Fixes #38457 - Update flatpak podman login template to support cert setup

[sjha4]

What are the changes introduced in this pull request?

Requires a couple of PRs to be merged so marking this draft. Updates Flatpak - Login to registry via podman template to allow setting up cert auth in addition to basic auth if user chooses to.

Considerations taken when implementing this change?

Deciding where to put the cert setup: Finally landed on existing template used for flatpak setup.

What are the testing steps for this pull request?

1. Run the job template: Flatpak - Login to registry via podman
2. Use the new input parameter: Set up certificate authentication : Test with both values: true and false.

When set to true:
Certificate-based authentication is used.
No basic auth credentials (username/password) are required.
After the job runs, verify the certs and keys are present with: ls -l /etc/containers/certs.d/<server-hostname>

When set to false:
Basic auth credentials must be provided.
After the job runs, verify that auth details were stored with: cat /etc/flatpak/oci-auth.json

For end-to-end testing, make sure you're able to podman search/pull, flatpak install etc with the certs and without the certs using basic auth login.

Summary by Sourcery

Introduce optional certificate-based authentication to the Flatpak Podman login job template, enabling users to choose between cert auth and basic auth.

New Features:

• Add 'Set up certificate authentication' input to toggle certificate-based registry login.

Enhancements:

• Conditionally invoke the container_certs_setup snippet for certificate auth or fallback to basic podman login.
• Make username and password inputs optional when certificate authentication is enabled.

[sourcery-ai]

Reviewer's Guide

This PR extends the Flatpak Podman login template by introducing an optional certificate-based authentication path, adding a toggle input and wrapping the login steps in conditional logic to include a certificate setup snippet when requested.

Sequence Diagram for Certificate Authentication Path

sequenceDiagram
    actor User
    participant JobTemplate as "flatpak_login_action.erb"
    participant CertSetup as "container_certs_setup snippet"

    User->>JobTemplate: Run with 'Set up certificate authentication' = true
    JobTemplate->>JobTemplate: Read 'Flatpak registry URL'
    JobTemplate->>JobTemplate: Read 'Set up certificate authentication' (true)
    JobTemplate->>CertSetup: Execute container_certs_setup (with registry URL)
    CertSetup-->>JobTemplate: Certificate authentication configured

Loading

Sequence Diagram for Basic Authentication Path

sequenceDiagram
    actor User
    participant JobTemplate as "flatpak_login_action.erb"
    participant PodmanCLI as "Podman CLI"

    User->>JobTemplate: Run with 'Set up certificate authentication' = false
    JobTemplate->>JobTemplate: Read 'Flatpak registry URL'
    JobTemplate->>JobTemplate: Read 'Set up certificate authentication' (false)
    JobTemplate->>JobTemplate: Read 'Username'
    JobTemplate->>JobTemplate: Read 'Password'
    JobTemplate->>PodmanCLI: podman login --username <user> --password-stdin --authfile /etc/flatpak/oci-auth.json
    PodmanCLI-->>JobTemplate: Basic authentication configured (auth.json updated)

Loading

File-Level Changes

Change	Details	Files
Introduce optional certificate authentication parameter and relax basic auth requirements	Add “Set up certificate authentication” input with true/false options and default 'false' Mark Username and Password inputs as not required	app/views/foreman/job_templates/flatpak_login_action.erb
Branch template logic to handle certificate setup or basic auth login	Retrieve new setup_cert_auth input Insert snippet_if_exists call for certificate setup Wrap podman login command in an if/else based on setup_cert_auth	app/views/foreman/job_templates/flatpak_login_action.erb

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.