Add investigation for Fedora images workflow

This adds the diagram for container workflow and describes how it works and what
needs to be changed for quay.io.

Signed-off-by: Michal Konecny <mkonecny@redhat.com>

docs/registry_to_quay/fedora_images.rst

@@ -4,10 +4,70 @@ Fedora Base/Minimal/CoreOS container images
 ===========================================
 
 This document contains information about current workflow used to build and publish these container
-images. It also describes changes needed to make it work with quay.io.
+images. It also describes changes needed to make it work with `quay.io <https://quay.io>`_.
 
 Current workflow
 ----------------
 
+The base/minimal/CoreOS images are currently built using OSBS. The OSBS submits builds to
+`candidate-registry.fedoraproject.org <https://candidate-registry.fedoraproject.org/>`_ using
+dockercfg and user can create an update in Bodhi. After testing period is finished or the update
+gets enough karma it is moved by bodhi to
+`registry.fedoraproject_org <https://registry.fedoraproject.org/>`_.
+
+This will change in F39 where the images will be built by
+`koji-flatpak <https://pagure.io/koji-flatpak>`_ plugin. Releng script will then submit the builds
+to both `registry.fedoraproject_org <https://registry.fedoraproject.org/>`_ and
+`quay.io <https://quay.io>`_.
+
+.. image:: ../_static/container_workflow_registry.drawio.png
+    :target: ../_images/container_workflow_registry.drawio.png
+
 Changes for quay.io
 -------------------
+
+This section will describe changes that are needed to make `quay.io <https://quay.io>`_
+work with current setup. It will go through pipeline step by step and describe what
+needs to be changed in case of base/minimal/CoreOS images workflow.
+
+OSBS
+^^^^
+
+OSBS is using Openshift local container registry, which is configured by
+`dockercfg <https://pagure.io/fedora-infra/ansible/blob/main/f/files/osbs/dockercfg-production-secret.j2>`_
+file and pointing to candidate-registry. There is dockercfg for
+`production <https://pagure.io/fedora-infra/ansible/blob/main/f/files/osbs/dockercfg-production-secret.j2>`_ and `staging <https://pagure.io/fedora-infra/ansible/blob/main/f/files/osbs/dockercfg-staging-secret.j2>`_.
+This dockercfg is used as a secret in OSBS and it's deployed in
+`setup-worker-namespace <https://pagure.io/fedora-infra/ansible/blob/main/f/playbooks/groups/osbs/setup-worker-namespace.yml>`_ playbook.
+To make this work with `quay.io <https://quay.io>`_ we need to replace the dockercfg with new
+one pointing to `quay.io <https://quay.io>`_.
+
+.. note::
+
+   OSBS could have trouble reaching to `quay.io <https://quay.io>`_, this needs to be solved
+   for this to work.
+
+Releng script
+^^^^^^^^^^^^^
+
+In the new workflow introduced in Fedora 39+ is a Release Engineering script that pushes the image
+to registry. This script could be found in
+`releng repository <https://pagure.io/releng/blob/main/f/scripts/sync-latest-container-base-image.sh>`_
+and it's already pushing images to `quay.io <https://quay.io>`_.
+
+Bodhi
+^^^^^
+
+Bodhi is pushing the container builds from
+`candidate-registry.fedoraproject.org <https://candidate-registry.fedoraproject.org/>`_ to
+`registry.fedoraproject_org <https://registry.fedoraproject.org/>`_ and this is configured in
+`production.ini template <https://pagure.io/fedora-infra/ansible/blob/main/f/roles/bodhi2/base/templates/production.ini.j2>`_
+in ansible.
+
+To make it work with quay.io we just need to change `container.destination_registry` and
+`container.source_registry` variables.
+
+.. note::
+
+   Bodhi wouldn't be part of the base/minimal/CoreOS images workflow in Fedora 39 and later.\
+   So no need to change anything here.