Boilerplate: Update to 8fb7c801f68dc7e06e8d2ae138c2a98f0b234b56#241
Merged
openshift-merge-bot[bot] merged 1 commit intoJun 11, 2026
Conversation
Conventions: - openshift/golang-osd-e2e: No change --- openshift/boilerplate@48ae74b...8fb7c80 commit: 8fb7c801f68dc7e06e8d2ae138c2a98f0b234b56 author: Josh Branham Remove user no longer in the org commit: adf5de77e6238d9697351b1030ec7f4c3e793bac author: Mitali Bhalla ROSA-745: MintMaker gomod batch + automerge via boilerplate renovate (#748) Enable grouped gomod manager in shared renovate.json with Mon-Fri 02:00-04:59 UTC batch window; pre-label lgtm/approved on safe patch/minor/digest updates; major gomod and Tekton updates open for manual review. Add lgtm/approved and Mon 03:00 UTC schedule to Dependabot docker template. Co-authored-by: Cursor <[email protected]> commit: fb6795dfd897e2b42b7d3b9646228812b57d98c8 author: Kirk Bater remove iamkirkbater from team leads alias commit: 1d09b759691974be7028624ad761eb25915d344c author: Christopher Collins Fix container-make leaving orphaned containers on interruption Add --rm to the detached container run so it self-removes when stopped. Add an EXIT trap to stop the container on abnormal exit (Ctrl+C, terminal close, SIGTERM). Disarm the trap before normal cleanup so the happy path uses the existing explicit rm -f without a redundant stop. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> commit: e63f1e4045c75dec240c472fa10d34c6d17bb85e author: red-hat-konflux[bot] chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 30b786d Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: 44a1272cb93ca85457f7179a5eb98b578e3ca6c5 author: red-hat-konflux[bot] chore(deps): update konflux references (#749) Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: 3909bdfa084fe68bff714f4d7e764860ada91018 author: MitaliBhalla Revert "Merge pull request #741 from MitaliBhalla/chore/renovate-gomod-automerge" This reverts commit b9feed9077bb86729e82a40dc46e9343da59a915, reversing changes made to 1628663baae4b9c1b7c55ed302a3d9e99376d8c6. commit: e5238f5ec6979b77e1853198f77fed08ba1713fc author: MitaliBhalla Revert "Merge pull request #746 from MitaliBhalla/chore/renovate-gomod-daily-batch" This reverts commit dd0c8513538cbc8e2c9df5ce3c2053740d733f34, reversing changes made to bbab1081503624f1e013b398e1cd2a0806b5d834. commit: 6ccbd825498f0c7c16c9860084c674ded4d2e1e2 author: MitaliBhalla Pilot: narrow gomod schedule to current UTC hour for testing Thu 06:00-06:59 UTC (~11:30 AM-12:30 PM IST) so MintMaker can run soon after merge. Production window 02:00-04:59 Mon-Fri in a follow-up. Co-authored-by: Cursor <[email protected]> commit: eff876184ca983751b866c3cad7d7827c72438da author: MitaliBhalla Use short Thursday UTC window for MintMaker pilot test Temporary schedule 06:00-07:59 UTC (Thu) for immediate validation; restore 02:00-04:59 Mon-Fri in a follow-up after pilot sign-off. Co-authored-by: Cursor <[email protected]> commit: d621c3a4fc0f200b400683ae744daa6c0296752d author: MitaliBhalla Batch MintMaker gomod updates on a UTC weekday schedule Group patch/minor gomod bumps into one PR per repo and open them only UTC 02:00-04:59 on weekdays. Keep lgtm/approved for tide automerge; merge gating relies on Prow required checks (DPP), not a GitHub Action. Co-authored-by: Cursor <[email protected]> commit: a8be62527cc4192704c8f0f61a7f82fe287da4c8 author: Andrew Pantuso feat: add generation logic to propagate CRDs to deploy_pko if present commit: c7cd213a17e83b13b310d112b2aff882cd1d4d93 author: Christopher Collins Revert golangci-lint bump to v2.7.2 The Go 1.26 upgrade is no longer needed — downstream operators are bumping down the kube components version instead. Revert golangci-lint from v2.12.2 back to v2.7.2. The Python 3.9 compatibility fix from PR #743 is intentionally preserved. This reverts the golangci-lint portion of 43f0781. Created with assistance from Claude 🤖 <[email protected]> Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> Signed-off-by: Christopher Collins <[email protected]> commit: 43f0781250bdbc42890ac475f032296285c59594 author: Christopher Collins Bump golangci-lint to v2.12.2 for Go 1.26 support (#743) * Bump golangci-lint to v2.12.2 for Go 1.26 support Kubernetes v0.36.1 and controller-runtime v0.24.1 declare go 1.26.0 in their go.mod. The previous golangci-lint v2.7.2 was built with Go 1.25 and refuses to lint code targeting Go 1.26. Bumping to v2.12.2 (built with Go 1.26) unblocks operators upgrading to these dependencies. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> * Fix olm_pko_migration.py Python 3.9 compatibility The `str | None` union type syntax requires Python 3.10+. The boilerplate container image ships Python 3.9, causing the 08-pko-migration test to fail with TypeError. Use Optional[str] from typing instead. Created with assistance from Claude 🤖 <[email protected]> Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> Signed-off-by: Christopher Collins <[email protected]> --------- Signed-off-by: Christopher Collins <[email protected]> Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]> commit: 915fe611bee0958cec3c36f94294c533fcb7c740 author: devppratik Update pre-commit-yaml Add docs shorten the docs commit: f939c8d8d64f204a337372534003343078ab2341 author: MitaliBhalla Enable MintMaker automerge for gomod; pre-label Dependabot docker PRs Extend boilerplate renovate.json so gomod updates get the same automerge and lgtm/approved labels as Tekton. Keep Dependabot for /build docker; add lgtm and approved to the golang-osd-operator dependabot.yml template labels (with ok-to-test and area/dependency). Operators inherit renovate via extends; dependabot label changes apply on boilerplate-update. Co-authored-by: Cursor <[email protected]> commit: 0fd7c667224a7d6987d3af367801d790d815e495 author: red-hat-konflux[bot] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: 5c9b1484a283341e2d9aca8300bf97cfc665ca69 author: red-hat-konflux[bot] chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to f0ed531 (#738) Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: 203ecbf77405125ef1241944bf08eb1f342c609f author: red-hat-konflux[bot] chore(deps): update konflux references (#737) Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: bed16abb324583e2d5196368f26adea310f738bd author: Josh Branham Update OWNERS_ALIASES commit: 6e8c892788d166f584d335354c6a01612e14dfe2 author: jdowni000 Adding Justin Downie to srep-functional-team-aurora commit: 3f9c427aea95d083add203bbffc9417b1c53fcac author: Anthony Byrne Fix incremental linting in CI for enhanced golangci config The enhanced golangci-lint config (d83e5ee) added `new: true` to only lint new code, but this silently falls back to linting everything in CI shallow clones where the required git history is unavailable. This breaks ci/prow/lint across all consumer repos on boilerplate update. Fix by passing --new-from-rev via standard.mk's go-check target: - In CI (Prow), use PULL_BASE_SHA which is guaranteed to exist - Locally, fall back to origin/HEAD via git symbolic-ref Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> commit: b6e7575196e8c17274c85d2c22178ad51290c237 author: red-hat-konflux[bot] chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 308d6f6 (#733) Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: 3c2045c22f3ca116ed23b0f7eec50d3ff4774d1f author: red-hat-konflux[bot] chore(deps): update konflux references (#732) Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: a903a81cde2b197d153253df9ca148935687dc76 author: Trevor Nierman Re-enable std-error-handling exclusion for golang-osd-operator lint The golang-osd-operator golangci config was missing the std-error-handling exclusion preset, causing errcheck to flag unchecked return values from standard library functions like fmt.Printf and fmt.Println. The golang-lint convention already includes this preset. Also removes disable-default-exclusions which was redundant with the explicit preset. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> commit: dc60b38466460c3b128d21fd569a2a23ca885eef author: George Adams Add geowa4 to OWNERS approvers and srep-functional-team-aurora Co-Authored-By: Claude Opus 4.6 <[email protected]> commit: f76b2a3ebed41d057e74e9facbf21235053c161f author: devppratik Update lint to run on new changes only commit: 77970a51152ec0437f6b6845ceeb999bf80581fc author: jdowni000 Update UBI9 base image to 9.7-1778044007 for Go 1.25.9 Updates both builder and final stage to use UBI9:9.7-1778044007 which includes go-toolset-1.25.9 for fixing critical stdlib CVEs. This enables downstream projects (like aws-account-operator) to consume the latest Go stdlib security fixes. Fixes Go 1.25.9 stdlib CVEs including CVE-2026-27143 (Critical) and 11 other High/Medium severity vulnerabilities. Co-Authored-By: Claude Sonnet 4.5 <[email protected]> commit: 0643771a04b7ebc8ec1b6d62dd85078ab864041f author: devppratik Minor fixes for pre-commit hooks and Lint commit: 636c91891f92b9d0109d45d768ff07694d3b865c author: cgong fix: renumber hooks, make RBAC check warn-only (SREP-4485) - Renumber hooks 1-6 after merging file hygiene and YAML syntax sections - Clean up inline golden-rule references from comments - Make rbac-wildcard-check warn-only (exit 0) to avoid blocking repos with pre-existing wildcard RBAC; will promote to blocking after cleanup - Add go-build binary note: compile-only, no artifacts written to repo Co-Authored-By: Claude Sonnet 4.6 (1M context) <[email protected]> commit: 213c67c8e0ffd603b7c0935829709ba6496c9efc author: cgong fix: address review comments on pre-commit config (SREP-4485) - Merge duplicate pre-commit-hooks repo entries into one block - Move RBAC wildcard check logic to make target rbac-wildcard-check in standard.mk for readability and reuse; hook now calls make target - Clean up inline comments Co-Authored-By: Claude Sonnet 4.6 (1M context) <[email protected]> commit: b854c349cc24ce530842764ad7982c74c8e1368c author: devppratik Update threshold values commit: 99e10d2419e0e4e7caa821eb953085ac9e44acce author: devppratik Update threshold values commit: 3bbe2cec84c927aca0c2ded28ec337e679d239be author: Anthony Byrne Remove myself from OWNERS Removed 'abyrne55' from srep-functional-team-aurora and srep-functional-leads aliases. commit: 2c24caf9372c0f117f6f4825b09c22007b80edaf author: cgong fix: remove Claude command from boilerplate MR (SREP-4485) Claude Code skill (.claude/commands/pre-commit.md) moved to SREP-4410. This MR now contains only the pre-commit-config.yaml addition. Co-Authored-By: Claude Sonnet 4.6 (1M context) <[email protected]> commit: 298b1a437285a1031d7d6ba67c576cb694cc73ba author: cgong add: pre-commit hooks to golang-osd-operator convention (SREP-4485) Adds .pre-commit-config.yaml deployment to all operators subscribing to the golang-osd-operator boilerplate convention. Files added to convention: - pre-commit-config.yaml: Tier 1 common hooks mirroring ci/prow/lint (file hygiene, gitleaks, golangci-lint, go-build, go-mod-tidy, RBAC wildcard check) - commands/pre-commit.md: /pre-commit Claude Code agent with golden rule compliance (2-retry limit, security escalation, structured output) update script now deploys both files to operator repos: - .pre-commit-config.yaml at repo root - .claude/commands/pre-commit.md for Claude Code agent support Golden rules: SREP-4450 Co-Authored-By: Claude Sonnet 4.6 (1M context) <[email protected]> commit: b945ce088eb8f53557f0128727141ea634127e9e author: red-hat-konflux[bot] chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 8244f60 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: 599533cf8fcc65cf0edc89ec62b323f23ba0d50f author: red-hat-konflux[bot] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: bf40484c3a6951f1da4aba49a1fc723521267af5 author: devppratik SREP-4484: Enable codecov enforcement for repos commit: 09b0e58b9a006cc37e74fa5603fa6410a9be9f68 author: Anwardeen A Bumping ubi image commit: 7f92f3595ab6f86048fffeaaf2964011e6ff00d9 author: Anwardeen A Bumping ubi image commit: d960f6e9051781f162c9834c8c570d7b143e2634 author: red-hat-konflux[bot] chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 46f0892 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: 8aa643951691f03c189c88749ef4cea5f5664640 author: red-hat-konflux[bot] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: ef5b692fe45d95701ea3f5cc3e3bb4c0cd4c239c author: Josh Branham remove jharrington22 commit: d83e5eea8cbd3b0c7fcaf70c612bcd538e943489 author: devppratik Update golangci-lint configuration with enhanced linters Enhance the golangci-lint configuration to include a more comprehensive set of linters organized by priority (Critical, High, Medium, Optional) with appropriate settings for error handling, security, and code quality checks. Co-Authored-By: Claude Sonnet 4.5 <[email protected]> commit: 584d83057f7c30a136f890276b3b21f35431869f author: red-hat-konflux[bot] chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to a2b9823 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: 1e4454023a21310295aa370b6aaa6af12a3194a0 author: red-hat-konflux[bot] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: 02338011c4635e04784d62d8fc8305770f18178d author: red-hat-konflux[bot] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: 29cfe5f111d97443b583dbbceea07969c07fd5d5 author: Christopher Collins Auto-install kubectl-package via ensure.sh Add kubectl-package to ensure.sh following the golangci-lint pattern so that validate-pko-fixtures and generate-pko-fixtures auto-install the binary if it is not already on $PATH. This unblocks Prow CI on older boilerplate image tags that do not include kubectl-package. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> commit: e3f009d62af7f2238476d8e66285075a2b73aaf2 author: Christopher Collins Add PKO fixture validation targets and kubectl-package to backing image (#709) * Add PKO fixture validation targets and kubectl-package to backing image Add kubectl-package v1.18.6 to the backing container image for PKO (Package Operator) template snapshot validation. Add make targets for repos that deploy via PKO: - validate-pko-fixtures: validates committed fixtures match rendered template output. Wired into `make validate` so it runs automatically in `make container-validate` and CI. Silently skips repos without PKO test fixtures. - generate-pko-fixtures: regenerates fixtures after intentional template changes. - container-generate-pko-fixtures: container-wrapped variant for developers without kubectl-package installed locally. Repos opt in by adding a `test:` section to deploy_pko/manifest.yaml with test contexts. Repos without this section are silently skipped. Created with assistance from Claude 🤖 <[email protected]> Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> Signed-off-by: Christopher Collins <[email protected]> * Document bind-mount behavior for container-generate-pko-fixtures Clarify that generated fixtures appear directly in the local checkout via bind mount — no manual copy step needed. Created with assistance from Claude 🤖 <[email protected]> Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> Signed-off-by: Christopher Collins <[email protected]> * Add .dockerignore validation and auto-creation for PKO fixtures - validate-pko-fixtures now checks that .dockerignore/.containerignore exists and excludes .test-fixtures when fixtures are present - generate-pko-fixtures auto-creates deploy_pko/.dockerignore - Documents buildah COPY * dotfile behavior in README Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> Signed-off-by: Christopher Collins <[email protected]> * Fix generate-pko-fixtures to abort on validation failure Change `;` to `&&` after kubectl-package validate so that if validation fails after rm -rf deletes existing fixtures, the target stops instead of continuing to print a misleading "Fixtures regenerated" success message. Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]> Signed-off-by: Christopher Collins <[email protected]> --------- Signed-off-by: Christopher Collins <[email protected]> Co-authored-by: Claude Opus 4.6 (1M context) <[email protected]> commit: ef22cf98ee1bbd017ea134894f723e9770841cc5 author: Abhishek Remove a7vicky from srep-functional-team-thor commit: 867304f4e506e7bffba777eb93369961a1cade1e author: red-hat-konflux[bot] chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 815d4b5 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: c0d7b3eb49f031966b7e47f3d4b09f282ff779ab author: red-hat-konflux[bot] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: 6a68e14c382e302704222f25e6b845151af63e98 author: red-hat-konflux[bot] chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 69c5a7a Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: a791f9ad49f4f6dfdaae910d8a143376d77fe8f3 author: red-hat-konflux[bot] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: e9ba67abc6946d2448c47374cb7e2e6fd1bcc20b author: red-hat-konflux[bot] chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 1352e77 Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: ef190a636e7de9682be0caedeb69b83f40bcd47c author: red-hat-konflux[bot] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: 361f0026d39c31a9df67e89d9e34ed1351fd20f6 author: Chamal Abeywardhana Adding annotation for configmap PKO migration commit: 9af8b58293416a6ee52867a4ab70b97db9f13015 author: red-hat-konflux[bot] chore(deps): update konflux references Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com> commit: 9103d7b45358eaadcde3742d57552191fea34a5d author: tkong fix the indentation error in the olm_pko_migration script when generate the manifest.yaml commit: 9dffaf77dff114aaa94887d47d24ac4d553d665d author: Anish Patel Update Konflux Tekton task bundle digests to latest trusted versions Update 8 task bundle references in docker-build-oci-ta pipeline to latest trusted versions verified via skopeo on 2026-03-10. Updated tasks: - clamav-scan:0.3 (security scan) - deprecated-image-check:0.5 (compliance check) - clair-scan:0.3 (vulnerability scan) - sast-unicode-check-oci-ta:0.4 (SAST) - sast-shell-check-oci-ta:0.1 (SAST) - sast-snyk-check-oci-ta:0.4 (SAST) - sast-coverity-check-oci-ta:0.3 (SAST) - coverity-availability-check:0.2 (compliance) - push-dockerfile-oci-ta:0.3 (build artifact) These updates resolve Enterprise Contract 'trusted_task.trusted' policy violations caused by outdated task bundle digests. All digests verified using: skopeo inspect --no-tags docker://quay.io/konflux-ci/tekton-catalog/task-{name}:{version} Fixes: Required task not from trusted task errors in Konflux builds commit: 45c9ac28c5dbd305184dcad9548716497e7405d8 author: Gianluca Stella Update owners aliases
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (3)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: iamkirkbater The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
Bot
added
the
approved
Contributor
|
@iamkirkbater: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #241 +/- ##
=======================================
Coverage 55.67% 55.67%
=======================================
Files 23 23
Lines 1895 1895
=======================================
Hits 1055 1055
Misses 785 785
Partials 55 55 🚀 New features to boost your workflow:
|
Contributor
|
/lgtm |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Conventions:
openshift/boilerplate@48ae74b...8fb7c80
commit: 8fb7c801f68dc7e06e8d2ae138c2a98f0b234b56
author: Josh Branham
Remove user no longer in the org
commit: adf5de77e6238d9697351b1030ec7f4c3e793bac
author: Mitali Bhalla
ROSA-745: MintMaker gomod batch + automerge via boilerplate renovate (#748)
Enable grouped gomod manager in shared renovate.json with Mon-Fri 02:00-04:59
UTC batch window; pre-label lgtm/approved on safe patch/minor/digest updates;
major gomod and Tekton updates open for manual review. Add lgtm/approved and
Mon 03:00 UTC schedule to Dependabot docker template.
Co-authored-by: Cursor [email protected]
commit: fb6795dfd897e2b42b7d3b9646228812b57d98c8
author: Kirk Bater
remove iamkirkbater from team leads alias
commit: 1d09b759691974be7028624ad761eb25915d344c
author: Christopher Collins
Fix container-make leaving orphaned containers on interruption
Add --rm to the detached container run so it self-removes when stopped.
Add an EXIT trap to stop the container on abnormal exit (Ctrl+C, terminal
close, SIGTERM). Disarm the trap before normal cleanup so the happy path
uses the existing explicit rm -f without a redundant stop.
Co-Authored-By: Claude Opus 4.6 (1M context) [email protected]
commit: e63f1e4045c75dec240c472fa10d34c6d17bb85e
author: red-hat-konflux[bot]
chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 30b786d
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: 44a1272cb93ca85457f7179a5eb98b578e3ca6c5
author: red-hat-konflux[bot]
chore(deps): update konflux references (#749)
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: 3909bdfa084fe68bff714f4d7e764860ada91018
author: MitaliBhalla
Revert "Merge pull request #741 from MitaliBhalla/chore/renovate-gomod-automerge"
This reverts commit b9feed9077bb86729e82a40dc46e9343da59a915, reversing
changes made to 1628663baae4b9c1b7c55ed302a3d9e99376d8c6.
commit: e5238f5ec6979b77e1853198f77fed08ba1713fc
author: MitaliBhalla
Revert "Merge pull request #746 from MitaliBhalla/chore/renovate-gomod-daily-batch"
This reverts commit dd0c8513538cbc8e2c9df5ce3c2053740d733f34, reversing
changes made to bbab1081503624f1e013b398e1cd2a0806b5d834.
commit: 6ccbd825498f0c7c16c9860084c674ded4d2e1e2
author: MitaliBhalla
Pilot: narrow gomod schedule to current UTC hour for testing
Thu 06:00-06:59 UTC (~11:30 AM-12:30 PM IST) so MintMaker can run soon after
merge. Production window 02:00-04:59 Mon-Fri in a follow-up.
Co-authored-by: Cursor [email protected]
commit: eff876184ca983751b866c3cad7d7827c72438da
author: MitaliBhalla
Use short Thursday UTC window for MintMaker pilot test
Temporary schedule 06:00-07:59 UTC (Thu) for immediate validation; restore
02:00-04:59 Mon-Fri in a follow-up after pilot sign-off.
Co-authored-by: Cursor [email protected]
commit: d621c3a4fc0f200b400683ae744daa6c0296752d
author: MitaliBhalla
Batch MintMaker gomod updates on a UTC weekday schedule
Group patch/minor gomod bumps into one PR per repo and open them only
UTC 02:00-04:59 on weekdays. Keep lgtm/approved for tide automerge;
merge gating relies on Prow required checks (DPP), not a GitHub Action.
Co-authored-by: Cursor [email protected]
commit: a8be62527cc4192704c8f0f61a7f82fe287da4c8
author: Andrew Pantuso
feat: add generation logic to propagate CRDs to deploy_pko if present
commit: c7cd213a17e83b13b310d112b2aff882cd1d4d93
author: Christopher Collins
Revert golangci-lint bump to v2.7.2
The Go 1.26 upgrade is no longer needed — downstream operators are
bumping down the kube components version instead. Revert golangci-lint
from v2.12.2 back to v2.7.2. The Python 3.9 compatibility fix from
PR #743 is intentionally preserved.
This reverts the golangci-lint portion of 43f0781.
Created with assistance from Claude 🤖 [email protected]
Co-Authored-By: Claude Opus 4.6 (1M context) [email protected]
Signed-off-by: Christopher Collins [email protected]
commit: 43f0781250bdbc42890ac475f032296285c59594
author: Christopher Collins
Bump golangci-lint to v2.12.2 for Go 1.26 support (#743)
Kubernetes v0.36.1 and controller-runtime v0.24.1 declare go 1.26.0
in their go.mod. The previous golangci-lint v2.7.2 was built with
Go 1.25 and refuses to lint code targeting Go 1.26. Bumping to
v2.12.2 (built with Go 1.26) unblocks operators upgrading to these
dependencies.
Co-Authored-By: Claude Opus 4.6 (1M context) [email protected]
The
str | Noneunion type syntax requires Python 3.10+. Theboilerplate container image ships Python 3.9, causing the
08-pko-migration test to fail with TypeError. Use Optional[str]
from typing instead.
Created with assistance from Claude 🤖 [email protected]
Co-Authored-By: Claude Opus 4.6 (1M context) [email protected]
Signed-off-by: Christopher Collins [email protected]
Signed-off-by: Christopher Collins [email protected]
Co-authored-by: Claude Opus 4.6 (1M context) [email protected]
commit: 915fe611bee0958cec3c36f94294c533fcb7c740
author: devppratik
Update pre-commit-yaml
Add docs
shorten the docs
commit: f939c8d8d64f204a337372534003343078ab2341
author: MitaliBhalla
Enable MintMaker automerge for gomod; pre-label Dependabot docker PRs
Extend boilerplate renovate.json so gomod updates get the same automerge
and lgtm/approved labels as Tekton. Keep Dependabot for /build docker;
add lgtm and approved to the golang-osd-operator dependabot.yml template
labels (with ok-to-test and area/dependency). Operators inherit renovate
via extends; dependabot label changes apply on boilerplate-update.
Co-authored-by: Cursor [email protected]
commit: 0fd7c667224a7d6987d3af367801d790d815e495
author: red-hat-konflux[bot]
chore(deps): update konflux references
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: 5c9b1484a283341e2d9aca8300bf97cfc665ca69
author: red-hat-konflux[bot]
chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to f0ed531 (#738)
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: 203ecbf77405125ef1241944bf08eb1f342c609f
author: red-hat-konflux[bot]
chore(deps): update konflux references (#737)
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: bed16abb324583e2d5196368f26adea310f738bd
author: Josh Branham
Update OWNERS_ALIASES
commit: 6e8c892788d166f584d335354c6a01612e14dfe2
author: jdowni000
Adding Justin Downie to srep-functional-team-aurora
commit: 3f9c427aea95d083add203bbffc9417b1c53fcac
author: Anthony Byrne
Fix incremental linting in CI for enhanced golangci config
The enhanced golangci-lint config (d83e5ee) added
new: trueto onlylint new code, but this silently falls back to linting everything in
CI shallow clones where the required git history is unavailable. This
breaks ci/prow/lint across all consumer repos on boilerplate update.
Fix by passing --new-from-rev via standard.mk's go-check target:
Co-Authored-By: Claude Opus 4.6 (1M context) [email protected]
commit: b6e7575196e8c17274c85d2c22178ad51290c237
author: red-hat-konflux[bot]
chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 308d6f6 (#733)
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: 3c2045c22f3ca116ed23b0f7eec50d3ff4774d1f
author: red-hat-konflux[bot]
chore(deps): update konflux references (#732)
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
Co-authored-by: red-hat-konflux[bot] <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: a903a81cde2b197d153253df9ca148935687dc76
author: Trevor Nierman
Re-enable std-error-handling exclusion for golang-osd-operator lint
The golang-osd-operator golangci config was missing the std-error-handling
exclusion preset, causing errcheck to flag unchecked return values from
standard library functions like fmt.Printf and fmt.Println. The golang-lint
convention already includes this preset. Also removes disable-default-exclusions
which was redundant with the explicit preset.
Co-Authored-By: Claude Opus 4.6 (1M context) [email protected]
commit: dc60b38466460c3b128d21fd569a2a23ca885eef
author: George Adams
Add geowa4 to OWNERS approvers and srep-functional-team-aurora
Co-Authored-By: Claude Opus 4.6 [email protected]
commit: f76b2a3ebed41d057e74e9facbf21235053c161f
author: devppratik
Update lint to run on new changes only
commit: 77970a51152ec0437f6b6845ceeb999bf80581fc
author: jdowni000
Update UBI9 base image to 9.7-1778044007 for Go 1.25.9
Updates both builder and final stage to use UBI9:9.7-1778044007
which includes go-toolset-1.25.9 for fixing critical stdlib CVEs.
This enables downstream projects (like aws-account-operator) to
consume the latest Go stdlib security fixes.
Fixes Go 1.25.9 stdlib CVEs including CVE-2026-27143 (Critical)
and 11 other High/Medium severity vulnerabilities.
Co-Authored-By: Claude Sonnet 4.5 [email protected]
commit: 0643771a04b7ebc8ec1b6d62dd85078ab864041f
author: devppratik
Minor fixes for pre-commit hooks and Lint
commit: 636c91891f92b9d0109d45d768ff07694d3b865c
author: cgong
fix: renumber hooks, make RBAC check warn-only (SREP-4485)
with pre-existing wildcard RBAC; will promote to blocking after cleanup
Co-Authored-By: Claude Sonnet 4.6 (1M context) [email protected]
commit: 213c67c8e0ffd603b7c0935829709ba6496c9efc
author: cgong
fix: address review comments on pre-commit config (SREP-4485)
in standard.mk for readability and reuse; hook now calls make target
Co-Authored-By: Claude Sonnet 4.6 (1M context) [email protected]
commit: b854c349cc24ce530842764ad7982c74c8e1368c
author: devppratik
Update threshold values
commit: 99e10d2419e0e4e7caa821eb953085ac9e44acce
author: devppratik
Update threshold values
commit: 3bbe2cec84c927aca0c2ded28ec337e679d239be
author: Anthony Byrne
Remove myself from OWNERS
Removed 'abyrne55' from srep-functional-team-aurora and srep-functional-leads aliases.
commit: 2c24caf9372c0f117f6f4825b09c22007b80edaf
author: cgong
fix: remove Claude command from boilerplate MR (SREP-4485)
Claude Code skill (.claude/commands/pre-commit.md) moved to SREP-4410.
This MR now contains only the pre-commit-config.yaml addition.
Co-Authored-By: Claude Sonnet 4.6 (1M context) [email protected]
commit: 298b1a437285a1031d7d6ba67c576cb694cc73ba
author: cgong
add: pre-commit hooks to golang-osd-operator convention (SREP-4485)
Adds .pre-commit-config.yaml deployment to all operators subscribing to
the golang-osd-operator boilerplate convention.
Files added to convention:
(file hygiene, gitleaks, golangci-lint, go-build, go-mod-tidy,
RBAC wildcard check)
rule compliance (2-retry limit, security escalation, structured output)
update script now deploys both files to operator repos:
Golden rules: SREP-4450
Co-Authored-By: Claude Sonnet 4.6 (1M context) [email protected]
commit: b945ce088eb8f53557f0128727141ea634127e9e
author: red-hat-konflux[bot]
chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 8244f60
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: 599533cf8fcc65cf0edc89ec62b323f23ba0d50f
author: red-hat-konflux[bot]
chore(deps): update konflux references
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: bf40484c3a6951f1da4aba49a1fc723521267af5
author: devppratik
SREP-4484: Enable codecov enforcement for repos
commit: 09b0e58b9a006cc37e74fa5603fa6410a9be9f68
author: Anwardeen A
Bumping ubi image
commit: 7f92f3595ab6f86048fffeaaf2964011e6ff00d9
author: Anwardeen A
Bumping ubi image
commit: d960f6e9051781f162c9834c8c570d7b143e2634
author: red-hat-konflux[bot]
chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 46f0892
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: 8aa643951691f03c189c88749ef4cea5f5664640
author: red-hat-konflux[bot]
chore(deps): update konflux references
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: ef5b692fe45d95701ea3f5cc3e3bb4c0cd4c239c
author: Josh Branham
remove jharrington22
commit: d83e5eea8cbd3b0c7fcaf70c612bcd538e943489
author: devppratik
Update golangci-lint configuration with enhanced linters
Enhance the golangci-lint configuration to include a more comprehensive set
of linters organized by priority (Critical, High, Medium, Optional) with
appropriate settings for error handling, security, and code quality checks.
Co-Authored-By: Claude Sonnet 4.5 [email protected]
commit: 584d83057f7c30a136f890276b3b21f35431869f
author: red-hat-konflux[bot]
chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to a2b9823
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: 1e4454023a21310295aa370b6aaa6af12a3194a0
author: red-hat-konflux[bot]
chore(deps): update konflux references
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: 02338011c4635e04784d62d8fc8305770f18178d
author: red-hat-konflux[bot]
chore(deps): update konflux references
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: 29cfe5f111d97443b583dbbceea07969c07fd5d5
author: Christopher Collins
Auto-install kubectl-package via ensure.sh
Add kubectl-package to ensure.sh following the golangci-lint pattern
so that validate-pko-fixtures and generate-pko-fixtures auto-install
the binary if it is not already on $PATH. This unblocks Prow CI on
older boilerplate image tags that do not include kubectl-package.
Co-Authored-By: Claude Opus 4.6 (1M context) [email protected]
commit: e3f009d62af7f2238476d8e66285075a2b73aaf2
author: Christopher Collins
Add PKO fixture validation targets and kubectl-package to backing image (#709)
Add kubectl-package v1.18.6 to the backing container image for PKO
(Package Operator) template snapshot validation.
Add make targets for repos that deploy via PKO:
template output. Wired into
make validateso it runs automaticallyin
make container-validateand CI. Silently skips repos withoutPKO test fixtures.
template changes.
developers without kubectl-package installed locally.
Repos opt in by adding a
test:section to deploy_pko/manifest.yamlwith test contexts. Repos without this section are silently skipped.
Created with assistance from Claude 🤖 [email protected]
Co-Authored-By: Claude Opus 4.6 (1M context) [email protected]
Signed-off-by: Christopher Collins [email protected]
Clarify that generated fixtures appear directly in the local checkout
via bind mount — no manual copy step needed.
Created with assistance from Claude 🤖 [email protected]
Co-Authored-By: Claude Opus 4.6 (1M context) [email protected]
Signed-off-by: Christopher Collins [email protected]
exists and excludes .test-fixtures when fixtures are present
Co-Authored-By: Claude Opus 4.6 (1M context) [email protected]
Signed-off-by: Christopher Collins [email protected]
Change
;to&&after kubectl-package validate so that ifvalidation fails after rm -rf deletes existing fixtures, the
target stops instead of continuing to print a misleading
"Fixtures regenerated" success message.
Co-Authored-By: Claude Opus 4.6 (1M context) [email protected]
Signed-off-by: Christopher Collins [email protected]
Signed-off-by: Christopher Collins [email protected]
Co-authored-by: Claude Opus 4.6 (1M context) [email protected]
commit: ef22cf98ee1bbd017ea134894f723e9770841cc5
author: Abhishek
Remove a7vicky from srep-functional-team-thor
commit: 867304f4e506e7bffba777eb93369961a1cade1e
author: red-hat-konflux[bot]
chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 815d4b5
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: c0d7b3eb49f031966b7e47f3d4b09f282ff779ab
author: red-hat-konflux[bot]
chore(deps): update konflux references
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: 6a68e14c382e302704222f25e6b845151af63e98
author: red-hat-konflux[bot]
chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 69c5a7a
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: a791f9ad49f4f6dfdaae910d8a143376d77fe8f3
author: red-hat-konflux[bot]
chore(deps): update konflux references
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: e9ba67abc6946d2448c47374cb7e2e6fd1bcc20b
author: red-hat-konflux[bot]
chore(deps): update registry.access.redhat.com/ubi8/ubi-minimal:latest docker digest to 1352e77
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: ef190a636e7de9682be0caedeb69b83f40bcd47c
author: red-hat-konflux[bot]
chore(deps): update konflux references
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: 361f0026d39c31a9df67e89d9e34ed1351fd20f6
author: Chamal Abeywardhana
Adding annotation for configmap PKO migration
commit: 9af8b58293416a6ee52867a4ab70b97db9f13015
author: red-hat-konflux[bot]
chore(deps): update konflux references
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
commit: 9103d7b45358eaadcde3742d57552191fea34a5d
author: tkong
fix the indentation error in the olm_pko_migration script when generate the manifest.yaml
commit: 9dffaf77dff114aaa94887d47d24ac4d553d665d
author: Anish Patel
Update Konflux Tekton task bundle digests to latest trusted versions
Update 8 task bundle references in docker-build-oci-ta pipeline to latest
trusted versions verified via skopeo on 2026-03-10.
Updated tasks:
These updates resolve Enterprise Contract 'trusted_task.trusted' policy
violations caused by outdated task bundle digests.
All digests verified using:
skopeo inspect --no-tags docker://quay.io/konflux-ci/tekton-catalog/task-{name}:{version}
Fixes: Required task not from trusted task errors in Konflux builds
commit: 45c9ac28c5dbd305184dcad9548716497e7405d8
author: Gianluca Stella
Update owners aliases