provider image publishing script doesn't configure public access for new images

[enp0s3]

In Quay, if the image was created for the first time (in our case adding a new provider) it will be configured with private access. We need to manually change it's access to public. We prefer an automated way to do so.

/cc @fgimenez @dhiller

[fgimenez]

Looks like the issue is related to the new quay account, kubevirtcibot, with the old one kubevirtbot, same publish scripts, all worked fine.

[dhiller]

I've asked in the quay sig mailing list here: https://groups.google.com/g/quay-sig/c/zsnYAxv7gtQ

[dhiller]

OK, looks like this is intentional behavior. As I see it we might have to add code to make the repository public via cli after the push.

[dhiller]

As I see it we need to do a call to the api against post /api/v1/repository/{repository}/changevisibility

[dhiller]

Also relevant: https://issues.redhat.com/browse/PROJQUAY-1224

[dhiller]

Did a couple of experiments. As I see it, the work here outweighs the benefits. It's quite complicated to use the Quay API as besides the Bearer token a CSRF token is required, which I know no easy way of fetching from somewhere.

IMHO we have two options now:

• wait for the implementation of the default for new repos on quay.io and remind ourselves to make the repo public every three months
• add a repo pull test somewhere else w/o credentials, which should fail and remind us that we need to make the repo public

[dhiller]

/lifecycle frozen