feat(EC-1829): include annotations in OCI referrers response

[joejstuart]

Summary

• Adds annotations field (map[string]string) to the ec.oci.image_referrers Rego builtin response
• Enables Rego policies to access manifest annotations on referrer descriptors, allowing filtering/sorting of duplicate referrers (e.g., by timestamp annotation)
• Uses the existing newAnnotationsTerm() helper, consistent with how annotations are handled in other OCI builtins

Changes

• internal/rego/oci/oci.go: Added annotations to the descriptor type declaration and response building
• internal/rego/oci/oci_test.go: Added annotations field presence assertion and dedicated structural test

Test plan

• All existing TestOCIImageReferrers subtests pass
• New annotations field is an object subtest validates annotations are returned as an object on every descriptor
• Full internal/rego/oci unit test suite passes with no regressions

Jira: EC-1829

🤖 Generated with Claude Code

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Enterprise

Run ID: 7ffffc41-72d2-4afe-883b-b75f577aecda

📥 Commits

Reviewing files that changed from the base of the PR and between ec5199c and 55d4fbf.

📒 Files selected for processing (3)

• docs/modules/ROOT/pages/ec_oci_image_referrers.adoc
• internal/rego/oci/oci.go
• internal/rego/oci/oci_test.go

✅ Files skipped from review due to trivial changes (1)

• docs/modules/ROOT/pages/ec_oci_image_referrers.adoc

🚧 Files skipped from review as they are similar to previous changes (2)

• internal/rego/oci/oci_test.go
• internal/rego/oci/oci.go

---

📝 Walkthrough

Walkthrough

Updated the ociImageReferrers rego builtin to add an annotations field to each returned referrer descriptor and populate it from the descriptor's metadata; tests and docs updated to validate and document the new field.

Changes

OCI Image Referrers Annotations Field

Layer / File(s)	Summary
Schema declaration and runtime implementation internal/rego/oci/oci.go	registerOCIImageReferrers adds an annotations property (map[string]string) to the referrer descriptor output schema; ociImageReferrers includes annotations when constructing each descriptor via newAnnotationsTerm(descriptor.Annotations).
Test validation internal/rego/oci/oci_test.go	TestOCIImageReferrers now asserts each returned referrer descriptor has a non-nil annotations field and adds a subtest confirming each annotations value is an ast.Object.
Documentation docs/modules/ROOT/pages/ec_oci_image_referrers.adoc	Updated the documented referrers return type to include annotations: object[string: string] on each referrer descriptor.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically summarizes the main change: adding annotations to the OCI referrers response, with a concise reference to the feature and related Jira ticket.
Description check	✅ Passed	The description is directly related to the changeset, clearly explaining the purpose, implementation details, and test coverage for the annotations field addition to the OCI referrers builtin.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag	Coverage Δ
acceptance	55.60% <100.00%> (+0.01%)	⬆️
generative	17.82% <0.00%> (-0.01%)	⬇️
integration	26.56% <0.00%> (-0.01%)	⬇️
unit	69.04% <100.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
internal/rego/oci/oci.go	90.57% <100.00%> (+0.02%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[robnester-rh]

LGTM