build(deps): bump sigs.k8s.io/controller-runtime/tools/setup-envtest from 0.0.0-20260125163108-a19ec76a3c5d to 0.24.0 in /hack/tools in the k8s-dependencies group

[dependabot]

Bumps the k8s-dependencies group in /hack/tools with 1 update: sigs.k8s.io/controller-runtime/tools/setup-envtest.

Updates sigs.k8s.io/controller-runtime/tools/setup-envtest from 0.0.0-20260125163108-a19ec76a3c5d to 0.24.0

Release notes

Sourced from sigs.k8s.io/controller-runtime/tools/setup-envtest's releases.

v0.24.0

⚠️ Breaking Changes

• Dependencies: Update to k8s.io/* v1.36 (#3506 #3462 #3486 #3450)

🐛 Bug Fixes

• Cache: Fix IndexField blocking until informer is synced (#3445)
• Cache: Wait for cache sync when ReaderFailOnMissingInformer is true (#3425)
• Client: Update typed ApplyConfigurations with server response (#3475)
• Fakeclient: Fix SSA status patch resource version check (#3443)
• Fakeclient: Fix panic when using CRs with embedded pointer structs (#3431)
• Fakeclient: Fix status apply if existing object has managedFields set (#3430)
• Fakeclient: Retry GenerateName on AlreadyExists collisions (#3498)
• HTTP servers: Wire up base context into http servers (#3452)

🌱 Others

• Builder/Webhooks: Remove deprecated custom path function (#3465)
• Cache: Test cache reader waits for cache sync (#3434)
• Certwatcher: Deflake certwatcher tests (#3457)
• Dependencies: Use forked version of btree (#3449)
• Envtest: Ensure envtest stops the whole process group (#3447)
• Logging: Add missing space in zap-log-level flag description (#3492)
• Misc: Adopt new(x) over ptr.To(x) and re-enable newexpr lint (#3489)
• Owners: Cleanup (#3453)
• Recorder: Add logger into context for structured logging (#3454)
• Recorder: Switch to StartLogging for event debug logs (#3451)
• Scheme: Deprecate the scheme builder (#3461)
• Source/Kind: Improve logging for dynamic type kind source (#3494)
• Webhooks: Reduce memory usage of default webhooks (#3463 #3468)

🌱 CI & linters

• Chore: Update golangci-lint version to v2.8.0 (#3448)
• Chore: Update golangci-lint version to v2.10.1 (#3470)
• Chore: Update golangci-lint version to v2.11.3 (#3482)
• Migrate away from custom GitHub action approval workflow (#3491)
• Release: Auto-create git tags for the tools/setup-envtest submodule (#3476)

📖 Additionally, there has been 1 contribution to our documentation. (#3477)

Dependencies

Added

• github.com/cenkalti/backoff/v5: v5.0.3
• gonum.org/v1/gonum: v0.16.0
• k8s.io/streaming: v0.36.0

Changed

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Summary by CodeRabbit

• Chores
  • Upgraded Go toolchain from version 1.25.7 to 1.26.0 for latest language runtime improvements
  • Updated Kubernetes API machinery dependencies to version 0.36.0 for enhanced compatibility
  • Updated test environment setup utilities and Protocol Buffer dependencies to latest stable versions
  • Routine maintenance updates to project dependencies for improved system stability

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 5b9c7316-9209-4b50-bd62-fe845c2162ad

📥 Commits

Reviewing files that changed from the base of the PR and between 0ee6567 and b30517f.

⛔ Files ignored due to path filters (16)

• hack/tools/go.sum is excluded by !**/*.sum
• hack/tools/vendor/google.golang.org/protobuf/encoding/protodelim/protodelim.go is excluded by !**/vendor/**
• hack/tools/vendor/google.golang.org/protobuf/encoding/protojson/decode.go is excluded by !**/vendor/**
• hack/tools/vendor/google.golang.org/protobuf/encoding/protojson/well_known_types.go is excluded by !**/vendor/**
• hack/tools/vendor/google.golang.org/protobuf/encoding/prototext/decode.go is excluded by !**/vendor/**
• hack/tools/vendor/google.golang.org/protobuf/internal/descfmt/stringer.go is excluded by !**/vendor/**
• hack/tools/vendor/google.golang.org/protobuf/internal/version/version.go is excluded by !**/vendor/**
• hack/tools/vendor/google.golang.org/protobuf/reflect/protodesc/desc_init.go is excluded by !**/vendor/**
• hack/tools/vendor/modules.txt is excluded by !**/vendor/**
• hack/tools/vendor/sigs.k8s.io/controller-runtime/tools/setup-envtest/README.md is excluded by !**/vendor/**
• hack/tools/vendor/sigs.k8s.io/controller-runtime/tools/setup-envtest/env/env.go is excluded by !**/vendor/**
• hack/tools/vendor/sigs.k8s.io/controller-runtime/tools/setup-envtest/env/exit.go is excluded by !**/vendor/**
• hack/tools/vendor/sigs.k8s.io/controller-runtime/tools/setup-envtest/env/helpers.go is excluded by !**/vendor/**
• hack/tools/vendor/sigs.k8s.io/controller-runtime/tools/setup-envtest/remote/http_client.go is excluded by !**/vendor/**
• hack/tools/vendor/sigs.k8s.io/controller-runtime/tools/setup-envtest/store/store.go is excluded by !**/vendor/**
• hack/tools/vendor/sigs.k8s.io/controller-runtime/tools/setup-envtest/versions/version.go is excluded by !**/vendor/**

📒 Files selected for processing (1)

• hack/tools/go.mod

---

📝 Walkthrough

Walkthrough

The hack/tools/go.mod file was updated to upgrade the Go toolchain version and several dependencies. The Go module toolchain requirement was bumped from version 1.25.7 to 1.26.0. The Kubernetes API machinery dependency k8s.io/apimachinery was upgraded from v0.34.3 to v0.36.0. The setup-envtest tool was updated to version v0.24.0. Additionally, the google.golang.org/protobuf indirect dependency was updated to a newer pseudo-version. These changes affect four lines in the manifest file.

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Title check	⚠️ Warning	The title focuses narrowly on bumping setup-envtest but the changeset includes multiple significant updates: Go toolchain bump (1.25.7→1.26.0), k8s.io/apimachinery upgrade (v0.34.3→v0.36.0), and protobuf dependency update, making the title only partially representative of the full change scope.	Revise the title to reflect the primary objective or most impactful change. Consider: 'build(deps): update Go toolchain and k8s dependencies in /hack/tools' or similar to better represent the multi-dependency update scope.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR is a dependency update modifying only hack/tools/go.mod with no changes to Ginkgo test files or test name definitions.
Test Structure And Quality	✅ Passed	This PR only modifies hack/tools/go.mod with dependency updates and no Ginkgo test code changes, making the test structure check inapplicable.
Microshift Test Compatibility	✅ Passed	PR only updates dependency versions in hack/tools/go.mod with no new Ginkgo e2e test code added, making this check not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This pull request only updates Go module dependencies and toolchain version in hack/tools/go.mod. No new Ginkgo e2e tests are added.
Topology-Aware Scheduling Compatibility	✅ Passed	PR only modifies Go build tooling dependencies in hack/tools/go.mod; no deployment manifests, operators, controllers, or runtime scheduling constraints affected.
Ote Binary Stdout Contract	✅ Passed	This PR modifies only hack/tools/go.mod with dependency updates. No source code changes affect stdout or violate the OTE Binary Stdout Contract.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	Pull request only updates Go module dependencies in hack/tools/go.mod file without adding new Ginkgo e2e test files or test code.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/hack/tools/k8s-dependencies-f437090dbb

---

_{Review rate limit: 8/10 reviews remaining, refill in 11 minutes and 58 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign bryan-cox for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@dependabot[bot]: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/images	b30517f	link	true	/test images

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[hypershift-jira-solve-ci]

The diff confirms the root cause. The PR changes go 1.25.7 → go 1.26.0 in hack/tools/go.mod and bumps k8s.io/apimachinery from v0.34.3 → v0.36.0. Now let me produce the final report.

Test Failure Analysis Complete

Job Information

• Prow Job: pull-ci-openshift-hypershift-main-images
• Build ID: 2050020033567920128
• PR: #8392 — build(deps): bump sigs.k8s.io/controller-runtime/tools/setup-envtest from 0.0.0-20260125163108-a19ec76a3c5d to 0.24.0 in /hack/tools
• Additional Failure: gitlint / Gitlint (GitHub Actions)

Test Failure Analysis

Error

# ci/prow/images (hypershift-tests image build):
go: go.mod requires go >= 1.26.0 (running go 1.25.8; GOTOOLCHAIN=local)
make: *** [Makefile:472: e2e] Error 1

# gitlint / Gitlint (GitHub Actions):
3: B1 Line exceeds max length (171>140): "Bumps the k8s-dependencies group in /hack/tools with 1 update: [sigs.k8s.io/controller-runtime/tools/setup-envtest](https://github.com/kubernetes-sigs/controller-runtime)."
make: *** [Makefile:598: run-gitlint] Error 1

Summary

Both failures stem from the Dependabot dependency bump of setup-envtest to v0.24.0. The primary failure (ci/prow/images) is a Go toolchain version incompatibility: the new setup-envtest v0.24.0 transitively pulls in k8s.io/apimachinery v0.36.0 (Kubernetes 1.36), which bumps hack/tools/go.mod from go 1.25.7 to go 1.26.0. The CI builder image (rhel-9-release-golang-1.25-openshift-4.23) only provides Go 1.25.8, and with GOTOOLCHAIN=local the build refuses to proceed. The secondary failure (gitlint) is cosmetic — Dependabot's auto-generated commit body line is 171 characters, exceeding the project's 140-character gitlint limit.

Root Cause

Failure 1 — ci/prow/images (Go toolchain mismatch):

The PR bumps sigs.k8s.io/controller-runtime/tools/setup-envtest from a pre-release commit to v0.24.0 in hack/tools/. This new version depends on k8s.io/apimachinery v0.36.0 (part of Kubernetes 1.36), which requires Go 1.26.0. The diff in hack/tools/go.mod explicitly shows the go directive changing from go 1.25.7 → go 1.26.0.

The hypershift-tests image build step executes make e2e hypershift, which includes building gotestsum from the hack/tools submodule:

cd ./hack/tools; GO111MODULE=on GOFLAGS=-mod=vendor GOWORK=off go build -tags=tools -o ../../bin/gotestsum gotest.tools/gotestsum

The CI builder image provides Go 1.25.8, and the Makefile enforces GOTOOLCHAIN=local (preventing auto-download of a newer toolchain). Go 1.25.8 sees the go 1.26.0 directive and refuses to compile, producing the fatal error. Only the hypershift-tests image was affected because only it builds from hack/tools/go.mod; the other 4 images (hypershift, hypershift-operator, hypershift-cli, src) build from the root go.mod which still uses go 1.25.x.

Failure 2 — gitlint (commit message formatting):

Dependabot auto-generates commit body text with inline Markdown links. Line 3 of the commit message is 171 characters, exceeding the project's gitlint rule B1 max-length of 140. This is a systemic issue with all Dependabot PRs that reference long dependency URLs.

Recommendations

For the Go toolchain failure (blocking):

1. Do not merge this PR as-is. The setup-envtest v0.24.0 requires Go 1.26.0 which is not available in the current CI builder images (rhel-9-release-golang-1.25-openshift-4.23).
2. Pin to a compatible version. Find the latest setup-envtest release that still supports Go 1.25.x (i.e., one that depends on k8s.io/apimachinery v0.34.x or v0.35.x, not v0.36.0). Dependabot should be configured with a version constraint to avoid pulling in Kubernetes 1.36 dependencies until the CI toolchain is updated.
3. Alternatively, wait for Go 1.26 CI images. If the project plans to adopt Go 1.26 soon, this PR can be held until the builder images are updated. Coordinate with the OpenShift build infrastructure team.
4. Close this PR if the dependency bump is not urgently needed, and let Dependabot re-create it when the CI toolchain supports Go 1.26.

For the gitlint failure (cosmetic):

1. If the PR is to be merged, use squash-merge and manually rewrite the commit message body to stay within the 140-character line limit.
2. Long-term: add a gitlint ignore rule for Dependabot commits (e.g., ignore-by-author-name=dependabot in .gitlint) to prevent this recurring issue.

Evidence

Evidence	Detail
Go version mismatch	hack/tools/go.mod changed from go 1.25.7 → go 1.26.0; CI has Go 1.25.8
Dependency chain	setup-envtest v0.24.0 → k8s.io/apimachinery v0.34.3 → v0.36.0 (requires Go 1.26.0)
Exact build error	go: go.mod requires go >= 1.26.0 (running go 1.25.8; GOTOOLCHAIN=local)
Failed image	hypershift-tests (step 6/6 in stage 1/2: RUN make e2e hypershift)
Failed make target	gotestsum build: cd ./hack/tools; go build -tags=tools -o ../../bin/gotestsum gotest.tools/gotestsum
Succeeded images	src, hypershift, hypershift-operator, hypershift-cli (all use root go.mod)
CI builder image	rhel-9-release-golang-1.25-openshift-4.23 (Go 1.25.8, GOTOOLCHAIN=local)
Gitlint violation	Rule B1: commit body line 3 is 171 chars (max 140) — auto-generated by Dependabot

---