Make Quay importer more robust in the face of errors

[jcrossley3]

In particular, when repos in the master list are deleted from quay.io before the list is fully processed.

This affirms the downstream bug, https://issues.redhat.com/browse/TC-2686

It also reduces some log noise.

Summary by Sourcery

Improve the Quay importer’s resilience to deleted or erroring repositories by catching HTTP errors, logging warnings, and continuing processing; add support for HTTP scheme; streamline tracing instrumentation; and introduce wiremock-backed tests.

New Features:

• Add an unencrypted flag to QuayImporter to control HTTP vs HTTPS for registry requests

Enhancements:

• Configure the OCI client and repository URLs to respect the unencrypted setting
• Catch non-200 HTTP responses when fetching repositories and manifests, log warnings, record errors, and skip missing or deleted repos instead of failing

Documentation:

• Document the unencrypted importer option in the OpenAPI schema

Tests:

• Introduce wiremock-based tests for QuayWalker covering normal operation and missing-repo scenarios
• Ignore or rename the existing live Quay walk test to avoid failures

Chores:

• Add wiremock as a dependency in the root and importer Cargo.toml files
• Replace #[instrument(skip(...))] attributes with skip_all to reduce log noise

[sourcery-ai]

Reviewer's Guide

This PR fortifies the Quay importer by gracefully handling HTTP errors for deleted repos, adding configurable HTTP/HTTPS support, reducing log noise, and introducing robust wiremock-based tests with sample fixtures.

Sequence diagram for error handling when fetching deleted Quay repositories

sequenceDiagram
    participant QuayWalker
    participant QuayImporter
    participant HTTPClient
    participant Logger
    participant ReportBuilder
    QuayWalker->>QuayImporter: repository_url(namespace, name)
    QuayWalker->>HTTPClient: GET repo URL
    HTTPClient-->>QuayWalker: HTTP error (e.g. 404)
    QuayWalker->>Logger: warn("Error fetching repo {url}: {err}")
    QuayWalker->>ReportBuilder: add_error(Phase::Retrieval, url, err)
    QuayWalker-->>QuayWalker: Continue without panicking

Loading

Entity relationship diagram for QuayImporter with new 'unencrypted' field

erDiagram
    QUAYIMPORTER {
        string source
        string namespace
        integer concurrency
        boolean unencrypted
    }
    QUAYIMPORTER ||--o| REPOSITORY : fetches
    REPOSITORY {
        string namespace
        string name
    }

Loading

Class diagram for updated QuayImporter and QuayWalker

classDiagram
    class QuayImporter {
        +String source
        +Option<String> namespace
        +Option<usize> concurrency
        +bool unencrypted
        +repositories_url(page: usize): String
        +repository_url(namespace: &str, name: &str): String
        -scheme(): &str
    }
    class QuayWalker {
        +QuayImporter importer
        +fetch(reference: &Reference): Option<Vec<u8>>
        +run()
    }
    class Client {
        +OciClient client
        +RegistryAuth auth
        +new(unencrypted: bool)
    }
    QuayWalker --> QuayImporter
    QuayWalker --> Client
    Client --> OciClient
    OciClient --> RegistryAuth

Loading

File-Level Changes

Change	Details	Files
Gracefully handle HTTP errors when fetching repos	Add error_for_status() to skip missing/deleted repo responses Wrap client GET in match to log warnings and report fetch errors Return default repo on HTTP error instead of panicking	modules/importer/src/runner/quay/walker.rs
Support configurable HTTP/HTTPS scheme	Add unencrypted boolean to QuayImporter Introduce scheme() method for URL building Update repository_url and repositories_url to use selected scheme Pass unencrypted flag to Oci client and configure its protocol	modules/importer/src/model/quay.rs modules/importer/src/runner/quay/oci.rs
Enhance logging and reduce tracing noise	Insert debug logs for reference and repository fetching Replace per-parameter skip in #[instrument] with skip_all across loaders	modules/importer/src/runner/quay/walker.rs modules/ingestor/src/service/format.rs modules/ingestor/src/service/mod.rs modules/ingestor/src/service/sbom/cyclonedx.rs modules/ingestor/src/service/sbom/spdx.rs
Introduce wiremock-based mock tests and fixtures	Add walk_mock_quay and missing_repo tests using MockServer Ignore the real walk test in favor of mocks Include sample JSON fixtures under etc/test-data/quay Add wiremock dependency to root and importer Cargo.toml	modules/importer/src/runner/quay/walker.rs etc/test-data/quay/manifest.json etc/test-data/quay/repo.json etc/test-data/quay/repos.json etc/test-data/quay/sbom.json Cargo.toml modules/importer/Cargo.toml
Extend API schema for unencrypted flag	Add unencrypted property in openapi.yaml for QuayImporter spec	openapi.yaml

Possibly linked issues

• #TC-2686: The PR makes the Quay importer robust by handling HTTP errors and deleted repositories, directly addressing the unexpected errors described in TC-2686.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[codecov]

Codecov Report

❌ Patch coverage is 82.14286% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 68.64%. Comparing base (03bae56) to head (da53dae).
⚠️ Report is 5 commits behind head on main.

Files with missing lines	Patch %	Lines
modules/importer/src/runner/quay/walker.rs	64.28%	1 Missing and 4 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2038      +/-   ##
==========================================
+ Coverage   68.01%   68.64%   +0.62%     
==========================================
  Files         362      362              
  Lines       20221    20240      +19     
  Branches    20221    20240      +19     
==========================================
+ Hits        13754    13894     +140     
+ Misses       5680     5556     -124     
- Partials      787      790       +3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[sourcery-ai]

Hey there - I've reviewed your changes and they look great!

Prompt for AI Agents

Please address the comments from this code review:

## Individual Comments

### Comment 1
<location> `modules/importer/src/runner/quay/walker.rs:198-207` </location>
<code_context>
+        match (&repo.namespace, &repo.name) {
</code_context>

<issue_to_address>
**issue (bug_risk):** Error handling for repository fetches is improved, but fallback to 'repo' may mask issues.

Using 'repo' as a fallback could cause downstream code to misinterpret errors as successful fetches. Recommend returning an explicit error or sentinel value instead.
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[ctron]

Looks good to me.

[trustify-ci-bot]

Successfully created backport PR for release/0.4.z:

• Make Quay importer more robust in the face of errors [Backport release/0.4.z] #2047