Use remote digest for BOOTC_DIGEST label

[alicefr]

Push the bootc image before building the disk image so that BOOTC_DIGEST reflects the registry digest after compression.

Summary by Sourcery

Push the bootc image before building the disk image so the BOOTC_DIGEST label uses the registry-compressed digest.

Enhancements:

• Adjust Fedora node image workflow to push the bootc image first and export its registry digest for subsequent steps.
• Update disk image build to accept an optional BOOTC_DIGEST parameter and fall back to a local inspect when not provided.

CI:

• Split bootc and disk image push steps in the GitHub Actions workflow and wire digest output between them.

[sourcery-ai]

Reviewer's Guide

Workflow now pushes the bootc image first, captures the remote registry digest, passes it into disk image build, and separates bootc and disk image push steps so BOOTC_DIGEST reflects the compressed registry digest.

Sequence diagram for using remote BOOTC_DIGEST in disk image build

sequenceDiagram
    participant GitHubActions
    participant Make as make
    participant Podman as podman

    GitHubActions->>Make: make build-bootc-image

    GitHubActions->>GitHubActions: Determine image tag (meta)

    GitHubActions->>Podman: podman tag BOOTC_SRC PUSH_DEST:TAG
    GitHubActions->>Podman: podman push --digestfile=/tmp/bootc-digest PUSH_DEST:TAG
    GitHubActions->>Podman: podman tag BOOTC_SRC PUSH_DEST:latest
    GitHubActions->>Podman: podman push PUSH_DEST:latest
    GitHubActions->>GitHubActions: capture BOOTC_DIGEST from /tmp/bootc-digest

    GitHubActions->>Make: make build-disk-image BOOTC_DIGEST=BOOTC_DIGEST

    GitHubActions->>Podman: podman tag DISK_SRC PUSH_DEST:TAG-disk
    GitHubActions->>Podman: podman push PUSH_DEST:TAG-disk
    GitHubActions->>Podman: podman tag DISK_SRC PUSH_DEST:latest-disk
    GitHubActions->>Podman: podman push PUSH_DEST:latest-disk

Loading

File-Level Changes

Change	Details	Files
Push bootc image before disk image build and capture its remote digest via podman.	Move disk image build step to run after bootc image push in the GitHub Actions workflow. Rename combined tag-and-push step to a dedicated bootc push step with an id for later output reference. Use podman push with --digestfile to capture the remote digest of the bootc image to a temporary file. Read the digest from the file and expose it as a GitHub Actions output for downstream steps.	.github/workflows/build-node-image.yaml
Pass BOOTC_DIGEST from workflow into disk image build and split disk image push into its own step.	Add a new Build disk image step that reads BOOTC_DIGEST from the push-bootc step outputs and passes it as a Make variable when present. Create a separate Push disk image step that tags and pushes the disk image under versioned and latest-disk tags, gated by the same push condition. Ensure disk image build still works when BOOTC_DIGEST is absent by falling back to previous behavior.	.github/workflows/build-node-image.yaml
Allow build-disk-image Make target to accept an optional BOOTC_DIGEST override while retaining fallback to local inspect.	Introduce a BOOTC_DIGEST Makefile variable with an empty default. Update build-disk-image recipe to use the passed BOOTC_DIGEST when set, otherwise compute it via podman inspect on the BOOTC_IMAGE. Preserve the existing podman build invocation while injecting the correct BOOTC_DIGEST into the build context.	node-images/fedora/Makefile

Possibly linked issues

• #: PR pushes bootc image, captures registry digest, and passes BOOTC_DIGEST into disk image build to label correctly

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• In the Makefile's build-disk-image target, the else branch that reassigns BOOTC_DIGEST="$(BOOTC_DIGEST)" is effectively a no-op and can be removed by only setting BOOTC_DIGEST when it's empty, which will simplify the shell snippet.
• Given that the workflow now always pushes the bootc image before building the disk image, consider whether the build-disk-image: build-bootc-image dependency is still needed, as it may trigger unnecessary rebuilds of the bootc image during disk image builds.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- In the Makefile's `build-disk-image` target, the `else` branch that reassigns `BOOTC_DIGEST="$(BOOTC_DIGEST)"` is effectively a no-op and can be removed by only setting `BOOTC_DIGEST` when it's empty, which will simplify the shell snippet.
- Given that the workflow now always pushes the bootc image before building the disk image, consider whether the `build-disk-image: build-bootc-image` dependency is still needed, as it may trigger unnecessary rebuilds of the bootc image during disk image builds.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}