stackrox · BradLugo · Mar 31, 2026 · Mar 30, 2026
@@ -65,7 +65,7 @@ spec:
     workingDir: /var/workdir/source
     # Blobs for tagged builds are built on GHA in https://github.com/stackrox/scanner.
     # If the task times out, look there to debug.
-    timeout: 1h30m
+    timeout: 2h00m
     # Array params can only be passed via args, see https://github.com/tektoncd/pipeline/blob/main/docs/tasks.md#substituting-array-parameters
     # Attempts to pass that in other places resulted in webhook errors and pipeline not starting.
     args: [ "$(params.TARGET_DIR)", "$(params.BLOBS_TO_FETCH[*])" ]
@@ -86,6 +86,12 @@ spec:
 
       blobs=( "$@" )
 
+      if [[ "${#blobs[@]}" == "0" ]]; then
+        echo "No blobs specified in arguments. Will not download anything."
+        echo "Done"
+        exit 0
+      fi
+
       # Ensure that we download scanner data for a release if this is a tagged build.
       tag="$(git tag --points-at)"
       if [[ -z "${tag}" ]]; then
@@ -97,7 +103,7 @@ spec:
         SCANNER_DATA_VERSION="${tag}"
         RETRY_TIMES=1000
         echo "This is a tagged build. If any download times out, it is probably because the blobs were not published by the GitHub Workflow."
-        echo "The publishing usually takes about 1 hour after the tag is pushed."
+        echo "The publishing usually takes about 1.5 hours and after the tag is pushed."
         echo "Go to https://github.com/stackrox/scanner/actions/workflows/ci.yaml?query=branch%3A${tag} to debug."
         echo "Look for a job called upload-dumps-for-downstream."
       else
@@ -117,10 +123,6 @@ spec:
 
       done
 
-      if [[ "${#blobs[@]}" == "0" ]]; then
-        echo "No blobs specified in arguments. Will not download anything."
-      fi
-
       echo "Done"
 
   - name: create-trusted-artifact