Skip to content

Don't hard-code default main image tag#225

Open
mclasmeier wants to merge 16 commits into
mainfrom
mc/remove-default-main-tag
Open

Don't hard-code default main image tag#225
mclasmeier wants to merge 16 commits into
mainfrom
mc/remove-default-main-tag

Conversation

@mclasmeier

@mclasmeier mclasmeier commented Jun 29, 2026

Copy link
Copy Markdown
Collaborator

Remove hard-coded default main image tag

Replace the hard-coded defaultMainImageTag fallback (previously 4.9.2 / 4.10.1 in e2e) with dynamic lookup: query the GitHub releases API for the latest stable stackrox tags, then verify the corresponding main image is pullable on quay.io. This eliminates the need to manually bump the fallback tag on every ACS release (#91).

Changes

  • stackroxversions.LookupLatestReleaseTagsViaGitHub — fetches recent releases from GitHub, filters to stable semver tags, returns the top (approx., not guaranteed) N sorted by version
  • helpers.LookupLatestTag — iterates candidate tags and verifies image existence on the registry, skipping 404s
  • ocihelper.Keychain — custom multi-keychain that checks REGISTRY_USERNAME/REGISTRY_PASSWORD env vars before falling back to the Docker config, so go-containerregistry calls respect the same credentials as the rest of roxie. Needed for verify-image checks against the main image to work.
  • constants package — extracts DefaultRegistry, GitHubStackroxRepo, and REGISTRY_* env var names
  • VerifyImageExistence — now retries on 429/503
  • E2E tests — use LookupLatestTag instead of a hard-coded fallback

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review Change Stack

Warning

Review limit reached

@mclasmeier, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 21 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Enterprise

Run ID: 057cadd1-2343-467c-a628-e69cd86be9c8

📥 Commits

Reviewing files that changed from the base of the PR and between 178a46a and c3f1d5d.

📒 Files selected for processing (14)
  • cmd/deploy.go
  • internal/constants/registries.go
  • internal/deployer/acs_images.go
  • internal/deployer/operator.go
  • internal/deployer/operator_olm.go
  • internal/dockerauth/dockerauth.go
  • internal/helpers/tag.go
  • internal/helpers/tag_integration_test.go
  • internal/ocihelper/keychain.go
  • internal/ocihelper/ocihelper.go
  • internal/stackroxversions/release_tag.go
  • internal/stackroxversions/release_tag_integration_test.go
  • tests/e2e/e2e_test.go
  • tests/e2e/helpers.go
📝 Walkthrough

Walkthrough

Adds shared registry and environment constants, dynamic GitHub release-tag lookup, context-aware main image tag resolution with registry verification, registry/auth keychain updates, deployer registry substitutions, and e2e/deploy wiring to resolve tags at runtime.

Changes

Dynamic latest tag lookup and registry wiring

Layer / File(s) Summary
Shared constants and release tag client
internal/constants/registries.go, internal/stackroxversions/release_tag.go, internal/stackroxversions/release_tag_integration_test.go
Adds registry and repository constants, fetches GitHub release tags, filters stable semver versions, sorts them, and returns up to atMost tags with integration coverage.
Latest main image tag lookup
internal/helpers/tag.go, internal/helpers/tag_integration_test.go
LookupMainImageTag now accepts context.Context and falls back to LookupLatestTag, which checks candidate registry images until one verifies; integration tests cover the live lookup and 404 behavior.
Registry auth and image existence checks
internal/dockerauth/dockerauth.go, internal/ocihelper/keychain.go, internal/ocihelper/ocihelper.go
Registry credentials use shared environment constants, a new env-first keychain is introduced, and image existence/local pull checks use that keychain with retry handling.
Deployer registry substitutions
internal/deployer/acs_images.go, internal/deployer/operator.go, internal/deployer/operator_olm.go
Hardcoded quay.io/rhacs-eng image references are replaced with constants.DefaultRegistry for ACS images, image content source policy mirrors, and the operator index image.
Deploy command and e2e tag lookup
cmd/deploy.go, tests/e2e/e2e_test.go, tests/e2e/helpers.go
runDeploy creates its timeout context before tag resolution and reuses it later, while e2e startup resolves MAIN_IMAGE_TAG dynamically and removes the fixed default tag constant.

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

  • stackrox/roxie#204: Updates cmd/deploy.go’s context reuse and internal/deployer/acs_images.go registry/image-reference construction.
  • stackrox/roxie#204: Shares the same deploy/image-reference flow touched by the new dynamic tag lookup path.

Suggested reviewers

  • AlexVulaj
  • porridge

Poem

🐇 I hopped through GitHub’s tag-lined gate,
Sniffed out the freshest build toేట్—
With context set and registries neat,
The mirror paths now match their feet.
No dusty default tag remains;
A lively latest image reigns.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 20.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Title check ✅ Passed The title clearly matches the main change: removing the hard-coded default main image tag.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch mc/remove-default-main-tag

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Nitpick comments (1)
internal/stackroxversions/release_tag_integration_test.go (1)

18-25: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Assert the stable/sorted contract, not just “non-empty”.

Right now this passes as long as GitHub returns anything. A regression in prerelease filtering or descending semver ordering would slip through unnoticed. Please validate that every returned tag is a stable semantic version and that the slice is sorted newest-first.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/stackroxversions/release_tag_integration_test.go` around lines 18 -
25, The test for LookupLatestReleaseTagsViaGitHub currently only checks that
tags are non-empty, so it misses regressions in prerelease filtering and sort
order. Update the assertions to verify every returned tag is a stable semantic
version (no prerelease tags) and that the slice is ordered newest-first by
semver, using the existing test logic in release_tag_integration_test to inspect
the returned tags.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/helpers/tag_integration_test.go`:
- Around line 21-33: The test is reusing the same timeout context for both
LookupLatestTag and the final remote.Head pullability check, which can make the
second assertion flaky when the lookup consumes most of the deadline. In
internal/helpers/tag_integration_test.go, keep the existing context for
LookupLatestTag, then create a fresh context with its own timeout just before
calling remote.Head in the tag integration test, and use that new context for
the pullability check while still deferring its cancel.

In `@internal/helpers/tag.go`:
- Around line 54-58: The tag selection loop in find the first existing image
currently treats every VerifyImageExistence failure as “missing” and falls
through to older tags. Update the logic around ocihelper.VerifyImageExistence in
internal/helpers/tag.go so only a 404/not-found response is ignored as a missing
tag, while auth, rate-limit, and transport errors are returned immediately. Use
the existing tag iteration and mainImage check to keep the behavior of selecting
the first valid tag, but fail fast on any non-404 error.

In `@internal/stackroxversions/release_tag.go`:
- Around line 30-31: Add an early argument check in
LookupLatestReleaseTagsViaGitHub so non-positive atMost values are rejected
before any GitHub request or slice allocation happens. The fix should validate
at the API boundary, return an error immediately for atMost <= 0, and prevent
invalid values from reaching fetchLatestGitHubReleases or the min-based sizing
logic used when building the result slice.

In `@tests/e2e/helpers.go`:
- Around line 33-41: The defaultMainImageTag IIFE is performing network I/O and
can panic during package initialization, which can abort the e2e binary before
tests start. Move the latest-tag resolution out of package init in helpers.go,
and make the tag lookup happen lazily at test/runtime (or only when no override
is provided) through a helper used by the e2e entry points. Keep the
defaultMainImageTag symbol as a fallback value, but avoid calling
helpers.LookupLatestTag and panic from the init path.

---

Nitpick comments:
In `@internal/stackroxversions/release_tag_integration_test.go`:
- Around line 18-25: The test for LookupLatestReleaseTagsViaGitHub currently
only checks that tags are non-empty, so it misses regressions in prerelease
filtering and sort order. Update the assertions to verify every returned tag is
a stable semantic version (no prerelease tags) and that the slice is ordered
newest-first by semver, using the existing test logic in
release_tag_integration_test to inspect the returned tags.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Enterprise

Run ID: cff3f84f-0f5f-4c18-8868-2b3c51e7eeaf

📥 Commits

Reviewing files that changed from the base of the PR and between 189e745 and 76cbe6a.

📒 Files selected for processing (10)
  • cmd/deploy.go
  • internal/constants/registries.go
  • internal/deployer/acs_images.go
  • internal/deployer/operator.go
  • internal/deployer/operator_olm.go
  • internal/helpers/tag.go
  • internal/helpers/tag_integration_test.go
  • internal/stackroxversions/release_tag.go
  • internal/stackroxversions/release_tag_integration_test.go
  • tests/e2e/helpers.go

Comment thread internal/helpers/tag_integration_test.go Outdated
Comment thread internal/helpers/tag.go
Comment thread internal/stackroxversions/release_tag.go
Comment thread tests/e2e/helpers.go Outdated
@mclasmeier mclasmeier force-pushed the mc/remove-default-main-tag branch from 76cbe6a to 178a46a Compare June 30, 2026 08:17
@mclasmeier mclasmeier changed the title Mc/remove default main tag Don't hard-code default main image tag Jun 30, 2026
@mclasmeier mclasmeier force-pushed the mc/remove-default-main-tag branch from 178a46a to 4b31e13 Compare June 30, 2026 08:24

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
internal/helpers/tag_integration_test.go (1)

33-38: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Reuse ocihelper.VerifyImageExistence for the final pullability check.

LookupLatestTag verifies candidates through ocihelper.VerifyImageExistence, but this assertion switches back to raw remote.Head with authn.DefaultKeychain. That can false-fail in env-only auth setups and bypasses the new 429/503 retry behavior in internal/ocihelper/ocihelper.go.

Possible fix
-	ref, err := name.ParseReference(imageRef)
-	require.NoError(t, err)
-
-	_, err = remote.Head(ref, remote.WithContext(ctx), remote.WithAuthFromKeychain(authn.DefaultKeychain))
+	err = ocihelper.VerifyImageExistence(ctx, log, imageRef)
 	require.NoError(t, err, "image %s is not pullable", imageRef)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/helpers/tag_integration_test.go` around lines 33 - 38, The final
pullability assertion in the tag integration test should reuse
ocihelper.VerifyImageExistence instead of calling remote.Head directly. Update
the check in the test around the image reference built from
constants.DefaultRegistry and tag so it exercises the same helper used by
LookupLatestTag, preserving env-only auth handling and the retry behavior for
429/503 responses. Keep the existing reference flow with name.ParseReference,
but replace the raw remote.Head assertion with the helper-based existence
verification.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/ocihelper/keychain.go`:
- Around line 17-21: The env-based registry auth in envKeychain.Resolve should
not treat partial credentials as anonymous; update Resolve to validate the
EnvRegistryUsername and EnvRegistryPassword pair the same way as
dockerauth.NewKeychain does in internal/dockerauth/dockerauth.go. If only one
env var is set, return an explicit error instead of authn.Anonymous so
NewMultiKeychain cannot fall through to the Docker keychain; keep the anonymous
fallback only when both values are empty.

In `@tests/e2e/e2e_test.go`:
- Around line 52-55: The lookupLatestTag live lookup path is still using a
30-second context timeout, which is too short for GitHub plus registry HEAD
checks and the retry behavior in VerifyImageExistence. Update lookupLatestTag to
use a longer timeout consistent with the integration test’s 2-minute budget, and
keep the timeout creation/cancel pattern in place so the e2e startup path is
less flaky under throttling.
- Around line 23-31: The startup logic in main currently calls lookupLatestTag()
before checking whether MAIN_IMAGE_TAG is already set, so the override is
ignored and network failures can still abort the suite. Update the main setup
flow to check os.Getenv("MAIN_IMAGE_TAG") first and only call lookupLatestTag()
inside the unset branch, then set the environment variable from that result;
keep the existing error handling around lookupLatestTag() in the same main path.

---

Outside diff comments:
In `@internal/helpers/tag_integration_test.go`:
- Around line 33-38: The final pullability assertion in the tag integration test
should reuse ocihelper.VerifyImageExistence instead of calling remote.Head
directly. Update the check in the test around the image reference built from
constants.DefaultRegistry and tag so it exercises the same helper used by
LookupLatestTag, preserving env-only auth handling and the retry behavior for
429/503 responses. Keep the existing reference flow with name.ParseReference,
but replace the raw remote.Head assertion with the helper-based existence
verification.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Enterprise

Run ID: eea94f72-f22c-41c5-ac41-2b6ac89c25d7

📥 Commits

Reviewing files that changed from the base of the PR and between 76cbe6a and 178a46a.

📒 Files selected for processing (9)
  • internal/constants/registries.go
  • internal/dockerauth/dockerauth.go
  • internal/helpers/tag.go
  • internal/helpers/tag_integration_test.go
  • internal/ocihelper/keychain.go
  • internal/ocihelper/ocihelper.go
  • internal/stackroxversions/release_tag.go
  • tests/e2e/e2e_test.go
  • tests/e2e/helpers.go
🚧 Files skipped from review as they are similar to previous changes (2)
  • internal/helpers/tag.go
  • internal/stackroxversions/release_tag.go

Comment thread internal/ocihelper/keychain.go
Comment thread tests/e2e/e2e_test.go Outdated
Comment thread tests/e2e/e2e_test.go
@mclasmeier

Copy link
Copy Markdown
Collaborator Author

@coderabbitai, fresh review please, resolve previous comments, if addressed.

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

repo="stackrox/roxie"
pr_number="225"

echo "== PR files changed =="
gh pr view "$pr_number" --repo "$repo" --json files --jq '.files[].path'

echo
echo "== Unresolved review threads on PR =="
gh api graphql \
  -F owner="stackrox" \
  -F name="roxie" \
  -F number="$pr_number" \
  -f query='
query($owner: String!, $name: String!, $number: Int!) {
  repository(owner: $owner, name: $name) {
    pullRequest(number: $number) {
      reviewThreads(first: 100) {
        nodes {
          id
          isResolved
          isOutdated
          path
          line
          comments(first: 20) {
            nodes {
              id
              author { login }
              body
              createdAt
              url
            }
          }
        }
      }
    }
  }
}' | jq -r '
  .data.repository.pullRequest.reviewThreads.nodes[]
  | select(.isResolved == false)
  | {
      id,
      isOutdated,
      path,
      line,
      comments: [.comments.nodes[] | {author: .author.login, body: .body, url}]
    }
'

echo
echo "== Unresolved CodeRabbit-authored threads only =="
gh api graphql \
  -F owner="stackrox" \
  -F name="roxie" \
  -F number="$pr_number" \
  -f query='
query($owner: String!, $name: String!, $number: Int!) {
  repository(owner: $owner, name: $name) {
    pullRequest(number: $number) {
      reviewThreads(first: 100) {
        nodes {
          id
          isResolved
          isOutdated
          path
          line
          comments(first: 20) {
            nodes {
              id
              author { login }
              body
              createdAt
              url
            }
          }
        }
      }
    }
  }
}' | jq -r '
  .data.repository.pullRequest.reviewThreads.nodes[]
  | select(.isResolved == false)
  | select(any(.comments.nodes[]; .author.login == "coderabbitai"))
  | "THREAD_ID=\(.id)\nPATH=\(.path)\nLINE=\(.line)\nOUTDATED=\(.isOutdated)\n" +
    (
      [.comments.nodes[]
       | "- AUTHOR=\(.author.login)\n  URL=\(.url)\n  BODY=\(.body|gsub("\r";"")|gsub("\n";"\n    "))"
      ] | join("\n")
    ) + "\n---"
'

Length of output: 27377


🏁 Script executed:

#!/bin/bash
set -euo pipefail

repo="stackrox/roxie"
pr_number="225"

echo "== Relevant current code snippets =="
echo
echo "-- internal/helpers/tag_integration_test.go --"
nl -ba internal/helpers/tag_integration_test.go | sed -n '1,120p'

echo
echo "-- tests/e2e/helpers.go --"
nl -ba tests/e2e/helpers.go | sed -n '1,140p'

echo
echo "-- tests/e2e/e2e_test.go --"
nl -ba tests/e2e/e2e_test.go | sed -n '1,120p'

echo
echo "== Resolving outdated CodeRabbit threads only =="
for thread_id in \
  PRRT_kwDOPn6LOs6NBGby \
  PRRT_kwDOPn6LOs6NBGcL
do
  echo "Resolving $thread_id"
  gh api graphql \
    -f query='
mutation($threadId: ID!) {
  resolveReviewThread(input: {threadId: $threadId}) {
    thread { id isResolved isOutdated path }
  }
}' \
    -F threadId="$thread_id"
done

echo
echo "== Remaining unresolved CodeRabbit-authored threads =="
gh api graphql \
  -F owner="stackrox" \
  -F name="roxie" \
  -F number="$pr_number" \
  -f query='
query($owner: String!, $name: String!, $number: Int!) {
  repository(owner: $owner, name: $name) {
    pullRequest(number: $number) {
      reviewThreads(first: 100) {
        nodes {
          id
          isResolved
          isOutdated
          path
          line
          comments(first: 20) {
            nodes {
              author { login }
              body
              url
            }
          }
        }
      }
    }
  }
}' | jq -r '
  .data.repository.pullRequest.reviewThreads.nodes[]
  | select(.isResolved == false)
  | select(any(.comments.nodes[]; .author.login == "coderabbitai"))
  | "THREAD_ID=\(.id) PATH=\(.path) LINE=\(.line) OUTDATED=\(.isOutdated)\nURL=\(.comments.nodes[0].url)\n"
'

Length of output: 2100


🏁 Script executed:

#!/bin/bash
set -euo pipefail

repo="stackrox/roxie"
pr_number="225"

echo "== Relevant current code snippets =="
echo
echo "-- internal/helpers/tag_integration_test.go --"
cat -n internal/helpers/tag_integration_test.go | sed -n '1,120p'

echo
echo "-- tests/e2e/helpers.go --"
cat -n tests/e2e/helpers.go | sed -n '1,140p'

echo
echo "-- tests/e2e/e2e_test.go --"
cat -n tests/e2e/e2e_test.go | sed -n '1,120p'

echo
echo "== Resolving outdated CodeRabbit threads only =="
for thread_id in \
  PRRT_kwDOPn6LOs6NBGby \
  PRRT_kwDOPn6LOs6NBGcL
do
  echo "Resolving $thread_id"
  gh api graphql \
    -f query='
mutation($threadId: ID!) {
  resolveReviewThread(input: {threadId: $threadId}) {
    thread { id isResolved isOutdated path }
  }
}' \
    -F threadId="$thread_id"
done

echo
echo "== Remaining unresolved CodeRabbit-authored threads =="
gh api graphql \
  -F owner="stackrox" \
  -F name="roxie" \
  -F number="$pr_number" \
  -f query='
query($owner: String!, $name: String!, $number: Int!) {
  repository(owner: $owner, name: $name) {
    pullRequest(number: $number) {
      reviewThreads(first: 100) {
        nodes {
          id
          isResolved
          isOutdated
          path
          line
          comments(first: 20) {
            nodes {
              author { login }
              url
            }
          }
        }
      }
    }
  }
}' | jq -r '
  .data.repository.pullRequest.reviewThreads.nodes[]
  | select(.isResolved == false)
  | select(any(.comments.nodes[]; .author.login == "coderabbitai"))
  | "THREAD_ID=\(.id) PATH=\(.path) LINE=\(.line) OUTDATED=\(.isOutdated)\nURL=\(.comments.nodes[0].url)\n---"
'

Length of output: 11588


@mclasmeier I re-checked the previous threads.

  • Two older comments are now outdated/superseded:
    • tests/e2e/helpers.go: the package-init latest-tag lookup is gone.
    • internal/helpers/tag_integration_test.go: that thread is outdated after the test changes.
  • Two comments on tests/e2e/e2e_test.go still look active:
    • Line 23 through Line 31: lookupLatestTag() is still called before honoring MAIN_IMAGE_TAG.
    • Line 54: lookupLatestTag() still uses a 30s timeout.

I also tried to resolve the outdated threads automatically, but GitHub rejected it with Resource not accessible by integration, so I couldn’t mark them resolved from here.

Kicking off a fresh review now.

✅ Action performed

Full review finished.

@mclasmeier mclasmeier force-pushed the mc/remove-default-main-tag branch from 3a9c27a to c3f1d5d Compare June 30, 2026 08:56
@mclasmeier mclasmeier requested a review from porridge June 30, 2026 08:56

@porridge porridge left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall LGTM, some nitpicks and questions inline. Also note the test is failing:

    tag_integration_test.go:38: 
        	Error Trace:	/__w/roxie/roxie/internal/helpers/tag_integration_test.go:38
        	Error:      	Received unexpected error:
        	            	HEAD https://quay.io/v2/rhacs-eng/main/manifests/4.11.0: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
        	Test:       	TestLookupLatestTag_Integration
        	Messages:   	image quay.io/rhacs-eng/main:4.11.0 is not pullable
--- FAIL: TestLookupLatestTag_Integration (1.74s)


func TestVerifyImageExistence_NotFound_Integration(t *testing.T) {
log := logger.New()
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
ctx, cancel := context.WithTimeout(t.Context(), 30*time.Second)


func TestLookupLatestTag_Integration(t *testing.T) {
log := logger.New()
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
ctx, cancel := context.WithTimeout(t.Context(), 2*time.Minute)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should add a modernizer to the CI pipeline...

remote.WithContext(ctx),
remote.WithAuthFromKeychain(authn.DefaultKeychain))
remote.WithAuthFromKeychain(Keychain),
remote.WithRetryStatusCodes(http.StatusTooManyRequests, http.StatusServiceUnavailable))

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if this is enough to retry the many ways quay like to fail in. But I guess if a user needs a reliable operation, they should supply a version 🤷🏻

}

func fetchLatestGitHubReleases(ctx context.Context, atMost int) ([]string, error) {
releasesToFetch := min(100, atMost*10) // Reasonable estimate for how many tags we intend to fetch.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where does the 100 come from?

}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("GitHub API returned status %d", resp.StatusCode)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about a couple retries?

)

func TestLookupLatestReleaseTags_Integration(t *testing.T) {
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
ctx, cancel := context.WithTimeout(t.Context(), 30*time.Second)


t.Log("Latest release tags")
for i, tag := range tags {
t.Logf("%v.: %s", i, tag)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What's the dot after v for? 🤔

Comment thread tests/e2e/e2e_test.go

func lookupLatestTag() (string, error) {
log := logger.New()
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

use t.Context rather than background?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants