image-updater: add --repositories flag for y-stream repo version upgrade detection

[hbhushan3]

Summary

Adds a --repositories / -r flag to the update command that detects when new y-stream (minor version) Quay repositories become available for configured components (ACM, MCE). This is config-driven via repoVersionUpgrade.repoPrefix on each source.

Jira: AROSLSRE-645

Problem

ACM/MCE creates new Quay repos per y-stream release (e.g. acm-operator-bundle-acm-217 → acm-operator-bundle-acm-218). The image updater currently only updates digests/tags within a fixed repo — it can't detect when a new version repo appears.

Solution

update --repositories mode:

• Parses the current repo name to extract the version number using a configurable repoPrefix
• Increments the minor version and checks if the next repo exists on Quay
• If found, fetches the latest tag and optionally applies the config update (new repo + tag)
• Supports --dry-run, --output-file, and --output-format (table/markdown/json)
• Atomic file writes via temp-file + rename with file mode preservation
• Rejects incompatible flags (--components, --groups, --exclude-components)

Config

Sources opt in with repoVersionUpgrade.repoPrefix:

- name: acm-operator
  source:
    repoVersionUpgrade:
      repoPrefix: "acm-operator-bundle-acm-"
    quay:
      repository: redhat-user-workloads/crt-redhat-acm-tenant/acm-operator-bundle-acm-217

Output Formats

Table (default):

┌──────────────┬─────────────────┬──────────────┬──────────────────┐
│ COMPONENT    │ CURRENT VERSION │ NEXT VERSION │ STATUS           │
├──────────────┼─────────────────┼──────────────┼──────────────────┤
│ acm-operator │ 2.17            │ 2.18         │ ⏳ Not available │
│ acm-mce      │ 2.11            │ 2.12         │ ✅ Available     │
└──────────────┴─────────────────┴──────────────┴──────────────────┘

Markdown (--output-format markdown):

| Component | Current Version | Next Version | Status |
| --- | --- | --- | --- |
| acm-operator | 2.17 | 2.18 | ⏳ Not available |
| acm-mce | 2.11 | 2.12 | ✅ Available |

JSON (--output-format json): Full result objects array.

Usage

# Check for new version repos (dry-run)
./image-updater update --config config.yaml --repositories --dry-run

# Apply upgrades
./image-updater update --config config.yaml --repositories

# Save results
./image-updater update --config config.yaml --repositories --output-file results.md --output-format markdown

# Via Makefile
make update-repositories

Key Design Decisions

• Config-driven: Only components with repoVersionUpgrade.repoPrefix are checked — no hardcoded ACM/MCE logic
• Quay 401 handling: Treats both 401 and 404 as "not found" (Konflux repos return 401 for non-existent repos); errors on other status codes (429, 5xx)
• Flag isolation: --repositories rejects --components/--groups/--exclude-components since it operates on a different axis
• Atomic writes: Uses temp-file + os.Rename to prevent partial writes, preserves original file mode

Files Changed

• tooling/image-updater/internal/upgrade/upgrade.go — Core logic: checker, repo detection, formatting, atomic apply
• tooling/image-updater/internal/upgrade/upgrade_test.go — Unit tests
• tooling/image-updater/cmd/update.go — Wires --repositories into update command
• tooling/image-updater/internal/options/options.go — --repositories/-r flag
• tooling/image-updater/internal/config/config.go — RepoVersionUpgrade config type
• tooling/image-updater/config.yaml — ACM/MCE prefixes configured
• tooling/image-updater/Makefile — update-repositories target
• tooling/image-updater/README.md — Documentation
• tooling/image-updater/AGENTS.md — Agent instructions

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: hbhushan3
Once this PR has been reviewed and has the lgtm label, please assign tony-schndr for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• tooling/image-updater/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds a new repository-version-upgrade subcommand to tooling/image-updater to detect next ACM/MCE version-suffixed Quay repositories and update config files accordingly.

Changes:

• Registers a new cobra subcommand and Makefile target to run repository-version upgrades.
• Introduces internal/upgrade package with Quay version detection + file rewrite logic.
• Adds unit tests and documentation for the new workflow.

Reviewed changes

Copilot reviewed 7 out of 7 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
tooling/image-updater/main.go	Registers the new repository-version-upgrade subcommand.
tooling/image-updater/cmd/repository_version_upgrade.go	Implements the cobra command, flags, and execution flow.
tooling/image-updater/internal/upgrade/upgrade.go	Adds Quay repo detection, version parsing, reporting, and config rewrite logic.
tooling/image-updater/internal/upgrade/upgrade_test.go	Adds unit tests covering parsing, Quay checks, formatting, and apply logic.
tooling/image-updater/Makefile	Adds upgrade-repository-version target and help text.
tooling/image-updater/README.md	Documents the new subcommand usage and behavior.
tooling/image-updater/AGENTS.md	Adds agent-facing runbook steps for the new command.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 6 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 7 out of 7 changed files in this pull request and generated 6 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[openshift-ci]

@hbhushan3: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/cspr	c8ce117	link	true	/test cspr

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.