add MCP container healthiness test to be used on Konflux.

[alexxa]

Last time there was the strong feedback ~"no scripts included in pipelines/tasks". Keeping that in mind, let me note that a script in the args section of tasks/mcp-protocol-audit.yaml it is not just "reasonable", but it is arguably the most technically sound approach for the given CI pipeline.

• An MCP server sidecar is a distinct execution environment. By keeping the "plumbing" (pipes and SSH setup) in the YAML, we ensure the sidecar is self-bootstrapping without requiring modifications to the production server image.
• Placing the initialization logic in the YAML allows us to test any version of the server (even older ones) because the "test harness" travels with the Task, not the container image.
• In Tekton, the Task YAML is intended to define the lifecycle of the pod. Since these scripts are purely for environment setup (making the sidecar "talk" to the auditor), they are part of the infrastructure definition, not the application logic.

Sincerely, I tried to move that script out of the sidecar logic, but that would require something like

# Adding an Init Container to "inject" the scripts
  initContainers:
    - name: install-scripts
      image: $(params.qa_image_url) 
      command: ["/bin/sh", "-c"]
      args:
        - |
          cp /usr/local/bin/mcp_server_entrypoint.sh /scripts/
          chmod +x /scripts/mcp_server_entrypoint.sh   # or adding executable bits on the file itself
      volumeMounts:
        - name: scripts-dir
          mountPath: /scripts

  sidecars:
    - name: mcp-server
      image: $(params.image_url) 
      volumeMounts:
        - name: mcp-pipe
          mountPath: /tmp/mcp
        - name: scripts-dir 
          mountPath: /scripts
       .....
      command: ["/scripts/mcp_server_entrypoint.sh"] 

which looks like an overkill at first place, and I didn't go that further to ensure it would work.

After this PR is merged, and the container is renewed on quay.io, the integration test configuration should be updated accordingly, ideally not in Konflux directly where it currently lives nowadays for testing purposes.

[alexxa]

@samdoran here is the example of the successful IntegrationTest run

[samdoran]

Wow, this is pretty crazy. Very impressive work! I do wonder if using HTTP transport would make testing any easier and remove the need to create pipes to interact with the application.

My only other concern is troubleshooting this if there are failures. I somewhat understand it today after reading through it for a bit, but 3-6 months from now I will probably have long forgotten how all the plumbing works.

[samdoran]

I removed wip-server-stability-test-optional and created mcp-server-stability-test in our namespace.