NO-ISSUE: Bump the go-dependencies group across 1 directory with 4 updates#843
NO-ISSUE: Bump the go-dependencies group across 1 directory with 4 updates#843dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
…dates Bumps the go-dependencies group with 4 updates in the / directory: [github.com/diskfs/go-diskfs](https://github.com/diskfs/go-diskfs), [github.com/hashicorp/go-version](https://github.com/hashicorp/go-version), [github.com/onsi/gomega](https://github.com/onsi/gomega) and [golang.org/x/sync](https://github.com/golang/sync). Updates `github.com/diskfs/go-diskfs` from 1.7.1-0.20251217162235-58541aa8f559 to 1.9.1 - [Commits](https://github.com/diskfs/go-diskfs/commits/v1.9.1) Updates `github.com/hashicorp/go-version` from 1.8.0 to 1.9.0 - [Release notes](https://github.com/hashicorp/go-version/releases) - [Changelog](https://github.com/hashicorp/go-version/blob/main/CHANGELOG.md) - [Commits](hashicorp/go-version@v1.8.0...v1.9.0) Updates `github.com/onsi/gomega` from 1.39.1 to 1.40.0 - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.39.1...v1.40.0) Updates `golang.org/x/sync` from 0.19.0 to 0.20.0 - [Commits](golang/sync@v0.19.0...v0.20.0) --- updated-dependencies: - dependency-name: github.com/diskfs/go-diskfs dependency-version: 1.9.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/hashicorp/go-version dependency-version: 1.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: github.com/onsi/gomega dependency-version: 1.40.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies - dependency-name: golang.org/x/sync dependency-version: 0.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
approved
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
openshift-ci-robot
added
the
jira/valid-reference
|
@dependabot[bot]: This pull request explicitly references no jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
WalkthroughThis pull request updates the Go module configuration by bumping the Go version requirement to 1.25.7, upgrading direct dependencies including diskfs, go-version, gomega, and golang.org/x/sync, updating the indirect dependency pkg/xattr, and removing the go-internal indirect requirement. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes Important Pre-merge checks failedPlease resolve all errors before merging. Addressing warnings is optional. ❌ Failed checks (1 warning, 2 inconclusive)
✅ Passed checks (9 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
openshift-ci
Bot
added
the
size/M
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (1)
go.mod (1)
6-8: Validatego-diskfs1.9.1 compile/runtime expectations.
github.com/diskfs/go-diskfsis bumped tov1.9.1(Line 7). Even if Dependabot resolves module graph cleanly, this library bump can include API/behavior changes.Please ensure the repo compiles and the disk/image workflows still behave correctly (especially any code paths using changed types/options/partition/image handling).
If you have integration coverage around disk image creation/mount/FS ops, consider adding/expanding a small smoke test that exercises the most critical
go-diskfsusage paths (to catch subtle behavior changes early).🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@go.mod` around lines 6 - 8, The go.mod upgrade to github.com/diskfs/go-diskfs v1.9.1 may introduce API/behavior changes; verify compilation and runtime behavior by rebuilding and running tests, then exercise all code paths that call into go-diskfs (look for imports of "github.com/diskfs/go-diskfs" and functions that create images, partitions, or filesystems) and update uses of any changed types/options (e.g., image/partition creation options, filesystem read/write calls) to match the new API; if you lack coverage, add a small smoke test that programmatically creates a disk image, writes a partition/FS, mounts or reads back files, and asserts expected contents to catch regressions early.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@go.mod`:
- Around line 36-38: The indirect dependency github.com/pkg/xattr was bumped to
v0.4.12 which can change OS/filesystem-specific xattr behavior; add or update
tests that exercise extended-attribute operations using the xattr package (e.g.,
calls to xattr.Set, xattr.Get, xattr.List) and ensure they are conditionally
skipped on unsupported platforms/filesystems (use build tags or runtime checks
for OS/errno), run them in CI on supported platforms, and if behavior changed,
adapt call sites or add compatibility handling around xattr operations to
preserve existing semantics.
- Line 3: go.mod now requires "go 1.25.7" but CI uses golang-1.21; update the CI
and build images and optionally reintroduce a toolchain pin: change the CI
config referenced in .ci-operator.yaml to use a golang-1.25 (or golang-1.25.7)
release image instead of golang-1.21, update Dockerfile.image-service-build to
pin the Go toolset to a precise 1.25.7 package/version (instead of a loose
"1.25"), and if you need hermetic builds add back a "toolchain go1.25.7"
directive in go.mod so the declared toolchain matches CI and local builds.
---
Nitpick comments:
In `@go.mod`:
- Around line 6-8: The go.mod upgrade to github.com/diskfs/go-diskfs v1.9.1 may
introduce API/behavior changes; verify compilation and runtime behavior by
rebuilding and running tests, then exercise all code paths that call into
go-diskfs (look for imports of "github.com/diskfs/go-diskfs" and functions that
create images, partitions, or filesystems) and update uses of any changed
types/options (e.g., image/partition creation options, filesystem read/write
calls) to match the new API; if you lack coverage, add a small smoke test that
programmatically creates a disk image, writes a partition/FS, mounts or reads
back files, and asserts expected contents to catch regressions early.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml
Review profile: CHILL
Plan: Enterprise
Run ID: 5f9c141e-bec6-4111-b3fe-ae933a4a32fb
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (1)
go.mod
| go 1.25.0 | ||
|
|
||
| toolchain go1.25.5 | ||
| go 1.25.7 |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Read-only verification:
# 1) confirm go.mod go directive and that toolchain directive is absent
# 2) verify go1.25.7 exists on go.dev/dl
# 3) scan common CI configs for Go version pins (informational)
set -euo pipefail
GO_VER="$(awk '/^go[[:space:]]+[0-9]+\.[0-9]+(\.[0-9]+)?$/ {print $2; exit}' go.mod)"
echo "go.mod go directive: ${GO_VER}"
if rg -n '^toolchain[[:space:]]+' go.mod >/dev/null 2>&1; then
echo "toolchain directive: PRESENT"
rg -n '^toolchain[[:space:]]+' go.mod
else
echo "toolchain directive: ABSENT"
fi
python3 - <<'PY'
import json, sys, urllib.request, ssl, os
go_ver = os.environ.get("GO_VER")
if not go_ver:
print("GO_VER not set"); sys.exit(1)
url = "https://go.dev/dl/?mode=json"
data = json.loads(urllib.request.urlopen(url, timeout=20).read().decode("utf-8"))
target = "go" + go_ver
matches = [x for x in data if x.get("version") == target]
print(f"Looking for {target}: {'FOUND' if matches else 'NOT FOUND'}")
if not matches:
raise SystemExit(2)
PY
echo "Scanning repo for Go version pins in common CI locations (best-effort):"
rg -n --hidden --glob '!**/vendor/**' '(go-version|GOVERSION|setup-go|GOTOOLCHAIN|toolchain go)' . || trueRepository: openshift/assisted-image-service
Length of output: 147
🏁 Script executed:
#!/bin/bash
# Extract Go version and verify it exists on go.dev/dl
GO_VER="1.25.7"
echo "Verifying go1.25.7 availability..."
python3 <<'PY'
import json
import urllib.request
url = "https://go.dev/dl/?mode=json"
try:
data = json.loads(urllib.request.urlopen(url, timeout=20).read().decode("utf-8"))
target = "go1.25.7"
matches = [x for x in data if x.get("version") == target]
if matches:
print(f"✓ {target} EXISTS on go.dev/dl")
print(f" Release info: {matches[0].get('released', 'N/A')}")
else:
print(f"✗ {target} NOT FOUND on go.dev/dl")
# Show available 1.25.x versions
versions_125 = sorted([x.get("version") for x in data if x.get("version", "").startswith("go1.25")], reverse=True)[:5]
print(f" Available 1.25.x versions: {versions_125}")
except Exception as e:
print(f"Error querying go.dev: {e}")
PY
echo ""
echo "Checking for CI configuration files and Go version pins..."
# Find CI config files
find . -type f \( -name ".gitlab-ci.yml" -o -name "*.yml" -o -name "*.yaml" -o -path "*/.github/workflows/*" -o -name "Dockerfile*" -o -name "*.mk" \) ! -path "*/vendor/*" ! -path "*/.git/*" 2>/dev/null | head -20
echo ""
echo "Scanning for Go version references in CI/config files..."
rg -n "go.*version|GOVERSION|setup-go" --type yaml --type dockerfile . 2>/dev/null || echo "(No matches found)"Repository: openshift/assisted-image-service
Length of output: 1050
🏁 Script executed:
#!/bin/bash
echo "=== Dockerfile.image-service-build (build stage) ==="
cat -n Dockerfile.image-service-build | head -50
echo ""
echo "=== .ci-operator.yaml (CI operator config) ==="
head -100 .ci-operator.yaml
echo ""
echo "=== Checking .tekton/ files for golang references ==="
rg -n "golang|go image" ./.tekton/ --type yaml || echo "(no golang image refs found)"Repository: openshift/assisted-image-service
Length of output: 1321
Update CI configuration: go.mod requires Go 1.25.7 but CI is pinned to Go 1.21.
You bumped go 1.25.7 in go.mod (Line 3) and removed the toolchain directive. However, .ci-operator.yaml still specifies golang-1.21 in its build root image:
build_root_image:
name: release
namespace: openshift
tag: rhel-9-release-golang-1.21-openshift-4.16
This causes a version mismatch: the module declares a minimum Go version of 1.25.7, but CI uses 1.21. Builds will fail in CI with "go requires go 1.25.7" errors.
Required fixes:
- Update
.ci-operator.yamlto usegolang-1.25(or1.25.7if available) instead ofgolang-1.21. - Update
Dockerfile.image-service-buildto pin the go-toolset version more precisely (currently uses1.25, which may not guarantee 1.25.7). - If hermetic builds are required, reintroduce
toolchain go1.25.7ingo.mod(or ensure CI/dev environments will not accidentally use an older Go).
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@go.mod` at line 3, go.mod now requires "go 1.25.7" but CI uses golang-1.21;
update the CI and build images and optionally reintroduce a toolchain pin:
change the CI config referenced in .ci-operator.yaml to use a golang-1.25 (or
golang-1.25.7) release image instead of golang-1.21, update
Dockerfile.image-service-build to pin the Go toolset to a precise 1.25.7
package/version (instead of a loose "1.25"), and if you need hermetic builds add
back a "toolchain go1.25.7" directive in go.mod so the declared toolchain
matches CI and local builds.
| github.com/pierrec/lz4/v4 v4.1.17 // indirect | ||
| github.com/pkg/xattr v0.4.9 // indirect | ||
| github.com/pkg/xattr v0.4.12 // indirect | ||
| github.com/prometheus/client_model v0.6.2 // indirect |
There was a problem hiding this comment.
Review indirect pkg/xattr bump for platform xattr behavior.
github.com/pkg/xattr is updated to v0.4.12 (Line 37, indirect). Since xattr behavior can be OS/filesystem-specific, ensure any tests that cover extended attributes still pass across the supported environments.
If there are no tests covering xattr, consider adding a minimal unit/integration test (guarded/skipped when unsupported) to reduce risk from subtle behavior changes.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@go.mod` around lines 36 - 38, The indirect dependency github.com/pkg/xattr
was bumped to v0.4.12 which can change OS/filesystem-specific xattr behavior;
add or update tests that exercise extended-attribute operations using the xattr
package (e.g., calls to xattr.Set, xattr.Get, xattr.List) and ensure they are
conditionally skipped on unsupported platforms/filesystems (use build tags or
runtime checks for OS/errno), run them in CI on supported platforms, and if
behavior changed, adapt call sites or add compatibility handling around xattr
operations to preserve existing semantics.
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: dependabot[bot] The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
1 similar comment
|
[APPROVALNOTIFIER] This PR is APPROVED Approval requirements bypassed by manually added approval. This pull-request has been approved by: dependabot[bot] The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
@dependabot[bot]: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
1 participant
Bumps the go-dependencies group with 4 updates in the / directory: github.com/diskfs/go-diskfs, github.com/hashicorp/go-version, github.com/onsi/gomega and golang.org/x/sync.
Updates
github.com/diskfs/go-diskfsfrom 1.7.1-0.20251217162235-58541aa8f559 to 1.9.1Commits
Updates
github.com/hashicorp/go-versionfrom 1.8.0 to 1.9.0Release notes
Sourced from github.com/hashicorp/go-version's releases.
Changelog
Sourced from github.com/hashicorp/go-version's changelog.
Commits
b80b1e6Update CHANGELOG for version 1.9.0 (#187)e93736fBump the github-actions-backward-compatible group across 1 directory with 2 u...c009de0Bump actions/upload-artifact from 6.0.0 to 7.0.0 in the github-actions-breaki...0474357Update GitHub Actions to trigger on pull requests and update go version (#185)b4ab5fcSupport parsing versions with custom prefixes via opt-in option (#79)25c683bMerge pull request #182 from hashicorp/dependabot/github_actions/github-actio...4f2bcd8Bump the github-actions-backward-compatible group with 3 updatesacb8b18Merge pull request #180 from hashicorp/dependabot/github_actions/github-actio...0394c4fMerge pull request #179 from hashicorp/dependabot/github_actions/github-actio...b2fbaa7Bump the github-actions-backward-compatible group across 1 directory with 2 u...Updates
github.com/onsi/gomegafrom 1.39.1 to 1.40.0Release notes
Sourced from github.com/onsi/gomega's releases.
Changelog
Sourced from github.com/onsi/gomega's changelog.
Commits
87ee9d3v1.40.0ea66027v1.40.0 (full)e3fd789update docs to reflect new versioning strategy7d4ee30first push to master-litee4a82d1Bump github/codeql-action from 3 to 4 (#875)af62723Bump rexml from 3.4.0 to 3.4.2 in /docs (#870)e164221Bump github.com/onsi/ginkgo/v2 from 2.28.0 to 2.28.1 (#895)334a282Bump faraday from 2.12.2 to 2.14.1 in /docs (#896)Updates
golang.org/x/syncfrom 0.19.0 to 0.20.0Commits
ec11c4aerrgroup: fix a typo in the documentation1a58307all: modernize interface{} -> any3172ca5all: upgrade go directive to at least 1.25.0 [generated]Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsSummary by CodeRabbit