feat: replace hardcoded artifact image constants with CLI-configurable values

.github/workflows/stale.yml

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2025-09-29T15:35:06Z by kres 301c24d.
+# Generated on 2025-10-17T16:18:55Z by kres 46e133d.
 
 "on":
   schedule:
@@ -15,7 +15,7 @@ jobs:
       - ubuntu-latest
     steps:
       - name: Close stale issues and PRs
-        uses: actions/stale@v10.0.0
+        uses: actions/stale@v10.1.0
         with:
           close-issue-message: This issue was closed because it has been stalled for 7 days with no activity.
           days-before-issue-close: "5"

Dockerfile

@@ -1,15 +1,15 @@
-# syntax = docker/dockerfile-upstream:1.18.0-labs
+# syntax = docker/dockerfile-upstream:1.19.0-labs
 
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2025-09-29T15:35:06Z by kres 301c24d.
+# Generated on 2025-10-17T16:18:55Z by kres 46e133d.
 
 ARG TOOLCHAIN
 ARG PKGS_PREFIX
 ARG PKGS
 
 # runs markdownlint
-FROM docker.io/oven/bun:1.2.22-alpine AS lint-markdown
+FROM docker.io/oven/bun:1.3.0-alpine AS lint-markdown
 WORKDIR /src
 RUN bun i [email protected] [email protected]
 COPY .markdownlint.json .

Makefile

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2025-09-30T18:06:15Z by kres bc281a9.
+# Generated on 2025-10-17T16:18:55Z by kres 46e133d.
 
 # common variables
 
@@ -17,16 +17,16 @@ WITH_RACE ?= false
 REGISTRY ?= ghcr.io
 USERNAME ?= siderolabs
 REGISTRY_AND_USERNAME ?= $(REGISTRY)/$(USERNAME)
-PROTOBUF_GO_VERSION ?= 1.36.9
+PROTOBUF_GO_VERSION ?= 1.36.10
 GRPC_GO_VERSION ?= 1.5.1
-GRPC_GATEWAY_VERSION ?= 2.27.2
+GRPC_GATEWAY_VERSION ?= 2.27.3
 VTPROTOBUF_VERSION ?= 0.6.0
-GOIMPORTS_VERSION ?= 0.37.0
+GOIMPORTS_VERSION ?= 0.38.0
 GOMOCK_VERSION ?= 0.6.0
 DEEPCOPY_VERSION ?= v0.5.8
-GOLANGCILINT_VERSION ?= v2.4.0
+GOLANGCILINT_VERSION ?= v2.5.0
 GOFUMPT_VERSION ?= v0.9.1
-GO_VERSION ?= 1.25.1
+GO_VERSION ?= 1.25.3
 GO_BUILDFLAGS ?=
 GO_LDFLAGS ?=
 CGO_ENABLED ?= 0

cmd/image-factory/cmd/options.go

@@ -110,6 +110,8 @@ type Options struct { //nolint:govet
 
 	// SecureBoot settings.
 	SecureBoot SecureBootOptions
+
+	Images ImageOptions
 }
 
 // SecureBootOptions configures SecureBoot.
@@ -136,6 +138,16 @@ type SecureBootOptions struct { //nolint:govet
 	AwsRegion      string
 }
 
+// ImageOptions holds names of images used by the image factory.
+type ImageOptions struct {
+	InstallerBaseImage     string
+	InstallerImage         string
+	ImagerImage            string
+	ExtensionManifestImage string
+	OverlayManifestImage   string
+	TalosctlImage          string
+}
+
 // DefaultOptions are the default options.
 var DefaultOptions = Options{
 	HTTPListenAddr: ":8080",
@@ -165,4 +177,13 @@ var DefaultOptions = Options{
 	CacheS3Bucket:   "image-factory",
 
 	MetricsListenAddr: ":2122",
+
+	Images: ImageOptions{
+		InstallerBaseImage:     "siderolabs/installer-base",
+		InstallerImage:         "siderolabs/installer",
+		ImagerImage:            "siderolabs/imager",
+		ExtensionManifestImage: "siderolabs/extensions",
+		OverlayManifestImage:   "siderolabs/overlays",
+		TalosctlImage:          "siderolabs/talosctl-all",
+	},
 }

cmd/image-factory/cmd/service.go

@@ -309,6 +309,13 @@ func buildArtifactsManager(ctx context.Context, logger *zap.Logger, opts Options
 		TalosVersionRecheckInterval: opts.TalosVersionRecheckInterval,
 		RemoteOptions:               remoteOptions(),
 		RegistryRefreshInterval:     opts.RegistryRefreshInterval,
+
+		InstallerBaseImage:     opts.Images.InstallerBaseImage,
+		InstallerImage:         opts.Images.InstallerImage,
+		ImagerImage:            opts.Images.ImagerImage,
+		ExtensionManifestImage: opts.Images.ExtensionManifestImage,
+		OverlayManifestImage:   opts.Images.OverlayManifestImage,
+		TalosctlImage:          opts.Images.TalosctlImage,
 	})
 	if err != nil {
 		return nil, fmt.Errorf("failed to initialize artifacts manager: %w", err)

cmd/image-factory/flags.go

@@ -2,7 +2,6 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-// Package main is the entrypoint of the image factory.
 package main
 
 import (
@@ -97,6 +96,13 @@ func initFlags() cmd.Options {
 	flag.StringVar(&opts.SecureBoot.AzureCertificateName, "secureboot-azure-certificate-name", cmd.DefaultOptions.SecureBoot.AzureCertificateName, "Secure Boot Azure Key Vault certificate name (use Azure PKI)") //nolint:lll
 	flag.StringVar(&opts.SecureBoot.AzureKeyName, "secureboot-azure-key-name", cmd.DefaultOptions.SecureBoot.AzureKeyName, "Secure Boot Azure Key Vault PCR key name (use Azure PKI)")
 
+	flag.StringVar(&opts.Images.InstallerBaseImage, "installer-base-image", cmd.DefaultOptions.Images.InstallerBaseImage, "Name of image InstallerBaseImage")
+	flag.StringVar(&opts.Images.InstallerImage, "installer-image", cmd.DefaultOptions.Images.InstallerImage, "Name of image InstallerImage")
+	flag.StringVar(&opts.Images.ImagerImage, "imager-image", cmd.DefaultOptions.Images.ImagerImage, "Name of image ImagerImage")
+	flag.StringVar(&opts.Images.ExtensionManifestImage, "extension-manifest-image", cmd.DefaultOptions.Images.ExtensionManifestImage, "Name of image ExtensionManifestImage")
+	flag.StringVar(&opts.Images.OverlayManifestImage, "overlay-manifest-image", cmd.DefaultOptions.Images.OverlayManifestImage, "Name of image OverlayManifestImage")
+	flag.StringVar(&opts.Images.TalosctlImage, "talosctl-image", cmd.DefaultOptions.Images.TalosctlImage, "Name of image TalosctlImage")
+
 	opts.LogLevel = zap.LevelFlag("log-level", zap.InfoLevel, "set the logging level")
 
 	flag.Parse()

internal/artifacts/artifacts.go

@@ -31,6 +31,14 @@ type Options struct { //nolint:govet
 	RemoteOptions []remote.Option
 	// RegistryRefreshInterval is the interval for refreshing the image registry connections.
 	RegistryRefreshInterval time.Duration
+
+	// Images used by the artifacts manager.
+	InstallerBaseImage     string
+	InstallerImage         string
+	ImagerImage            string
+	ExtensionManifestImage string
+	OverlayManifestImage   string
+	TalosctlImage          string
 }
 
 // ImageVerifyOptions are the options for verifying the image signature.
@@ -68,16 +76,6 @@ const (
 // FetchTimeout controls overall timeout for fetching artifacts for a release.
 const FetchTimeout = 20 * time.Minute
 
-// Various images.
-const (
-	InstallerBaseImage     = "siderolabs/installer-base"
-	InstallerImage         = "siderolabs/installer"
-	ImagerImage            = "siderolabs/imager"
-	ExtensionManifestImage = "siderolabs/extensions"
-	OverlayManifestImage   = "siderolabs/overlays"
-	TalosctlImage          = "siderolabs/talosctl-all"
-)
-
 const tmpSuffix = "-tmp"
 
 // ErrNotFoundTag tags the errors when the artifact is not found.

internal/artifacts/fetch.go

@@ -142,7 +142,7 @@ func (m *Manager) fetchImageByDigest(digestRef name.Digest, architecture Arch, i
 func (m *Manager) fetchImager(tag string) error {
 	destinationPath := filepath.Join(m.storagePath, tag)
 
-	if err := m.fetchImageByTag(ImagerImage, tag, ArchAmd64, imageExportHandler(func(logger *zap.Logger, r io.Reader) error {
+	if err := m.fetchImageByTag(m.options.ImagerImage, tag, ArchAmd64, imageExportHandler(func(logger *zap.Logger, r io.Reader) error {
 		return untarWithPrefix(logger, r, usrInstallPrefix, destinationPath+tmpSuffix)
 	})); err != nil {
 		return err
@@ -188,15 +188,18 @@ func (m *Manager) fetchOverlayImage(arch Arch, ref OverlayRef, destPath string)
 	return os.Rename(destPath+tmpSuffix, destPath)
 }
 
-// fetchInstallerImage fetches a Talos installer image and exports it to the storage.
-func (m *Manager) fetchInstallerImage(arch Arch, versionTag string, destPath string) error {
-	installerImage := InstallerImage
-
+// InstallerImageName returns an installer image name based on Talos version.
+func (m *Manager) InstallerImageName(versionTag string) string {
 	if quirks.New(versionTag).SupportsUnifiedInstaller() {
-		installerImage = InstallerBaseImage
+		return m.options.InstallerBaseImage
 	}
 
-	if err := m.fetchImageByTag(installerImage, versionTag, arch, imageOCIHandler(destPath+tmpSuffix)); err != nil {
+	return m.options.InstallerImage
+}
+
+// fetchInstallerImage fetches a Talos installer image and exports it to the storage.
+func (m *Manager) fetchInstallerImage(arch Arch, versionTag string, destPath string) error {
+	if err := m.fetchImageByTag(m.InstallerImageName(versionTag), versionTag, arch, imageOCIHandler(destPath+tmpSuffix)); err != nil {
 		return err
 	}
 
@@ -205,9 +208,7 @@ func (m *Manager) fetchInstallerImage(arch Arch, versionTag string, destPath str
 
 // fetchTalosctlImage fetches a Talosctl image and exports it to the storage.
 func (m *Manager) fetchTalosctlImage(versionTag string, destPath string) error {
-	talosctlImage := TalosctlImage
-
-	if err := m.fetchImageByTag(talosctlImage, versionTag, ArchAmd64, imageExportHandler(func(logger *zap.Logger, r io.Reader) error {
+	if err := m.fetchImageByTag(m.options.TalosctlImage, versionTag, ArchAmd64, imageExportHandler(func(logger *zap.Logger, r io.Reader) error {
 		return untarWithPrefix(logger, r, "", destPath+tmpSuffix)
 	})); err != nil {
 		return err

internal/artifacts/versions.go

@@ -28,7 +28,7 @@ func (m *Manager) fetchTalosVersions() (any, error) {
 	ctx, cancel := context.WithTimeout(context.Background(), FetchTimeout)
 	defer cancel()
 
-	repository := m.imageRegistry.Repo(ImagerImage)
+	repository := m.imageRegistry.Repo(m.options.ImagerImage)
 
 	candidates, err := m.pullers[ArchAmd64].List(ctx, repository)
 	if err != nil {
@@ -130,7 +130,7 @@ type overlaysDescription struct {
 func (m *Manager) fetchOfficialExtensions(tag string) error {
 	var extensions []ExtensionRef
 
-	if err := m.fetchImageByTag(ExtensionManifestImage, tag, ArchAmd64, imageExportHandler(func(_ *zap.Logger, r io.Reader) error {
+	if err := m.fetchImageByTag(m.options.ExtensionManifestImage, tag, ArchAmd64, imageExportHandler(func(_ *zap.Logger, r io.Reader) error {
 		var extractErr error
 
 		extensions, extractErr = extractExtensionList(r)
@@ -160,7 +160,7 @@ func (m *Manager) fetchOfficialExtensions(tag string) error {
 func (m *Manager) fetchOfficialOverlays(tag string) error {
 	var overlays []OverlayRef
 
-	if err := m.fetchImageByTag(OverlayManifestImage, tag, ArchAmd64, imageExportHandler(func(_ *zap.Logger, r io.Reader) error {
+	if err := m.fetchImageByTag(m.options.OverlayManifestImage, tag, ArchAmd64, imageExportHandler(func(_ *zap.Logger, r io.Reader) error {
 		var extractErr error
 
 		overlays, extractErr = extractOverlayList(r)
@@ -190,7 +190,7 @@ func (m *Manager) fetchOfficialOverlays(tag string) error {
 func (m *Manager) fetchTalosctlTuples(tag string) error {
 	var talosctlTuples []TalosctlTuple
 
-	if err := m.fetchImageByTag(TalosctlImage, tag, ArchAmd64, imageExportHandler(func(_ *zap.Logger, r io.Reader) error {
+	if err := m.fetchImageByTag(m.options.TalosctlImage, tag, ArchAmd64, imageExportHandler(func(_ *zap.Logger, r io.Reader) error {
 		var extractErr error
 
 		talosctlTuples, extractErr = extractTalosctlTuples(r)

internal/asset/cache/registry/layer.go

@@ -78,7 +78,7 @@ func (w *layerWrapper) Size() (int64, error) {
 	return w.src.Size(), nil
 }
 
-// Returns the mediaType for the compressed Layer.
+// MediaType returns the mediaType for the compressed Layer.
 func (w *layerWrapper) MediaType() (types.MediaType, error) {
 	return "application/data", nil
 }

internal/image/signer/signer.go

@@ -60,7 +60,7 @@ func (s *Signer) GetVerifier() signature.Verifier {
 	return s.sv
 }
 
-// GetVerifier returns the signer for the signature.
+// GetSigner returns the signer for the signature.
 func (s *Signer) GetSigner() signature.Signer {
 	return s.sv
 }

internal/profile/profile.go

@@ -283,6 +283,7 @@ type ArtifactProducer interface {
 	GetOverlayArtifact(context.Context, artifacts.Arch, artifacts.OverlayRef, artifacts.OverlayKind) (string, error)
 	GetInstallerImage(context.Context, artifacts.Arch, string) (string, error)
 	GetTalosctlImage(context.Context, string) (string, error)
+	InstallerImageName(string) string
 }
 
 func findExtension(availableExtensions []artifacts.ExtensionRef, extensionName string) artifacts.ExtensionRef {
@@ -362,13 +363,7 @@ func EnhanceFromSchematic(
 
 	if prof.Output.Kind == profile.OutKindInstaller {
 		if installerImagePath, err := artifactProducer.GetInstallerImage(ctx, artifacts.Arch(prof.Arch), versionTag); err == nil {
-			installerImage := artifacts.InstallerImage
-
-			if quirks.New(versionTag).SupportsUnifiedInstaller() {
-				installerImage = artifacts.InstallerBaseImage
-			}
-
-			prof.Input.BaseInstaller.ImageRef = installerImage + ":" + versionTag // fake reference
+			prof.Input.BaseInstaller.ImageRef = artifactProducer.InstallerImageName(versionTag) + ":" + versionTag // fake reference
 			prof.Input.BaseInstaller.OCIPath = installerImagePath
 		} else {
 			return prof, fmt.Errorf("failed to get base installer: %w", err)

internal/profile/profile_test.go

@@ -14,6 +14,7 @@ import (
 	"github.com/siderolabs/go-pointer"
 	"github.com/siderolabs/talos/pkg/imager/profile"
 	"github.com/siderolabs/talos/pkg/machinery/constants"
+	"github.com/siderolabs/talos/pkg/machinery/imager/quirks"
 	"github.com/stretchr/testify/require"
 	"golang.org/x/net/context"
 
@@ -418,6 +419,14 @@ func (mockArtifactProducer) GetTalosctlImage(_ context.Context, tag string) (str
 	return fmt.Sprintf("talosctl-all-%s.oci", tag), nil
 }
 
+func (mockArtifactProducer) InstallerImageName(versionTag string) string {
+	if quirks.New(versionTag).SupportsUnifiedInstaller() {
+		return "siderolabs/installer-base"
+	}
+
+	return "siderolabs/installer"
+}
+
 //nolint:maintidx
 func TestEnhanceFromSchematic(t *testing.T) {
 	t.Parallel()

internal/schematic/storage/registry/registry.go

@@ -152,7 +152,7 @@ func (w *layerWrapper) Size() (int64, error) {
 	return int64(len(w.data)), nil
 }
 
-// Returns the mediaType for the compressed Layer.
+// MediaType returns the mediaType for the compressed Layer.
 func (w *layerWrapper) MediaType() (types.MediaType, error) {
 	return SchematicMediaType, nil
 }

pkg/client/options.go

@@ -2,7 +2,6 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
-// Package client implements image factory HTTP API client.
 package client
 
 import "net/http"