Skip to content

Update docker.io/library/golang Docker tag to v1.26.4 (main)#3372

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main-main/docker.io-library-golang-1.26.x
Open

Update docker.io/library/golang Docker tag to v1.26.4 (main)#3372
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main-main/docker.io-library-golang-1.26.x

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change Pending
docker.io/library/golang stage patch 1.26.31.26.4 1.26.5

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 28, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 1:08 AM UTC · Completed 1:15 AM UTC
Commit: 47d3320 · View workflow run →

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 28, 2026

Copy link
Copy Markdown

Review — #3372

Verdict: ✅ Approve

Summary

This is a single-line, automated patch version bump of the Go build image in Dockerfile from golang:1.26.3 to golang:1.26.4, generated by MintMaker/Renovate. The change is mechanically correct and introduces no logic, security, style, or documentation concerns.

Dimension Results

Dimension Result Notes
Correctness ✅ Pass (2 low) Version skew with other Go version references is expected with separate Renovate rules
Security ✅ Pass No secrets, injection vectors, or permission changes
Intent & Coherence ✅ Pass Mechanical dependency bump; authorization implicit
Style & Conventions ✅ Pass Value-only change follows existing pattern
Documentation ✅ Pass No public symbols or behavioral changes
Cross-repo Contracts ⏭ Skipped No exported interfaces modified

Low-severity Observations

  1. Go version skew — Dockerfile.dist (Dockerfile, line 19): This PR bumps Dockerfile to Go 1.26.4 while Dockerfile.dist still uses ubi9/go-toolset:1.26.3 (pinned by digest). These are different base images managed by separate Renovate rules, so the temporary skew is expected and will resolve when the go-toolset:1.26.4 image is published and picked up.

  2. Go version skew — go.mod / .tool-versions (Dockerfile, line 19): Several files (.tool-versions, go.mod, tools/go.mod, tools/kubectl/go.mod, acceptance/go.mod) still reference Go 1.26.3. These are managed independently and the patch-level discrepancy is benign for Go's compatibility guarantees.


Protected paths detected — this PR modifies files under one or more
protected paths. The review agent cannot approve PRs that touch these paths.
A human reviewer must approve this PR.

Protected files in this PR:

  • Dockerfile
Previous run

Review

Findings

High

  • [protected-path] Dockerfile:19 — This PR modifies Dockerfile, which is a protected infrastructure file requiring human approval. The PR has no linked issue providing authorization for the change. While the PR is a Renovate-managed patch bump of the Go base image (1.26.31.26.4), protected-path changes always require explicit human review and approval regardless of the change's nature.
    Remediation: A human reviewer with infrastructure approval authority should verify and approve this Dockerfile change.
Previous run (2)

Review

Findings

Medium

  • [protected-path] Dockerfile — This PR modifies Dockerfile, which is a protected path requiring human approval. The PR is an automated Renovate dependency update (golang 1.26.3 → 1.26.4) with a clear rationale in the PR body, but human review is always required for changes to governance and infrastructure files regardless of context.

Labels: PR modifies the Dockerfile to bump a dependency version.

@fullsend-ai-review fullsend-ai-review Bot added requires-manual-review Review requires human judgment docker Pull requests that update Docker code dependencies Pull requests that update a dependency file labels Jun 28, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/docker.io-library-golang-1.26.x branch from 93943cb to 48696b2 Compare July 3, 2026 01:36
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 3, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 1:39 AM UTC · Completed 1:44 AM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review fullsend-ai-review Bot removed the requires-manual-review Review requires human judgment label Jul 3, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/docker.io-library-golang-1.26.x branch from 48696b2 to 9bcbd75 Compare July 7, 2026 01:44
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/docker.io-library-golang-1.26.x branch from 9bcbd75 to 76d8bf9 Compare July 8, 2026 01:48
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 8, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 1:49 AM UTC · Completed 1:54 AM UTC
Commit: 7c8ccca · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot dismissed their stale review July 8, 2026 01:53

Superseded by updated review

@fullsend-ai-review fullsend-ai-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See the review comment for full details.

Comment thread Dockerfile
## Build

FROM docker.io/library/golang:1.26.3 AS build
FROM docker.io/library/golang:1.26.4 AS build

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[low] version-skew

Go version skew between Dockerfile (now 1.26.4) and Dockerfile.dist (still go-toolset:1.26.3). These are different base images managed by separate Renovate rules, so temporary skew is expected. Confirm Dockerfile.dist will receive its own bump once go-toolset:1.26.4 is published.

Comment thread Dockerfile
## Build

FROM docker.io/library/golang:1.26.3 AS build
FROM docker.io/library/golang:1.26.4 AS build

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[low] version-skew

Go version skew between Dockerfile build image (now 1.26.4) and .tool-versions, go.mod, tools/go.mod, tools/kubectl/go.mod, acceptance/go.mod (all still 1.26.3). These are managed by separate Renovate rules and the patch-level discrepancy is benign for Go compatibility guarantees.

@fullsend-ai-review fullsend-ai-review Bot added the requires-manual-review Review requires human judgment label Jul 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file docker Pull requests that update Docker code main renovate requires-manual-review Review requires human judgment size: XS

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants