Noticed today when manually rendering FBCs for 1.9 that they can take over 30 mins due to the fips check stalling out for over 30 mins.

Unclear if this is an infra issue (lack of resources), a config issue (task is only able to run on some nodes?), or something else.

Just wanted to log the issue so we can have something to point at if we need to complain to the Konflux/IT folks about degraded performance.

Task
fbc-fips-check
Description
The fbc-fips-check task uses the check-payload tool to verify if an unreleased operator bundle in an FBC fragment image is FIPS compliant. It only scans operator bundle images which either claim to be FIPS compliant by setting the features.operators.openshift.io/fips-compliant label to "true" on the bundle image or require one of OpenShift Kubernetes Engine, OpenShift Platform Plus or OpenShift Container Platform subscriptions to run the operator on an Openshift cluster. This task extracts relatedImages from all unreleased operator bundle images from your FBC fragment and scans them.

Also unclear is if this task can benefit from caching of results... so when we do 6 FBCs for OCP 4.16 - 4.21... it scans the same operator bundle payload images 6x instead of sharing results.

It now takes over 30 mins to render an FBC in Konflux.

• https://konflux-ui.apps.stone-prod-p02.hjvn.p1.openshiftapps.com/ns/rhdh-tenant/applications/fbc-4-18/taskruns/fbc-4-18-on-push-hsgwr-fbc-fips-check/ (pending for >33 mins)
• https://konflux-ui.apps.stone-prod-p02.hjvn.p1.openshiftapps.com/ns/rhdh-tenant/applications/fbc-4-17/taskruns/fbc-4-17-on-push-mhrb4-fbc-fips-check/ (pending for >38 mins)