spike: wait for image for specific commit

[tommartensen]

Context: https://redhat-internal.slack.com/archives/C05TS9N0S7L/p1765875791688849

[msugakov]

If skopeo inspect here exits with no-zero, it will interrupt the script due to set -euo pipefail.
Demo:

$ foo="$(/bin/false)"
$ echo $?
1

$ foo="$(/bin/true)"
$ echo $?
0

It's possible to assign in if:

#!/usr/bin/env bash

set -euo pipefail

if blah="pre-$(/bin/false)-post"; then
	echo "success"
else
	echo "failure"
fi

echo "blah:|$blah|"

$ ./a.sh
failure
blah:|pre--post|

Not the most elegant but can't offer anything better.
We need a sleep instruction here in case skopeo inspect exited with no-zero.

[msugakov]

1. Note that scanner v2, collector and fact images will have a different commit than the one in the executing stackrox/stackrox pipeline. Therefore, we need an ability to turn off this check for those containers.
2. I suggest adding a short description: here to say what the default thing does and how to turn it off.

[msugakov]

[Subjective] Well, if it's an expected situation, calling it an error could be a bit of a stretch. Error is more for a situation we foresee but don't know how to handle. In this case, we do know how to handle: try wait more.
I suggest also reword to inform user why the script continues waiting.

Suggested change

	>&2 echo "ERROR: The Git reference of the image $(params.IMAGE) does not match the desired Git reference $(params.DESIRED_GIT_REF)."
	>&2 echo "WARNING: The found image $(params.IMAGE)${infos[0]} seems to be built for a different commit (${infos[1]}) than the one expected ($(params.DESIRED_GIT_REF)). This could happen for a tagged build when a git tag was moved and newly-triggered pipelines haven't finished yet. This task will keep waiting for the image with the matching tag to appear."