Skip to content

chore (deps): bump go version to v1.26.4#1667

Merged
rohanKanojia merged 1 commit into
devfile:mainfrom
rohankanojia-forks:pr/bump-go-version-1-26-4
Jul 10, 2026
Merged

chore (deps): bump go version to v1.26.4#1667
rohanKanojia merged 1 commit into
devfile:mainfrom
rohankanojia-forks:pr/bump-go-version-1-26-4

Conversation

@rohanKanojia

@rohanKanojia rohanKanojia commented Jun 29, 2026

Copy link
Copy Markdown
Member

What does this PR do?

  • Updates go.mod toolchain directive to go1.26.4
    • Updates GitHub Actions workflows (pr.yml, code-coverage.yml, release.yml) to use Go 1.26.4
    • Updates .ci/oci.Dockerfile to install Go 1.26.4
    • Updates builder images in build/Dockerfile and project-clone/Dockerfile to Red Hat UBI9 go-toolset
      9.8-1783442369 pinned by digest: sha256:c451b481b8f26205bd34eab98a3566a559466cc8de125b4e7057a13f53d96cd3

What issues does this PR fix or reference?

Fixes CVEs:

Is it tested? How?

PR Checklist

  • E2E tests pass (when PR is ready, comment /test v8-devworkspace-operator-e2e, v8-che-happy-path to trigger)
    • v8-devworkspace-operator-e2e: DevWorkspace e2e test
    • v8-che-happy-path: Happy path for verification integration with Che

Summary by CodeRabbit

Summary by CodeRabbit

  • Chores
    • Updated the Go toolchain to 1.26.4 across build and CI environments.
    • Updated the Go toolchain directive in go.mod to match 1.26.4.
    • Refreshed pinned container base images used for building and validation.
    • Adjusted automated workflows (code coverage, PR validation, and release setup) to use 1.26.4.

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9bca4112-4482-4d80-b158-cf78b909e6a1

📥 Commits

Reviewing files that changed from the base of the PR and between fd0cca5 and 96f2f6c.

📒 Files selected for processing (7)
  • .ci/oci.Dockerfile
  • .github/workflows/code-coverage.yml
  • .github/workflows/pr.yml
  • .github/workflows/release.yml
  • build/Dockerfile
  • go.mod
  • project-clone/Dockerfile
✅ Files skipped from review due to trivial changes (4)
  • .github/workflows/code-coverage.yml
  • .github/workflows/pr.yml
  • .github/workflows/release.yml
  • .ci/oci.Dockerfile
🚧 Files skipped from review as they are similar to previous changes (3)
  • project-clone/Dockerfile
  • go.mod
  • build/Dockerfile

📝 Walkthrough

Walkthrough

Go toolchain references were updated from 1.26.3 to 1.26.4 across go.mod, three GitHub Actions workflows, .ci/oci.Dockerfile, build/Dockerfile, and project-clone/Dockerfile.

Changes

Go 1.26.4 Toolchain Bump

Layer / File(s) Summary
Go 1.26.4 across go.mod, workflows, and Dockerfiles
go.mod, .github/workflows/code-coverage.yml, .github/workflows/pr.yml, .github/workflows/release.yml, .ci/oci.Dockerfile, build/Dockerfile, project-clone/Dockerfile
Updates the Go toolchain directive, workflow go-version values, OCI image GO_VERSION values, and pinned ubi9/go-toolset builder images to Go 1.26.4 references.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Possibly related PRs

Suggested labels: lgtm

Suggested reviewers: ibuziuk, akurinnoy, dkwon17, btjd

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately summarizes the main change: bumping the Go toolchain to version 1.26.4.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 Trivy (0.69.3)

Trivy execution failed: 2026-07-10T12:39:10Z FATAL Fatal error run error: fs scan error: scan error: scan failed: failed analysis: post analysis error: post analysis error: cloudformation scan error: fs filter error: fs filter error: walk error range error: stat .golangci.yml: no such file or directory: range error: stat .golangci.yml: no such file or directory


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@tolusha

tolusha commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Hi! I'm che-ai-assistant — I help with your pull requests.

Available commands:

  • /che-ai-assistant generate-che-doc — Generate a documentation PR based on this PR's changes
  • /che-ai-assistant ok-pr-review — Run a comprehensive PR review (summary, code review, deep review, impact analysis)
  • /che-ai-assistant ok-pr-readiness — Ensure PR has validation steps
  • /che-ai-assistant help — Show this help message

@rohanKanojia rohanKanojia marked this pull request as ready for review June 30, 2026 04:23
@tolusha

tolusha commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

/che-ai-assistant ok-pr-readiness

Review is complete. Please check the review comments below.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.ci/oci.Dockerfile:
- Line 28: Update the comment in the Dockerfile so it matches the current source
of truth from go.mod: the stale reference to go 1.26.0 should be replaced with
the actual toolchain directive version go1.26.4. Keep the comment aligned with
the dependency/version guidance by referring to the toolchain requirement
declared in go.mod, not an old version string.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b766e12d-579c-4376-9013-dc109c97e22b

📥 Commits

Reviewing files that changed from the base of the PR and between 6807a49 and 0274531.

📒 Files selected for processing (7)
  • .ci/oci.Dockerfile
  • .github/workflows/code-coverage.yml
  • .github/workflows/pr.yml
  • .github/workflows/release.yml
  • build/Dockerfile
  • go.mod
  • project-clone/Dockerfile

Comment thread .ci/oci.Dockerfile
SHELL ["/bin/bash", "-c"]

# Install Go 1.26.3 to satisfy go.mod toolchain requirement (go 1.26.0)
# Install Go 1.26.4 to satisfy go.mod toolchain requirement (go 1.26.0)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Fix the stale toolchain reference in the comment.

Line 28 still says the "toolchain requirement" is go 1.26.0, but go.mod now declares toolchain go1.26.4. Please point the comment at the actual source-of-truth directive.

As per coding guidelines, "Use versions from go.mod as the source of truth for Go, Kubernetes, controller-runtime, and Devfile dependency versions."

Suggested fix
-# Install Go 1.26.4 to satisfy go.mod toolchain requirement (go 1.26.0)
+# Install Go 1.26.4 to satisfy the go.mod toolchain directive
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Install Go 1.26.4 to satisfy go.mod toolchain requirement (go 1.26.0)
# Install Go 1.26.4 to satisfy the go.mod toolchain directive
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.ci/oci.Dockerfile at line 28, Update the comment in the Dockerfile so it
matches the current source of truth from go.mod: the stale reference to go
1.26.0 should be replaced with the actual toolchain directive version go1.26.4.
Keep the comment aligned with the dependency/version guidance by referring to
the toolchain requirement declared in go.mod, not an old version string.

Source: Coding guidelines

@tolusha

tolusha commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

PR Readiness Assessment: PR #1667 — chore (deps): bump go version to v1.26.4

Repository: devfile/devworkspace-operator
Linked Issue: None found (routine maintenance)


# Criterion Verdict Notes
1 Problem Statement PASS Clearly stated as routine Go toolchain maintenance; updates from 1.26.3 to 1.26.4
2 Reproduction Steps PASS Not applicable for toolchain version bump
3 Expected Behavior After Fix PASS Implicit: project builds and runs with Go 1.26.4; appropriate for dependency update
4 Scope of Changes PASS Well-scoped: go.mod, 3 GitHub Actions workflows, 3 Dockerfiles; all changes align with Go version update
5 Test Evidence WARN E2E tests mentioned in PR checklist but no explicit test results or manual verification provided
6 Deployment & Verification Notes WARN No guidance on verifying the operator runs with new Go version in deployed environments

Overall: NEEDS WORK


Missing Information

  • Add test evidence: Include results from local testing or CI runs showing the operator builds and tests pass with Go 1.26.4
  • Provide verification guidance: Document how to verify the deployed operator is running with Go 1.26.4 (e.g., checking version in logs or runtime info)
  • Note any behavioral changes: If Go 1.26.4 introduces any relevant changes from 1.26.3, mention whether they affect the operator

What's Good

  • Clear, focused scope: All changes directly related to the Go version bump; no scope creep
  • Comprehensive coverage: Updates all relevant locations (go.mod, CI workflows, build Dockerfiles, OCI Dockerfile)
  • SHA-pinned images: Builder images updated with digest pins for security and reproducibility
  • Detailed description: Lists exactly which files and values changed
  • E2E test checklist: PR includes checklist for running e2e and integration tests before merge

Assessment completed by ok-pr-readiness

@rohanKanojia rohanKanojia force-pushed the pr/bump-go-version-1-26-4 branch 2 times, most recently from fd0cca5 to 5f5b72f Compare July 9, 2026 15:51

@btjd btjd left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci openshift-ci Bot added the lgtm label Jul 9, 2026
@openshift-ci

openshift-ci Bot commented Jul 9, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: btjd, rohanKanojia
Once this PR has been reviewed and has the lgtm label, please assign dkwon17 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Update Go toolchain to 1.26.4 and use Red Hat UBI9 go-toolset:1.26.4-1783628461
with digest sha256:78c30e4fb77d1fa049d3bff5d9da1b5d77cc0ed96a2c30e6c4905380d3580462

Assisted-by: Auto
Signed-off-by: Rohan Kumar <rohaan@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@rohanKanojia rohanKanojia force-pushed the pr/bump-go-version-1-26-4 branch from 5f5b72f to 96f2f6c Compare July 10, 2026 12:38
@openshift-ci openshift-ci Bot removed the lgtm label Jul 10, 2026
@openshift-ci

openshift-ci Bot commented Jul 10, 2026

Copy link
Copy Markdown

New changes are detected. LGTM label has been removed.

@rohanKanojia rohanKanojia merged commit 8501cef into devfile:main Jul 10, 2026
12 checks passed
@rohanKanojia rohanKanojia deleted the pr/bump-go-version-1-26-4 branch July 10, 2026 14:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants