chore(install-rhdh-catalog-source): replace refs to registry.access.*.redhat.com when rebuilding the bundle manifests [RHIDP-11519]

[rm3l]

Description

In preparation for the work being done as part of RHIDP-11519, we will need to replace the references to registry.access.*.redhat.com when installing CI builds because these references may not be released yet.

/cherry-pick release-1.9

Which issue(s) does this PR fix or relate to

Relates to RHIDP-11519

PR acceptance criteria

• Tests
• Documentation

How to test changes / Special notes to the reviewer

The script should continue to pass as before.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign nickboldt for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[rhdh-qodo-merge]

PR Reviewer Guide 🔍

(Review updated until commit 7e0a241)

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis 🔶 RHIDP-11519 - Partially compliant Compliant requirements: (none) Non-compliant requirements: Refactor the generate*.sh scripts to use registry.access.redhat.com instead of registry.redhat.io. Push 1 plugin container to registry.access.redhat.com and verify it can be pulled without auth. Validate the fix solves RHDHBUGS-2485. Validate with @backstage-community/plugin-catalog-backend-module-scaffolder-relation-processor. Requires further human verification: (none)

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🔒 No security concerns identified

⚡ Recommended focus areas for review Replacement scope The new sed rewrites replace registry.access*.redhat.com/rhdh to quay.io/rhdh, which may unintentionally rewrite already-correct GA references when the access registry images are actually released. Consider gating this behavior behind an explicit “CI/unreleased” flag or ensuring the script only runs this rewrite for CI/IIB install paths where the access-registry refs are known to be unreleased. debugf "Replacing refs to internal registries in bundle image $bundleImg to handle the case of potentially unreleased images..." for folder in manifests metadata; do for file in "./bundles/${digest}/unpacked/rootfs/${folder}"/*; do if [ -f "$file" ]; then debugf "replacing refs to internal registries in file '${file}'" sed -i 's#registry.redhat.io/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry.stage.redhat.io/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry.access.redhat.com/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry.access.stage.redhat.com/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry-proxy.engineering.redhat.com/rh-osbs/rhdh-#quay.io/rhdh/#g' "$file" Sed portability The script uses sed -i without an explicit backup suffix, which is GNU-sed specific; on macOS/BSD this can fail. If the script is expected to run in varied dev environments, consider using a portable form (e.g., sed -i.bak ...; rm -f *.bak) or documenting the GNU sed requirement. sed -i 's#registry.redhat.io/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry.stage.redhat.io/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry.access.redhat.com/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry.access.stage.redhat.com/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry-proxy.engineering.redhat.com/rh-osbs/rhdh-#quay.io/rhdh/#g' "$file"

📄 References redhat-developer/rhdh-operator/config/profile/rhdh/plugin-infra/plugin-infra.sh [1-49] redhat-developer/rhdh/scripts/rhdh-openshift-setup/quick-start-rhdh.sh [141-163] redhat-developer/rhdh/scripts/rhdh-openshift-setup/quick-start-rhdh.sh [301-347] redhat-developer/rhdh/scripts/rhdh-openshift-setup/quick-start-rhdh.sh [164-197] redhat-developer/rhdh/scripts/rhdh-openshift-setup/quick-start-rhdh.sh [50-90] redhat-developer/rhdh/scripts/rhdh-openshift-setup/quick-start-rhdh.sh [1-7] redhat-developer/rhdh/scripts/rhdh-openshift-setup/quick-start-rhdh.sh [246-299] redhat-developer/rhdh/scripts/rhdh-openshift-setup/quick-start-rhdh.sh [199-244]

[rhdh-qodo-merge]

PR Type

Enhancement

---

Description

• Add replacement of registry.access.redhat.com and registry.access.stage.redhat.com references in bundle manifests

• Handle potentially unreleased images during CI builds by redirecting to quay.io

• Improve debug message clarity to reflect the purpose of registry replacements

---

File Walkthrough

Relevant files

Enhancement

install-rhdh-catalog-source.sh Add registry.access.*.redhat.com replacement logic              .rhdh/scripts/install-rhdh-catalog-source.sh Added two new sed commands to replace registry.access.redhat.com/rhdh and registry.access.stage.redhat.com/rhdh references with quay.io/rhdh Updated debug message to clarify the purpose of handling potentially unreleased images Maintains existing replacements for other registry URLs +3/-1

---

[rm3l]

/cherry-pick release-1.9

[openshift-cherrypick-robot]

@rm3l: once the present PR merges, I will cherry-pick it on top of release-1.9 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-1.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[rhdh-qodo-merge]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Consolidate multiple sed commands into one Consolidate the five separate sed commands into a single sed command using the -e option. This improves performance by processing the file only once per loop iteration. .rhdh/scripts/install-rhdh-catalog-source.sh [182-186] -sed -i 's#registry.redhat.io/rhdh#quay.io/rhdh#g' "$file" -sed -i 's#registry.stage.redhat.io/rhdh#quay.io/rhdh#g' "$file" -sed -i 's#registry.access.redhat.com/rhdh#quay.io/rhdh#g' "$file" -sed -i 's#registry.access.stage.redhat.com/rhdh#quay.io/rhdh#g' "$file" -sed -i 's#registry-proxy.engineering.redhat.com/rh-osbs/rhdh-#quay.io/rhdh/#g' "$file" +sed -i \ + -e 's#registry.redhat.io/rhdh#quay.io/rhdh#g' \ + -e 's#registry.stage.redhat.io/rhdh#quay.io/rhdh#g' \ + -e 's#registry.access.redhat.com/rhdh#quay.io/rhdh#g' \ + -e 's#registry.access.stage.redhat.com/rhdh#quay.io/rhdh#g' \ + -e 's#registry-proxy.engineering.redhat.com/rh-osbs/rhdh-#quay.io/rhdh/#g' \ + "$file" Apply / Chat Suggestion importance[1-10]: 5 __ Why: The suggestion correctly identifies an opportunity to improve performance by consolidating multiple sed commands into one, reducing I/O operations and improving code readability.	Low
Possible issue	Skip empty globs automatically Add shopt -s nullglob before the for loop. This ensures the loop does not run if no files match the glob pattern, preventing an iteration over the literal pattern string. .rhdh/scripts/install-rhdh-catalog-source.sh [179-188] +shopt -s nullglob for file in "./bundles/${digest}/unpacked/rootfs/${folder}"/*; do if [ -f "$file" ]; then ... fi done [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 3 __ Why: This is a valid shell scripting improvement that makes the code more robust by preventing the loop from executing on a non-existent file path. However, the existing if [ -f "$file" ] check already handles this case, so the impact is minor.	Low
More

[zdrapela]

/review -i

[rhdh-qodo-merge]

Persistent review updated to latest commit 7e0a241