ROSA-745: MintMaker pilot — enable gomod + docker-only Dependabot#553
ROSA-745: MintMaker pilot — enable gomod + docker-only Dependabot#553MitaliBhalla wants to merge 2 commits into
Conversation
- Explicit enabledManagers tekton/gomod so MintMaker runs go.mod updates - Drop Dependabot gomod (MintMaker owns gomod via boilerplate#748) - Sync Dependabot docker template: lgtm/approved, Mon 03:00 UTC - Ignore ubi9/go-toolset only (matches build/Dockerfile; no ose-operator-registry) - boilerplate-update for latest managed files Co-authored-by: Cursor <cursoragent@cursor.com>
|
@MitaliBhalla: This pull request references ROSA-745 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the initiative to target the "5.0.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: MitaliBhalla The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
WalkthroughConsolidates Dependabot to Docker-only updates with a specified Monday 03:00 UTC schedule and new labels, removes Dependabot gomod handling, enables Renovate managers ChangesDependency Management Tooling
🎯 2 (Simple) | ⏱️ ~8 minutes
🚥 Pre-merge checks | ✅ 13 | ❌ 2❌ Failed checks (2 warnings)
✅ Passed checks (13 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
.github/renovate.json (1)
6-9: RestrictingenabledManagerstotekton/gomodmatches the boilerplate, but means workflow action refs won’t be Renovate-managed.
- This repo contains only GitHub Actions workflow files under
.github/workflows/(nopackage.json,Pipfile/requirements*.txt,poetry.lock, ordocker-compose*.ymlfound), so limiting managers doesn’t appear to drop other ecosystems.openshift/boilerplate/.github/renovate.jsonuses the sameenabledManagers: ["tekton","gomod"], so the setting looks intentional for this template.- If you want Renovate to bump
actions/*(e.g.,actions/checkout@v4) inside workflows, add/enable thegithub-actionsmanager (or otherwise manage workflow deps).🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In @.github/renovate.json around lines 6 - 9, The Renovate config restricts enabledManagers to ["tekton","gomod"], so GitHub Actions workflow refs (actions/*) won’t be updated; update the enabledManagers array (the "enabledManagers" key) to include "github-actions" in addition to "tekton" and "gomod" so Renovate will manage action versions in .github/workflows (add the string "github-actions" to the array).
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In @.github/renovate.json:
- Around line 6-9: The Renovate config restricts enabledManagers to
["tekton","gomod"], so GitHub Actions workflow refs (actions/*) won’t be
updated; update the enabledManagers array (the "enabledManagers" key) to include
"github-actions" in addition to "tekton" and "gomod" so Renovate will manage
action versions in .github/workflows (add the string "github-actions" to the
array).
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 3371725a-cada-4e41-b3cd-111f0a2ee7ea
⛔ Files ignored due to path filters (2)
boilerplate/_data/last-boilerplate-commitis excluded by!boilerplate/**boilerplate/_lib/subscriber-propose-updateis excluded by!boilerplate/**
📒 Files selected for processing (2)
.github/dependabot.yml.github/renovate.json
go.mod requires 1.26 but test/e2e/Dockerfile used rhel_9_1.25 builder (Konflux build-container failed). Align with .tekton BASE_IMAGE rhel_9_1.26 and use the go.mod module path instead of OperatorName (validation-webhook). Co-authored-by: Cursor <cursoragent@cursor.com>
Intentional for ROSA-745: we inherit boilerplate #748’s enabledManagers: ["tekton", "gomod"] to pilot MintMaker gomod grouping. GitHub Actions pin updates are out of scope for this PR; we can revisit adding github-actions in a follow-up if the team wants Renovate-managed workflow refs. |
|
@MitaliBhalla: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Summary
Investigation showed MintMaker was not running gomod on repos that only had
extends: openshift/boilerplate— Dependency Dashboard listed tekton only. Pagerduty (with explicitenabledManagers) is the counterexample.This PR:
enabledManagers: ["tekton", "gomod"]in.github/renovate.json— test whether MintMaker picks up gomod + boilerplate#748 grouped rulesgo.modbumps; Dependabot is docker-onlylgtm/approved, Mon 03:00 UTC)build/Dockerfile:ubi9/go-toolsetonly (no boilerplate/ose-operator-registry — not used in this repo)make boilerplate-updatefor latest boilerplate-managed filesTest plan
lgtm/approved; ubi-minimal bumps allowed, go-toolset ignoredJira: ROSA-745
Made with Cursor
Summary by CodeRabbit
Chores
Tests