ROSA-745: boilerplate-update after openshift/boilerplate#748#552
ROSA-745: boilerplate-update after openshift/boilerplate#748#552MitaliBhalla wants to merge 2 commits into
Conversation
Pick up Dependabot docker automerge labels/schedule from boilerplate.
|
@MitaliBhalla: This pull request references ROSA-745 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the initiative to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
WalkthroughReplaces .github/dependabot.yml with a boilerplate Docker-only Dependabot config targeting ChangesDependabot Configuration Update
Estimated code review effort🎯 2 (Simple) | ⏱️ ~8 minutes 🚥 Pre-merge checks | ✅ 13 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (13 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: MitaliBhalla The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In @.github/dependabot.yml:
- Around line 17-20: Update the Dependabot ignore entries so they match the
actual Docker base images used in build/Dockerfile: replace the ignored
dependency-name values "redhat-services-prod/openshift/boilerplate" and
"openshift4/ose-operator-registry" with the image names used in the FROM lines
(e.g. "registry.access.redhat.com/ubi9/go-toolset:1.26.3-1780490420" and
"registry.access.redhat.com/ubi9/ubi-minimal:latest") in .github/dependabot.yml
so Dependabot will skip PRs for those exact base images.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: c6a49537-fd4e-4ae0-8a19-da7314e20313
⛔ Files ignored due to path filters (2)
boilerplate/_data/last-boilerplate-commitis excluded by!boilerplate/**boilerplate/_lib/subscriber-propose-updateis excluded by!boilerplate/**
📒 Files selected for processing (1)
.github/dependabot.yml
| - dependency-name: "redhat-services-prod/openshift/boilerplate" | ||
| # don't upgrade boilerplate via these means | ||
| - dependency-name: "openshift/origin-operator-registry" | ||
| # don't upgrade origin-operator-registry via these means | ||
| - package-ecosystem: gomod | ||
| directory: "/" | ||
| labels: | ||
| - "area/dependency" | ||
| - "ok-to-test" | ||
| schedule: | ||
| interval: "weekly" | ||
| open-pull-requests-limit: 10 | ||
| # Group related updates together to reduce PR volume | ||
| groups: | ||
| aws-sdk: | ||
| patterns: | ||
| - "github.com/aws/aws-sdk-go-v2*" | ||
| kubernetes: | ||
| patterns: | ||
| - "k8s.io/*" | ||
| - "sigs.k8s.io/*" | ||
| openshift: | ||
| patterns: | ||
| - "github.com/openshift/*" | ||
| - dependency-name: "openshift4/ose-operator-registry" | ||
| # don't upgrade ose-operator-registry via these means |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Description: Search for FROM statements in Dockerfiles to identify base images
echo "Searching for Docker base images in /build..."
if [ -d "build" ]; then
echo "FROM statements found:"
rg -n "^FROM " build/ --type dockerfile 2>/dev/null || rg -n "^FROM " build/ -g "Dockerfile*"
echo ""
echo "Note: Verify that any frequently-updated or build-time-only base images are included in the ignore list."
else
echo "❌ /build directory does not exist"
fiRepository: openshift/managed-cluster-validating-webhooks
Length of output: 389
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== dependabot.yml (relevant lines) ==="
if [ -f .github/dependabot.yml ]; then
nl -ba .github/dependabot.yml | sed -n '1,120p'
else
echo "Missing .github/dependabot.yml"
exit 1
fi
echo
echo "=== Search for ignored dependency names in repo ==="
rg -n --hidden --glob '!.git/*' 'redhat-services-prod/openshift/boilerplate|openshift4/ose-operator-registry' . || true
echo
echo "=== Search for Docker base images referenced in Dockerfiles ==="
fd -e Dockerfile . || true
fd -t f 'Dockerfile*' .github . build . || true
rg -n --hidden --glob '!.git/*' '^FROM ' --type-add 'dockerfile:Dockerfile*' --type dockerfile . || true
echo
echo "=== Search for ubi9/ubi-minimal references ==="
rg -n --hidden --glob '!.git/*' 'registry\.access\.redhat\.com/ubi9/ubi-minimal|ubi9/ubi-minimal' . || trueRepository: openshift/managed-cluster-validating-webhooks
Length of output: 190
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== dependabot.yml (first 120 lines, with line numbers) ==="
if [ -f .github/dependabot.yml ]; then
cat -n .github/dependabot.yml | sed -n '1,120p'
else
echo "Missing .github/dependabot.yml"
exit 1
fi
echo
echo "=== dependabot.yml ignore dependency-name entries ==="
rg -n 'dependency-name:' .github/dependabot.yml || true
echo
echo "=== Dockerfiles present ==="
find . -type f \( -iname 'Dockerfile' -o -iname 'Dockerfile.*' \) -print
echo
echo "=== All Dockerfile FROM lines ==="
# Print FROM lines only (excluding commented FROM)
find . -type f \( -iname 'Dockerfile' -o -iname 'Dockerfile.*' \) -print0 | xargs -0 rg -n '^[[:space:]]*FROM[[:space:]]+' || true
echo
echo "=== Search for specific ignored dependency-name strings in repo ==="
rg -n --hidden --glob '!.git/*' 'redhat-services-prod/openshift/boilerplate|openshift4/ose-operator-registry' . || trueRepository: openshift/managed-cluster-validating-webhooks
Length of output: 1745
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Search for boilerplate/ose-operator-registry in /build ==="
rg -n --hidden --glob '!.git/*' 'redhat-services-prod/openshift/boilerplate|openshift4/ose-operator-registry|boilerplate|ose-operator-registry' build || true
echo
echo "=== Dockerfiles under /build and their FROM lines ==="
find build -type f \( -iname 'Dockerfile' -o -iname 'Dockerfile.*' \) -print0 | xargs -0 -I{} sh -c 'echo "--- {} ---"; rg -n "^[[:space:]]*FROM[[:space:]]+" "{}"' || trueRepository: openshift/managed-cluster-validating-webhooks
Length of output: 627
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== build/Dockerfile (lines 1-120) ==="
cat -n build/Dockerfile | sed -n '1,120p'
echo
echo "=== build/build_push*.sh (lines 1-200) ==="
for f in build/build_push.sh build/build_push_package.sh; do
if [ -f "$f" ]; then
echo "--- $f ---"
cat -n "$f" | sed -n '1,200p'
fi
done
echo
echo "=== test/e2e/Dockerfile (lines 1-120) ==="
cat -n test/e2e/Dockerfile | sed -n '1,120p'Repository: openshift/managed-cluster-validating-webhooks
Length of output: 10847
Fix Dependabot ignore list to match actual /build Docker base images
.github/dependabot.yml ignores redhat-services-prod/openshift/boilerplate and openshift4/ose-operator-registry, but neither appears in build/Dockerfile; the FROM images there are registry.access.redhat.com/ubi9/go-toolset:1.26.3-1780490420 and registry.access.redhat.com/ubi9/ubi-minimal:latest. If those base images are meant to be excluded from Dependabot PRs, update the ignore entries accordingly.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In @.github/dependabot.yml around lines 17 - 20, Update the Dependabot ignore
entries so they match the actual Docker base images used in build/Dockerfile:
replace the ignored dependency-name values
"redhat-services-prod/openshift/boilerplate" and
"openshift4/ose-operator-registry" with the image names used in the FROM lines
(e.g. "registry.access.redhat.com/ubi9/go-toolset:1.26.3-1780490420" and
"registry.access.redhat.com/ubi9/ubi-minimal:latest") in .github/dependabot.yml
so Dependabot will skip PRs for those exact base images.
MCWV uses ubi9/go-toolset + ubi-minimal, not boilerplate or ose-operator-registry. Ignore go-toolset only; allow ubi-minimal bumps. Co-authored-by: Cursor <cursoragent@cursor.com>
|
@MitaliBhalla: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/close |
|
@MitaliBhalla: Closed this PR. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Summary
ROSA-745:
make boilerplate-updateafter openshift/boilerplate#748.Picks up Dependabot docker template changes (
lgtm/approved, Mon 03:00 UTC) and latest boilerplate-managed files.make boilerplate-updatedoes not refresh an existing boilerplate-managed.github/dependabot.yml; this PR syncs it from the #748 template (docker-only).Renovate/MintMaker gomod rules are inherited via
extends: openshift/boilerplate— no renovate change in this PR.Test plan
lgtm/approvedafter mergeJira: ROSA-745
Summary by CodeRabbit