fix(wait-for-konflux): failures due to improper variable references

[michael-valdron]

Description of Changes

Summarize the changes you made as part of this pull request.

#345 introduces workflow syntax errors due to improper use of environment variables in specific places, causing the build trigger for the community registry to fail. This PR replaces all usages of these environment variables with the constant string values.

Related Issue(s)

Link the GitHub/GitLab/JIRA issues that are related to this PR.

Acceptance Criteria

Tests

• Test Coverage
  • Are your changes sufficiently tested, and are any applicable test cases added or updated to cover your changes?

Documentation

• Does the REST API doc need to be updated with your changes?
• Does the registry library doc need to be updated with your changes?

Tests Performed

Explain what tests you personally ran to ensure the changes are functioning as expected.

How To Test

Instructions for the reviewer on how to test your changes.

Notes To Reviewer

Any notes you would like to include for the reviewer.

Summary by CodeRabbit

• Chores
  • Updated continuous integration workflow configuration to streamline build check procedures.

[coderabbitai]

Warning

Review limit reached

@michael-valdron, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 37 minutes and 33 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 6295d19c-36ae-4ef9-94d2-0b7537e00fca

📥 Commits

Reviewing files that changed from the base of the PR and between 592ad7b and 67021f8.

📒 Files selected for processing (2)

• .github/workflows/includes/wait-for-check-start.yaml
• .github/workflows/pushimage-next.yaml

📝 Walkthrough

Walkthrough

The workflow removes two environment variables that previously held Konflux check-name values and replaces all usages with hardcoded strings throughout the pipeline stages, affecting the build check start, build wait, and EC wait operations.

Changes

CI Workflow Check Names

Layer / File(s)	Summary
Remove env variables and hardcode check-names .github/workflows/pushimage-next.yaml	The workflow-level env block defining INDEX_BASE_KONFLUX_BUILD_CHECK and INDEX_BASE_KONFLUX_EC_CHECK is removed, and all downstream references in the wait-for-check-start, Konflux build wait, and Konflux EC wait steps are replaced with hardcoded check-name strings.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A bunny hops past env vars today,
Hardcoding checks in a cleaner way,
Konflux steps now shine,
With strings so fine,
No indirection to lead us astray! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly and specifically describes the main change: fixing failures in the wait-for-konflux workflow due to improper variable references, which directly matches the objective of replacing environment variables with hardcoded strings.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/pushimage-next.yaml (1)

49-56: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Fix repo-token wiring for wait-for-check-start.yaml

• In .github/workflows/pushimage-next.yaml, repo-token is passed under with: when calling ./.github/workflows/includes/wait-for-check-start.yaml, but that reusable workflow declares it under workflow_call.secrets; pass it via a secrets: block instead.
• In ./.github/workflows/includes/wait-for-check-start.yaml, GH_TOKEN is set from ${{ inputs.repo-token }}, but repo-token is a secret—use ${{ secrets.repo-token }}.

# caller (pushimage-next.yaml)
uses: ./.github/workflows/includes/wait-for-check-start.yaml
with:
  check-name: ...
  repository: ${{ github.repository }}
  ref: ${{ github.ref }}
secrets:
  repo-token: ${{ secrets.GITHUB_TOKEN }}

# reusable workflow (wait-for-check-start.yaml)
env:
  GH_TOKEN: ${{ secrets.repo-token }}

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/pushimage-next.yaml around lines 49 - 56, The caller job
waitForKonfluxBuildStart is passing repo-token under with: but the reusable
workflow wait-for-check-start.yaml declares repo-token as a secret; move
repo-token into a secrets: block when calling the reusable workflow (e.g., add
secrets: repo-token: ${{ secrets.GITHUB_TOKEN }} alongside uses:) and update the
reusable workflow to read the secret via env GH_TOKEN: ${{ secrets.repo-token }}
instead of inputs.repo-token; ensure the input name(s) (check-name, repository,
ref) stay under with: and only the repo-token is supplied under secrets: to
match workflow_call.secrets.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/pushimage-next.yaml:
- Line 66: The check-name string "Red Hat Konflux /
devfile-registry-base-main-on-push" contains a trailing space which prevents
lewagon/wait-on-check-action from matching the check; remove the trailing
whitespace so the check-name exactly matches the target check (update the
check-name value used in the workflow where "check-name: Red Hat Konflux /
devfile-registry-base-main-on-push " appears).
- Line 53: Remove the trailing whitespace in the check-name value so the string
exactly matches what wait-for-check-start.yaml expects: update the check-name
entry containing "Red Hat Konflux / devfile-registry-base-main-on-push" by
deleting the extra space after "on-push" so grep -q exact matching succeeds.

---

Outside diff comments:
In @.github/workflows/pushimage-next.yaml:
- Around line 49-56: The caller job waitForKonfluxBuildStart is passing
repo-token under with: but the reusable workflow wait-for-check-start.yaml
declares repo-token as a secret; move repo-token into a secrets: block when
calling the reusable workflow (e.g., add secrets: repo-token: ${{
secrets.GITHUB_TOKEN }} alongside uses:) and update the reusable workflow to
read the secret via env GH_TOKEN: ${{ secrets.repo-token }} instead of
inputs.repo-token; ensure the input name(s) (check-name, repository, ref) stay
under with: and only the repo-token is supplied under secrets: to match
workflow_call.secrets.

🪄 Autofix (Beta)

❌ Autofix failed (check again to retry)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: d6e90d3b-db16-46c9-ba1b-f0585285b1d4

📥 Commits

Reviewing files that changed from the base of the PR and between 23a1ae3 and 592ad7b.

📒 Files selected for processing (1)

• .github/workflows/pushimage-next.yaml

[coderabbitai]

Note

Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it.

The agent generated fixes only for .github/workflows/ files, which cannot be committed due to permission restrictions. Please apply these changes manually.

---

⚠️ 1 file(s) could not be committed — the agent does not have permission to push to .github/workflows/. Please apply these changes manually:

.github/workflows/pushimage-next.yaml — 2 changes:

Lines 50–56

     needs: indexServerBuild
     uses: ./.github/workflows/includes/wait-for-check-start.yaml
     with:
-      check-name: Red Hat Konflux / devfile-registry-base-main-on-push 
+      check-name: Red Hat Konflux / devfile-registry-base-main-on-push
       repository: ${{ github.repository }}
       ref: ${{ github.ref }}
       repo-token: ${{ secrets.GITHUB_TOKEN }}

Lines 63–69

         uses: lewagon/wait-on-check-action@74049309dfeff245fe8009a0137eacf28136cb3c # v1.5.0
         with:
           ref: ${{ github.ref }}
-          check-name: Red Hat Konflux / devfile-registry-base-main-on-push 
+          check-name: Red Hat Konflux / devfile-registry-base-main-on-push
           repo-token: ${{ secrets.GITHUB_TOKEN }}
 
   waitForKonfluxECStart:

[Jdubrick]

lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Jdubrick, michael-valdron

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [Jdubrick,michael-valdron]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment