NO-ISSUE: Update ansible-collection to v1.6

[SiddarthR56]

Summary

This PR releases collection version 1.6.0 and updates the underlying Flight Control client dependency to support Flight Control API v1.2. It improves base URL handling by normalizing hosts to consistently use /api/v1, enhances request behavior by optionally scoping requests to an organization via an org_id query parameter (inventory plugin), updates CI to pull a newer Flight Control e2e reference and run an e2e-registry locally, and adjusts integration tests to use that registry over HTTP (removing prior TLS-bypass behavior).

Areas Affected

Collection metadata / release docs

• galaxy.yml: version: 1.5.0 → 1.6.0
• CHANGELOG.rst: added v1.6.0 release entry (“support Flight Control API v1.2” and a Major Changes bullet)
• changelogs/changelog.yaml: added releases.1.6.0 with release_summary, reference to flightctl_1.6.0_update.yml, and release_date: '2026-06-22'
• README.md: pinned examples to flightctl.core:1.6.0 (from 1.5.0)

Shared utilities (module client setup)

• plugins/module_utils/api_module.py
  • Normalizes host_url by trimming trailing / and ensuring it ends with /api/v1
  • Uses the normalized host_url when constructing Configuration(...) and V1Alpha1Configuration(...)

Inventory plugin behavior

• plugins/inventory/flightctl.py
  • Normalizes the resolved Flight Control base host to end with /api/v1
  • If config.organization is set, scopes outgoing requests by appending org_id=<organization> (only when an org_id query param is not already present)
  • Adds helper _set_org_id_query_param(client, organization)

Dependencies / test environment requirements

• requirements.txt: flightctl-client 1.1.0 → 1.2.1
• tests/unit/requirements.txt: flightctl-client 1.1.0 → 1.2.1
• tests/integration/requirements.txt: flightctl-client 1.1.0 → 1.2.1

CI configuration

• .github/workflows/integration-tests.yaml
  • Updates env.FLIGHTCTL_REF to v1.2.0 (from v1.1.1)
  • Replaces make deploy-e2e-extras with starting an e2e-registry container:
    • docker run -d --name e2e-registry --network kind -p 5000:5000 quay.io/flightctl/e2eregistry:2

Integration tests

• tests/integration/targets/flightctl_image_builder/tasks/imagebuild-lifecycle.yml
  • Destination registry now uses e2e-registry:5000 with scheme: http
  • Removes skipServerVerification: true
• tests/integration/targets/flightctl_image_builder/tasks/imageexport-lifecycle.yml
  • Destination registry now uses e2e-registry:5000 with scheme: http
  • Removes skipServerVerification: true

Module API surface / backward-compatibility implications

• Module argument/return surface: no changes indicated.
• Behavioral compatibility considerations
  • URL normalization: behavior changes when users provide hosts with trailing / or without /api/v1 (now normalized more consistently).
  • Organization scoping: when organization is configured, requests will include org_id, potentially changing server-side results.
  • Integration environment: e2e registry interactions now use HTTP and remove the previous TLS bypass setting, so test environments must support the new registry endpoint/transport.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Upgrades the Ansible collection from v1.5.0 to v1.6.0 to support Flight Control API v1.2. The flightctl-client Python dependency is pinned to version 1.2.1 across all requirements files. Both FlightctlAPIModule.__init__ and the inventory plugin now normalize API base URLs by stripping trailing slashes and ensuring /api/v1 is appended. The inventory plugin gains conditional org_id query parameter injection when an organization is configured. Collection metadata, changelogs, and README examples are updated to reflect the v1.6.0 release. CI integration tests are updated to reference Flight Control v1.2.0 and refactored to use an externalized e2e-registry container with updated endpoint configurations.

Changes

v1.6.0 Release: API v1.2 Client Upgrade with URL Normalization and Org_id Support

Layer / File(s)	Summary
Client dependency upgrade and URL normalization infrastructure requirements.txt, tests/integration/requirements.txt, tests/unit/requirements.txt, plugins/module_utils/api_module.py, plugins/inventory/flightctl.py	Updates flightctl-client from 1.1.0 to 1.2.1 across all three requirements files. Both FlightctlAPIModule.__init__ and inventory plugin _setup_connection_configuration() now normalize the API host URL by stripping trailing / and conditionally appending /api/v1, then pass this normalized host_url to their respective Configuration objects.
Organization ID query parameter injection plugins/inventory/flightctl.py	The flightctl_apis() context manager conditionally injects an org_id query parameter into outgoing API requests when config.organization is set. The _set_org_id_query_param() helper wraps ApiClient.param_serialize() to append ('org_id', organization) unless already present, enabling organization-scoped resource filtering.
Collection version bump and release documentation galaxy.yml, changelogs/changelog.yaml, CHANGELOG.rst, README.md	Bumps collection version in galaxy.yml from 1.5.0 to 1.6.0. Adds the 1.6.0 release entry to changelogs/changelog.yaml with major change note for API v1.2 support, release summary, fragment reference, and release date (2026-06-22). Appends v1.6.0 section to CHANGELOG.rst. Updates README installation examples to reference 1.6.0 in both requirements.yml snippet and ansible-galaxy command.
CI workflow and e2e test infrastructure upgrade .github/workflows/integration-tests.yaml, tests/integration/targets/flightctl_image_builder/tasks/imagebuild-lifecycle.yml, tests/integration/targets/flightctl_image_builder/tasks/imageexport-lifecycle.yml	Integration test workflow's env.FLIGHTCTL_REF is updated from v1.1.1 to v1.2.0. Both main and downstream integration jobs replace the make deploy-e2e-extras step with container startup to run e2e-registry on the kind network with port 5000 exposed. Image builder and image export test tasks update destination repository configurations to use registry: e2e-registry:5000 with scheme: http (removing the prior HTTPS registry endpoint and skipServerVerification bypass), aligning test fixtures to the simplified container-based registry infrastructure.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested labels

collection-metadata, module-utils, plugins, docs, tests, ci

Poem

🛸 A client dance from one-point-one,
To one-point-two—the upgrades run.
URLs trimmed to slash-free grace,
Org_id finds its rightful place.
The version climbs to six-oh-oh,
The flightctl ansible's ready to go! ✈️

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
No-Hardcoded-Secrets	❌ Error	Hardcoded secret-like string "super-secret-token-that-should-be-hidden" found in test_connection.yml line 314 assigned to fake_token variable, despite having no_log protection at execution time.	Replace hardcoded secret string with test fixture data or use vault-encrypted test credentials instead of plaintext secrets in code.
Ansible-Idempotency	⚠️ Warning	PR introduces runner.py with idempotency flaw: check_mode always reports changed=True for existing resources in state='present' without comparing desired vs actual state, breaking Ansible idempoten...	In runner.py perform_action(), for state='present' with existing resources: perform diff comparison in check_mode before reporting changed status, not just exit with changed=True unconditionally.
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to assess relevance to the changeset.	Add a pull request description that explains the changes, such as: 'Updates ansible-collection to version 1.6.0 to support Flight Control API v1.2, including flightctl-client dependency updates and registry configuration changes for integration tests.'

✅ Passed checks (8 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Update ansible-collection to v1.6' is concise, clear, and accurately summarizes the main change: bumping the ansible-collection version from 1.5.0 to 1.6.0 across multiple files.
Docstring Coverage	✅ Passed	Docstring coverage is 80.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
No-Weak-Crypto	✅ Passed	No weak cryptography patterns detected. Comprehensive search found no MD5, SHA1, DES, RC4, 3DES, Blowfish, or ECB mode usage; no custom crypto implementations; no unsafe secret comparisons. Base64...
No-Injection-Vectors	✅ Passed	No injection vectors found. Host URL normalization uses safe string operations on parsed URLs. Organization query parameters are properly appended as tuples to be URL-encoded by the API client, not...
No-Sensitive-Data-In-Logs	✅ Passed	No sensitive data exposure found in logs. Tokens and passwords are constructed only for Authorization headers, never logged. No unprotected tasks registering credentials. All info() calls log safe...
Ai-Attribution	✅ Passed	PR properly attributes AI tool usage with 'Assisted-by: Cursor/Claude' trailer in both description and commit, which is an acceptable format per check requirements.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

plugins/module_utils/api_module.py (1)

125-141: 🧹 Nitpick | 🔵 Trivial | 💤 Low value

URL normalization logic assumes clean base URL structure.

The logic strips trailing slashes and conditionally appends /api/v1 to construct the normalized host. For typical use cases (base URLs like https://example.com:8080/), this works correctly and handles the test fixtures as designed.

However, the check if not host_url.endswith('/api/v1') does not validate URL structure. If a user provides a URL with /api/v1 embedded in a path component (e.g., https://example.com/api/v1/extra/), the logic would incorrectly append another /api/v1, resulting in a malformed URL.

Consider adding a defensive check to validate that the final URL has the expected structure, or document the assumption that base URLs should not contain /api/v1 in intermediate path segments.

💡 Optional defensive enhancement

host_url = self.url.geturl().rstrip('/')
if not host_url.endswith('/api/v1'):
    host_url = f"{host_url}/api/v1"

# Optional: validate that the normalized URL has the expected structure
# (prevents accidental double-pathing if input already contains /api/v1)
if host_url.count('/api/v1') != 1:
    raise FlightctlException(f"Invalid host URL structure: {self.url.geturl()}")

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@plugins/module_utils/api_module.py` around lines 125 - 141, The URL
normalization logic that constructs host_url does not validate that the final
URL has the expected structure, which could result in malformed URLs with
duplicate `/api/v1` segments if the input URL already contains this path
component. After the host_url is normalized (where the rstrip and conditional
append of `/api/v1` occur), add a validation check to ensure that `/api/v1`
appears exactly once in the final URL. If the count is not equal to 1, raise a
FlightctlException with a descriptive error message that includes the original
URL from self.url.geturl(). This defensive check should validate the normalized
host_url before it is used to create the Configuration objects.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@changelogs/changelog.yaml`:
- Around line 138-145: Create the missing changelog fragment file referenced in
the 1.6.0 release entry. The changelog entry references the fragment file
`flightctl_1.6.0_update.yml` which must be created in the fragments directory.
Structure this fragment file using the appropriate YAML format with the
`major_changes` category to match the changelog entry for version 1.6.0,
ensuring it contains the content describing the support for Flight Control API
v1.2 to satisfy the `antsibull-changelog release` command requirements.

In `@requirements.txt`:
- Line 5: The flightctl dependency in requirements.txt is referencing a
non-existent git tag (pc_1.2) from a personal fork, which will cause build
failures. Replace the entire git-based dependency specification on the flightctl
line with the official published PyPI package by changing it to use
flightctl-client==1.1.0 or a higher version if available on PyPI. This ensures
supply chain integrity and uses the officially maintained package rather than a
personal repository with non-existent tags.

---

Outside diff comments:
In `@plugins/module_utils/api_module.py`:
- Around line 125-141: The URL normalization logic that constructs host_url does
not validate that the final URL has the expected structure, which could result
in malformed URLs with duplicate `/api/v1` segments if the input URL already
contains this path component. After the host_url is normalized (where the rstrip
and conditional append of `/api/v1` occur), add a validation check to ensure
that `/api/v1` appears exactly once in the final URL. If the count is not equal
to 1, raise a FlightctlException with a descriptive error message that includes
the original URL from self.url.geturl(). This defensive check should validate
the normalized host_url before it is used to create the Configuration objects.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: b45e4ae4-3201-4a0c-9b1e-c753c49d0065

📥 Commits

Reviewing files that changed from the base of the PR and between 8ce16bf and c5d813b.

📒 Files selected for processing (8)

• CHANGELOG.rst
• README.md
• changelogs/changelog.yaml
• galaxy.yml
• plugins/module_utils/api_module.py
• requirements.txt
• tests/integration/requirements.txt
• tests/unit/requirements.txt

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (1)

changelogs/changelog.yaml (1)

138-145: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Fragment file missing—release workflow will fail. [DUPLICATE]

This is a repeat of the critical issue already flagged in the previous review: the changelog entry references fragment flightctl_1.6.0_update.yml, which does not exist in changelogs/fragments/. The antsibull-changelog release command requires all referenced fragments to exist before release can proceed.

Create the fragment file changelogs/fragments/flightctl_1.6.0_update.yml in YAML format with the major_changes category to match this release entry.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@changelogs/changelog.yaml` around lines 138 - 145, The changelog.yaml file
references a fragment file flightctl_1.6.0_update.yml that does not exist in the
changelogs/fragments/ directory, which will cause the antsibull-changelog
release command to fail. Create the missing fragment file
flightctl_1.6.0_update.yml in the changelogs/fragments/ directory as a YAML file
with a major_changes category entry that describes the Flight Control API
version 1.2 update to match the content referenced in the changelog entry.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@plugins/inventory/flightctl.py`:
- Line 433: The wrapper function param_serialize_with_org_id is missing explicit
type annotations for its parameters and return type, which violates the codebase
typing guidelines and creates inconsistency with the enclosing function that is
fully typed. Add type hints to the function signature for *args and **kwargs
parameters, and specify the return type annotation to match the typing pattern
used throughout the rest of the codebase and maintain consistency with the
parent function's type safety.

---

Duplicate comments:
In `@changelogs/changelog.yaml`:
- Around line 138-145: The changelog.yaml file references a fragment file
flightctl_1.6.0_update.yml that does not exist in the changelogs/fragments/
directory, which will cause the antsibull-changelog release command to fail.
Create the missing fragment file flightctl_1.6.0_update.yml in the
changelogs/fragments/ directory as a YAML file with a major_changes category
entry that describes the Flight Control API version 1.2 update to match the
content referenced in the changelog entry.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: b4f2245e-0690-4296-89a8-702f7b707a51

📥 Commits

Reviewing files that changed from the base of the PR and between c5d813b and 7e7e615.

📒 Files selected for processing (9)

• CHANGELOG.rst
• README.md
• changelogs/changelog.yaml
• galaxy.yml
• plugins/inventory/flightctl.py
• plugins/module_utils/api_module.py
• requirements.txt
• tests/integration/requirements.txt
• tests/unit/requirements.txt

[coderabbitai]

Actionable comments posted: 2

♻️ Duplicate comments (2)

tests/unit/requirements.txt (1)

5-5: ⚠️ Potential issue | 🔴 Critical

Same critical supply chain issue as requirements.txt.

This file contains the same problematic flightctl-client dependency referencing the non-existent git tag pc_1.2. Unit tests cannot proceed until the main requirements.txt is corrected.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/unit/requirements.txt` at line 5, The flightctl-client dependency in
tests/unit/requirements.txt references a non-existent git tag `pc_1.2` which
prevents dependency resolution. Update the git reference in the dependency
specification to use a valid and existing git tag, branch name, or commit SHA
from the flightctl-python-client repository. Verify the corrected reference
resolves properly before committing the change.

tests/integration/requirements.txt (1)

3-3: ⚠️ Potential issue | 🔴 Critical

Same critical supply chain issue as requirements.txt.

This file contains the same problematic flightctl-client dependency referencing the non-existent git tag pc_1.2. Integration tests cannot proceed until the main requirements.txt is corrected.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/integration/requirements.txt` at line 3, The flightctl-client
dependency in the integration test requirements file references a non-existent
git tag pc_1.2, preventing integration tests from running. Update the git
reference in the flightctl-client @
git+https://github.com/SiddarthR56/flightctl-python-client.git@pc_1.2 dependency
to point to a valid and existing git tag or branch instead of the non-existent
pc_1.2 tag. Ensure the tag or branch you reference actually exists in the
repository.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/integration-tests.yaml:
- Line 14: The FLIGHTCTL_REF environment variable update to v1.2.0 in the
integration-tests.yaml workflow is blocked by a dependency issue. Before merging
this workflow change, identify and fix the flightctl-client dependency
declaration in requirements.txt that is currently failing during CI dependency
installation. Resolve the flightctl-client issue first so that when the workflow
runs, the Python client dependency can be successfully installed alongside the
updated FLIGHTCTL_REF version.

In `@requirements.txt`:
- Line 5: The flightctl-client dependency in requirements.txt is specified as a
git URL pointing to a non-existent tag (pc_1.2) in a personal fork, which breaks
reproducible builds and supply chain integrity. Replace the entire line with the
official PyPI package pinned to a released version: flightctl-client==1.1.0 (the
latest stable version available on PyPI). This ensures deterministic builds and
uses the officially maintained package source.

---

Duplicate comments:
In `@tests/integration/requirements.txt`:
- Line 3: The flightctl-client dependency in the integration test requirements
file references a non-existent git tag pc_1.2, preventing integration tests from
running. Update the git reference in the flightctl-client @
git+https://github.com/SiddarthR56/flightctl-python-client.git@pc_1.2 dependency
to point to a valid and existing git tag or branch instead of the non-existent
pc_1.2 tag. Ensure the tag or branch you reference actually exists in the
repository.

In `@tests/unit/requirements.txt`:
- Line 5: The flightctl-client dependency in tests/unit/requirements.txt
references a non-existent git tag `pc_1.2` which prevents dependency resolution.
Update the git reference in the dependency specification to use a valid and
existing git tag, branch name, or commit SHA from the flightctl-python-client
repository. Verify the corrected reference resolves properly before committing
the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 83c8b23c-7838-4ffa-a1be-f1d3a56b51f2

📥 Commits

Reviewing files that changed from the base of the PR and between 7e7e615 and 7cf1fa8.

📒 Files selected for processing (4)

• .github/workflows/integration-tests.yaml
• requirements.txt
• tests/integration/requirements.txt
• tests/unit/requirements.txt

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/integration-tests.yaml:
- Around line 49-50: Replace the container image reference
`quay.io/flightctl/e2eregistry:2` with a pinned full SHA256 digest format
(`quay.io/flightctl/e2eregistry@sha256:...`) to ensure reproducibility and
prevent upstream retags from silently changing CI behavior. Apply this same
change in both the integration-tests job (around line 50 in the "Start e2e
registry" step) and the test-integration-downstream job (around line 104) to
maintain consistency across both jobs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 691ef336-c74a-482c-8d27-fc5e166b27e4

📥 Commits

Reviewing files that changed from the base of the PR and between 7cf1fa8 and 84a0ead.

📒 Files selected for processing (12)

• .github/workflows/integration-tests.yaml
• CHANGELOG.rst
• README.md
• changelogs/changelog.yaml
• galaxy.yml
• plugins/inventory/flightctl.py
• plugins/module_utils/api_module.py
• requirements.txt
• tests/integration/requirements.txt
• tests/integration/targets/flightctl_image_builder/tasks/imagebuild-lifecycle.yml
• tests/integration/targets/flightctl_image_builder/tasks/imageexport-lifecycle.yml
• tests/unit/requirements.txt

[coderabbitai]

♻️ Duplicate comments (1)

.github/workflows/integration-tests.yaml (1)

50-50: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Pin e2e-registry image to an immutable digest (Major).

Using quay.io/flightctl/e2eregistry:2 on Line 50 and Line 104 allows upstream retags, so CI can run different code over time (non-reproducible + supply-chain drift risk).

Suggested fix

-        run: docker run -d --name e2e-registry --network kind -p 5000:5000 quay.io/flightctl/e2eregistry:2
+        run: docker run -d --name e2e-registry --network kind -p 5000:5000 quay.io/flightctl/e2eregistry@sha256:<pinned_digest>

Also applies to: 104-104

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/integration-tests.yaml at line 50, The docker image
reference quay.io/flightctl/e2eregistry:2 uses a mutable tag which allows
upstream retags, creating non-reproducible builds and supply chain risks.
Replace the image tag :2 with an immutable SHA256 digest on both the docker run
command at line 50 and the other occurrence at line 104. Instead of
quay.io/flightctl/e2eregistry:2, use the full image reference with the SHA256
digest (format: quay.io/flightctl/e2eregistry@sha256:...) to ensure the exact
same image is always pulled in CI runs.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In @.github/workflows/integration-tests.yaml:
- Line 50: The docker image reference quay.io/flightctl/e2eregistry:2 uses a
mutable tag which allows upstream retags, creating non-reproducible builds and
supply chain risks. Replace the image tag :2 with an immutable SHA256 digest on
both the docker run command at line 50 and the other occurrence at line 104.
Instead of quay.io/flightctl/e2eregistry:2, use the full image reference with
the SHA256 digest (format: quay.io/flightctl/e2eregistry@sha256:...) to ensure
the exact same image is always pulled in CI runs.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: d52086ba-72c2-4b49-a6ca-ac84c852a226

📥 Commits

Reviewing files that changed from the base of the PR and between 84a0ead and 9fd6178.

📒 Files selected for processing (12)

• .github/workflows/integration-tests.yaml
• CHANGELOG.rst
• README.md
• changelogs/changelog.yaml
• galaxy.yml
• plugins/inventory/flightctl.py
• plugins/module_utils/api_module.py
• requirements.txt
• tests/integration/requirements.txt
• tests/integration/targets/flightctl_image_builder/tasks/imagebuild-lifecycle.yml
• tests/integration/targets/flightctl_image_builder/tasks/imageexport-lifecycle.yml
• tests/unit/requirements.txt

[amalykhi]

we are at 1.2.0 version AFAIK

[SiddarthR56]

We are effectively at 1.2.0. There was an issue with the Python package upload, and after deleting it I couldn't re-upload the same version because PyPI doesn't allow reusing a version number. As a result, I had to publish it as 1.2.1, but there are no functional changes from 1.2.0—the version bump was only to work around the PyPI restriction.

[amalykhi]

@SiddarthR56 I noticed certificate tests failed

Failed to sign certificate: error signing certificate -
CN 13d632d86373caaeda64da4052f957faa742fc7050026748bc79065c8819d1b0
Metadata ansible-integration-test-approval-csr mismatch

FlightCtl v1.2.x introduced validation: For CertificateSigningRequest (CSR), the Common Name (CN) in the certificate request MUST match metadata.name.

Current test has:

metadata.name: ansible-integration-test-approval-csr
CN in certificate: 13d632d86373caaeda64da4052f957faa742fc7050026748bc79065c8819d1b0
Result: Mismatch → Signing fails

full test output https://privatebin.corp.redhat.com/?f52208450a0a5eed#EirSSqwN1RH5pw9wjJDPtk7wypAgyadRVbaodpNFR2am

[amalykhi]

@SiddarthR56 I noticed imagebuild tests failed as well ...