Draft: maintenance upgrade and adding update tools

Summary

Upgrades code-marketplace to v2.4.0 with significant security and automation improvements for IronBank deployment.

---

Key Changes

🔒 Security & Size Optimization

• Base image: ubi9:9.5 → ubi9-minimal:9.6
  • 55% size reduction (~100 MB vs ~220 MB)
  • Reduced attack surface with fewer packages
  • Bash preserved for compatibility

🤖 Automation Infrastructure

• update-manifest.sh: Automates version bumps and SHA256 computation
  • Fetches latest releases from GitHub
  • Validates checksums locally
  • Checks for UBI9 base image updates
• renovate.json: Automated dependency tracking for code-marketplace releases

📦 Version Update

• v2.3.0 → v2.4.0
  • New /api/vscode/{publisher}/{extension}/latest endpoint
  • Fixes VS Code extension installation without explicit versions
  • SHA256: e290ed2f86d8e29c6a84cc9eeb91d68016984985c85e6ea401ac0197edce948b

✅ Testing & Validation

• Comprehensive test suite (test-build.sh)
  • Auto-detects container runtime (docker / podman / nerdctl)
  • Downloads real test extensions from Open VSX
  • Validates health, API endpoints, and extension serving
  • All tests passing ✓

🐛 Bug Fixes

• Fixed entrypoint to bind 0.0.0.0:3001 for container access
• Package manager: dnf → microdnf (ubi9-minimal requirement)

---

Testing

• ✓ Health check endpoint
• ✓ Extension query API
• ✓ Found 2 extension(s) in marketplace
• ✓ Item endpoint
• ✓ No errors in container logs

Image size: 299 MB
Build status: ✅ Successful with IronBank ubi9-minimal:9.6

---

Impact

• ✅ Smaller, more secure image
• ✅ Automated maintenance workflow
• ✅ Latest stable release with bug fixes
• ✅ Validated deployment via test suite
• ✅ No breaking changes

---

Additional Notes

• Backup created: hardening_manifest.yaml.bak
• Test extensions stored in test/extensions/ (gitignored)
• Both mikefarah and Python yq variants supported