feat(RHTAPREL-618): create two repos when pushing to registry.redhat.io

Based on discussion with rbean and jvulgan in Slack, we should actually create two items in ContainerImage.repositories for images pushed to registry.redhat.io. The first one will be the same as for other pushes. The second one will have the registry and repository values converted (see the Python script documentation for more details). The quay.io entry will be used for pulling the image for grading of the image by Clair. Signed-off-by: Martin Malina <[email protected]>
konflux-ci · Oct 31, 2023 · 33426fd · 33426fd
1 parent 6fe50b6
commit 33426fd
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 17 deletions.
diff --git a/pyxis/create_container_image.py b/pyxis/create_container_image.py
@@ -7,7 +7,8 @@
 Our goal is to be able to download images from registry.redhat.io. For that to happen,
 an image needs to be pushed to quay.io/redhat-prod/$PRODUCT----$IMAGE, e.g.
 quay.io/redhat-prod/rhtas-tech-preview----tuf-server-rhel9. When creating
-the Container Image object in Pyxis, the registry needs to be set to
+the Container Image object in Pyxis, we need a second repository item
+under `repositories` where the registry needs to be set to
 registry.access.redhat.com and the repository would be rhtas-tech-preview/tuf-server-rhel9
 in the example above ("----" converted to "/"). This also requires a corresponding
 Container Repository object to exist in Pyxis. This will typically be created as part
@@ -91,9 +92,10 @@ def setup_argparser() -> Any:  # pragma: no cover
     )
     parser.add_argument(
         "--rh-push",
-        help="If set to true, the registry and repository entries in the Pyxis Container "
-        "Image object will be converted to use Red Hat's official registry. E.g. a mapped "
-        "repository of quay.io/redhat-pending/product---my-image will be converted to use "
+        help="If set to true, a second item will be created in ContainerImage.repositories "
+        "with the registry and repository entries converted to use Red Hat's official "
+        "registry. E.g. a mapped repository of "
+        "quay.io/redhat-pending/product---my-image will be converted to use "
         "registry registry.access.redhat.com and repository product/my-image. Also, "
         "the image will be marked as published.",
         default="false",
@@ -167,26 +169,17 @@ def create_container_image(args, parsed_data: Dict[str, Any]):
     # digest isn't accepted in the parsed_data payload to pyxis
     del parsed_data["digest"]
 
-    if args.rh_push == "false":
-        image_registry = parsed_data["name"].split("/")[0]
-        image_repo = parsed_data["name"].split("/", 1)[1]
-        published = False
-    else:
-        image_registry = "registry.access.redhat.com"
-        # E.g. if the name in the skopeo inspect result is
-        # "quay.io/redhat-prod/rhtas-tech-preview----cosign-rhel9",
-        # image_repo will be "rhtas-tech-preview/cosign-rhel9"
-        image_repo = parsed_data["name"].split("/")[-1].replace("----", "/")
-        published = True
-
+    image_name = parsed_data["name"]
+    image_registry = image_name.split("/")[0]
+    image_repo = image_name.split("/", 1)[1]
     # name isn't accepted in the parsed_data payload to pyxis
     del parsed_data["name"]
 
     upload_url = urljoin(args.pyxis_url, "v1/images")
     container_image_payload = {
         "repositories": [
             {
-                "published": published,
+                "published": False,
                 "registry": image_registry,
                 "repository": image_repo,
                 "push_date": date_now,
@@ -215,6 +208,18 @@ def create_container_image(args, parsed_data: Dict[str, Any]):
     digest_field = get_digest_field(args.media_type)
     container_image_payload["repositories"][0][digest_field] = docker_image_digest
 
+    # For images released to registry.redhat.io we need a second repository item
+    # with published=true and registry and repository converted.
+    # E.g. if the name in the skopeo inspect result is
+    # "quay.io/redhat-prod/rhtas-tech-preview----cosign-rhel9",
+    # repository will be "rhtas-tech-preview/cosign-rhel9"
+    if args.rh_push == "true":
+        repo = container_image_payload["repositories"][0].copy()
+        repo["published"] = True
+        repo["registry"] = "registry.access.redhat.com"
+        repo["repository"] = image_name.split("/")[-1].replace("----", "/")
+        container_image_payload["repositories"].append(repo)
+
     rsp = pyxis.post(upload_url, container_image_payload).json()
 
     # Make sure container metadata was successfully added to Pyxis

diff --git a/pyxis/test_create_container_image.py b/pyxis/test_create_container_image.py
@@ -209,6 +209,19 @@ def test_create_container_image_rh_push(
         mock_pyxis_url + "v1/images",
         {
             "repositories": [
+                {
+                    "published": False,
+                    "registry": "quay.io",
+                    "repository": "redhat-pending/some-product----some-image",
+                    "push_date": "1970-10-10T10:10:10.000000+00:00",
+                    "tags": [
+                        {
+                            "added_date": "1970-10-10T10:10:10.000000+00:00",
+                            "name": "some_version",
+                        }
+                    ],
+                    "digest_field": "some_digest",
+                },
                 {
                     "published": True,
                     "registry": "registry.access.redhat.com",