feat: add digest-based image reference support for disconnected installations

[mikenairn]

Summary

Adds support for digest-based image references in operator bundles to enable disconnected (air-gapped) OpenShift installations.

Changes

• Added USE_IMAGE_DIGESTS flag (default: false) to enable SHA256 digest references
• Created BUNDLE_GEN_FLAGS variable with conditional --use-image-digests
• Added bundle post-generation steps:
  • Deduplicate relatedImages (operator-sdk creates duplicates)
  • Add features.operators.openshift.io/disconnected annotation
• Fixed catalog-push target to use OPERATOR_IMAGE variable

Related

Related to Kuadrant/kuadrant-operator#1894

Summary by CodeRabbit

Release Notes

• Chores
  • Introduced configurable digest-based bundle generation with automatic image deduplication and disconnected mode support.
  • Updated build system infrastructure and deployment targeting parameters.

[coderabbitai]

Warning

Review limit reached

@mikenairn, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 17 minutes and 12 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 2e35a7a3-194c-43a6-8167-4c56394f481c

📥 Commits

Reviewing files that changed from the base of the PR and between 64c3554 and a8005e8.

📒 Files selected for processing (1)

• Makefile

📝 Walkthrough

Walkthrough

This pull request refines the operator build system by introducing configurable digest-based bundle generation, centralising bundle generation flags, updating the catalog push helper variable naming from IMG to OPERATOR_IMAGE, and adding metadata documentation to the bundle Dockerfile.

Changes

Build System Enhancements

Layer / File(s)	Summary
Digest-based bundle generation Makefile	New USE_IMAGE_DIGESTS flag (defaulting to false) gates digest-based image resolution. BUNDLE_GEN_FLAGS centralises the operator-sdk generate bundle arguments and conditionally appends --use-image-digests. The bundle target now uses $(BUNDLE_GEN_FLAGS), and when enabled, post-processes the generated CSV to deduplicate spec.relatedImages entries by image and set the OpenShift disconnected support annotation to "true".
Build helper integration and metadata make/catalog.mk, bundle.Dockerfile	catalog-push target updated to invoke the docker-push helper with OPERATOR_IMAGE=$(CATALOG_IMG) instead of IMG=$(CATALOG_IMG). Bundle Dockerfile annotated with # Quay image expiry comment preceding the existing expiry configuration.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A rabbit configs bundles with digests so bright,
Flags tidied, helpers aligned—the build flows just right,
Post-processing CSV entries, annotations set true,
Disconnected glory awaits in each push that we do!
🐇✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The pull request title accurately describes the main objective of the changeset: adding digest-based image reference support for disconnected installations, which aligns with the primary changes in the Makefile and bundle modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch disconnected_installs

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.20%. Comparing base (f4df274) to head (a8005e8).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #313   +/-   ##
=======================================
  Coverage   57.20%   57.20%           
=======================================
  Files          13       13           
  Lines        1458     1458           
=======================================
  Hits          834      834           
  Misses        529      529           
  Partials       95       95           

Flag	Coverage Δ
unit	57.20% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Makefile`:
- Around line 355-360: The Makefile currently applies digest-specific CSV
mutations inside the USE_IMAGE_DIGESTS block after bundle validation, so the
final artifacts aren't validated; update the Makefile so the bundle validation
step (the existing `bundle validate` invocation or the `bundle` target's
validation logic) runs after `bundle-custom-modifications` (or after the
commands inside the USE_IMAGE_DIGESTS block) instead of before—ensure the
`bundle` target depends on or invokes validation
post-`bundle-custom-modifications` when USE_IMAGE_DIGESTS=true so the
deduplication and disconnected-annotation changes are validated against the
final CSV.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 3e5969a6-68aa-40f6-8fb5-4db69cf9b759

📥 Commits

Reviewing files that changed from the base of the PR and between f4df274 and 64c3554.

📒 Files selected for processing (3)

• Makefile
• bundle.Dockerfile
• make/catalog.mk