Skip to content

feat(RELEASE-1989): add Python implementation for publish-index-image#784

Open
midnightercz wants to merge 1 commit into
mainfrom
RELEASE-1989
Open

feat(RELEASE-1989): add Python implementation for publish-index-image#784
midnightercz wants to merge 1 commit into
mainfrom
RELEASE-1989

Conversation

@midnightercz

Copy link
Copy Markdown
Contributor

… tasks

Implements managed and internal publish-index-image tasks with comprehensive skopeo integration and testing infrastructure:

  • Add managed_publish_index_image task that processes IR results and spawns parallel internal Tekton requests for image publishing
  • Add internal publish_index_image task that copies index images using skopeo
  • Implement skopeo wrapper module with inspect, copy, and login operations
  • Add internal_request module for creating and managing Tekton internal requests
  • Implement rsmodels for internal request and secret data models
  • Add fake skopeo implementation for testing without registry access
  • Include comprehensive test coverage for all new modules
  • Update Dockerfile and dependencies for Python task execution

Copilot AI review requested due to automatic review settings May 27, 2026 14:15
@qodo-app-for-konflux-ci

Copy link
Copy Markdown

Review Summary by Qodo

Add Python implementation for publish-index-image with skopeo integration and comprehensive testing

✨ Enhancement 🧪 Tests

Grey Divider

Walkthroughs

Description
• Implements managed and internal publish-index-image tasks with comprehensive skopeo integration
  for container image publishing
• Adds SkopeoClient Python wrapper for skopeo CLI operations (inspect, copy) with error handling
  and credential support
• Implements internal_request module for creating and managing Kubernetes InternalRequest custom
  resources with polling and timeout validation
• Adds Pydantic models for Kubernetes InternalRequest resources with factory methods for loading
  from JSON/dict/file
• Implements Secret class for secure credential handling with masking in logs and unveil()
  method for accessing actual values
• Adds FakeSkopeoClient for testing without registry access, supporting YAML-based mock responses
  with regex matching
• Includes comprehensive test coverage with 30+ test cases across all new modules (skopeo,
  internal_request, secret, managed/internal tasks)
• Adds logger setup function with configurable handlers and async_in_executor() decorator for
  parallel execution
• Updates Dockerfile and pyproject.toml for Python utils package installation and new dependencies
  (kubernetes, pydantic, jq)
• Includes documentation for fake skopeo testing framework with configuration format and usage
  examples
Diagram
flowchart LR
  IR["IR Results<br/>JSON"]
  MPI["managed_publish<br/>_index_image"]
  IPI["internal_publish<br/>_index_image"]
  SK["SkopeoClient"]
  KIR["Kubernetes<br/>InternalRequest"]
  
  IR -- "extract component<br/>details" --> MPI
  MPI -- "spawn parallel<br/>requests" --> KIR
  MPI -- "monitor<br/>completion" --> KIR
  KIR -- "trigger" --> IPI
  IPI -- "copy images<br/>with credentials" --> SK
  SK -- "inspect/copy<br/>operations" --> SK

Loading

Grey Divider

File Changes

1. scripts/python/helpers/internal_request.py ✨ Enhancement +742/-0

Python implementation of internal-request Kubernetes resource manager

• Implements Python version of internal-request bash script for creating and managing Kubernetes
 InternalRequest custom resources
• Provides CLI interface with argument parsing and library functions for programmatic use
• Includes comprehensive timeout validation (XhYmZs format) and parameter parsing utilities
• Implements polling mechanism to wait for InternalRequest completion with configurable timeout and
 output file writing

scripts/python/helpers/internal_request.py


2. scripts/python/helpers/test_skopeo.py 🧪 Tests +685/-0

Unit tests for SkopeoClient container image operations

• Comprehensive unit tests for SkopeoClient class covering initialization, global flags, and
 command building
• Tests for inspect operation with various parameters (format, credentials, TLS verification,
 retry logic)
• Tests for copy operation with source/destination credentials, TLS options, and error handling
• Tests for SkopeoClientError exception attributes and string representation

scripts/python/helpers/test_skopeo.py


3. scripts/python/helpers/test_internal_request.py 🧪 Tests +539/-0

Unit tests for internal request management module

• Unit tests for timeout validation functions and format conversion utilities
• Tests for parameter and label parsing from CLI arguments
• Tests for InternalRequest payload building with various configurations
• Tests for create_internal_request, get_internal_request, and wait_for_internal_request
 functions with mocked Kubernetes API

scripts/python/helpers/test_internal_request.py


View more (20)
4. scripts/python/helpers/fake/skopeo.py 🧪 Tests +379/-0

Fake skopeo client for testing without registry

• Implements FakeSkopeoClient for testing without actual registry access
• Loads mock responses from YAML configuration file specified by environment variable
• Supports regex-based matching for flexible test scenarios and both inspect and copy operations
• Validates configuration structure and return types at load time

scripts/python/helpers/fake/skopeo.py


5. scripts/python/helpers/skopeo.py ✨ Enhancement +346/-0

Python client wrapper for skopeo container operations

• Implements SkopeoClient wrapper for skopeo CLI with Python API for container image operations
• Provides inspect method to retrieve image metadata with optional format templates and
 credentials
• Provides copy method for image copying with comprehensive options (TLS verification, retry
 logic, signature handling)
• Includes SkopeoClientError exception with detailed command, return code, and stderr information

scripts/python/helpers/skopeo.py


6. scripts/python/helpers/rsmodels/internal_request_models.py ✨ Enhancement +303/-0

Pydantic models for Kubernetes InternalRequest resources

• Defines Pydantic models for Kubernetes InternalRequest custom resource based on Go types
• Includes models for metadata, spec, status, conditions, and timeout fields with validation
• Provides factory methods (from_json, from_dict, from_file) for loading InternalRequest
 instances
• Includes InternalRequestList model for handling multiple resources

scripts/python/helpers/rsmodels/internal_request_models.py


7. scripts/python/helpers/fake/test_fake_skopeo.py 🧪 Tests +297/-0

Unit tests for fake skopeo client implementation

• Tests for FakeSkopeoClient initialization and environment variable requirements
• Tests for inspect operation with format parameters and regex matching
• Tests for copy operation with success and failure scenarios
• Tests for configuration validation, YAML parsing, and error handling

scripts/python/helpers/fake/test_fake_skopeo.py


8. scripts/python/tasks/internal/test_publish_index_image.py 🧪 Tests +218/-0

Unit tests for publish index image task

• Tests for credential loading from files with whitespace stripping
• Tests for source digest extraction and validation
• Tests for registry authentication requirements (proxy vs. standard registries)
• Tests for image inspection and copying with various credential and TLS configurations

scripts/python/tasks/internal/test_publish_index_image.py


9. scripts/python/helpers/rsmodels/secret.py ✨ Enhancement +70/-0

Secure secret handling with masking in logs

• Implements Secret class as str subclass that masks values in logs and debugging output
• Provides unveil() method to access actual secret value when needed
• Supports pickling for use with ProcessPoolExecutor and multiprocessing
• Includes optional name parameter for more informative masking in logs

scripts/python/helpers/rsmodels/secret.py


10. scripts/python/tasks/managed/managed_publish_index_image.py ✨ Enhancement +196/-0

Managed publish-index-image task with parallel request spawning

• Implements managed task to process IR results and spawn parallel internal Tekton requests for
 image publishing
• Extracts component details (source index, target index, build timestamp) from IR results JSON
 using jq queries
• Creates internal requests for publishing target images with optional timestamped versions
• Monitors completion of all spawned requests and reports aggregated status

scripts/python/tasks/managed/managed_publish_index_image.py


11. scripts/python/tasks/managed/tests/test_managed_publish_index_image.py 🧪 Tests +179/-0

Test coverage for managed publish-index-image task

• Comprehensive test suite for managed_publish_index_image module with 10+ test cases
• Tests data extraction, timeout formatting, argument parsing, and main workflow
• Includes fixtures for mocking internal request creation and retrieval
• Tests both success and failure scenarios with proper exception handling

scripts/python/tasks/managed/tests/test_managed_publish_index_image.py


12. scripts/python/helpers/test_secret.py 🧪 Tests +174/-0

Test coverage for Secret class and unveil function

• Comprehensive test suite for Secret class with 30+ test cases
• Tests secret masking in repr/str output, unveiling actual values, and pickling
• Validates that secrets don't leak in logging, printing, or list representations
• Tests edge cases like empty secrets, special characters, and string operations

scripts/python/helpers/test_secret.py


13. scripts/python/tasks/internal/publish_index_image.py ✨ Enhancement +213/-0

Internal publish-index-image task with skopeo integration

• Implements internal task to copy index images from source to target registry using skopeo
• Performs digest-based deduplication to skip copy if target already has same digest
• Handles credential loading, source authentication detection, and error handling
• Includes idempotent workflow with target image inspection before copy operation

scripts/python/tasks/internal/publish_index_image.py


14. scripts/python/tasks/managed/tests/irs.py 🧪 Tests +144/-0

Test data for internal request scenarios

• Provides sample InternalRequest test data as JSON dictionaries
• Includes two test scenarios: successful publish and failed publish
• Contains complete IR metadata, spec, and status structures for testing
• Maps IR names to their corresponding test data for fixture usage

scripts/python/tasks/managed/tests/irs.py


15. scripts/python/helpers/logger.py ✨ Enhancement +59/-2

Enhanced logger with configurable setup function

• Adds setup_logger() function for configurable logger initialization
• Supports dual-handler setup with stdout for normal logs and stderr for errors
• Provides customizable log level, format, and logger name parameters
• Includes comprehensive docstring with usage examples for Tekton environments

scripts/python/helpers/logger.py


16. scripts/python/helpers/fake/__init__.py 🧪 Tests +16/-0

Fake implementations module for testing infrastructure

• Introduces fake implementations module for testing without external dependencies
• Exports FakeSkopeoClient and patch_skopeo_client() function
• Provides monkey-patching capability to replace real SkopeoClient in tests

scripts/python/helpers/fake/init.py


17. scripts/python/helpers/decorators.py ✨ Enhancement +13/-0

Decorator for executor-based async function execution

• Implements async_in_executor() decorator for running functions in thread/process pools
• Wraps function execution to return Future objects for async patterns
• Enables parallel execution of I/O-bound operations in executor context

scripts/python/helpers/decorators.py


18. scripts/python/helpers/fake/FAKE_SKOPEO_README.md 📝 Documentation +269/-0

Documentation for fake skopeo testing framework

• Comprehensive documentation for fake skopeo client testing framework
• Covers YAML configuration format for mocking inspect and copy operations
• Includes quick start guide, matching behavior, error handling, and multiple use case examples
• Documents environment variables, validation rules, and regex matching capabilities

scripts/python/helpers/fake/FAKE_SKOPEO_README.md


19. Dockerfile ⚙️ Configuration changes +7/-4

Dockerfile updates for Python utils package installation

• Reorders COPY commands to place utils before Python dependency installation
• Adds installation of utils package via uv pip install . for proper module discovery
• Updates PYTHONPATH to include managed tasks directory alongside internal tasks
• Maintains system CA trust store configuration for SSL operations

Dockerfile


20. pyproject.toml Dependencies +15/-1

Project configuration with new dependencies and build setup

• Lowers Python requirement from 3.10 to 3.9 for broader compatibility
• Adds new dependencies: kubernetes, pydantic, and jq for task implementations
• Adds pytest pythonpath for managed tasks directory
• Includes build system configuration with setuptools and package directory mapping

pyproject.toml


21. scripts/python/helpers/rsmodels/__init__.py Additional files +0/-0

...

scripts/python/helpers/rsmodels/init.py


22. scripts/python/tasks/managed/__init__.py Additional files +0/-0

...

scripts/python/tasks/managed/init.py


23. scripts/python/tasks/managed/tests/__init__.py Additional files +0/-0

...

scripts/python/tasks/managed/tests/init.py


Grey Divider

Qodo Logo

@qodo-app-for-konflux-ci

qodo-app-for-konflux-ci Bot commented May 27, 2026

Copy link
Copy Markdown

Code Review by Qodo

Grey Divider

Sorry, something went wrong

We weren't able to complete the code review on our side. Please try again

Grey Divider

Qodo Logo

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Introduces a Python implementation of the index-image publishing flow (managed task + internal task), together with supporting helpers (SkopeoClient and a FakeSkopeoClient, a Kubernetes-based internal_request module and Secret/InternalRequest rsmodels), an enhanced setup_logger, and the wiring needed to make these importable in tests and the container image.

Changes:

  • Adds managed_publish_index_image (spawns parallel InternalRequests via a ProcessPoolExecutor) and publish_index_image (skopeo-based idempotent copy).
  • Adds skopeo.py, fake/skopeo.py, internal_request.py, rsmodels/secret.py, rsmodels/internal_request_models.py, decorators.py, and extends logger.py.
  • Updates Dockerfile, pyproject.toml, and PYTHONPATH to add the new dependencies (kubernetes, pydantic, jq), include the managed task tree, and install a local package.

Reviewed changes

Copilot reviewed 20 out of 24 changed files in this pull request and generated 15 comments.

Show a summary per file
File Description
pyproject.toml Adds new deps, includes managed tasks in pythonpath, and configures a setuptools build pointing at utils/rsutils.
Dockerfile Reorders COPY utils, copies README.md/pyproject.toml/uv.lock, and adds uv pip install .; extends PYTHONPATH.
scripts/python/helpers/logger.py Adds setup_logger() returning a logger configured with stdout+stderr handlers.
scripts/python/helpers/decorators.py Adds async_in_executor decorator wrapping a function with executor.submit.
scripts/python/helpers/skopeo.py New SkopeoClient wrapper over the skopeo CLI with inspect/copy.
scripts/python/helpers/test_skopeo.py Unit tests for SkopeoClient flag construction and error handling.
scripts/python/helpers/internal_request.py Python port of the internal-request bash script using the Kubernetes client.
scripts/python/helpers/test_internal_request.py Unit tests for payload building, parsing, create/get/wait.
scripts/python/helpers/rsmodels/secret.py New Secret str subclass with masking + unveil.
scripts/python/helpers/test_secret.py Tests for Secret masking, pickling, and unveil().
scripts/python/helpers/rsmodels/internal_request_models.py Pydantic models for the InternalRequest CR.
scripts/python/helpers/rsmodels/init.py Package marker.
scripts/python/helpers/fake/skopeo.py YAML-driven FakeSkopeoClient for tests.
scripts/python/helpers/fake/test_fake_skopeo.py Tests for the fake skopeo matching and validation.
scripts/python/helpers/fake/init.py Exports patch_skopeo_client() monkey-patch helper.
scripts/python/helpers/fake/FAKE_SKOPEO_README.md Usage docs for the fake skopeo.
scripts/python/tasks/internal/publish_index_image.py New internal task that copies an index image with digest-based dedup.
scripts/python/tasks/internal/test_publish_index_image.py Unit tests for the internal task.
scripts/python/tasks/managed/managed_publish_index_image.py New managed task orchestrating parallel IRs.
scripts/python/tasks/managed/init.py Package marker.
scripts/python/tasks/managed/tests/init.py Package marker.
scripts/python/tasks/managed/tests/test_managed_publish_index_image.py Tests for the managed task using fixtures.
scripts/python/tasks/managed/tests/irs.py Sample InternalRequest dictionaries used by the managed tests.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread pyproject.toml Outdated
Comment thread scripts/python/tasks/managed/managed_publish_index_image.py Outdated
Comment thread scripts/python/tasks/managed/managed_publish_index_image.py Outdated
Comment thread scripts/python/tasks/managed/managed_publish_index_image.py Outdated
Comment thread scripts/python/tasks/managed/managed_publish_index_image.py Outdated
Comment thread scripts/python/helpers/skopeo.py Outdated
Comment thread scripts/python/helpers/skopeo.py Outdated
Comment thread scripts/python/helpers/internal_request.py
Comment thread scripts/python/helpers/internal_request.py
Comment thread scripts/python/tasks/managed/managed_publish_index_image.py Outdated
@midnightercz midnightercz force-pushed the RELEASE-1989 branch 13 times, most recently from fe57a7e to 2ec6cd7 Compare May 28, 2026 08:32
@codecov-commenter

codecov-commenter commented May 28, 2026

Copy link
Copy Markdown

Codecov Report

❌ Patch coverage is 97.83654% with 18 lines in your changes missing coverage. Please review.
✅ Project coverage is 94.97%. Comparing base (36f91e4) to head (2f79472).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
...ython/tasks/managed/managed_publish_index_image.py 94.89% 5 Missing ⚠️
scripts/python/helpers/fake/skopeo.py 97.79% 3 Missing ⚠️
scripts/python/helpers/skopeo.py 97.47% 3 Missing ⚠️
scripts/python/helpers/fake/__init__.py 60.00% 2 Missing ⚠️
...python/helpers/rsmodels/internal_request_models.py 97.93% 2 Missing ⚠️
scripts/python/helpers/internal_request.py 99.59% 1 Missing ⚠️
scripts/python/helpers/logger.py 93.75% 1 Missing ⚠️
...ripts/python/tasks/internal/publish_index_image.py 98.78% 1 Missing ⚠️
Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #784      +/-   ##
==========================================
+ Coverage   94.18%   94.97%   +0.79%     
==========================================
  Files          38       46       +8     
  Lines        3009     3841     +832     
==========================================
+ Hits         2834     3648     +814     
- Misses        175      193      +18     
Flag Coverage Δ
unit-tests 94.97% <97.83%> (+0.79%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
scripts/python/helpers/decorators.py 100.00% <100.00%> (ø)
scripts/python/helpers/rsmodels/secret.py 100.00% <100.00%> (ø)
scripts/python/helpers/internal_request.py 99.60% <99.59%> (-0.40%) ⬇️
scripts/python/helpers/logger.py 96.00% <93.75%> (-4.00%) ⬇️
...ripts/python/tasks/internal/publish_index_image.py 98.78% <98.78%> (ø)
scripts/python/helpers/fake/__init__.py 60.00% <60.00%> (ø)
...python/helpers/rsmodels/internal_request_models.py 97.93% <97.93%> (ø)
scripts/python/helpers/fake/skopeo.py 97.79% <97.79%> (ø)
scripts/python/helpers/skopeo.py 97.47% <97.47%> (ø)
...ython/tasks/managed/managed_publish_index_image.py 94.89% <94.89%> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@midnightercz midnightercz force-pushed the RELEASE-1989 branch 5 times, most recently from 75d61f5 to b98da23 Compare May 29, 2026 06:52
@qodo-code-review qodo-code-review Bot deleted a comment from qodo-app-for-konflux-ci Bot May 29, 2026
@seanconroy2021

Copy link
Copy Markdown
Member

Can you update the commit to use Assisted-by: instead of Co-Authored-By: Claude Sonnet 4.5 noreply@anthropic.com ? So the label AI CI will work.

@midnightercz

Copy link
Copy Markdown
Contributor Author

Can you update the commit to use Assisted-by: instead of Co-Authored-By: Claude Sonnet 4.5 noreply@anthropic.com ? So the label AI CI will work.

fixed

Comment thread scripts/python/helpers/skopeo.py
Comment thread scripts/python/tasks/managed/managed_publish_index_image.py
Comment thread scripts/python/tasks/internal/publish_index_image.py
Comment thread scripts/python/tasks/managed/managed_publish_index_image.py
Comment thread scripts/python/tasks/internal/publish_index_image.py Outdated
Comment thread scripts/python/tasks/managed/managed_publish_index_image.py Outdated
Comment thread scripts/python/tasks/managed/managed_publish_index_image.py Outdated
Comment thread scripts/python/tasks/managed/managed_publish_index_image.py Outdated
@midnightercz midnightercz force-pushed the RELEASE-1989 branch 8 times, most recently from f792f3c to 4b514ec Compare June 5, 2026 05:02
Implements managed and internal publish-index-image tasks with
comprehensive skopeo integration and testing infrastructure:

- Add managed_publish_index_image task that processes IR results
  and spawns parallel internal Tekton requests for image publishing
- Add internal publish_index_image task that copies index images using
   skopeo
- Implement skopeo wrapper module with inspect, copy, and login
  operations
- Add internal_request module for creating and managing Tekton
  internal requests
- Implement rsmodels for internal request and secret data models
- Add fake skopeo implementation for testing without registry access
- Include comprehensive test coverage for all new modules
- Update Dockerfile and dependencies for Python task execution

Assisted-by: claude
Signed-off-by: Jindrich Luza <jluza@redhat.com>
@@ -0,0 +1,354 @@
"""Python client for skopeo container image operations."""

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we perhaps create a separate PR for the skopeo helper and prioritize the review? This implementation looks the most promising from a first glance, so it would be nice if we could have this sooner rather than later, since there's a lot of tasks which use this tool.

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#812. I'm going to be on PTO for next 2 weeks. So feel free to merge the PR

@seanconroy2021 seanconroy2021 left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - Once Fitz's comment is resolved :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants