Migrate docker image builds from docker-image to registry-image resource

[ramonskie]

Summary

• Replace deprecated docker-image resource type with registry-image + concourse/oci-build-task for building and pushing Docker images in the BBL pipeline
• Add explicit oci-build-task build steps before each registry-image put in bump-bbl-deployment-image and bbl-downstream-docker-image-bump-deployments jobs
• Remove deprecated email field from cf-deployment-concourse-tasks-bbl-dev resource source config

Root Cause

The docker-image resource forces DOCKER_BUILDKIT=0 (legacy builder), which Docker 28+ has dropped. The image builds successfully but is invisible to docker push because the legacy builder's image store is incompatible with Docker 28's containerd-backed image store. This caused the pipeline's push step to silently fail with just failed.

Approach

Follows the same pattern used in bosh-shared-ci#6:

• Use concourse/oci-build-task (BuildKit-based) to build the image, producing image/image.tar
• Use registry-image resource put with image: image/image.tar to push

[coderabbitai]

Walkthrough

This PR refactors the Concourse CI pipeline for bosh-bootloader to use explicit task-based Docker image builds. The docker-bbl-deployment resource type was switched from docker-image to registry-image. Two jobs—bump-bbl-deployment-image and the dev image build in bbl-downstream—now invoke concourse/oci-build-task as privileged tasks to construct their respective Docker images, then use resource put steps to push the resulting image/image.tar artifacts. A DockerHub email configuration field was also removed.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: migrating from deprecated docker-image resource to registry-image resource.
Description check	✅ Passed	The description provides detailed context about the changes, including the root cause (Docker 28+ compatibility issue), the approach taken, and references a precedent from another project.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch migrate-docker-image-to-registry-image

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ci/pipelines/bosh-bootloader.yml`:
- Line 237: The image_resource entries currently specify only repository:
concourse/oci-build-task which makes CI non-deterministic; update both
image_resource blocks that reference concourse/oci-build-task (the two places
currently just using repository: concourse/oci-build-task) to pin to an
immutable image by adding either a specific digest under version.digest
(preferred) or at minimum a fixed tag such as v0.14.13 so the pipeline uses a
reproducible image; apply the same change to both occurrences.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 89994845-c1de-4f09-8601-ab7afa3a8625

📥 Commits

Reviewing files that changed from the base of the PR and between a77b5da and dd468f8.

📒 Files selected for processing (1)

• ci/pipelines/bosh-bootloader.yml