Update node image

[alicefr]

Add vim and the label with the cluster node image and digest

Summary by Sourcery

Update the Fedora node image build to embed the bootc image digest and include vim in the node image.

New Features:

• Include vim-minimal in the Fedora-based node image for basic in-container text editing.

Enhancements:

• Capture the bootc image digest during build and pass it into the node image build as a build argument for labeling or metadata.

[sourcery-ai]

Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Updates the Fedora node image build to record the bootc image digest as a build-arg and install vim in the node image, enabling labeling of the node image with the underlying bootc image digest and providing a minimal editor in the image.

Flow diagram for updated Fedora node image build with BOOTC_DIGEST

flowchart TD
    A[make build-disk-image] --> B[podman info to set STORAGE_PATH]
    B --> C[podman inspect to set BOOTC_DIGEST]
    C --> D[podman build Containerfile.disk]
    D --> E[--build-arg BOOTC_DIGEST]
    D --> F[Resulting node image labeled with bootc digest]

    subgraph Containerfile
      G[bootc-base-imagectl build-rootfs]
      G --> H[Install vim-minimal]
    end

    F --> G

Loading

File-Level Changes

Change	Details	Files
Propagate the bootc image digest into the node image build to enable labeling based on the underlying bootc image.	Capture the digest of the BOOTC_IMAGE using podman inspect before building the disk image. Pass the captured bootc digest into the node image build as a BOOTC_DIGEST build-arg.	node-images/fedora/Makefile
Install a minimal vim editor in the Fedora node image.	Extend the bootc-rootfs build step to install the vim-minimal package into the target root filesystem.	node-images/fedora/Containerfile

Possibly linked issues

• #N/A: PR adds a build arg for the bootc image digest to label node disk images, fulfilling the issue.
• #(not provided): The PR adds vim-minimal to the node image as requested, plus an extra digest label change.

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've found 1 issue

Prompt for AI Agents

Please address the comments from this code review:

## Individual Comments

### Comment 1
<location path="node-images/fedora/Makefile" line_range="29-31" />
<code_context>
 build-disk-image: build-bootc-image
 	@echo "=== Building node image with qcow2 disk ==="
 	STORAGE_PATH=$$(podman info --format '{{.Store.GraphRoot}}') && \
+	BOOTC_DIGEST=$$(podman inspect --format '{{.Digest}}' $(BOOTC_IMAGE)) && \
 	podman build \
 		--cap-add=SYS_ADMIN \
</code_context>
<issue_to_address>
**suggestion:** Consider using a more robust inspect format for the image digest or handling the case where `.Digest` is empty.

`{{.Digest}}` may be empty for some locally-built images, which would pass an empty `BOOTC_DIGEST` into the build and hide the failure. Consider using something like `{{index .RepoDigests 0}}` or at least checking that `BOOTC_DIGEST` is non-empty before continuing, so failures are explicit instead of silently losing the digest.

```suggestion
	STORAGE_PATH=$$(podman info --format '{{.Store.GraphRoot}}') && \
	BOOTC_DIGEST=$$(podman inspect --format '{{index .RepoDigests 0}}' $(BOOTC_IMAGE)) && \
	test -n "$$BOOTC_DIGEST" || { echo "ERROR: Failed to determine BOOTC_DIGEST for $(BOOTC_IMAGE)"; exit 1; } && \
	podman build \
```
</issue_to_address>

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}

[sourcery-ai]

suggestion: Consider using a more robust inspect format for the image digest or handling the case where .Digest is empty.

{{.Digest}} may be empty for some locally-built images, which would pass an empty BOOTC_DIGEST into the build and hide the failure. Consider using something like {{index .RepoDigests 0}} or at least checking that BOOTC_DIGEST is non-empty before continuing, so failures are explicit instead of silently losing the digest.

Suggested change

	STORAGE_PATH=$$(podman info --format '{{.Store.GraphRoot}}') && \
	BOOTC_DIGEST=$$(podman inspect --format '{{.Digest}}' $(BOOTC_IMAGE)) && \
	podman build \
	STORAGE_PATH=$$(podman info --format '{{.Store.GraphRoot}}') && \
	BOOTC_DIGEST=$$(podman inspect --format '{{index .RepoDigests 0}}' $(BOOTC_IMAGE)) && \
	test -n "$$BOOTC_DIGEST" || { echo "ERROR: Failed to determine BOOTC_DIGEST for $(BOOTC_IMAGE)"; exit 1; } && \
	podman build \

[jlebon]

Hmm, the problem with this is that we haven't pushed the bootc image yet so we don't have the actual pushed digest. At push time, layers are compressed which will yield a different manifest digest than what we get here.

So I think this would require building the bootc image, pushing it (use podman push --digestfile foo ...) and then build the disk image (and the BOOTC_DIGEST would be $(cat foo)).

Alternatively... don't worry about digests, and just use tags. Derive the tag name from the date.

[alicefr]

mmh maybe I'm missing something but the label is correct and matches what bootc reports. Example:

podman inspect --format '{{index .Config.Labels "bink.bootc-image-digest"}}' ghcr.io/alicefr/bink/node:v1.35-fedora-44-disk
sha256:903caa303fbf9db5250c7943b63a44f774b9c52b825d0e7865672e9cf11ce09d

On a booted node started with --node-image corresponding to the one we just inspected:

[root@controller ~]# bootc status
● Booted image: registry.cluster.local:5000/node:latest
        Digest: sha256:903caa303fbf9db5250c7943b63a44f774b9c52b825d0e7865672e9cf11ce09d (amd64)
     Timestamp: 2026-06-04T12:33:32Z