Add registry.redhat.io/edo/* image mirrors and fix mirror set size limit

[alebedev87]

Pass the serialized image mirror set via the shared-data workspace instead of a Tekton task result to avoid the 4096-byte size limit. Use the imageContentSourcesFile parameter of eaas-create-ephemeral-cluster-hypershift-aws step action.

Add registry.redhat.io/edo/* mirror entries pointing to Konflux builds, matching the existing registry.stage.redhat.io/edo/* mirrors. This allows the bundle relatedImages to reference registry.redhat.io/edo/* from the start, avoiding the manual registry change to registry.stage.redhat.io.

[coderabbitai]

📝 Walkthrough

Walkthrough

This pull request updates Tekton pipeline configuration in two coordinated changes. First, it adds new image digest mirror entries to support external-dns operator images from registry.redhat.io/edo/* with quay.io mirrors for rhel8 and rhel9 variants. Second, it refactors the deploy-fbc-operator pipeline to pass the serialized mirror set configuration via shared workspace instead of task result, updates the Git source for mirror set retrieval, and wires the provision-cluster task to read the mirror configuration from the shared workspace file path.

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All Ginkgo test names in api/v1beta1/webhook_test.go use stable, descriptive strings with no dynamic content (UUIDs, timestamps, pod/node/namespace names, IP addresses).
Test Structure And Quality	✅ Passed	No Ginkgo test code in PR. Changes are YAML configuration files for Tekton pipelines and container registry mirrors, not test code.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR; changes are limited to Tekton pipeline YAML configuration files.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests added. PR contains only YAML configuration changes to image mirror and Tekton pipeline files.
Topology-Aware Scheduling Compatibility	✅ Passed	Changes are to Tekton CI/CD configuration (.tekton files), not deployment manifests, operator code, or controllers. No scheduling constraints introduced.
Ote Binary Stdout Contract	✅ Passed	Check is not applicable; PR modifies only YAML configuration files, not Go test code where the stdout contract applies.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR adds only YAML configuration files (.tekton/images-mirror-set.yaml and .tekton/pipelines/deploy-fbc-operator.yaml), not Ginkgo e2e tests. Check only applies when tests are added.
Title check	✅ Passed	The title accurately reflects the two main changes: adding registry.redhat.io/edo/* image mirrors and fixing the mirror set size limit by moving it to a workspace file.
Description check	✅ Passed	The pull request description directly addresses the changes made: passing mirror sets via workspace instead of task results to avoid size limits, and adding registry.redhat.io mirrors for external-dns operator images.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign thealisyed for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.tekton/pipelines/deploy-fbc-operator.yaml:
- Around line 180-182: The pipeline currently pins the SOURCE_GIT_REPO to a
personal fork URL ("https://github.com/alebedev87/external-dns-operator") and
SOURCE_GIT_REVISION to "release-1.2.2"; revert these to the canonical upstream
repo and a controlled revision parameter by replacing the fork URL with the
upstream repo URL (e.g., the official external-dns-operator repo) and either set
SOURCE_GIT_REVISION to the upstream branch/tag or wire it to a pipeline
parameter/variable so the canonical source and revision are explicitly
controlled (refer to the env names SOURCE_GIT_REPO and SOURCE_GIT_REVISION in
the deploy-fbc-operator.yaml).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: e933bea9-32f4-45ab-a09e-6ac9a126432e

📥 Commits

Reviewing files that changed from the base of the PR and between a30288c and 7355bd9.

📒 Files selected for processing (2)

• .tekton/images-mirror-set.yaml
• .tekton/pipelines/deploy-fbc-operator.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Revert temporary fork pin before merge.

Line 180 and Line 182 point mirror-set retrieval to a personal fork/branch (alebedev87/external-dns-operator, release-1.2.2). This is a reliability risk for main because pipeline behavior depends on non-canonical repo state and branch lifetime. Please switch this back to the upstream canonical source (or make it an explicit, controlled parameter).

Proposed fix

               - name: SOURCE_GIT_URL
-                value: https://github.com/alebedev87/external-dns-operator
+                value: https://github.com/openshift/external-dns-operator
               - name: SOURCE_GIT_REVISION
-                value: release-1.2.2
+                value: main

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	value: https://github.com/alebedev87/external-dns-operator
	- name: SOURCE_GIT_REVISION
	value: main
	value: release-1.2.2
	value: https://github.com/openshift/external-dns-operator
	- name: SOURCE_GIT_REVISION
	value: main

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.tekton/pipelines/deploy-fbc-operator.yaml around lines 180 - 182, The
pipeline currently pins the SOURCE_GIT_REPO to a personal fork URL
("https://github.com/alebedev87/external-dns-operator") and SOURCE_GIT_REVISION
to "release-1.2.2"; revert these to the canonical upstream repo and a controlled
revision parameter by replacing the fork URL with the upstream repo URL (e.g.,
the official external-dns-operator repo) and either set SOURCE_GIT_REVISION to
the upstream branch/tag or wire it to a pipeline parameter/variable so the
canonical source and revision are explicitly controlled (refer to the env names
SOURCE_GIT_REPO and SOURCE_GIT_REVISION in the deploy-fbc-operator.yaml).

[alebedev87]

Right, this is done for a purpose of testing the changes. The commit which adds it will be removed.

[coderabbitai]

@alebedev87 Understood — thanks for the clarification. Since the PR description already calls it out as temporary, just make sure it's reverted before the PR is merged so the pipeline on main always pulls from the canonical upstream source. No further action needed on my end.

[openshift-ci]

@alebedev87: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.