empty cred check failed to fall back

[grokspawn]

Description of the change:
getAuthFile evaluates only if the credentials file can be parsed, which leads to concurrence between 'no creds found' and 'creds found' paths, so this PR introduces a new "empty creds" check which allows fallback to system default creds if empty. Adds unit tests to prove the change.

Motivation for the change:
Resolves #1826

Reviewer Checklist

• Implementation matches the proposed design, or proposal is updated to match implementation
• Sufficient unit test coverage
• Sufficient end-to-end test coverage
• Docs updated or added to /docs
• Commit messages sensible and descriptive

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign grokspawn for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Copilot]

Pull request overview

Updates the containers/image-based registry pull logic to better handle REGISTRY_AUTH_FILE cases where the auth file is present but contains no usable credentials for the target registry, allowing credential lookup to fall back instead of forcing an “empty creds” auth file.

Changes:

• In Pull, avoid mutating the shared SystemContext by copying it and only overriding AuthFilePath when appropriate.
• In getAuthFile, treat “parsed but empty credentials” as “no creds found” so the caller can fall back.
• Add unit tests covering matching creds, non-matching creds, empty auth file, and fallback behavior.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File	Description
pkg/image/containersimageregistry/registry.go	Copies SystemContext for per-call auth selection and adds an “empty creds” check when probing auth files.
pkg/image/containersimageregistry/registry_test.go	Adds tests for getAuthFile behavior across matching/non-matching/empty auth scenarios and fallback paths.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

❌ Patch coverage is 88.88889% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 58.81%. Comparing base (48f73d6) to head (555f10a).
⚠️ Report is 2 commits behind head on master.

Files with missing lines	Patch %	Lines
pkg/image/containersimageregistry/registry.go	88.88%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #2020      +/-   ##
==========================================
+ Coverage   58.75%   58.81%   +0.05%     
==========================================
  Files         141      141              
  Lines       13426    13430       +4     
==========================================
+ Hits         7889     7899      +10     
+ Misses       4325     4322       -3     
+ Partials     1212     1209       -3     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.