Parse Docker pull stream for embedded errors in imagePull

[Copilot]

Docker's image-pull endpoint returns HTTP 200 OK even on failure — errors like "image not found" or "authentication required" are embedded as {"error":"..."} JSON objects in the streaming body. Previously, imagePull silently drained the stream, making these failures invisible.

Description

• Replaced silent reader.drain() with readResponseBody + a new checkPullStreamErrors helper
• checkPullStreamErrors scans each newline-delimited JSON line, returns DockerClientError.ImagePullFailed on any line containing an "error" key, and logs the Docker error message at .debug level
• Added ImagePullFailed to DockerClientError
• Fixed pre-existing compilation error in wait.zig: FetchResult has no deinit in Zig 0.15.2
• Fixed incorrect test expectation: invalid chunked body should yield error.InvalidResponse, not partial data

Example of a Docker pull failure now detected:

{"status":"Pulling from library/nonexistent"}
{"errorDetail":{"message":"manifest unknown"},"error":"manifest unknown"}

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Refactoring
• Performance improvement
• Test addition/modification
• CI/CD changes

Checklist

• My code follows the project's style guidelines
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

Testing

• Unit tests
• Integration tests
• Manual testing
• Performance tests

Five unit tests added for checkPullStreamErrors: error detection, success path, empty stream, malformed/non-JSON lines, CRLF-terminated stream. All 52 unit tests pass.

Additional Notes

checkPullStreamErrors reads the full response body before scanning. Pull progress streams are newline-delimited JSON (typically tens of KB), so buffering is acceptable. The Docker error message string is available at .debug log level for diagnostics since Zig errors cannot carry payloads.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Copilot]

Just as a heads up, I was blocked by some firewall rules while working on your feedback. Expand below for details.

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

• ziglang.org
  • Triggering command: /usr/bin/curl curl -s REDACTED -o /tmp/zig.tar.xz (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

• Configure Actions setup steps to set up my environment, which run before the firewall is enabled
• Add the appropriate URLs or hosts to the custom allowlist in this repository's Copilot coding agent settings (admins only)