tm5DAuJEBH0TBV9kyJne2mCbxCQdG2X/u5d27kcNpeW++/Ldd9drmXUmb2T4VDkTaXY9OQIaamSCvWI+foIwfulhdiJs0HllNHHSJEuuzzI+OISaEsGmbDIanx0mbVSlt+AgcAu1rVAcLgqsbkgm7DrO69PbPUV+p431ykc59GF8jIlorJJ/eB8MquXopVM29D473jlE6qZqzrPHeMIcrtGhlkilP1gZgvWC89xInxx8J9LUXBu6yFbDNo0OqAMTLVM1FJ1G26GgNLrniFHNnwZ2iTL8IMiNRe0DyO+lLyGbLwR85bgGVQ0bc2iNV8G4Ham40nibLqaupAGeNOKEoOjcVxC7I5cMnCxVQBkaFw1AnS9mQ3HbuIpy9rsQ/431rmSOdycPn3ThdtjLhSvyIjdxCi1bqy3SsrWXNR/eH6fZVZZNaQlnkWap2GFwnZPCVKAL3n8S4wq+5RoDjz8mW6ZJSg9b7ems9oN+KrXBfsFn82w/+gUTdN/T9QIAAA==
+          # advisory_json string before `gzip -c|base64 -w 0` encoding:
+          # {"product_id":123,"product_name":"Red Hat Product","product_version":"1.2.3","product_stream":"tp1",
+          # "cpe":"cpe:/a:example:product:el8","type":"RHSA","synopsis":"test synopsis","topic":"test topic",
+          # "description":"test description","solution":"test solution","references":["https://docs.example.com/notes"],
+          # "content":{"images":[{"containerImage":"quay.io/example/openstack@sha256:abdefail",
+          # "repository":"rhosp16-rhel8/openstack","tags":["latest"],"architecture":"amd64",
+          # "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
+          # "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}}]},
+          # "live_id":1452}
         - name: application
           value: "test-app"
         - name: origin
@@ -50,7 +52,7 @@ spec:
             type: string
         steps:
           - name: check-result
-            image: quay.io/konflux-ci/release-service-utils:26e22ecf2c23e7ec8134fede3b40a6e6aef8ac20
+            image: quay.io/konflux-ci/release-service-utils:7addbf5630418cea87bf66df33a05fdd57e43728
             script: |
               #!/usr/bin/env bash
               set -eux

@@ -18,13 +18,15 @@ spec:
       params:
         - name: advisory_json
           value: >-
-            {"product_id":123,"product_name":"Red Hat Product","product_version":"1.2.3","product_stream":"tp1",
-            "cpe":"cpe:/a:example:product:el8","type":"RHSA","synopsis":"test synopsis","topic":"test topic",
-            "description":"test description","solution":"test solution","references":["https://docs.example.com/notes"],
-            "content":{"images":[{"containerImage":"quay.io/example/openstack@sha256:abdefail",
-            "repository":"rhosp16-rhel8/openstack","tags":["latest"],"architecture":"amd64",
-            "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
-            "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}}]}}
+            H4sIAAAAAAAAA2VS30vDMBB+319R8rw1tuqQgDgRQd9kgi8y5ExvbbBNYpKOjeL/7qWd+1FDSbjvvnz33TUds84UrQwfqmAiyy+nB0BDg0ywJRbJE4TkZYDZkbBB55XRxMnSPL08yfjgEBpKBJux6SQ5WUzaqEq74CBwC42tUewvCqxvSCbses7y6fWeIr/Txnrloxz6kBxiIhqr5B8+BKNqBXrplA2Dz553CpG6qdvT7CGeModrdKglUul3VoVgveC8MNKne9+pNA3Xhi6y1bhNowPqwETHVANlr9H1KCiN7jliVPO7hV2qDN8LcmNR+wDya+EryK/nAj4LXIOqx405tMarYNyOVFxlvM3mM1fRAI8acUJQ9u5riN2RSwZOViqgDK2LBqAp5ldjcdu6mnL2qxT/jQ2uZIF3Rw8fdOF23MuZK/IiN3EKHVurLdJj685rPrw9zvKLPJ/RI7yKNEvF9oPrnZSmBl3y4UiNK/mWaww8/ph8kaUZfWz1Q4u2yS+hdGYS2QIAAA==
+          # advisory_json string before `gzip -c|base64 -w 0` encoding:
+          # {"product_id":123,"product_name":"Red Hat Product","product_version":"1.2.3","product_stream":"tp1",
+          # "cpe":"cpe:/a:example:product:el8","type":"RHSA","synopsis":"test synopsis","topic":"test topic",
+          # "description":"test description","solution":"test solution","references":["https://docs.example.com/notes"],
+          # "content":{"images":[{"containerImage":"quay.io/example/openstack@sha256:abdefail",
+          # "repository":"rhosp16-rhel8/openstack","tags":["latest"],"architecture":"amd64",
+          # "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
+          # "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}}]}}
         - name: application
           value: "test-app"
         - name: origin
@@ -53,7 +55,7 @@ spec:
             type: string
         steps:
           - name: check-result
-            image: quay.io/konflux-ci/release-service-utils:20e010a0dde28e31826ce91914d5852d73437fc2
+            image: quay.io/konflux-ci/release-service-utils:7addbf5630418cea87bf66df33a05fdd57e43728
             script: |
               #!/usr/bin/env bash
               set -eux

@@ -14,13 +14,15 @@ spec:
       params:
         - name: advisory_json
           value: >-
-            {"product_id":123,"product_name":"Red Hat Product","product_version":"1.2.3","product_stream":"tp1",
-            "cpe":"cpe:/a:example:product:el8","type":"RHSA","synopsis":"test synopsis","topic":"test topic",
-            "description":"test description","solution":"test solution","references":["https://docs.example.com/notes"],
-            "content":{"images":[{"containerImage":"quay.io/example/openstack@sha256:abdeNEW",
-            "repository":"rhosp16-rhel8/openstack","tags":["latest"],"architecture":"amd64",
-            "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
-            "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}}]}}
+            H4sIAAAAAAAAA2VSXUvDMBR9368Yed4a280hAXEig/kiMkEfZIyY3rVhbRKTdGwU/7s3bd1HDSXh3ntyzrm3qYmxOq2E38iUsDiZjE4JxUsgjKwgHS65H762aXIG7ME6qRVi4iiJJhcV5y3wEgvexGQ0GF4sIkxgxZ1RzuDAS1MA6y4yKO6Qxh8bzGr59oiROyptnHSBDpwfnmIEaiPFX74NemopOGGl8a3PBneZQnZdVJfVUzwiFrZgQQlA6U+Se28cozTVwkWd70jokiqNF8m636ZWHpQnrCay5FnDUTdZLhXY55BDze+KHyOpaUdItQHlPBe7uct5cjtj/CuFl8VHvy8LRjvptT0iic21M/FsbHOc35kiDIhnjfmCh+bQJOFW5NKD8JUN+rxMZ9M+ualsgTWzy9h/X60pkcLD2cMGL9z3W7lyhV7EPgyhJlt5AHxr9bXm0/tinNwkyRjf4DTADIp1c2ucZLrgKqPtEWmb0QNV4Gn4L8k8jmL8yPoHF26DX8WdCn7YAgAA
+          # advisory_json string before `gzip -c|base64 -w 0` encoding:
+          # {"product_id":123,"product_name":"Red Hat Product","product_version":"1.2.3","product_stream":"tp1",
+          # "cpe":"cpe:/a:example:product:el8","type":"RHSA","synopsis":"test synopsis","topic":"test topic",
+          # "description":"test description","solution":"test solution","references":["https://docs.example.com/notes"],
+          # "content":{"images":[{"containerImage":"quay.io/example/helm@sha256:abdeNEW",
+          # "repository":"rhosp16-rhel8/openstack","tags":["latest"],"architecture":"amd64",
+          # "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
+          # "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}}]}}
         - name: application
           value: "test-app"
         - name: origin
@@ -51,7 +53,7 @@ spec:
             type: string
         steps:
           - name: check-result
-            image: quay.io/konflux-ci/release-service-utils:20e010a0dde28e31826ce91914d5852d73437fc2
+            image: quay.io/konflux-ci/release-service-utils:7addbf5630418cea87bf66df33a05fdd57e43728
             script: |
               #!/usr/bin/env bash
               set -eux

@@ -18,19 +18,21 @@ spec:
       params:
         - name: advisory_json
           value: >-
-            {"product_id":123,"product_name":"Red Hat Product","product_version":"1.2.3","product_stream":"tp1",
-            "cpe":"cpe:/a:example:product:el8","type":"RHSA","synopsis":"test synopsis","topic":"test topic",
-            "description":"test description","solution":"test solution","references":["https://docs.example.com/notes"],
-            "content":{"images":[{"containerImage":"quay.io/example/release@sha256:alpha123",
-            "repository":"example-stream/release","tags":["v1.0", "latest"],"architecture":"amd64",
-            "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
-            "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}},{"containerImage":"quay.io/example/release@sha256:beta123",
-            "repository":"example-stream/release","tags":["v2.0", "stable"],"architecture":"amd64",
-            "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
-            "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}},{"containerImage":"quay.io/example/release@sha256:gamma123",
-            "repository":"rhosp16-rhel8/openstack","tags":["v3.0", "stable"],"architecture":"amd64",
-            "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
-            "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}}]}}
+            H4sIAAAAAAAAA+1STWvcMBC951cYnb1W7E2XIgjZUgrJLaTQSwlhVp7YIrKkSvKyi+l/7/hjd50tJRR6a4SRma83b96oY87bspXxSZVM5MUyPToMNMgEe8AyuYWY3I9udkrYog/KGsrJsyJbziIheoSGAtHlLL1IZodJ16PSLTgI3EHjNIqpUKD+SDBxP+Q83H79RFbYG+uCCj0chpgcbUq0TsmDfzTOupUYpFcujjyHvLmL0K1u59GjnTKPz+jRSKTW31kdowuC89LKkE28M2kbbiwVssfzMa2JaCITHVMNVANGN3hBGfR3vY96/mhhnynLJ0DuUSMEXIcaig8rAdrVQFs5H8ujs0FF6/eEMdUuRtUPEL08UA3Ut3l2ydKEaehHJKoMvKxVRBlb37OAplxdnfdwrdcUcy/VYU3cOjQhgnxZD+Q2ssSbE5UnKrj+baDaBpevFr4edyu3vRQde1Y7pBfXve75+duXRXFZFAua+apPc9RsUm9gUlkNpuLjL7O+4jtuMPJ+O8U6z3L62ONPOunfq73B+A/ELkaxSaeNxnex/yR2BU3zptqvBjopMpd7+R/KTdfFL6myBhm6BQAA
+          # advisory_json string before `gzip -c|base64 -w 0` encoding:
+          # {"product_id":123,"product_name":"Red Hat Product","product_version":"1.2.3","product_stream":"tp1",
+          # "cpe":"cpe:/a:example:product:el8","type":"RHSA","synopsis":"test synopsis","topic":"test topic",
+          # "description":"test description","solution":"test solution","references":["https://docs.example.com/notes"],
+          # "content":{"images":[{"containerImage":"quay.io/example/release@sha256:alpha123",
+          # "repository":"example-stream/release","tags":["v1.0", "latest"],"architecture":"amd64",
+          # "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
+          # "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}},{"containerImage":"quay.io/example/release@sha256:beta123",
+          # "repository":"example-stream/release","tags":["v2.0", "stable"],"architecture":"amd64",
+          # "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
+          # "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}},{"containerImage":"quay.io/example/release@sha256:gamma123",
+          # "repository":"rhosp16-rhel8/openstack","tags":["v3.0", "stable"],"architecture":"amd64",
+          # "purl":"pkg:example/openstack@256:abcde?repository_url=quay.io/example/rhosp16-rhel8","cves":{"fixed":{
+          # "CVE-2022-1234":{"packages":["pkg:golang/golang.org/x/net/[email protected]"]}}}}]}}
         - name: origin
           value: dev-tenant
         - name: application
@@ -59,7 +61,7 @@ spec:
             type: string
         steps:
           - name: verify-idempotency
-            image: quay.io/konflux-ci/release-service-utils:20e010a0dde28e31826ce91914d5852d73437fc2
+            image: quay.io/konflux-ci/release-service-utils:7addbf5630418cea87bf66df33a05fdd57e43728
             script: |
               #!/usr/bin/env bash
               set -eux