Skip to content

feat(x2a): push images to quay#2453

Merged
mareklibra merged 1 commit intoredhat-developer:mainfrom
eloycoto:ScriptBuild
Mar 5, 2026
Merged

feat(x2a): push images to quay#2453
mareklibra merged 1 commit intoredhat-developer:mainfrom
eloycoto:ScriptBuild

Conversation

@eloycoto
Copy link
Contributor

@eloycoto eloycoto commented Mar 4, 2026

Small commit to push images directly to quay.

@rhdh-qodo-merge
Copy link

rhdh-qodo-merge bot commented Mar 4, 2026

Review Summary by Qodo

✨ Enhancement

Grey Divider

Walkthroughs

Description 
• Add optional --push flag to push built images to registry
• Introduce push_plugin() function to handle image pushing
• Implement argument parsing with parse_args() function
• Update script documentation with usage options
Diagram 
flowchart LR
  A["Script execution"] --> B["Parse arguments"]
  B --> C["Build and package plugins"]
  C --> D{Push flag enabled?}
  D -->|Yes| E["Push images to registry"]
  D -->|No| F["Complete"]
  E --> F
Loading

Grey Divider

File Changes

1. workspaces/x2a/scripts/build-dynamic-plugins.sh ✨ Enhancement +33/-2

Add optional image push functionality to build script

• Added --push command-line flag to optionally push images after building
• Created new push_plugin() function to push individual plugin images using podman push
• Implemented parse_args() function to handle command-line argument parsing
• Updated script header documentation to describe the new --push option
• Added conditional logic in main() to push images when flag is enabled
• Added PUSH_IMAGES variable to track push flag state

workspaces/x2a/scripts/build-dynamic-plugins.sh

Grey Divider

Qodo Logo

@rhdh-qodo-merge
Copy link

rhdh-qodo-merge bot commented Mar 4, 2026
edited
Loading

Code Review by Qodo

🐞 Bugs (3) 📘 Rule violations (0) 📎 Requirement gaps (0)

Grey Divider


Action required

1. Hardcoded push registry 🐞 Bug ⛨ Security
Description 
With --push, the script always pushes to the hardcoded quay.io/x2ansible registry/org, making it
easy for forks/CI to publish to the wrong place and impossible to redirect without editing the
script.
Code

workspaces/x2a/scripts/build-dynamic-plugins.sh[R107-115]

+push_plugin() {
+  local plugin_dir="$1"
+  local image_name="${PLUGIN_IMAGES[$plugin_dir]}"
+  local version
+  version="$(get_plugin_version "$plugin_dir")"
+  local image_tag="${IMAGE_REGISTRY}/${image_name}:${version}"
+
+  log "Pushing image: ${image_tag}"
+  podman push "$image_tag"
Evidence 
push_plugin always builds the destination tag from IMAGE_REGISTRY and pushes it.
IMAGE_REGISTRY is hardcoded to quay.io/x2ansible, so --push cannot be safely used in other
environments/registries without modifying the script.

workspaces/x2a/scripts/build-dynamic-plugins.sh[19-22]
workspaces/x2a/scripts/build-dynamic-plugins.sh[107-116]

Agent prompt 
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`--push` always publishes to `quay.io/x2ansible` because `IMAGE_REGISTRY` is hardcoded. This is risky in forks/CI and prevents pushing to test registries.

### Issue Context
The script already tags images with `${IMAGE_REGISTRY}/...` and `--push` simply runs `podman push` for those tags.

### Fix Focus Areas
- workspaces/x2a/scripts/build-dynamic-plugins.sh[19-29]
- workspaces/x2a/scripts/build-dynamic-plugins.sh[122-129]
- workspaces/x2a/scripts/build-dynamic-plugins.sh[107-116]

### Suggested change
- Change to `IMAGE_REGISTRY="${IMAGE_REGISTRY:-quay.io/x2ansible}"` (env override).
- Extend `parse_args` to support `--registry <value>` (or `--image-registry <value>`), validate non-empty.
- (Optional safety) If `--push` is set and `IMAGE_REGISTRY` is still the default, require a `--confirm-upstream` flag or print a prominent warning and ask for confirmation (only if interactive).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


Remediation recommended

2. Docs omit third image 🐞 Bug ✓ Correctness
Description 
The script header still lists only two produced images, but the script builds (and with --push,
publishes) three images including scaffolder-backend-module-x2a, which can surprise users.
Code

workspaces/x2a/scripts/build-dynamic-plugins.sh[R5-12]

+# Usage: ./scripts/build-dynamic-plugins.sh [--push]
#
-# Produces two OCI images:
+# Options:
+#   --push    Push built images to the registry after packaging
+#
+# Produces OCI images:
#   quay.io/x2ansible/red-hat-developer-hub-backstage-plugin-x2a:<version>
#   quay.io/x2ansible/red-hat-developer-hub-backstage-plugin-x2a-backend:<version>
Evidence 
The header comment documents two images, but PLUGIN_IMAGES includes a third entry and the --push
path pushes all keys from PLUGIN_IMAGES. This mismatch can lead to unintended publishes because
users may not realize the third image is included.

workspaces/x2a/scripts/build-dynamic-plugins.sh[5-13]
workspaces/x2a/scripts/build-dynamic-plugins.sh[24-28]
workspaces/x2a/scripts/build-dynamic-plugins.sh[145-149]

Agent prompt 
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
The script header implies only two images are produced, but the script builds/pushes three images via `PLUGIN_IMAGES`.

### Issue Context
Users relying on the header may not realize `--push` will also publish `red-hat-developer-hub-backstage-plugin-scaffolder-backend-module-x2a`.

### Fix Focus Areas
- workspaces/x2a/scripts/build-dynamic-plugins.sh[5-13]
- workspaces/x2a/scripts/build-dynamic-plugins.sh[24-28]

### Suggested change
- Add the third image to the documented list, or change the comment to &quot;Produces OCI images (see PLUGIN_IMAGES):&quot; and enumerate all entries.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

3. Push fails mid-run 🐞 Bug ⛯ Reliability
Description 
A single podman push failure aborts the script immediately (due to set -e), potentially leaving
a partially-published set of images without a final per-image status summary.
Code

workspaces/x2a/scripts/build-dynamic-plugins.sh[R145-149]

+  if [[ "$PUSH_IMAGES" == true ]]; then
+    for plugin_dir in "${!PLUGIN_IMAGES[@]}"; do
+      push_plugin "$plugin_dir"
+    done
+    log "All images pushed."
Evidence 
The script enables set -euo pipefail and executes podman push inside a loop when --push is
used. Any push error will exit immediately, which can leave earlier images pushed and later ones not
pushed.

workspaces/x2a/scripts/build-dynamic-plugins.sh[15-16]
workspaces/x2a/scripts/build-dynamic-plugins.sh[145-149]
workspaces/x2a/scripts/build-dynamic-plugins.sh[114-116]

Agent prompt 
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`--push` performs multiple pushes in a loop under `set -e`, so the script can exit partway through, leaving a partial publish state and no end-of-run summary.

### Issue Context
Publishing multiple related images is common in release automation; partial success is a frequent failure mode (auth hiccup, network, rate limits).

### Fix Focus Areas
- workspaces/x2a/scripts/build-dynamic-plugins.sh[15-16]
- workspaces/x2a/scripts/build-dynamic-plugins.sh[145-150]
- workspaces/x2a/scripts/build-dynamic-plugins.sh[107-116]

### Suggested change
- Wrap `podman push` calls to capture exit codes, collect failed image tags, and print a summary at the end.
- Optionally continue pushing remaining images even if one fails, then `exit 1` if any failures occurred.
- Consider pushing each image right after `package_plugin` to make the sequence clearer and reduce the chance of later steps changing state.

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

Grey Divider

ⓘ The new review experience is currently in Beta. Learn more

Grey Divider

Qodo Logo

@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 4, 2026

Quality Gate Passed Quality Gate passed

Issues
2 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

rhdh-qodo-merge[bot]
rhdh-qodo-merge bot reviewed Mar 4, 2026
View reviewed changes
workspaces/x2a/scripts/build-dynamic-plugins.sh
Comment on lines +107 to +115
push_plugin() {
local plugin_dir="$1"
local image_name="${PLUGIN_IMAGES[$plugin_dir]}"
local version
version="$(get_plugin_version "$plugin_dir")"
local image_tag="${IMAGE_REGISTRY}/${image_name}:${version}"

log "Pushing image: ${image_tag}"
podman push "$image_tag"
Copy link

@rhdh-qodo-merge rhdh-qodo-merge bot Mar 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Action required

1. Hardcoded push registry 🐞 Bug ⛨ Security

With --push, the script always pushes to the hardcoded quay.io/x2ansible registry/org, making it
easy for forks/CI to publish to the wrong place and impossible to redirect without editing the
script.
Agent Prompt 
### Issue description
`--push` always publishes to `quay.io/x2ansible` because `IMAGE_REGISTRY` is hardcoded. This is risky in forks/CI and prevents pushing to test registries.

### Issue Context
The script already tags images with `${IMAGE_REGISTRY}/...` and `--push` simply runs `podman push` for those tags.

### Fix Focus Areas
- workspaces/x2a/scripts/build-dynamic-plugins.sh[19-29]
- workspaces/x2a/scripts/build-dynamic-plugins.sh[122-129]
- workspaces/x2a/scripts/build-dynamic-plugins.sh[107-116]

### Suggested change
- Change to `IMAGE_REGISTRY="${IMAGE_REGISTRY:-quay.io/x2ansible}"` (env override).
- Extend `parse_args` to support `--registry <value>` (or `--image-registry <value>`), validate non-empty.
- (Optional safety) If `--push` is set and `IMAGE_REGISTRY` is still the default, require a `--confirm-upstream` flag or print a prominent warning and ask for confirmation (only if interactive).

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

@mareklibra mareklibra merged commit 01ac71a into redhat-developer:main Mar 5, 2026
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mareklibra mareklibra mareklibra approved these changes

@elai-shalev elai-shalev Awaiting requested review from elai-shalev elai-shalev is a code owner

+1 more reviewer

@rhdh-qodo-merge rhdh-qodo-merge[bot] rhdh-qodo-merge[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eloycoto @mareklibra