chore: update GitHub Actions workflows for UBI 9 and UBI 10 images

[prabhuk25]

Updated GitHub Actions workflows for UBI 9 and UBI 10 developer images.

Changes include:

PR check workflows for UBI 10 images.
Main build and publish workflows for UBI 9 and UBI 10 images.
Unified tagging using short SHA for unique image versions.
Multi-architecture support (amd64, arm64, ppc64le) for both base and UDI images.

Summary by CodeRabbit

• Chores
  • Streamlined multi-architecture container image build/publish flow to be simpler and more reliable.
  • Added build output to expose a generated unique tag for downstream steps.
• Bug Fixes / Reliability
  • Improved download/installation steps for a Java utility and corrected architecture mapping for a specific CPU family to ensure proper toolchain selection.

[prabhuk25]

@dkwon17, @ibuziuk, I noticed an image publishing error to the registry in GitHub Actions due to the Docker manifest. I've applied a patch in this PR. Please review and suggest any further updates if needed

[prabhuk25]

I'm updating a workflow failure snapshot for you to look over. Image publishing is blocked due to a Docker manifest issue.

[prabhuk25]

Hey Team,
Just following up on this PR when you get a chance. Let me know if you need any additional context or changes from my side. Thanks!

[coderabbitai]

Warning

Rate limit exceeded

@prabhuk25 has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 54 minutes and 50 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 54 minutes and 50 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 80a6a32c-cf9e-4d00-a616-03e2189d532b

📥 Commits

Reviewing files that changed from the base of the PR and between 3d417a4 and 9dc300e.

📒 Files selected for processing (5)

• .github/workflows/pr-check-ubi10.yaml
• .github/workflows/pr-check.yaml
• .github/workflows/ubi10-build.yaml
• .github/workflows/ubi9-build.yaml
• universal/ubi10/Dockerfile

📝 Walkthrough

Walkthrough

Replaced manual multi-arch Docker manifest assembly (docker manifest create/annotate/push) with docker buildx imagetools create and inspect across CI workflows; updated universal/ubi10/Dockerfile to use curl -fsSL for Lombok and correct Go arch mapping for ppc64le.

Changes

Cohort / File(s)	Summary
Multi-arch Manifest Publishing Workflows .github/workflows/pr-check-ubi10.yaml, .github/workflows/pr-check.yaml, .github/workflows/ubi10-build.yaml, .github/workflows/ubi9-build.yaml	Removed per-arch docker manifest inspect/jq digest extraction and manual docker manifest create/annotate/push. Replaced with docker buildx imagetools create targeting existing per-arch tags (amd64, arm64, ppc64le) and docker buildx imagetools inspect verification. ubi10-build.yaml also exposes publish-udi job output uniq_tag.
Dockerfile Dependency & Arch Mapping universal/ubi10/Dockerfile	Switched Lombok download from wget to curl -fsSL writing /usr/local/lib/lombok.jar; corrected Go architecture mapping for ppc64le to GO_ARCH="ppc64le" during toolchain download/extract.

Sequence Diagram(s)

sequenceDiagram
    rect rgba(220,240,255,0.5)
    participant GH as GitHub Actions Runner
    end
    rect rgba(255,240,220,0.5)
    participant BX as docker buildx / imagetools
    end
    rect rgba(240,255,220,0.5)
    participant REG as Container Registry
    end

    GH->>REG: (prebuilt) push per-arch images (`amd64`, `arm64`, `ppc64le`)
    GH->>BX: run `imagetools create -t <multi-tag> <amd64> <arm64> <ppc64le>`
    BX->>REG: assemble multi-arch manifest referencing per-arch images
    BX->>GH: return manifest digest
    GH->>BX: `imagetools inspect <multi-tag>` (verify)
    BX->>GH: inspection / metadata output

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐇 I hopped through tags and buildx streams,
Curl fetched jars while pipelines gleam,
Archs united, manifests spun,
Multi-arch dawn — a job well done,
A rabbit nods: the checks all beam.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title clearly and specifically describes the main change: updating GitHub Actions workflows for UBI 9 and UBI 10 images, which aligns with the primary changes across four workflow files and one Dockerfile.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

Review ran into problems

🔥 Problems

Timed out fetching pipeline failures after 30000ms

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/ubi10-build.yaml (1)

16-18: ⚠️ Potential issue | 🟠 Major

Fix the reusable workflow output mapping.

Line 18 references an invalid path. The publish-udi job exposes uniq_tag directly (Line 153), not as a nested property under setTagName. Callers of this reusable workflow will receive an empty value for uniq_tag.

Suggested fix

     outputs:
       uniq_tag:
         description: "The unique tag for the universal developer image"
-        value: ${{ jobs.publish-udi.outputs.setTagName.uniq_tag }}
+        value: ${{ jobs.publish-udi.outputs.uniq_tag }}

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/ubi10-build.yaml around lines 16 - 18, The reusable
workflow output mapping is using an invalid path; change the mapping for
uniq_tag to reference the output exposed by the publish-udi job directly (use
jobs.publish-udi.outputs.uniq_tag) instead of the nested setTagName property so
callers receive the actual uniq_tag value from the publish-udi job; locate the
output mapping that defines uniq_tag and replace the current value expression
with the direct jobs.publish-udi.outputs.uniq_tag reference.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In @.github/workflows/ubi10-build.yaml:
- Around line 16-18: The reusable workflow output mapping is using an invalid
path; change the mapping for uniq_tag to reference the output exposed by the
publish-udi job directly (use jobs.publish-udi.outputs.uniq_tag) instead of the
nested setTagName property so callers receive the actual uniq_tag value from the
publish-udi job; locate the output mapping that defines uniq_tag and replace the
current value expression with the direct jobs.publish-udi.outputs.uniq_tag
reference.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 531fb305-7b98-40ae-85ca-5a2b5184e56a

📥 Commits

Reviewing files that changed from the base of the PR and between 1909a73 and c546062.

📒 Files selected for processing (5)

• .github/workflows/pr-check-ubi10.yaml
• .github/workflows/pr-check.yaml
• .github/workflows/ubi10-build.yaml
• .github/workflows/ubi9-build.yaml
• universal/ubi10/Dockerfile

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: prabhuk25, rohanKanojia

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment