caib: restore caib download

[bennyz]

To download already built images

fixes #76

Summary by CodeRabbit

• New Features

  • Added a command to download disk images from completed builds with server/token flags and output destination.
  • Build status responses now include container and disk image artifact references.

• Chores

  • Removed explicit image pull policy specifications to rely on default behavior.

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a new download CLI command to fetch disk image artifacts from completed builds, expands the build API response with containerImage and diskImage fields, and removes explicit ImagePullPolicy settings from several container specs.

Changes

Cohort / File(s)	Summary
CLI: download command & phase constant cmd/caib/main.go	Adds phaseCompleted constant, new downloadCmd with flags --server, --token, -o/--output, and runDownload to fetch a build, validate completion, extract disk image reference, and pull the OCI artifact using registry credentials. Also updates state comparisons to use phaseCompleted.
Build API: response fields internal/buildapi/types.go, internal/buildapi/server.go	Adds ContainerImage and DiskImage fields to BuildResponse and populates them in getBuild from BuildSpec.GetContainerPush() and BuildSpec.GetExportOCI().
Operator config: image pull policy removal internal/controller/operatorconfig/resources.go	Removes explicit ImagePullPolicy: corev1.PullIfNotPresent from three container/initContainer definitions, letting default pull policy apply.

Sequence Diagram(s)

sequenceDiagram
    participant CLI as CLI (caib download)
    participant API as Build API
    participant Reg as OCI Registry
    participant FS as Local filesystem

    CLI->>API: GET /builds/{name}
    API-->>CLI: BuildResponse (state, diskImage)
    alt build.state == phaseCompleted and diskImage present
        CLI->>Reg: OCI pull (diskImage) with creds
        Reg-->>CLI: stream artifact
        CLI->>FS: write file to --output
        FS-->>CLI: success
    else not completed or no diskImage
        API-->>CLI: error/status
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• automotive-dev-operator#32: Modifies similar CLI download/phase-handling code in cmd/caib/main.go and related build API changes; closely related at code level.

Poem

🐰 I hopped to fetch a disk so bright,
From builds that finished late at night,
With OCI crumbs and flags in tow,
I pulled the image—soft and slow,
A tiny rabbit's download light. 🥕

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 28.57% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'caib: restore caib download' clearly describes the main change—restoring the download capability to the caib tool.
Linked Issues check	✅ Passed	The PR successfully implements the core requirement from issue #76: restoring caib download functionality for downloading OCI artifacts from completed builds.
Out of Scope Changes check	✅ Passed	All changes directly support the download restoration goal: CLI command addition, build API response fields, and resource configuration adjustments are all in-scope.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In `@cmd/caib/main.go`:
- Around line 1772-1810: runDownload is missing the same partial registry
credential validation used elsewhere: after extracting credentials with
extractRegistryCredentials(ociRef, "") validate that registryUsername and
registryPassword are both present (use the existing validateRegistryCredentials
function) and reject partial credentials with a clear error before calling
pullOCIArtifact; update runDownload to call
validateRegistryCredentials(registryUsername, registryPassword) (or the
appropriate signature) right after extraction so users get an explicit "missing
password/username" error instead of an opaque OCI auth failure.

In `@internal/controller/operatorconfig/resources.go`:
- Around line 79-81: Restore the explicit ImagePullPolicy to avoid Kubernetes
defaulting to Always for :latest images by adding ImagePullPolicy:
corev1.PullIfNotPresent to the container specs for the "build-api" container
(where getOperatorImage() is used) and likewise for the "oauth-proxy" and
"init-secrets" container definitions in resources.go; ensure corev1 is imported
and set the ImagePullPolicy field on the respective corev1.Container literals so
pods reuse cached images (or conditionally set policy if you intend different
behavior).

🧹 Nitpick comments (1)

cmd/caib/main.go (1)

532-536: Consider marking --output as required via cobra.

The flag is manually validated in runDownload (Line 1780), but marking it required with cobra (downloadCmd.MarkFlagRequired("output")) would provide automatic help text indicating it's mandatory and consistent error messaging.