[stable/2023.2] Fix collection builds (#1397)

This is an automated cherry-pick of #1388
/assign mnaser
diff --git a/build/pin-images.py b/build/pin-images.py
index 8818f2c..1bf4112 100755
--- a/build/pin-images.py
+++ b/build/pin-images.py
@@ -16,9 +16,26 @@
 
 
 def get_digest(image_ref, token=None):
+    url = f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}"
+
     headers = {}
     if token:
         headers["Authorization"] = f"Bearer {token}"
+    else:
+        r = requests.get(url, timeout=5, verify=False)
+        auth_header = r.headers.get("Www-Authenticate")
+        if auth_header:
+            realm = auth_header.split(",")[0].split("=")[1].strip('"')
+
+            r = requests.get(
+                realm,
+                timeout=5,
+                params={"scope": f"repository:{image_ref.path()}:pull"},
+                verify=False,
+            )
+            r.raise_for_status()
+
+            headers["Authorization"] = f"Bearer {r.json()['token']}"
 
     try:
         headers["Accept"] = "application/vnd.docker.distribution.manifest.v2+json"
@@ -27,6 +44,7 @@
             f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
             timeout=5,
             headers=headers,
+            verify=False,
         )
         r.raise_for_status()
         return r.headers["Docker-Content-Digest"]
@@ -37,6 +55,7 @@
             f"https://{image_ref.domain()}/v2/{image_ref.path()}/manifests/{image_ref['tag']}",
             timeout=5,
             headers=headers,
+            verify=False,
         )
         r.raise_for_status()
         return r.headers["Docker-Content-Digest"]
@@ -46,12 +65,6 @@
 def get_pinned_image(image_src):
     image_ref = reference.Reference.parse(image_src)
 
-    if image_ref.domain() in (
-        "registry.k8s.io",
-        "us-docker.pkg.dev",
-    ):
-        digest = get_digest(image_ref)
-
     if image_ref.domain() == "registry.atmosphere.dev":
         # Get token for docker.io
         r = requests.get(
@@ -66,8 +79,7 @@
         token = r.json()["token"]
 
         digest = get_digest(image_ref, token=token)
-
-    if image_ref.domain() == "quay.io":
+    elif image_ref.domain() == "quay.io":
         r = requests.get(
             f"https://quay.io/api/v1/repository/{image_ref.path()}/tag/",
             timeout=5,
@@ -75,8 +87,7 @@
         )
         r.raise_for_status()
         digest = r.json()["tags"][0]["manifest_digest"]
-
-    if image_ref.domain() == "docker.io":
+    elif image_ref.domain() == "docker.io":
         # Get token for docker.io
         r = requests.get(
             "https://auth.docker.io/token",
@@ -99,8 +110,7 @@
         )
         r.raise_for_status()
         digest = r.headers["Docker-Content-Digest"]
-
-    if image_ref.domain() == "ghcr.io":
+    elif image_ref.domain() == "ghcr.io":
         # Get token for docker.io
         r = requests.get(
             "https://ghcr.io/token",
@@ -114,6 +124,8 @@
         token = r.json()["token"]
 
         digest = get_digest(image_ref, token=token)
+    else:
+        digest = get_digest(image_ref)
 
     return f"{image_ref.domain()}/{image_ref.path()}:{image_ref['tag']}@{digest}"
 
diff --git a/zuul.d/project.yaml b/zuul.d/project.yaml
index 7d1650e..82e5de5 100644
--- a/zuul.d/project.yaml
+++ b/zuul.d/project.yaml
@@ -35,6 +35,8 @@
                 soft: true
               - name: atmosphere-build-container-image-ironic
                 soft: true
+              - name: atmosphere-build-container-image-keepalived
+                soft: true
               - name: atmosphere-build-container-image-keystone
                 soft: true
               - name: atmosphere-build-container-image-kubernetes-entrypoint
@@ -98,6 +100,8 @@
                 soft: true
               - name: atmosphere-upload-container-image-ironic
                 soft: true
+              - name: atmosphere-upload-container-image-keepalived
+                soft: true
               - name: atmosphere-upload-container-image-keystone
                 soft: true
               - name: atmosphere-upload-container-image-kubernetes-entrypoint