feat(bakery): FCOS sysext catalog client for fedora-sysexts/community

[clubanderson]

Closes #641.

What this PR does

Implements the FCOS sysext catalog client described in issue #641, fetching extensions from the fedora-sysexts/community GitHub Releases API.

New files

internal/fcos/streams.go (new package)

• FetchStreamFedoraVersion(ctx, stream) (int, error) — queries FCOS stream metadata JSON to derive the current Fedora major version (e.g. 44 from 44.20260510.3.1). Prefers x86_64, falls back to aarch64.
• Injectable HTTP client; 100% statement coverage.

internal/bakery/fcos_tag.go

• ParseFCOSTagName(tag) (name, version, fedoraVersion, arch, error) — parses tags in the form <name>-<version_components>-<fedoraVersion>-<arch>.
• Handles RPM epoch prefixes, multi-word names, digit-starting names; rejects bare pointer tags.
• 30+ real catalog tags as test cases.

internal/bakery/fcos.go

• FCOSCatalogURL, FetchCatalogFCOS on *HTTPClient, FCOSClient implementing Client.
• Paginated (up to fcosMaxCatalogPages=20), deduplicating, with SHA256 verification and curated metadata. Page cap is a hard error, not silent truncation.

internal/bakery/fcos_descriptions.go

• FCOSLookup and fcosCatalog with 10 curated entries: docker-ce, tailscale, vscode, vscodium, cilium-cli, 1password-gui, kubernetes, netbird, cloud-hypervisor, glab.

Justfile

• Added [fcos]=100 to cover-check targets.

Design notes

• Asset URLs: verified 2025-06-04 — all browser_download_url values point to github.com (not extensions.fcos.fr). Existing maxSysextURLLen and HTTPS enforcement are sufficient.
• Wiring to wizard/headless: scoped to issue feat(install): OS-dispatching installer and bakery client wiring #638.
• 100% coverage: both internal/bakery and internal/fcos hit 100% statement coverage.

[coderabbitai]

Warning

Review limit reached

@clubanderson, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 1 minute and 46 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: b7c47b39-080d-41e5-aafb-ec89465e77de

📥 Commits

Reviewing files that changed from the base of the PR and between d4cfb3b and e955dd8.

📒 Files selected for processing (9)

• Justfile
• internal/bakery/fcos.go
• internal/bakery/fcos_descriptions.go
• internal/bakery/fcos_descriptions_test.go
• internal/bakery/fcos_tag.go
• internal/bakery/fcos_tag_test.go
• internal/bakery/fcos_test.go
• internal/fcos/streams.go
• internal/fcos/streams_test.go

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}