chore(install-rhdh-catalog-source): replace refs to registry.access.*.redhat.com when rebuilding the bundle manifests [RHIDP-11519]

[rm3l]

Description

In preparation for the work being done as part of RHIDP-11519, we will need to replace the references to registry.access.*.redhat.com when installing CI builds because these references may not be released yet.

/cherry-pick release-1.9

Which issue(s) does this PR fix or relate to

Relates to RHIDP-11519

PR acceptance criteria

• Tests
• Documentation

How to test changes / Special notes to the reviewer

The script should continue to pass as before.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign nickboldt for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[rhdh-qodo-merge]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🎫 Ticket compliance analysis 🔶 RHIDP-11519 - Partially compliant Compliant requirements: None Non-compliant requirements: Refactor the generate*.sh scripts to use registry.access.redhat.com instead of registry.redhat.io. Push one plugin container to registry.access.redhat.com to verify unauthenticated pulls and Konflux release plan behavior. Validate this solves RHDHBUGS-2485. Validate the specific plugin @backstage-community/plugin-catalog-backend-module-scaffolder-relation-processor. Requires further human verification: None

⏱️ Estimated effort to review: 2 🔵🔵⚪⚪⚪

🔒 No security concerns identified

⚡ Recommended focus areas for review Over-broad replace The new sed replacements for registry.access*.redhat.com/rhdh may unintentionally rewrite released/public image references that should remain on registry.access.redhat.com (the ticket’s desired target). Confirm this script is only used for CI/unreleased installs and that replacing to quay.io/rhdh won’t break environments that intentionally reference registry.access.redhat.com. debugf "Replacing refs to internal registries in bundle image $bundleImg to handle the case of potentially unreleased images..." for folder in manifests metadata; do for file in "./bundles/${digest}/unpacked/rootfs/${folder}"/*; do if [ -f "$file" ]; then debugf "replacing refs to internal registries in file '${file}'" sed -i 's#registry.redhat.io/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry.stage.redhat.io/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry.access.redhat.com/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry.access.stage.redhat.com/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry-proxy.engineering.redhat.com/rh-osbs/rhdh-#quay.io/rhdh/#g' "$file" Matching correctness The patterns only match the exact prefix registry.access(.stage).redhat.com/rhdh. If manifests reference images with different paths (e.g., additional namespaces, registry.access.redhat.com/rh-osbs/..., or different repo layout), they won’t be rewritten. Consider whether broader patterns or additional replacements are needed to cover the actual image references produced by bundle generation. sed -i 's#registry.redhat.io/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry.stage.redhat.io/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry.access.redhat.com/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry.access.stage.redhat.com/rhdh#quay.io/rhdh#g' "$file" sed -i 's#registry-proxy.engineering.redhat.com/rh-osbs/rhdh-#quay.io/rhdh/#g' "$file"

📄 References redhat-developer/rhdh-operator/hack/validate-image-digests.sh [1-55] redhat-developer/rhdh-operator/hack/validate-image-digests.sh [71-103] redhat-developer/rhdh-operator/hack/validate-image-digests.sh [159-190] redhat-developer/rhdh/scripts/update-Dockerfile.sh [1-23] redhat-developer/rhdh-operator/config/profile/rhdh/plugin-infra/plugin-infra.sh [1-49] redhat-developer/rhdh-operator/config/profile/rhdh/plugin-infra/gitops-secret-setup.sh [1-35] redhat-developer/rhdh-chart/hack/orchestrator-templates-setup.sh [1-57] redhat-developer/rhdh/scripts/rhdh-openshift-setup/quick-start-rhdh.sh [141-163]

[rhdh-qodo-merge]

PR Type

Enhancement

---

Description

• Add replacement of registry.access.redhat.com and registry.access.stage.redhat.com references in bundle manifests

• Handle potentially unreleased images during CI builds by redirecting to quay.io

• Improve debug message clarity to reflect the purpose of registry replacements

---

File Walkthrough

Relevant files

Enhancement

install-rhdh-catalog-source.sh Add registry.access.*.redhat.com replacement logic              .rhdh/scripts/install-rhdh-catalog-source.sh Added two new sed commands to replace registry.access.redhat.com/rhdh and registry.access.stage.redhat.com/rhdh references with quay.io/rhdh Updated debug message to clarify the purpose of handling potentially unreleased images Maintains existing replacements for other registry URLs +3/-1

---

[rm3l]

/cherry-pick release-1.9

[openshift-cherrypick-robot]

@rm3l: once the present PR merges, I will cherry-pick it on top of release-1.9 in a new PR and assign it to you.

Details

In response to this:

/cherry-pick release-1.9

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[rhdh-qodo-merge]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Consolidate multiple sed commands into one Consolidate the five separate sed commands into a single sed command using the -e option. This improves performance by processing the file only once per loop iteration. .rhdh/scripts/install-rhdh-catalog-source.sh [182-186] -sed -i 's#registry.redhat.io/rhdh#quay.io/rhdh#g' "$file" -sed -i 's#registry.stage.redhat.io/rhdh#quay.io/rhdh#g' "$file" -sed -i 's#registry.access.redhat.com/rhdh#quay.io/rhdh#g' "$file" -sed -i 's#registry.access.stage.redhat.com/rhdh#quay.io/rhdh#g' "$file" -sed -i 's#registry-proxy.engineering.redhat.com/rh-osbs/rhdh-#quay.io/rhdh/#g' "$file" +sed -i \ + -e 's#registry.redhat.io/rhdh#quay.io/rhdh#g' \ + -e 's#registry.stage.redhat.io/rhdh#quay.io/rhdh#g' \ + -e 's#registry.access.redhat.com/rhdh#quay.io/rhdh#g' \ + -e 's#registry.access.stage.redhat.com/rhdh#quay.io/rhdh#g' \ + -e 's#registry-proxy.engineering.redhat.com/rh-osbs/rhdh-#quay.io/rhdh/#g' \ + "$file" Apply / Chat Suggestion importance[1-10]: 5 __ Why: The suggestion correctly identifies an opportunity to improve performance by consolidating multiple sed commands into one, reducing I/O operations and improving code readability.	Low
Possible issue	Skip empty globs automatically Add shopt -s nullglob before the for loop. This ensures the loop does not run if no files match the glob pattern, preventing an iteration over the literal pattern string. .rhdh/scripts/install-rhdh-catalog-source.sh [179-188] +shopt -s nullglob for file in "./bundles/${digest}/unpacked/rootfs/${folder}"/*; do if [ -f "$file" ]; then ... fi done [To ensure code accuracy, apply this suggestion manually] Suggestion importance[1-10]: 3 __ Why: This is a valid shell scripting improvement that makes the code more robust by preventing the loop from executing on a non-existent file path. However, the existing if [ -f "$file" ] check already handles this case, so the impact is minor.	Low
More