Step not in PipelineRun/TaskRun status

[ncskier]

Expected Behavior

I expect all of the steps that have executed to be reported in the PipelineRun/TaskRun status.

Actual Behavior

(I'm using Pipeline v0.10.1 on OpenShift OCP 4.3)

I ran my Pipeline java-openliberty-build-deploy-pl, which ran the Task java-openliberty-build-push-task, which ran the step imagename-lowercase. I can see from the tkn CLI & TaskRun Pod that the imagename-lowercase step executed:

[build-push-task : imagename-lowercase] {"level":"info","ts":1585658127.4375045,"logger":"fallback-logger","caller":"logging/config.go:69","msg":"Fetch GitHub commit ID from kodata failed: \"KO_DATA_PATH\" does not exist or is empty"}

  step-imagename-lowercase:
...
    State:          Terminated
      Reason:       Completed
      Message:      [{"name":"","digest":"","key":"StartedAt","value":"2020-03-31T12:35:43Z","resourceRef":{}}]
      Exit Code:    0
      Started:      Tue, 31 Mar 2020 05:35:27 -0700
      Finished:     Tue, 31 Mar 2020 05:35:43 -0700

However, neither the status field in the PipelineRun (java-openliberty-build-deploy-pl-run-5x2sp) nor the status field in the TaskRun (java-openliberty-build-deploy-pl-run-5x2sp-build-push-tas-wxzcf) report that the imagename-lowercase step was executed (it's missing from the status.steps list).

This issue was originally raised by @hanczaryk in the Tekton Dashboard (tektoncd/dashboard#1204), because the Dashboard pulls the status information for each step from the PipelineRun/TaskRun status field. Since the imagename-lowercase step was missing from the PipelineRun/TaskRun status field, it was breaking the Dashboard.

Unfortunately, I was not able to reproduce the error on my local cluster. I'm opening this issue in the Tekton Pipelines repo in case anyone has some insight into what's breaking or is able to reproduce this. Since I don't have any steps to reproduce the problem, here are some yaml & log files from the cluster:
issue1204.zip

issue1204.zip contents:

issue1204
|– build-push-task.yaml                (Task definition which contains the `imagename-lowercase` step)
|– describe-pod                        (oc describe the TaskRun pod with the `imagename-lowercase` step)
|– openshift-pipelines-controller-logs (Pod logs for the OpenShift (Tekton) Pipelines controller Pod)
|– pipeline.yaml                       (Pipeline definition which contains the `java-openliberty-build-push-task` Task)
|– pipelinerun.yaml                    (PipelineRun yaml where the `imagename-lowercase` step is missing from the `status`)
|– taskrun.yaml                        (TaskRun yaml where the `imagename-lowercase` step is missing from the `status`)
|– tkn-pr-logs                         (shows that the `imagename-lowercase` step was executed)

Steps to Reproduce the Problem

I was unable to reproduce on my local environmnent. See description above.

Additional Info

• Kubernetes version:
  OpenShift OCP 4.3

  Output of kubectl version:

  # kubectl version
  Client Version: version.Info{Major:"", Minor:"", GitVersion:"v0.0.0-master+$Format:%h$", 
  GitCommit:"$Format:%H$", GitTreeState:"", BuildDate:"1970-01-01T00:00:00Z", GoVersion:"go1.12.12", 
  Compiler:"gc", Platform:"linux/amd64"}
  Server Version: version.Info{Major:"1", Minor:"16+", GitVersion:"v1.16.2", GitCommit:"4320e48", 
  GitTreeState:"clean", BuildDate:"2020-01-21T19:50:59Z", GoVersion:"go1.12.12", Compiler:"gc", 
  Platform:"linux/amd64"}
  

• Tekton Pipeline version:

  Output of tkn version or kubectl get pods -n tekton-pipelines -l app=tekton-pipelines-controller -o=jsonpath='{.items[0].metadata.labels.version}'

  v0.10.1
  

[ghost]

Would you be able to post the complete pipeline? Also, are there any suspicious logs from the controller while this the pipeline is running?

I'm curious if you're using image output resources anywhere. We did have a bug that was fixed in 0.10.2 where the imagedigestexporter caused a panic in the controller, which in turn caused steps to disappear from the reported statuses. Here's the issue where that was reported: #2220

[ghost]

/kind bug

[ncskier]

Would you be able to post the complete pipeline?

Is this sufficient, or should I include the other Tasks? (this is from the attached .zip file)

apiVersion: tekton.dev/v1alpha1
kind: Pipeline
metadata:
  annotations:
    manifestival: new
  creationTimestamp: "2020-03-20T19:54:16Z"
  generation: 1
  name: java-openliberty-build-deploy-pl
  namespace: kabanero
  ownerReferences:
  - apiVersion: kabanero.io/v1alpha2
    controller: false
    kind: Stack
    name: java-openliberty
    uid: c75dd594-04c7-4c69-b4f6-09f7bdea1043
  resourceVersion: "326656"
  selfLink: /apis/tekton.dev/v1alpha1/namespaces/kabanero/pipelines/java-openliberty-build-deploy-pl
  uid: 80521b99-2aa0-4959-89eb-b02d8865e644
spec:
  params:
  - description: The event type
    name: event-type
    type: string
  - description: The event ref
    name: event-ref
    type: string
  resources:
  - name: git-source
    type: git
  - name: docker-image
    type: image
  tasks:
  - name: validate-stack-task
    resources:
      inputs:
      - name: git-source
        resource: git-source
    taskRef:
      name: java-openliberty-validate-stack-task
  - name: build-push-task
    resources:
      inputs:
      - name: git-source
        resource: git-source
      outputs:
      - name: docker-image
        resource: docker-image
      - name: git-source
        resource: git-source
    runAfter:
    - validate-stack-task
    taskRef:
      name: java-openliberty-build-push-task
  - name: image-scan-task
    resources:
      inputs:
      - name: git-source
        resource: git-source
      - name: docker-image
        resource: docker-image
    runAfter:
    - build-push-task
    taskRef:
      name: java-openliberty-image-scan-task
  - conditions:
    - conditionRef: java-openliberty-deployment-condition
      params:
      - name: event-type
        value: $(params.event-type)
      - name: event-ref
        value: $(params.event-ref)
    name: deploy-task
    resources:
      inputs:
      - from:
        - build-push-task
        name: git-source
        resource: git-source
      - name: docker-image
        resource: docker-image
    runAfter:
    - image-scan-task
    taskRef:
      name: java-openliberty-deploy-task

apiVersion: tekton.dev/v1alpha1
kind: Task
metadata:
  annotations:
    manifestival: new
  creationTimestamp: "2020-03-20T19:54:16Z"
  generation: 1
  name: java-openliberty-build-push-task
  namespace: kabanero
  ownerReferences:
  - apiVersion: kabanero.io/v1alpha2
    controller: false
    kind: Stack
    name: java-openliberty
    uid: c75dd594-04c7-4c69-b4f6-09f7bdea1043
  resourceVersion: "326644"
  selfLink: /apis/tekton.dev/v1alpha1/namespaces/kabanero/tasks/java-openliberty-build-push-task
  uid: 66476d41-c973-4289-902e-b4c7761d8c6d
spec:
  inputs:
    resources:
    - name: git-source
      type: git
  outputs:
    resources:
    - name: docker-image
      type: image
    - name: git-source
      type: git
  steps:
  - args:
    - -c
    - "#logic to make docker image image_name as lowercase\n#example input docker-image-url=image-registry.openshift-image-registry.svc:5000/kabanero/appsodyMPversion:abcDEF\n#
      Then output should be = image-registry.openshift-image-registry.svc:5000/kabanero/appsodympversion:abcDEF\n\necho
      \"OUTPUTS_RESOURCE_DOCKER_IMAGE_URL=\\$( echo \\$(outputs.resources.docker-image.url)
      ) \" > imageurl_imagename_lowercase.sh\n\n# we cut the string with last occurance
      of '/' to get image name and tag as secondHalf of URL\necho \"firstHalfURL=\\$(echo
      \\$OUTPUTS_RESOURCE_DOCKER_IMAGE_URL | rev | cut -d\\\"/\\\" -f2- | rev)\"  >>
      imageurl_imagename_lowercase.sh\necho \"secondHalfURL=\\$(echo \\$OUTPUTS_RESOURCE_DOCKER_IMAGE_URL
      | rev | cut -d\\\"/\\\" -f1 | rev)\" >>  imageurl_imagename_lowercase.sh\n\n#Conditional
      check if ':' is present in 'secondHalfURL'. \n#for ex - secondHalfURL=appsodympversion:abcDEF\necho
      \"if [[ \\$secondHalfURL == *\\\":\\\"* ]]; then\" >> imageurl_imagename_lowercase.sh\necho
      \"  imagename=\\$(cut -d ':' -f 1 <<< \\\"\\$secondHalfURL\\\" )\" >> imageurl_imagename_lowercase.sh\necho
      \"  imagename_lowercase=\\$(echo \\$imagename |  tr '[:upper:]' '[:lower:]')\"
      >> imageurl_imagename_lowercase.sh\necho \"  tagname=\\$(cut -d ':' -f 2- <<<
      \\\"\\$secondHalfURL\\\" )\" >> imageurl_imagename_lowercase.sh\necho \"  OUTPUTS_RESOURCE_DOCKER_IMAGE_URL_LOWERCASE=\\$firstHalfURL/\\$imagename_lowercase:\\$tagname\"
      >> imageurl_imagename_lowercase.sh\n#conditional check for ex - secondHalfURL=appsodympversion:abcDEF\necho
      \"else\" >> imageurl_imagename_lowercase.sh\necho \"  imagename=\\$secondHalfURL\"
      >> imageurl_imagename_lowercase.sh\necho \"  imagename_lowercase=\\$(echo \\$imagename
      |  tr '[:upper:]' '[:lower:]')\" >> imageurl_imagename_lowercase.sh\necho \"
      \ OUTPUTS_RESOURCE_DOCKER_IMAGE_URL_LOWERCASE=\\$firstHalfURL/\\$imagename_lowercase\"
      >> imageurl_imagename_lowercase.sh\necho \"fi\" >> imageurl_imagename_lowercase.sh
      \necho \"echo \\\"\\$OUTPUTS_RESOURCE_DOCKER_IMAGE_URL_LOWERCASE\\\" \" >>  imageurl_imagename_lowercase.sh\n\nchmod
      755 imageurl_imagename_lowercase.sh\n"
    command:
    - /bin/bash
    env:
    - name: gitsource
      value: git-source
    image: appsody/appsody-buildah:0.5.8-buildah1.9.0
    name: imagename-lowercase
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /var/lib/containers
      name: varlibcontainers
  - args:
    - -c
    - "echo \"Configmap value for DEFAULT_STACK_IMAGE_REGISTRY_URL=$DEFAULT_STACK_IMAGE_REGISTRY_URL\"\n\nif
      [ -z \"$DEFAULT_STACK_IMAGE_REGISTRY_URL\" ]\nthen\n    echo \"DEFAULT_STACK_IMAGE_REGISTRY_URL
      not configured in a config map.  Look for the stack registry info in the .appsody-cfg
      file.\"\n    APPSODY_CONFIG=\".appsody-config.yaml\"\n    \n    # Default the
      stack registry to docker.io\n    STACK_IMAGE_REGISTRY_URL=\"docker.io\"\n\n
      \   cd /workspace/$gitsource\n    \n    if [ ! -f \"$APPSODY_CONFIG\" ]; then\n
      \       echo \"$APPSODY_CONFIG is not found in the root of the source directory.\"\n
      \   else\n        # Find the value for \"stack:\" from the appsody config file
      and assign it to the variable 'stack'\n        declare $( awk '{if ($1 ~ \"stack:\"){printf
      \"STACK=\"$2}}'  $APPSODY_CONFIG )\n        if [ -z \"$STACK\" ]; then\n          echo
      \"$APPSODY_CONFIG does not contain a stack definition.\"\n        fi\n    fi\n\n
      \   # The stack registry may or may not be in the appsody-cfg.yaml file\n    #
      If it's there the format should be like registry/project/name:version\n    #
      It could also just be project/name:version.\n    # Try to determine if the registry
      is there and if it is, parse it out\n    NUM_SLASHES=$(awk -F\"/\" '{print NF-1}'
      <<< \"${STACK}\")\n    if [ \"$NUM_SLASHES\" = 1 ]; then\n        echo \"No
      stack registry specified in $APPSODY_CONFIG. Using docker.io as the stack registry.\"\n
      \   elif [ \"$NUM_SLASHES\" = 2 ]; then\n        STACK_IMAGE_REGISTRY_URL=\"$(echo
      $STACK | cut -d'/' -f1)\"\n        echo \"Stack registry specified in $APPSODY_CONFIG
      as $STACK_IMAGE_REGISTRY_URL.  Using this as the stack registry.\"\n    else\n
      \       echo \"Unexpeted format for stack in APPSODY_CONFIG. Using docker.io
      as the stack registry\"\n    fi\nelse\n    echo \"Using stack image registry
      url setup by user in configmap as $DEFAULT_STACK_IMAGE_REGISTRY_URL\"\n    STACK_IMAGE_REGISTRY_URL=$DEFAULT_STACK_IMAGE_REGISTRY_URL\nfi\n\necho
      \"Looking for stack registry at $STACK_IMAGE_REGISTRY_URL.\"\n\nif [[ ( -z \"$DEFAULT_STACK_IMAGE_REGISTRY_SECRET_USERNAME\"
      ) || ( -z \"$DEFAULT_STACK_IMAGE_REGISTRY_SECRET_PASSWORD\" ) ]]\nthen\n    echo
      \"DEFAULT_STACK_IMAGE_REGISTRY_SECRET_USERNAME or DEFAULT_STACK_IMAGE_REGISTRY_SECRET_PASSWORD
      is empty.  Assumption is authentication to the registry is not required.\"\n\n
      \   if [[ \"$STACK_IMAGE_REGISTRY_URL\" == *\"$internal_stack_registry_string\"*
      \ ]];then\n       echo \"Creating the certificate for STACK_IMAGE_REGISTRY_URL=$STACK_IMAGE_REGISTRY_URL\"\n
      \      #Creating a cert for the internal image registry url\n       echo \"The
      STACK_IMAGE_REGISTRY_URL is internal registry =$STACK_IMAGE_REGISTRY_URL\"\n
      \      echo \"HOST=$STACK_IMAGE_REGISTRY_URL\" > cert-creation.sh\n       echo
      \"sudo mkdir -p /etc/docker/certs.d/\\${HOST}\" >> cert-creation.sh\n       echo
      \"openssl s_client -connect \\${HOST} -servername \\${HOST} 2>/dev/null </dev/null
      | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/docker/certs.d/\\${HOST}/ca.crt\"
      >> cert-creation.sh\n\n       chmod 755 cert-creation.sh\n       ./cert-creation.sh\n
      \   fi       \nelse\n    echo \"Secrets are provided to login to stack registry\"\n
      \   echo \"Creating the certificate for STACK_IMAGE_REGISTRY_URL=$STACK_IMAGE_REGISTRY_URL\"\n
      \   #Creating a cert for authentication of buildah login of the DEFAULT_STACK_IMAGE_REGISTRY_URL
      registry url\n    echo \"HOST=$STACK_IMAGE_REGISTRY_URL\" > cert-creation.sh\n
      \   echo \"sudo mkdir -p /etc/docker/certs.d/\\${HOST}\" >> cert-creation.sh\n
      \   echo \"openssl s_client -connect \\${HOST} -servername \\${HOST} 2>/dev/null
      </dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee
      -a /etc/docker/certs.d/\\${HOST}/ca.crt\" >> cert-creation.sh\n    echo \"buildah
      login -u $DEFAULT_STACK_IMAGE_REGISTRY_SECRET_USERNAME -p $DEFAULT_STACK_IMAGE_REGISTRY_SECRET_PASSWORD
      \\${HOST}\" >> cert-creation.sh\n    \n    echo \"Creating certificates and
      logging into the registry.\"\n    chmod 755 cert-creation.sh\n    ./cert-creation.sh\nfi\n\ncd
      /workspace/$gitsource\n\nOUTPUTS_RESOURCE_DOCKER_IMAGE_URL_LOWERCASE=$( echo
      $( /workspace/imageurl_imagename_lowercase.sh ) )\necho \"OUTPUTS_RESOURCE_DOCKER_IMAGE_URL_LOWERCASE=$OUTPUTS_RESOURCE_DOCKER_IMAGE_URL_LOWERCASE\"\n\nappsody
      build -t \"$OUTPUTS_RESOURCE_DOCKER_IMAGE_URL_LOWERCASE\" --buildah --buildah-options
      \"--format=docker\" --stack-registry \"$STACK_IMAGE_REGISTRY_URL\"\necho \"Copying
      the generated app-deploy.yaml file from input to the output to pass the file
      to the next task when this task is used in deploy pipeline\"\ncp app-deploy.yaml
      $(outputs.resources.git-source.path)\n"
    command:
    - /bin/bash
    env:
    - name: gitsource
      value: git-source
    - name: internal_stack_registry_string
      value: image-registry.openshift-image-registry.svc:5000
    - name: DEFAULT_STACK_IMAGE_REGISTRY_URL
      valueFrom:
        configMapKeyRef:
          key: default-stack-image-registry-url
          name: stack-image-registry-map
          optional: true
    - name: DEFAULT_STACK_IMAGE_REGISTRY_SECRET_USERNAME
      valueFrom:
        secretKeyRef:
          key: username
          name: default-stack-image-registry-secret
          optional: true
    - name: DEFAULT_STACK_IMAGE_REGISTRY_SECRET_PASSWORD
      valueFrom:
        secretKeyRef:
          key: password
          name: default-stack-image-registry-secret
          optional: true
    image: appsody/appsody-buildah:0.5.8-buildah1.9.0
    name: build
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /var/lib/containers
      name: varlibcontainers
    - mountPath: /config
      name: config-volume
    - mountPath: /etc/secret-volume
      name: secret-volume
  - args:
    - -c
    - |2

      OUTPUTS_RESOURCE_DOCKER_IMAGE_URL_LOWERCASE=$( echo $( /workspace/imageurl_imagename_lowercase.sh ) )
      echo "OUTPUTS_RESOURCE_DOCKER_IMAGE_URL_LOWERCASE=$OUTPUTS_RESOURCE_DOCKER_IMAGE_URL_LOWERCASE"

      buildah push --tls-verify=false "$OUTPUTS_RESOURCE_DOCKER_IMAGE_URL_LOWERCASE" "docker://$OUTPUTS_RESOURCE_DOCKER_IMAGE_URL_LOWERCASE"
    command:
    - /bin/bash
    env:
    - name: gitsource
      value: git-source
    image: appsody/appsody-buildah:0.5.8-buildah1.9.0
    name: push
    securityContext:
      privileged: true
    volumeMounts:
    - mountPath: /var/lib/containers
      name: varlibcontainers
  volumes:
  - emptyDir: {}
    name: varlibcontainers
  - configMap:
      name: stack-image-registry-map
      optional: true
    name: config-volume
  - name: secret-volume
    secret:
      optional: true
      secretName: default-stack-image-registry-secret

Also, are there any suspicious logs from the controller while this the pipeline is running?

Searching for errors, I found this log:

{"level":"error","logger":"tekton.taskrun-controller","caller":"controller/controller.go:350","msg":"Reconcile error","knative.dev/controller":"taskrun-controller","error":"1 error occurred:\n\t* Operation cannot be fulfilled on taskruns.tekton.dev \"java-openliberty-build-deploy-pl-run-5x2sp-build-push-tas-wxzcf\": the object has been modified; please apply your changes to the latest version and try again\n\n","stacktrace":"knative.dev/pkg/controller.(*Impl).handleErr\n\t/go/src/github.com/tektoncd/pipeline/vendor/knative.dev/pkg/controller/controller.go:350\nknative.dev/pkg/controller.(*Impl).processNextWorkItem\n\t/go/src/github.com/tektoncd/pipeline/vendor/knative.dev/pkg/controller/controller.go:336\nknative.dev/pkg/controller.(*Impl).Run.func1\n\t/go/src/github.com/tektoncd/pipeline/vendor/knative.dev/pkg/controller/controller.go:285"}

I'm curious if you're using image output resources anywhere. We did have a bug that was fixed in 0.10.2 where the imagedigestexporter caused a panic in the controller, which in turn caused steps to disappear from the reported statuses. Here's the issue where that was reported: #2220

The build-push-task does have output images:

  - name: build-push-task
    resources:
      inputs:
      - name: git-source
        resource: git-source
      outputs:
      - name: docker-image
        resource: docker-image
      - name: git-source
        resource: git-source

However, from the controller logs, it looks like the PipelineRun executed without a panic.