Skip to content

Don't hard-code default main image tag#225

Merged
mclasmeier merged 20 commits into
mainfrom
mc/remove-default-main-tag
Jul 1, 2026
Merged

Don't hard-code default main image tag#225
mclasmeier merged 20 commits into
mainfrom
mc/remove-default-main-tag

Conversation

@mclasmeier

@mclasmeier mclasmeier commented Jun 29, 2026

Copy link
Copy Markdown
Collaborator

Remove hard-coded default main image tag

Replace the hard-coded defaultMainImageTag fallback (previously 4.9.2 / 4.10.1 in e2e) with dynamic lookup: query the GitHub releases API for the latest stable stackrox tags, then verify the corresponding main image is pullable on quay.io. This eliminates the need to manually bump the fallback tag on every ACS release (#91).

Changes

  • stackroxversions.LookupLatestReleaseTagsViaGitHub — fetches recent releases from GitHub, filters to stable semver tags, returns the top (approx., not guaranteed) N sorted by version
  • helpers.LookupLatestTag — iterates candidate tags and verifies image existence on the registry, skipping 404s
  • ocihelper.Keychain — custom multi-keychain that checks REGISTRY_USERNAME/REGISTRY_PASSWORD env vars before falling back to the Docker config, so go-containerregistry calls respect the same credentials as the rest of roxie. Needed for verify-image checks against the main image to work.
  • constants package — extracts DefaultRegistry, GitHubStackroxRepo, and REGISTRY_* env var names
  • VerifyImageExistence — now retries on 429/503
  • E2E tests — use LookupLatestTag instead of a hard-coded fallback

Summary by CodeRabbit

  • New Features

    • Deployments and tests now automatically resolve the latest stable main image tag when one isn’t provided.
    • Image registry handling now supports configured registry credentials and better fallback authentication.
  • Bug Fixes

    • Improved image lookup and pull reliability, including retrying transient registry errors.
    • Deployment flows now keep a consistent timeout context across later steps, reducing unexpected failures.
  • Documentation

    • Added coverage for the new tag-resolution and image-verification behavior.

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Enterprise

Run ID: a4cfd12b-68f3-48a2-9fa3-1bc92022dad1

📥 Commits

Reviewing files that changed from the base of the PR and between 178a46a and e93409e.

📒 Files selected for processing (14)
  • cmd/deploy.go
  • internal/constants/registries.go
  • internal/deployer/acs_images.go
  • internal/deployer/operator.go
  • internal/deployer/operator_olm.go
  • internal/dockerauth/dockerauth.go
  • internal/helpers/tag.go
  • internal/helpers/tag_integration_test.go
  • internal/ocihelper/keychain.go
  • internal/ocihelper/ocihelper.go
  • internal/stackroxversions/release_tag.go
  • internal/stackroxversions/release_tag_integration_test.go
  • tests/e2e/e2e_test.go
  • tests/e2e/helpers.go
✅ Files skipped from review due to trivial changes (1)
  • tests/e2e/helpers.go
🚧 Files skipped from review as they are similar to previous changes (11)
  • internal/deployer/operator.go
  • tests/e2e/e2e_test.go
  • internal/dockerauth/dockerauth.go
  • internal/ocihelper/keychain.go
  • cmd/deploy.go
  • internal/deployer/acs_images.go
  • internal/helpers/tag.go
  • internal/helpers/tag_integration_test.go
  • internal/ocihelper/ocihelper.go
  • internal/stackroxversions/release_tag_integration_test.go
  • internal/deployer/operator_olm.go

📝 Walkthrough

Walkthrough

Adds shared registry and environment constants, dynamic GitHub release-tag lookup, context-aware main image tag resolution with registry verification, registry/auth keychain updates, deployer registry substitutions, and e2e/deploy wiring to resolve tags at runtime.

Changes

Dynamic latest tag lookup and registry wiring

Layer / File(s) Summary
Release tag lookup
internal/stackroxversions/release_tag.go, internal/stackroxversions/release_tag_integration_test.go
Fetches GitHub release tags, filters stable semver versions, sorts them, and returns up to atMost tags with integration coverage.
Main image tag lookup
internal/helpers/tag.go, internal/helpers/tag_integration_test.go
LookupMainImageTag now accepts context.Context and falls back to LookupLatestTag, which checks candidate registry images until one verifies; integration tests cover the live lookup and 404 behavior.
Registry auth and existence checks
internal/constants/registries.go, internal/dockerauth/dockerauth.go, internal/ocihelper/keychain.go, internal/ocihelper/ocihelper.go
Registry credentials use shared environment constants, a new env-first keychain is introduced, and image existence/local pull checks use that keychain with retry handling.
Deployer registry substitutions
internal/constants/registries.go, internal/deployer/acs_images.go, internal/deployer/operator.go, internal/deployer/operator_olm.go
Hardcoded quay.io/rhacs-eng image references are replaced with constants.DefaultRegistry for ACS images, image content source policy mirrors, and the operator index image.
Deploy and e2e tag resolution
cmd/deploy.go, tests/e2e/e2e_test.go, tests/e2e/helpers.go
runDeploy creates its timeout context before tag resolution and reuses it later, while e2e startup resolves MAIN_IMAGE_TAG dynamically and removes the fixed default tag constant.

Estimated code review effort: 4 (Complex) | ~45 minutes

Possibly related PRs

  • stackrox/roxie#204: Updates internal/deployer/acs_images.go with the same registry-prefix construction area touched here.

Suggested reviewers: AlexVulaj, porridge

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 18.75% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
✅ Passed checks (4 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly matches the main change: replacing the hard-coded main image tag fallback with dynamic lookup.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch mc/remove-default-main-tag

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🧹 Nitpick comments (1)
internal/stackroxversions/release_tag_integration_test.go (1)

18-25: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick win

Assert the stable/sorted contract, not just “non-empty”.

Right now this passes as long as GitHub returns anything. A regression in prerelease filtering or descending semver ordering would slip through unnoticed. Please validate that every returned tag is a stable semantic version and that the slice is sorted newest-first.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/stackroxversions/release_tag_integration_test.go` around lines 18 -
25, The test for LookupLatestReleaseTagsViaGitHub currently only checks that
tags are non-empty, so it misses regressions in prerelease filtering and sort
order. Update the assertions to verify every returned tag is a stable semantic
version (no prerelease tags) and that the slice is ordered newest-first by
semver, using the existing test logic in release_tag_integration_test to inspect
the returned tags.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/helpers/tag_integration_test.go`:
- Around line 21-33: The test is reusing the same timeout context for both
LookupLatestTag and the final remote.Head pullability check, which can make the
second assertion flaky when the lookup consumes most of the deadline. In
internal/helpers/tag_integration_test.go, keep the existing context for
LookupLatestTag, then create a fresh context with its own timeout just before
calling remote.Head in the tag integration test, and use that new context for
the pullability check while still deferring its cancel.

In `@internal/helpers/tag.go`:
- Around line 54-58: The tag selection loop in find the first existing image
currently treats every VerifyImageExistence failure as “missing” and falls
through to older tags. Update the logic around ocihelper.VerifyImageExistence in
internal/helpers/tag.go so only a 404/not-found response is ignored as a missing
tag, while auth, rate-limit, and transport errors are returned immediately. Use
the existing tag iteration and mainImage check to keep the behavior of selecting
the first valid tag, but fail fast on any non-404 error.

In `@internal/stackroxversions/release_tag.go`:
- Around line 30-31: Add an early argument check in
LookupLatestReleaseTagsViaGitHub so non-positive atMost values are rejected
before any GitHub request or slice allocation happens. The fix should validate
at the API boundary, return an error immediately for atMost <= 0, and prevent
invalid values from reaching fetchLatestGitHubReleases or the min-based sizing
logic used when building the result slice.

In `@tests/e2e/helpers.go`:
- Around line 33-41: The defaultMainImageTag IIFE is performing network I/O and
can panic during package initialization, which can abort the e2e binary before
tests start. Move the latest-tag resolution out of package init in helpers.go,
and make the tag lookup happen lazily at test/runtime (or only when no override
is provided) through a helper used by the e2e entry points. Keep the
defaultMainImageTag symbol as a fallback value, but avoid calling
helpers.LookupLatestTag and panic from the init path.

---

Nitpick comments:
In `@internal/stackroxversions/release_tag_integration_test.go`:
- Around line 18-25: The test for LookupLatestReleaseTagsViaGitHub currently
only checks that tags are non-empty, so it misses regressions in prerelease
filtering and sort order. Update the assertions to verify every returned tag is
a stable semantic version (no prerelease tags) and that the slice is ordered
newest-first by semver, using the existing test logic in
release_tag_integration_test to inspect the returned tags.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Enterprise

Run ID: cff3f84f-0f5f-4c18-8868-2b3c51e7eeaf

📥 Commits

Reviewing files that changed from the base of the PR and between 189e745 and 76cbe6a.

📒 Files selected for processing (10)
  • cmd/deploy.go
  • internal/constants/registries.go
  • internal/deployer/acs_images.go
  • internal/deployer/operator.go
  • internal/deployer/operator_olm.go
  • internal/helpers/tag.go
  • internal/helpers/tag_integration_test.go
  • internal/stackroxversions/release_tag.go
  • internal/stackroxversions/release_tag_integration_test.go
  • tests/e2e/helpers.go

Comment thread internal/helpers/tag_integration_test.go Outdated
Comment thread internal/helpers/tag.go
Comment thread internal/stackroxversions/release_tag.go
Comment thread tests/e2e/helpers.go Outdated
@mclasmeier mclasmeier force-pushed the mc/remove-default-main-tag branch from 76cbe6a to 178a46a Compare June 30, 2026 08:17
@mclasmeier mclasmeier changed the title Mc/remove default main tag Don't hard-code default main image tag Jun 30, 2026
@mclasmeier mclasmeier force-pushed the mc/remove-default-main-tag branch from 178a46a to 4b31e13 Compare June 30, 2026 08:24

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
internal/helpers/tag_integration_test.go (1)

33-38: 🎯 Functional Correctness | 🟡 Minor | ⚡ Quick win

Reuse ocihelper.VerifyImageExistence for the final pullability check.

LookupLatestTag verifies candidates through ocihelper.VerifyImageExistence, but this assertion switches back to raw remote.Head with authn.DefaultKeychain. That can false-fail in env-only auth setups and bypasses the new 429/503 retry behavior in internal/ocihelper/ocihelper.go.

Possible fix
-	ref, err := name.ParseReference(imageRef)
-	require.NoError(t, err)
-
-	_, err = remote.Head(ref, remote.WithContext(ctx), remote.WithAuthFromKeychain(authn.DefaultKeychain))
+	err = ocihelper.VerifyImageExistence(ctx, log, imageRef)
 	require.NoError(t, err, "image %s is not pullable", imageRef)
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@internal/helpers/tag_integration_test.go` around lines 33 - 38, The final
pullability assertion in the tag integration test should reuse
ocihelper.VerifyImageExistence instead of calling remote.Head directly. Update
the check in the test around the image reference built from
constants.DefaultRegistry and tag so it exercises the same helper used by
LookupLatestTag, preserving env-only auth handling and the retry behavior for
429/503 responses. Keep the existing reference flow with name.ParseReference,
but replace the raw remote.Head assertion with the helper-based existence
verification.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@internal/ocihelper/keychain.go`:
- Around line 17-21: The env-based registry auth in envKeychain.Resolve should
not treat partial credentials as anonymous; update Resolve to validate the
EnvRegistryUsername and EnvRegistryPassword pair the same way as
dockerauth.NewKeychain does in internal/dockerauth/dockerauth.go. If only one
env var is set, return an explicit error instead of authn.Anonymous so
NewMultiKeychain cannot fall through to the Docker keychain; keep the anonymous
fallback only when both values are empty.

In `@tests/e2e/e2e_test.go`:
- Around line 52-55: The lookupLatestTag live lookup path is still using a
30-second context timeout, which is too short for GitHub plus registry HEAD
checks and the retry behavior in VerifyImageExistence. Update lookupLatestTag to
use a longer timeout consistent with the integration test’s 2-minute budget, and
keep the timeout creation/cancel pattern in place so the e2e startup path is
less flaky under throttling.
- Around line 23-31: The startup logic in main currently calls lookupLatestTag()
before checking whether MAIN_IMAGE_TAG is already set, so the override is
ignored and network failures can still abort the suite. Update the main setup
flow to check os.Getenv("MAIN_IMAGE_TAG") first and only call lookupLatestTag()
inside the unset branch, then set the environment variable from that result;
keep the existing error handling around lookupLatestTag() in the same main path.

---

Outside diff comments:
In `@internal/helpers/tag_integration_test.go`:
- Around line 33-38: The final pullability assertion in the tag integration test
should reuse ocihelper.VerifyImageExistence instead of calling remote.Head
directly. Update the check in the test around the image reference built from
constants.DefaultRegistry and tag so it exercises the same helper used by
LookupLatestTag, preserving env-only auth handling and the retry behavior for
429/503 responses. Keep the existing reference flow with name.ParseReference,
but replace the raw remote.Head assertion with the helper-based existence
verification.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Enterprise

Run ID: eea94f72-f22c-41c5-ac41-2b6ac89c25d7

📥 Commits

Reviewing files that changed from the base of the PR and between 76cbe6a and 178a46a.

📒 Files selected for processing (9)
  • internal/constants/registries.go
  • internal/dockerauth/dockerauth.go
  • internal/helpers/tag.go
  • internal/helpers/tag_integration_test.go
  • internal/ocihelper/keychain.go
  • internal/ocihelper/ocihelper.go
  • internal/stackroxversions/release_tag.go
  • tests/e2e/e2e_test.go
  • tests/e2e/helpers.go
🚧 Files skipped from review as they are similar to previous changes (2)
  • internal/helpers/tag.go
  • internal/stackroxversions/release_tag.go

Comment thread internal/ocihelper/keychain.go
Comment thread tests/e2e/e2e_test.go Outdated
Comment thread tests/e2e/e2e_test.go
@mclasmeier

Copy link
Copy Markdown
Collaborator Author

@coderabbitai, fresh review please, resolve previous comments, if addressed.

@coderabbitai

coderabbitai Bot commented Jun 30, 2026

Copy link
Copy Markdown
🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

repo="stackrox/roxie"
pr_number="225"

echo "== PR files changed =="
gh pr view "$pr_number" --repo "$repo" --json files --jq '.files[].path'

echo
echo "== Unresolved review threads on PR =="
gh api graphql \
  -F owner="stackrox" \
  -F name="roxie" \
  -F number="$pr_number" \
  -f query='
query($owner: String!, $name: String!, $number: Int!) {
  repository(owner: $owner, name: $name) {
    pullRequest(number: $number) {
      reviewThreads(first: 100) {
        nodes {
          id
          isResolved
          isOutdated
          path
          line
          comments(first: 20) {
            nodes {
              id
              author { login }
              body
              createdAt
              url
            }
          }
        }
      }
    }
  }
}' | jq -r '
  .data.repository.pullRequest.reviewThreads.nodes[]
  | select(.isResolved == false)
  | {
      id,
      isOutdated,
      path,
      line,
      comments: [.comments.nodes[] | {author: .author.login, body: .body, url}]
    }
'

echo
echo "== Unresolved CodeRabbit-authored threads only =="
gh api graphql \
  -F owner="stackrox" \
  -F name="roxie" \
  -F number="$pr_number" \
  -f query='
query($owner: String!, $name: String!, $number: Int!) {
  repository(owner: $owner, name: $name) {
    pullRequest(number: $number) {
      reviewThreads(first: 100) {
        nodes {
          id
          isResolved
          isOutdated
          path
          line
          comments(first: 20) {
            nodes {
              id
              author { login }
              body
              createdAt
              url
            }
          }
        }
      }
    }
  }
}' | jq -r '
  .data.repository.pullRequest.reviewThreads.nodes[]
  | select(.isResolved == false)
  | select(any(.comments.nodes[]; .author.login == "coderabbitai"))
  | "THREAD_ID=\(.id)\nPATH=\(.path)\nLINE=\(.line)\nOUTDATED=\(.isOutdated)\n" +
    (
      [.comments.nodes[]
       | "- AUTHOR=\(.author.login)\n  URL=\(.url)\n  BODY=\(.body|gsub("\r";"")|gsub("\n";"\n    "))"
      ] | join("\n")
    ) + "\n---"
'

Length of output: 27377


🏁 Script executed:

#!/bin/bash
set -euo pipefail

repo="stackrox/roxie"
pr_number="225"

echo "== Relevant current code snippets =="
echo
echo "-- internal/helpers/tag_integration_test.go --"
nl -ba internal/helpers/tag_integration_test.go | sed -n '1,120p'

echo
echo "-- tests/e2e/helpers.go --"
nl -ba tests/e2e/helpers.go | sed -n '1,140p'

echo
echo "-- tests/e2e/e2e_test.go --"
nl -ba tests/e2e/e2e_test.go | sed -n '1,120p'

echo
echo "== Resolving outdated CodeRabbit threads only =="
for thread_id in \
  PRRT_kwDOPn6LOs6NBGby \
  PRRT_kwDOPn6LOs6NBGcL
do
  echo "Resolving $thread_id"
  gh api graphql \
    -f query='
mutation($threadId: ID!) {
  resolveReviewThread(input: {threadId: $threadId}) {
    thread { id isResolved isOutdated path }
  }
}' \
    -F threadId="$thread_id"
done

echo
echo "== Remaining unresolved CodeRabbit-authored threads =="
gh api graphql \
  -F owner="stackrox" \
  -F name="roxie" \
  -F number="$pr_number" \
  -f query='
query($owner: String!, $name: String!, $number: Int!) {
  repository(owner: $owner, name: $name) {
    pullRequest(number: $number) {
      reviewThreads(first: 100) {
        nodes {
          id
          isResolved
          isOutdated
          path
          line
          comments(first: 20) {
            nodes {
              author { login }
              body
              url
            }
          }
        }
      }
    }
  }
}' | jq -r '
  .data.repository.pullRequest.reviewThreads.nodes[]
  | select(.isResolved == false)
  | select(any(.comments.nodes[]; .author.login == "coderabbitai"))
  | "THREAD_ID=\(.id) PATH=\(.path) LINE=\(.line) OUTDATED=\(.isOutdated)\nURL=\(.comments.nodes[0].url)\n"
'

Length of output: 2100


🏁 Script executed:

#!/bin/bash
set -euo pipefail

repo="stackrox/roxie"
pr_number="225"

echo "== Relevant current code snippets =="
echo
echo "-- internal/helpers/tag_integration_test.go --"
cat -n internal/helpers/tag_integration_test.go | sed -n '1,120p'

echo
echo "-- tests/e2e/helpers.go --"
cat -n tests/e2e/helpers.go | sed -n '1,140p'

echo
echo "-- tests/e2e/e2e_test.go --"
cat -n tests/e2e/e2e_test.go | sed -n '1,120p'

echo
echo "== Resolving outdated CodeRabbit threads only =="
for thread_id in \
  PRRT_kwDOPn6LOs6NBGby \
  PRRT_kwDOPn6LOs6NBGcL
do
  echo "Resolving $thread_id"
  gh api graphql \
    -f query='
mutation($threadId: ID!) {
  resolveReviewThread(input: {threadId: $threadId}) {
    thread { id isResolved isOutdated path }
  }
}' \
    -F threadId="$thread_id"
done

echo
echo "== Remaining unresolved CodeRabbit-authored threads =="
gh api graphql \
  -F owner="stackrox" \
  -F name="roxie" \
  -F number="$pr_number" \
  -f query='
query($owner: String!, $name: String!, $number: Int!) {
  repository(owner: $owner, name: $name) {
    pullRequest(number: $number) {
      reviewThreads(first: 100) {
        nodes {
          id
          isResolved
          isOutdated
          path
          line
          comments(first: 20) {
            nodes {
              author { login }
              url
            }
          }
        }
      }
    }
  }
}' | jq -r '
  .data.repository.pullRequest.reviewThreads.nodes[]
  | select(.isResolved == false)
  | select(any(.comments.nodes[]; .author.login == "coderabbitai"))
  | "THREAD_ID=\(.id) PATH=\(.path) LINE=\(.line) OUTDATED=\(.isOutdated)\nURL=\(.comments.nodes[0].url)\n---"
'

Length of output: 11588


@mclasmeier I re-checked the previous threads.

  • Two older comments are now outdated/superseded:
    • tests/e2e/helpers.go: the package-init latest-tag lookup is gone.
    • internal/helpers/tag_integration_test.go: that thread is outdated after the test changes.
  • Two comments on tests/e2e/e2e_test.go still look active:
    • Line 23 through Line 31: lookupLatestTag() is still called before honoring MAIN_IMAGE_TAG.
    • Line 54: lookupLatestTag() still uses a 30s timeout.

I also tried to resolve the outdated threads automatically, but GitHub rejected it with Resource not accessible by integration, so I couldn’t mark them resolved from here.

Kicking off a fresh review now.

✅ Action performed

Full review finished.

@mclasmeier mclasmeier force-pushed the mc/remove-default-main-tag branch from 3a9c27a to c3f1d5d Compare June 30, 2026 08:56
@mclasmeier mclasmeier requested a review from porridge June 30, 2026 08:56

@porridge porridge left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall LGTM, some nitpicks and questions inline. Also note the test is failing:

    tag_integration_test.go:38: 
        	Error Trace:	/__w/roxie/roxie/internal/helpers/tag_integration_test.go:38
        	Error:      	Received unexpected error:
        	            	HEAD https://quay.io/v2/rhacs-eng/main/manifests/4.11.0: unexpected status code 401 Unauthorized (HEAD responses have no body, use GET for details)
        	Test:       	TestLookupLatestTag_Integration
        	Messages:   	image quay.io/rhacs-eng/main:4.11.0 is not pullable
--- FAIL: TestLookupLatestTag_Integration (1.74s)

Comment thread internal/helpers/tag_integration_test.go Outdated
Comment thread internal/helpers/tag_integration_test.go Outdated
Comment thread internal/ocihelper/ocihelper.go
Comment thread internal/stackroxversions/release_tag.go
Comment thread internal/stackroxversions/release_tag.go
Comment thread internal/stackroxversions/release_tag_integration_test.go Outdated
Comment thread internal/stackroxversions/release_tag_integration_test.go Outdated
Comment thread tests/e2e/e2e_test.go
@mclasmeier mclasmeier merged commit 37b6c60 into main Jul 1, 2026
12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants