From 75f318a2c5507df94345acf53f6e97401696fabe Mon Sep 17 00:00:00 2001
From: Foivos Zakkak <fzakkak@redhat.com>
Date: Wed, 29 Oct 2025 16:14:30 +0200
Subject: [PATCH] [CI] Ensure artifacts suffix is less than 200 characters

Fixes https://github.com/graalvm/mandrel/issues/902


Co-authored-by: Severin Gehwolf <sgehwolf@redhat.com>
---
 .github/workflows/base-windows.yml | 16 ++++++++++++++--
 .github/workflows/base.yml         | 16 ++++++++++++++--
 2 files changed, 28 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/base-windows.yml b/.github/workflows/base-windows.yml
index ed3de507a11c..b4d7cdd53741 100644
--- a/.github/workflows/base-windows.yml
+++ b/.github/workflows/base-windows.yml
@@ -139,8 +139,20 @@ jobs:
     steps:
     - id: suffix
       run: |
-        export SUFFIX=$(echo '${{ toJson(inputs) }}' | jq -j 'del(."build-stats-tag", ."mandrel-it-issue-number", ."issue-repo", ."issue-number") | to_entries[] | "-\(.value)"' | tr '":<>|*?\\r\n\/' '-')
-        echo $SUFFIX
+        # Build a suffix from inputs but ensure it's safe and has an upper bound on its length (200 characters).
+        SUFFIX_RAW=$(echo '${{ toJson(inputs) }}' | jq -j 'del(."build-stats-tag", ."mandrel-it-issue-number", ."issue-repo", ."issue-number") | to_entries[] | "-\(.value)"')
+        # Replace characters that are unsafe for artifact names with '-'
+        SUFFIX_CLEAN=$(echo "$SUFFIX_RAW" | tr '\":<>|*?\\r\\n\\/' '-' | tr -s '-')
+        # If the cleaned suffix is reasonably short, use it. Otherwise, create a short stable suffix
+        # using the run id and a short hash to guarantee length < 256.
+        MAX_LEN=200
+        if [ $(echo -n "$SUFFIX_CLEAN" | wc -c) -le $MAX_LEN ]; then
+          SUFFIX="$SUFFIX_CLEAN"
+        else
+          HASH=$(echo -n "$SUFFIX_CLEAN" | sha1sum | cut -c1-40)
+          SUFFIX="-run${GITHUB_RUN_ID}-${HASH}"
+        fi
+        echo "$SUFFIX"
         echo "suffix=$SUFFIX" >> $GITHUB_OUTPUT
     - name: Get Quarkus version and test matrix
       id: version
diff --git a/.github/workflows/base.yml b/.github/workflows/base.yml
index 7ca72ff61703..597ca6ab8316 100644
--- a/.github/workflows/base.yml
+++ b/.github/workflows/base.yml
@@ -175,8 +175,20 @@ jobs:
     steps:
     - id: suffix
       run: |
-        export SUFFIX=$(echo '${{ toJson(inputs) }}' | jq -j 'del(."build-stats-tag", ."mandrel-it-issue-number", ."issue-repo", ."issue-number") | to_entries[] | "-\(.value)"' | tr '":<>|*?\r\n\/' '-')
-        echo $SUFFIX
+       # Build a suffix from inputs but ensure it's safe and has an upper bound on its length (200 characters).
+        SUFFIX_RAW=$(echo '${{ toJson(inputs) }}' | jq -j 'del(."build-stats-tag", ."mandrel-it-issue-number", ."issue-repo", ."issue-number") | to_entries[] | "-\(.value)"')
+        # Replace characters that are unsafe for artifact names with '-'
+        SUFFIX_CLEAN=$(echo "$SUFFIX_RAW" | tr '":<>|*?\r\n\/' '-' | tr -s '-')
+        # If the cleaned suffix is reasonably short, use it. Otherwise, create a short stable suffix
+        # using the run id and a short hash to guarantee length < 256.
+        MAX_LEN=200
+        if [ $(echo -n "$SUFFIX_CLEAN" | wc -c) -le $MAX_LEN ]; then
+          SUFFIX="$SUFFIX_CLEAN"
+        else
+          HASH=$(echo -n "$SUFFIX_CLEAN" | sha1sum | cut -c1-40)
+          SUFFIX="-run${GITHUB_RUN_ID}-${HASH}"
+        fi
+        echo "$SUFFIX"
         echo "suffix=$SUFFIX" >> $GITHUB_OUTPUT
         echo "**artifacts-suffix:** ${SUFFIX}" >> $GITHUB_STEP_SUMMARY
     - name: Get Quarkus version and test matrix