Skip to content

ROSA-745: boilerplate-update and enable MintMaker gomod#555

Closed
MitaliBhalla wants to merge 1 commit into
openshift:masterfrom
MitaliBhalla:rosa-745-mintmaker-gomod
Closed

ROSA-745: boilerplate-update and enable MintMaker gomod#555
MitaliBhalla wants to merge 1 commit into
openshift:masterfrom
MitaliBhalla:rosa-745-mintmaker-gomod

Conversation

@MitaliBhalla

@MitaliBhalla MitaliBhalla commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

Summary

  • make boilerplate-update (includes boilerplate #748 dependabot template)
  • .github/renovate.jsonenabledManagers: [tekton, gomod] for MintMaker gomod PRs

Test plan

  • CI green

Jira: ROSA-745

Summary by CodeRabbit

  • Chores
    • Updated dependency management automation configuration to explicitly enable additional manager support for improved dependency handling.

@coderabbitai

coderabbitai Bot commented Jun 12, 2026

Copy link
Copy Markdown

Note

Currently processing new changes in this PR. This may take a few minutes, please wait...

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b44378d2-e753-4c0d-9783-cf0ab217a007

📥 Commits

Reviewing files that changed from the base of the PR and between e2896c8 and f03a560.

📒 Files selected for processing (2)
  • .github/renovate.json
  • e2e.test

Walkthrough

The pull request updates .github/renovate.json to explicitly configure Renovate to enable the tekton and gomod managers via a new enabledManagers array. The extends array termination is adjusted with a trailing comma to support the additional configuration.

Changes

Renovate Configuration

Layer / File(s) Summary
Enable tekton and gomod managers
.github/renovate.json
A top-level enabledManagers array is added to explicitly enable tekton and gomod dependency managers, with the extends array adjusted to include a trailing comma.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes


Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 3 warnings)

Check name Status Explanation Resolution
Ote Binary Stdout Contract ❌ Error PR adds two stdout violations: cmd/main.go line 48 sets klog.SetOutput(os.Stdout) in main(), and cmd/fips.go line 15 has fmt.Println in init(). Both corrupt OTE JSON communication. Change line 48 in cmd/main.go to klog.SetOutput(os.Stderr) or klog.LogToStderr(true), and remove fmt.Println from cmd/fips.go init() or redirect it to os.Stderr.
Microshift Test Compatibility ⚠️ Warning New Ginkgo e2e tests reference MicroShift-unavailable APIs (FeatureGate, ClusterVersion from config.openshift.io) and multi-node assumptions without [apigroup:] tags or [Skipped:MicroShift] labels. Add [apigroup:config.openshift.io] tags to affected tests or [Skipped:MicroShift] labels. Add skip checks for multi-node assumptions in pod scheduling tests.
Single Node Openshift (Sno) Test Compatibility ⚠️ Warning The PR adds new Ginkgo e2e tests (test/e2e/validation_webhook_tests.go) with multiple multi-node assumptions: tests expect infra/master nodes to exist (e.g., "blocks modifications to nodes" expects... Add SNO compatibility checks to multi-node tests or apply [Skipped:SingleReplicaTopology] labels; alternatively, guard tests with infrastructure.Status.ControlPlaneTopology checks.
Ipv6 And Disconnected Network Test Compatibility ⚠️ Warning New e2e Ginkgo tests pull images from external registries (quay.io/jitesoft/nginx:mainline, registry.access.redhat.com) without [Skipped:Disconnected] markers, failing in disconnected environments. Add [Skipped:Disconnected] marker to test names pulling external images or use internal registry mirrors. Alternatively, dynamically detect environment and skip tests requiring external connectivity.
✅ Passed checks (11 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title references ROSA-745 and mentions enabling MintMaker gomod, which aligns with the PR's primary objective of updating renovate.json to enable gomod, though it also references a boilerplate-update that is part of the changeset.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed All Ginkgo test names in the PR are stable and deterministic—containing only static descriptive strings with no dynamic content like generated suffixes, timestamps, UUIDs, or runtime identifiers.
Test Structure And Quality ✅ Passed Custom check for Ginkgo test structure not applicable. PR adds standard Go unit tests using testing.T, not Ginkgo BDD tests with Describe/It blocks, BeforeEach/AfterEach, or Eventually/Consistently...
Topology-Aware Scheduling Compatibility ✅ Passed PR modifies only CI/CD configuration (.github/renovate.json) and boilerplate files, not deployment manifests, operator code, or controller implementations. No scheduling constraints are introduced.
No-Weak-Crypto ✅ Passed PR contains only configuration file changes (.github/renovate.json and boilerplate-update); no weak cryptography patterns (MD5, SHA1, DES, RC4, Blowfish, ECB), custom crypto, or insecure comparison...
Container-Privileges ✅ Passed No privileged container settings (privileged: true, hostPID, hostNetwork, hostIPC, SYS_ADMIN, allowPrivilegeEscalation: true) found in K8s/Tekton manifests added in this PR.
No-Sensitive-Data-In-Logs ✅ Passed No logging statements expose passwords, tokens, API keys, PII, or other sensitive data. Secrets are properly stored in environment variables without direct echoing, relying on GitHub Actions' autom...
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label Jun 12, 2026
@openshift-ci-robot

openshift-ci-robot commented Jun 12, 2026

Copy link
Copy Markdown

@MitaliBhalla: This pull request references ROSA-745 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the initiative to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

  • make boilerplate-update (includes boilerplate #748 dependabot template)
  • .github/renovate.jsonenabledManagers: [tekton, gomod] for MintMaker gomod PRs

Test plan

  • CI green

Jira: ROSA-745

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot requested review from diakovnec and tnierman June 12, 2026 08:17
@openshift-ci

openshift-ci Bot commented Jun 12, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: MitaliBhalla

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci Bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 12, 2026
@MitaliBhalla

Copy link
Copy Markdown
Contributor Author

/retest-required

1 similar comment
@MitaliBhalla

Copy link
Copy Markdown
Contributor Author

/retest-required

@MitaliBhalla MitaliBhalla force-pushed the rosa-745-mintmaker-gomod branch from 9699e0d to f27ecfa Compare June 12, 2026 09:54
@MitaliBhalla

Copy link
Copy Markdown
Contributor Author

/retest-required

1 similar comment
@MitaliBhalla

Copy link
Copy Markdown
Contributor Author

/retest-required

@xiaoyu74

Copy link
Copy Markdown
Contributor

can see you've closed the previous #554 and created this new #555 , could you clarify a bit why #554 was closed and replaced by #555?

Comment thread .github/renovate.json
"extends": [
"github>openshift/boilerplate//.github/renovate.json"
],
"enabledManagers": [

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this MCVW really needs this explicitly for MintMaker gomod to run, instead of relying only on the inherited boilerplate renovate config?

as you mentioned earlier pagerduty-operator was used as a reference case, but I want to understand whether this is a `Renovate/MintMaker merge behavior or a rollout workaround?

@xiaoyu74

Copy link
Copy Markdown
Contributor

btw, can see we have one konflux CI job failed, once we understand the reduced scope in this new #555 and CI it's green, it should be much easier to review.

@MitaliBhalla MitaliBhalla force-pushed the rosa-745-mintmaker-gomod branch from f27ecfa to e2896c8 Compare June 16, 2026 08:36

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/renovate.json:
- Around line 6-8: You have duplicate dependency management for Go modules: the
`gomod` manager is enabled in Renovate's enabledManagers configuration, and
`.github/dependabot.yml` also has an active `gomod` package-ecosystem entry.
This causes both tools to create separate PRs for the same dependencies. Choose
one tool to manage Go module dependencies and disable it in the other. Either
remove `gomod` from the enabledManagers array in the Renovate configuration, or
remove the gomod package-ecosystem entry from the Dependabot configuration—pick
one tool to be the single source of truth for gomod updates.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 3a9f0c87-0a2b-4d47-a6a7-57b27a067cb0

📥 Commits

Reviewing files that changed from the base of the PR and between 36fcd16 and e2896c8.

⛔ Files ignored due to path filters (2)
  • boilerplate/_data/last-boilerplate-commit is excluded by !boilerplate/**
  • boilerplate/_lib/subscriber-propose-update is excluded by !boilerplate/**
📒 Files selected for processing (1)
  • .github/renovate.json

Comment thread .github/renovate.json
Comment on lines +6 to +8
"enabledManagers": [
"tekton",
"gomod"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Read-only check for potential duplicate gomod automation across Renovate and Dependabot.

set -euo pipefail

echo "== Renovate managers =="
if [ -f .github/renovate.json ]; then
  sed -n '1,200p' .github/renovate.json | nl -ba
else
  echo ".github/renovate.json not found"
fi

echo
echo "== Dependabot gomod entries (if any) =="
if [ -f .github/dependabot.yml ]; then
  nl -ba .github/dependabot.yml | sed -n '1,260p'
  echo
  rg -n -C3 'package-ecosystem:\s*"gomod"|package-ecosystem:\s*gomod' .github/dependabot.yml || true
else
  echo ".github/dependabot.yml not found"
fi

Repository: openshift/managed-cluster-validating-webhooks

Length of output: 174


🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Renovate configuration (.github/renovate.json) =="
if [ -f .github/renovate.json ]; then
  cat -n .github/renovate.json | head -20
else
  echo ".github/renovate.json not found"
fi

echo
echo "== Dependabot configuration (.github/dependabot.yml) =="
if [ -f .github/dependabot.yml ]; then
  cat -n .github/dependabot.yml
  echo
  echo "== Searching for gomod in dependabot.yml =="
  rg -n 'gomod' .github/dependabot.yml || echo "No 'gomod' found in dependabot.yml"
else
  echo ".github/dependabot.yml not found"
fi

Repository: openshift/managed-cluster-validating-webhooks

Length of output: 1721


Remove gomod from Renovate's enabledManagers or from Dependabot.

The gomod manager is now enabled in Renovate (line 8), but .github/dependabot.yml still has an active gomod package-ecosystem entry (line 16). Both systems will attempt to manage the same dependencies, creating duplicate PR streams. Choose one tool for gomod updates and disable it in the other.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/renovate.json around lines 6 - 8, You have duplicate dependency
management for Go modules: the `gomod` manager is enabled in Renovate's
enabledManagers configuration, and `.github/dependabot.yml` also has an active
`gomod` package-ecosystem entry. This causes both tools to create separate PRs
for the same dependencies. Choose one tool to manage Go module dependencies and
disable it in the other. Either remove `gomod` from the enabledManagers array in
the Renovate configuration, or remove the gomod package-ecosystem entry from the
Dependabot configuration—pick one tool to be the single source of truth for
gomod updates.

Add enabledManagers tekton/gomod in renovate.json; boilerplate-update
when no equivalent upstream PR is already open.
@MitaliBhalla MitaliBhalla force-pushed the rosa-745-mintmaker-gomod branch from e2896c8 to f03a560 Compare July 1, 2026 06:49
@MitaliBhalla

MitaliBhalla commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Refreshed branch: minimal ROSA-745 diff (renovate enabledManagers; boilerplate-update only if no parallel boilerplate PR).

@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

@MitaliBhalla: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@MitaliBhalla

MitaliBhalla commented Jul 1, 2026

Copy link
Copy Markdown
Contributor Author

Closing ROSA-745 fleet PR — superseded by corrected rollout plan.

Problem: these PRs bundled redundant repo-root enabledManagers (already inherited via extends openshift/boilerplate #748), unnecessary boilerplate churn, and PKO/fixture noise. A fresh minimal PR per repo will follow the correct model.

Jira: ROSA-745

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants