Skip to content

OCM-00000 | ci: Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.5-1783679445#3359

Open
red-hat-konflux[bot] wants to merge 1 commit into
masterfrom
konflux/mintmaker/master/registry.access.redhat.com-ubi9-go-toolset-1.x
Open

OCM-00000 | ci: Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.5-1783679445#3359
red-hat-konflux[bot] wants to merge 1 commit into
masterfrom
konflux/mintmaker/master/registry.access.redhat.com-ubi9-go-toolset-1.x

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
registry.access.redhat.com/ubi9/go-toolset stage patch 1.26.4-17834423691.26.5-1783679445
registry.access.redhat.com/ubi9/go-toolset final patch 1.26.4-17834423691.26.5-1783679445

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

Summary by CodeRabbit

  • Chores
    • Updated the Go build environment to a newer supported image version.
    • Refreshed end-to-end and Konflux container builds with the updated runtime tooling.
    • Updated the bundled support utility in the end-to-end image.

@red-hat-konflux red-hat-konflux Bot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Jul 9, 2026
@coderabbitai

coderabbitai Bot commented Jul 9, 2026

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

Updated UBI9 Go toolset image references in the main, e2e, and Konflux Dockerfiles. The e2e Dockerfile also aligns the rosa-support builder and final runtime stages with the newer image.

Possibly related PRs

  • openshift/rosa#3347 — Updates the same UBI9 Go toolset references across the same Dockerfiles.

Suggested reviewers: robpblake, davidleerh

🚥 Pre-merge checks | ✅ 14 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description is mostly an automated dependency-update note and misses the repository's required summary, issue context, testing, and verification sections. Add the template sections for summary, issue details, related links, change type, behavior, testing steps, proof, breaking changes, and verification.
✅ Passed checks (14 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed The PR only changes three Dockerfiles; no Ginkgo test files or test titles were modified.
Test Structure And Quality ✅ Passed Only Dockerfiles changed; no Ginkgo test code was touched, so the test-quality review is not applicable.
Microshift Test Compatibility ✅ Passed PASS: PR only changes Dockerfiles; no new Ginkgo tests or test code were added, so MicroShift compatibility is not applicable.
Single Node Openshift (Sno) Test Compatibility ✅ Passed No Ginkgo/e2e test definitions were added or changed; the diff only updates Dockerfiles and image tags, so this SNO check is not applicable.
Topology-Aware Scheduling Compatibility ✅ Passed Only Dockerfiles changed: base-image bumps and a rosa-support build stage; no manifests, replicas, affinity, nodeSelector, or topology logic was added.
Ote Binary Stdout Contract ✅ Passed PASS: The PR only changes Dockerfiles (base-image tags and multi-stage build), with no Go main/suite setup or stdout/logging code touched.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed Only Dockerfiles changed; no new or modified Ginkgo e2e tests were added, so the IPv6/disconnected test check is not applicable.
No-Weak-Crypto ✅ Passed The diff only bumps go-toolset image tags; no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret comparisons were added.
Container-Privileges ✅ Passed PASS: The PR only bumps base image tags in Dockerfiles; no privileged, hostPID/hostNetwork/hostIPC, SYS_ADMIN, or allowPrivilegeEscalation settings were added.
No-Sensitive-Data-In-Logs ✅ Passed PR only updates Docker base images/build stages; no logging or sensitive-data exposure appears in the touched files.
Title check ✅ Passed The title clearly states the main change: updating the ubi9/go-toolset Docker tag to v1.26.5-1783679445.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch konflux/mintmaker/master/registry.access.redhat.com-ubi9-go-toolset-1.x

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from davidleerh and robpblake July 9, 2026 21:55
@openshift-ci

openshift-ci Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: red-hat-konflux[bot]
Once this PR has been reviewed and has the lgtm label, please assign amandahla for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci

openshift-ci Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Hi @red-hat-konflux[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@images/Dockerfile.e2e`:
- Around line 22-23: The E2E Dockerfile’s final stage currently uses the build
toolchain image and switches to root, so update the runtime stage to a minimal
supported base (such as UBI minimal or distroless) and copy only the required
artifacts from the builder stage. In the Dockerfile for the E2E image, remove
any build tools from the final image, switch to a non-root user like appuser
before runtime setup, and add a HEALTHCHECK for the running service. Use the
existing multi-stage structure and adjust the final-stage setup around the
Dockerfile’s runtime instructions rather than the build stage.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 5ddceca7-bfa6-4c90-be6a-18faf76ad471

📥 Commits

Reviewing files that changed from the base of the PR and between f89fbbc and fefe012.

📒 Files selected for processing (3)
  • Dockerfile
  • images/Dockerfile.e2e
  • images/Dockerfile.konflux

Comment thread images/Dockerfile.e2e Outdated
Comment on lines 22 to 23
FROM registry.access.redhat.com/ubi9/go-toolset:1.26.4-1783628461
USER root

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | 🏗️ Heavy lift

Use a minimal non-root runtime image for the E2E stage.

The final stage is based on ubi9/go-toolset and explicitly starts as root, retaining build tooling in the runtime image. Please use a supported minimal runtime base, copy only required artifacts, set USER appuser before runtime operations where possible, and add the required HEALTHCHECK.
As per path instructions: “Base image: UBI minimal or distroless,” “Multi-stage builds; no build tools in final image,” “USER non-root; never run as root,” and “HEALTHCHECK defined.”

Also applies to: 39-44

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@images/Dockerfile.e2e` around lines 22 - 23, The E2E Dockerfile’s final stage
currently uses the build toolchain image and switches to root, so update the
runtime stage to a minimal supported base (such as UBI minimal or distroless)
and copy only the required artifacts from the builder stage. In the Dockerfile
for the E2E image, remove any build tools from the final image, switch to a
non-root user like appuser before runtime setup, and add a HEALTHCHECK for the
running service. Use the existing multi-stage structure and adjust the
final-stage setup around the Dockerfile’s runtime instructions rather than the
build stage.

Source: Path instructions

…ker tag to v1.26.5-1783679445

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/master/registry.access.redhat.com-ubi9-go-toolset-1.x branch from fefe012 to fa73203 Compare July 13, 2026 11:43
@red-hat-konflux red-hat-konflux Bot changed the title OCM-00000 | ci: Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.4-1783628461 OCM-00000 | ci: Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.5-1783679445 Jul 13, 2026
@openshift-ci

openshift-ci Bot commented Jul 13, 2026

Copy link
Copy Markdown
Contributor

@red-hat-konflux[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/images-release-images fa73203 link true /test images-release-images
ci/prow/test fa73203 link true /test test
ci/prow/commits fa73203 link true /test commits
ci/prow/lint fa73203 link true /test lint
ci/prow/security fa73203 link false /test security
ci/prow/e2e-presubmits-images fa73203 link true /test e2e-presubmits-images
ci/prow/build fa73203 link true /test build
ci/prow/images-images fa73203 link true /test images-images
ci/prow/govulncheck fa73203 link false /test govulncheck

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dco-signoff: yes ok-to-test Indicates a non-member PR verified by an org member that is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants