Rosaeng 60410 bump ubi image

[tkong-redhat]

Rosaeng 60410 bump ubi image for testing pipeline.
Code has been tested

Summary by CodeRabbit

• Chores
  • Updated CI/build tooling versions, including Renovate configuration, Go toolchain, linting, and container base images.
  • Refreshed Go module dependencies, including Kubernetes and Prometheus-related libraries.
• Bug Fixes
  • Corrected inconsistent placeholder spelling in notification templates, alert labels/annotations, and related test constants.
  • Adjusted webhook handler tests to use the correct notification name/type in mocked client calls.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: tkong-redhat

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [tkong-redhat]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 9be32f51-d915-4354-8387-b48579f305db

📥 Commits

Reviewing files that changed from the base of the PR and between 664dfd3 and 6284abd.

⛔ Files ignored due to path filters (1)

• go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• go.mod

---

Walkthrough

This PR updates CI and lint configuration, bumps Go and container dependencies, adjusts test constants and webhook expectations, and removes members from two OWNERS alias lists.

Changes

Repository maintenance updates

Layer / File(s)	Summary
CI and lint config .ci-operator.yaml, .github/renovate.json, .golangci.yml, Makefile	CI image tagging, Renovate setup, golangci-lint configuration, and the lint installer version are updated.
Go and image dependency bumps build/Dockerfile, test/e2e/Dockerfile, go.mod	The Go toolchain, module requirements, and container base images are updated.
Test constants and webhook expectations pkg/consts/test/test.go, pkg/handlers/webhookreceiver_test.go, pkg/handlers/webhookrhobsreceiver_test.go	Test notification placeholders and webhook handler mocks now use the updated spelling and managed notification types.
OWNERS alias edits OWNERS_ALIASES	Selected members are removed from two OWNERS alias lists.

Estimated review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• openshift/ocm-agent#242: Updates the same build_root_image.tag area in .ci-operator.yaml.

Suggested labels

lgtm

Suggested reviewers

• vaidehi411
• xiaoyu74

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 2 warnings)

Check name	Status	Explanation	Resolution
No-Sensitive-Data-In-Logs	❌ Error	Webhook handlers log full AMReceiverData/alert structs, and serve.go logs the configured OCM URL; these can expose hostnames and customer data.	Remove struct-dump logging, avoid logging URLs/IDs directly, and redact or whitelist any alert fields before logging.
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Ipv6 And Disconnected Network Test Compatibility	⚠️ Warning	New Ginkgo e2e tests call external OCM APIs and the e2e job pulls osde2e from quay.io, so they need public network access.	Add IPv6/disconnected CI coverage or eliminate public OCM/quay dependencies by mirroring images and replacing external OCM calls with internal mocks/fixtures.

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly captures the main change: bumping the UBI image used by the pipeline.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PASS: The touched Ginkgo tests use only static string-literal titles, and a repo-wide scan found no dynamic title construction.
Test Structure And Quality	✅ Passed	The touched Ginkgo tests only update fixture field names/imports; they already use BeforeEach/AfterEach and add no new waits or resource setup issues.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added; the only test/e2e change is Dockerfile, and the touched Go tests are unit tests, not MicroShift-targeted e2e.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	New e2e tests exercise deployments, HTTP health checks, and alert flow only; no multi-node/HA assumptions or SNO-specific skips are present.
Topology-Aware Scheduling Compatibility	✅ Passed	Changed files are CI/build/test configs; the only deployment template sets replicas:2 and adds no affinity, nodeSelector, topologySpread, or PDB rules.
Ote Binary Stdout Contract	✅ Passed	Only go.mod and go.sum changed vs parent; no process-level Go code or stdout writes were modified.
No-Weak-Crypto	✅ Passed	Changed files contain no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB usage or secret/token comparisons; edits are config, deps, and tests only.
Container-Privileges	✅ Passed	No changed manifest introduces privileged/root escalation; checked files use runAsNonRoot:true, allowPrivilegeEscalation:false, or USER 1000.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

build/Dockerfile (1)

10-10: 🔒 Security & Privacy | 🔵 Trivial | 💤 Low value

Consider a floating tag for the Red Hat base image.

This pins ubi-minimal to a specific build (9.8-1782191395). Red Hat manages updates (CVE patches) on floating tags such as 9.8, so a floating tag lets you pick up security fixes automatically without a manual bump. If reproducibility is the intent here, that's a valid tradeoff—just confirm it's deliberate.

As per path instructions: "Red Hat images: use floating tags (Red Hat manages updates); non-RH images: pin by digest".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@build/Dockerfile` at line 10, The Docker base image is pinned to a specific
Red Hat build instead of using the intended floating tag. Update the FROM
reference in the Dockerfile to use the floating ubi-minimal tag managed by Red
Hat, and keep any version pinning only if reproducibility is explicitly
required. Use the existing base image reference to locate the change.

Source: Path instructions

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@go.mod`:
- Line 119: The Kubernetes dependency set is mixed across minor versions, with
k8s.io/apiextensions-apiserver still on the older 0.33 line while the rest of
the core k8s.io/* modules are on 0.35.2. Update the module versions in go.mod as
a coordinated set so the Kubernetes stack stays on one minor line, and verify
any controller-runtime-related transitive pulls are aligned as part of the same
dependency refresh rather than changing k8s.io/apiextensions-apiserver alone.

---

Nitpick comments:
In `@build/Dockerfile`:
- Line 10: The Docker base image is pinned to a specific Red Hat build instead
of using the intended floating tag. Update the FROM reference in the Dockerfile
to use the floating ubi-minimal tag managed by Red Hat, and keep any version
pinning only if reproducibility is explicitly required. Use the existing base
image reference to locate the change.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 8b371679-d746-4e46-a900-498a7170df10

📥 Commits

Reviewing files that changed from the base of the PR and between a7983be and 664dfd3.

⛔ Files ignored due to path filters (5)

• boilerplate/_data/backing-image-tag is excluded by !boilerplate/**
• boilerplate/_data/last-boilerplate-commit is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-e2e/update is excluded by !boilerplate/**
• boilerplate/openshift/osd-container-image/OWNERS_ALIASES is excluded by !boilerplate/**
• go.sum is excluded by !**/*.sum

📒 Files selected for processing (11)

• .ci-operator.yaml
• .github/renovate.json
• .golangci.yml
• Makefile
• OWNERS_ALIASES
• build/Dockerfile
• go.mod
• pkg/consts/test/test.go
• pkg/handlers/webhookreceiver_test.go
• pkg/handlers/webhookrhobsreceiver_test.go
• test/e2e/Dockerfile

💤 Files with no reviewable changes (1)

• OWNERS_ALIASES

[openshift-ci]

@tkong-redhat: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 55.67%. Comparing base (a7983be) to head (6284abd).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #246   +/-   ##
=======================================
  Coverage   55.67%   55.67%           
=======================================
  Files          23       23           
  Lines        1895     1895           
=======================================
  Hits         1055     1055           
  Misses        785      785           
  Partials       55       55           

Files with missing lines	Coverage Δ
pkg/consts/test/test.go	26.64% <100.00%> (ø)

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.