Merge https://github.com/kubernetes/cloud-provider-gcp:master (f4eae5e) into main

[cloud-team-rebase-bot]

Summary by CodeRabbit

• New Features

  • Daemon supports graceful shutdown on OS signals.
  • Added gRPC-based Adaptive IPAM service accessible via a Unix socket; CLI flags to configure DB and socket paths.
  • Build can emit multi-arch OCI tarballs.
  • Automated git tagging and GitHub release generation on release branches.

• Chores

  • Updated Go toolchain and many dependencies.
  • Improved protobuf/tooling install and verification scripts.
  • CI/workflow updates: Dependabot sync, dependabot-driven go.work sync, and release changelog generation.

• Documentation

  • New kOps Quickstart for GCP CCM and README guidance updates.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Refactors Metis daemon into a context-aware package with a UDS gRPC Adaptive IPAM server backed by a new SQLite store, removes legacy ipam store/tests, adds extensive tests, upgrades Go/Kubernetes deps, and introduces CI/release tooling (auto-tag, dependabot/workflows, verify scripts) and build tweaks.

Changes

Cohort / File(s)	Summary
Daemon refactor & server metis/cmd/daemon.go, metis/cmd/daemonoptions.go, metis/pkg/daemon/..., metis/daemon/...	Moves daemon logic to pkg/daemon with context-aware Run(ctx), adds CLI flags for DB/socket paths, implements UDS gRPC server (Allocate/Deallocate), updates imports; removes old metis/daemon implementation and tests.
IPAM store rewrite metis/pkg/store/store.go, metis/pkg/store/store_test.go, metis/ipam/store.go, metis/ipam/store_test.go	Adds new SQLite-backed pkg/store with schema migration, AddCIDR, AllocateIPv4 (idempotent, transactional), ReleaseIPByOwner, errors and comprehensive tests; deletes legacy ipam store and its tests.
Daemon server tests & daemon tests metis/pkg/daemon/daemon_server_test.go, metis/pkg/daemon/daemon_test.go	Adds integration/unit tests covering UDS gRPC flows, allocation/deallocation, retries, concurrency, and lifecycle.
Package constants & defaults metis/pkg/consts.go	Renamed package to pkg, refactored DefaultDBPath into const block and added DefaultSockPath.
Build & images metis/Makefile, Makefile, metis/Dockerfile, Dockerfile	Added OCI tarball target and variable, adjusted multi-arch push/load logic, added Make variables for kOps test regexes, bumped builder Go versions.
Installer change metis/install-plugin.sh	Updates METIS_BINARY path from /metis to /bin/metis.
Tooling scripts tools/auto-tag.sh, tools/verify-k8s-version.sh, tools/verify-all.sh, tools/update_proto.sh, tools/update_vendor.sh	Adds auto-tagging and k8s-version verification scripts, integrates verification into verify-all.sh, makes proto tooling more robust, runs go mod tidy for metis module.
Workflows & release config .github/workflows/auto-tag.yml, .github/workflows/dependabot-sync.yml, .github/workflows/release.yml, .github/release.yml, .github/dependabot.yml	Adds auto-tag, dependabot go.work sync workflow, release workflow and changelog config; consolidates dependabot gomod groups and updates schedules/labels.
Version & module bumps go.mod, metis/go.mod, providers/go.mod, test/e2e/go.mod, ginko-test-package-version.env	Upgrades Go toolchain to 1.26, refreshes many direct and indirect dependencies including k8s.io/* to v0.36.x and related transitive bumps.
Tests / small code modernizations test/e2e/suite_test.go, cmd/cloud-controller-manager/main.go, various ioutil -> io/os changes, test/e2e/firewall.go	Removes time-based RNG seeding; replaces deprecated ioutil usages; improves firewall test to handle missing external IPs; small fmt/import tweaks.
CI scripts & periodics dev/ci/periodics/ci-cloud-provider-gcp-e2e-latest-kops.sh, cluster/gce/..., cluster/gce/gci/...	Adds periodic CI script, tweaks test arg runtime-config and temp file creation in tests.
Docs & README README.md, docs/kops-quickstart.md	Updates README guidance and adds kOps quickstart for GCP CCM deployment.
Misc small changes assorted files (cmd/gke-gcloud-auth-plugin/*, pkg/*, providers/*, tools/version.sh)	Minor API-usage updates, error message formatting, test env handling, and version fallback bump.

Sequence Diagram(s)

sequenceDiagram
    participant Client as gRPC Client
    participant Server as adaptiveIpamServer
    participant Daemon as Daemon.Run
    participant Store as Store
    participant DB as SQLite DB

    Client->>Server: AllocatePodIP(request)
    activate Server
    Server->>Store: AllocateIPv4(ctx, network, iface, containerID)
    activate Store
    alt Idempotent fast-path
        Store->>DB: SELECT existing allocation
        DB-->>Store: existing row
        Store-->>Server: return existing IP
    else New allocation (retry loop)
        loop until success / timeout
            Store->>DB: BEGIN TRANSACTION
            Store->>DB: SELECT Ready CIDR with capacity
            Store->>DB: UPDATE/INSERT allocation rows
            DB-->>Store: COMMIT or transient error
        end
        Store-->>Server: allocated IP or error
    end
    deactivate Store
    Server-->>Client: Respond with IP or gRPC error
    deactivate Server

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~55 minutes

🚥 Pre-merge checks | ✅ 9 | ❌ 3

❌ Failed checks (2 warnings, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 36.84% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Single Node Openshift (Sno) Test Compatibility	⚠️ Warning	PR adds Ginkgo e2e test that assumes cluster topology distinguishable from SNO, lacking required SNO protection mechanisms like [Skipped:SingleReplicaTopology] label or exutil.IsSingleNode() check.	Add [Skipped:SingleReplicaTopology] label to test name or guard control plane testing with runtime topology check using exutil.IsSingleNode().
Ipv6 And Disconnected Network Test Compatibility	❓ Inconclusive	Unable to verify new Ginkgo e2e tests due to missing shell command execution results.	Execute the shell commands to examine test/e2e/firewall.go, test/e2e/loadbalancer.go, and test/e2e/network_tiers.go files to verify IPv4 assumptions and external connectivity requirements.

✅ Passed checks (9 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	Test files use standard Go testing without dynamic information in test names. No Ginkgo tests with dynamic timestamps, UUIDs, pod names, or generated identifiers detected.
Test Structure And Quality	✅ Passed	The pull request's test suite demonstrates strong adherence to all Ginkgo test quality requirements with single responsibilities, clear naming, proper cleanup, appropriate timeouts, and meaningful assertions.
Microshift Test Compatibility	✅ Passed	The PR does not add any new Ginkgo e2e tests; it only modifies an existing firewall.go test and adds unit tests using standard Go testing.
Topology-Aware Scheduling Compatibility	✅ Passed	This pull request does not introduce any deployment manifests, operator code, or controllers that define scheduling constraints incompatible with OpenShift topologies.
Ote Binary Stdout Contract	✅ Passed	The pull request does not introduce violations of the OTE binary stdout contract. All logging is properly configured to use stderr via klog v2 defaults and component-base initialization.
Title check	✅ Passed	The title is a merge commit message that references merging from upstream kubernetes/cloud-provider-gcp:master into main, which is a valid description of the changeset's primary intent.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hi @cloud-team-rebase-bot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (1)

metis/Makefile (1)

77-77: Narrow cleanup scope to the configured tarball path.

Line 77 deletes all *.tar files in metis/, which can remove unrelated local artifacts. Prefer deleting only $(OCI_TARBALL_PATH).

Proposed change

 clean: ## Clean up build artifacts.
 	rm -rf bin
-	rm -rf *.tar
+	rm -f "$(OCI_TARBALL_PATH)"
 	go clean

As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@metis/Makefile` at line 77, The cleanup command currently removes all tar
files via "rm -rf *.tar"; change the Makefile cleanup to remove only the
configured tarball by using the $(OCI_TARBALL_PATH) variable (replace the
"*.tar" usage), and add a guard so rm is only run when $(OCI_TARBALL_PATH) is
non-empty (e.g., conditional check or test -n) to avoid accidental deletion if
the variable is unset. This targets the rm -rf *.tar occurrence and the
OCI_TARBALL_PATH Makefile variable.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@metis/Makefile`:
- Around line 101-102: The Makefile currently hard-codes --provenance=false and
--sbom=false for the build-tarball step; change these into configurable Makefile
variables (e.g., PROVENANCE and SBOM) defaulting to true and use them in the
build command (replace the literal flags with --provenance=$(PROVENANCE) and
--sbom=$(SBOM) or equivalent) so callers can override them when needed and the
defaults preserve attestations; also update any README or target comment near
the build-tarball target to document how to override these variables.

In `@tools/check-kubernetes-version.sh`:
- Around line 39-47: The current extraction of VERSION_STRING using piped grep
can cause the script to exit early under set -e -o pipefail if no match is
found; update the logic around VERSION_STRING (the grep pipeline that sets
VERSION_STRING) to avoid causing a fatal exit (e.g., run the pipeline with a
safe fallback like appending "|| true" or temporarily disable errexit around
that command), then keep the existing regex check against VERSION_STRING (the if
[[ "$VERSION_STRING" =~ v0\.([0-9]+)\. ]], using BASH_REMATCH to set
ACTUAL_MINOR) and retain the fallback error message and exit 1 when no version
is determined.

---

Nitpick comments:
In `@metis/Makefile`:
- Line 77: The cleanup command currently removes all tar files via "rm -rf
*.tar"; change the Makefile cleanup to remove only the configured tarball by
using the $(OCI_TARBALL_PATH) variable (replace the "*.tar" usage), and add a
guard so rm is only run when $(OCI_TARBALL_PATH) is non-empty (e.g., conditional
check or test -n) to avoid accidental deletion if the variable is unset. This
targets the rm -rf *.tar occurrence and the OCI_TARBALL_PATH Makefile variable.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 0cae7af0-f2cb-446a-b463-490878b9138a

📥 Commits

Reviewing files that changed from the base of the PR and between 4665af9 and b80f80b.

⛔ Files ignored due to path filters (294)

• go.work is excluded by !**/*.work
• metis/go.sum is excluded by !**/*.sum
• vendor/github.com/Masterminds/semver/v3/.gitignore is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/Masterminds/semver/v3/.golangci.yml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/Masterminds/semver/v3/CHANGELOG.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/Masterminds/semver/v3/LICENSE.txt is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/Masterminds/semver/v3/Makefile is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/Masterminds/semver/v3/README.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/Masterminds/semver/v3/SECURITY.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/Masterminds/semver/v3/collection.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/Masterminds/semver/v3/constraints.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/Masterminds/semver/v3/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/Masterminds/semver/v3/version.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/.gitattributes is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/.gitignore is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/.golangci.yml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/CONTRIBUTING.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/GOVERNANCE.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/LICENSE is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/MAINTAINERS is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/Makefile is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/README.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/SECURITY.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/distribution-logo.svg is excluded by !**/*.svg, !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/helpers.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/normalize.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/reference.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/regexp.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/distribution/reference/sort.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/.editorconfig is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/.gitattributes is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/.gitignore is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/CHANGELOG.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/LICENSE.txt is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/README.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/Taskfile.yml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/crypto.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/date.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/defaults.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/dict.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/functions.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/list.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/network.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/numeric.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/reflect.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/regex.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/strings.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/go-task/slim-sprig/v3/url.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/google/pprof/AUTHORS is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/google/pprof/CONTRIBUTORS is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/google/pprof/LICENSE is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/google/pprof/profile/encode.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/google/pprof/profile/filter.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/google/pprof/profile/index.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/google/pprof/profile/legacy_java_profile.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/google/pprof/profile/legacy_profile.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/google/pprof/profile/merge.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/google/pprof/profile/profile.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/google/pprof/profile/proto.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/google/pprof/profile/prune.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/.gitignore is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/AUTHORS is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/LICENSE is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/README.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/client.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/compression.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/conn.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/join.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/json.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/mask.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/mask_safe.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/prepared.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/proxy.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/server.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/gorilla/websocket/util.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/.codecov.yml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/.gitignore is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/LICENSE is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/README.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/backup.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/callback.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/convert.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/error.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3-binding.c is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_context.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_func_crypt.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_go18.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_libsqlite3.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_load_extension.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_load_extension_omit.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_allow_uri_authority.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_app_armor.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_column_metadata.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_foreign_keys.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_fts5.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_icu.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_introspect.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_math_functions.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_os_trace.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_percentile.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_preupdate.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_preupdate_hook.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_preupdate_omit.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_secure_delete.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_secure_delete_fast.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_serialize.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_serialize_omit.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_stat4.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_unlock_notify.c is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_unlock_notify.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth_omit.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_vacuum_full.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_vacuum_incr.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_vtable.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_other.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_solaris.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_trace.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_type.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_usleep_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3ext.h is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mattn/go-sqlite3/static_mock.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/CONTRIBUTING.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/LICENSE is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/MAINTAINERS is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/NOTICE is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/README.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/connection.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/handlers.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/priority.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/spdy/dictionary.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/spdy/read.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/spdy/types.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/spdy/write.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/stream.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/moby/spdystream/utils.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mxk/go-flowrate/LICENSE is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mxk/go-flowrate/flowrate/flowrate.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mxk/go-flowrate/flowrate/io.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/mxk/go-flowrate/flowrate/util.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/.gitignore is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/CONTRIBUTING.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/LICENSE is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/Makefile is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/README.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/RELEASING.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/config/deprecated.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/core_dsl.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/decorator_dsl.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/deprecated_dsl.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/formatter/colorable_others.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/formatter/colorable_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/formatter/formatter.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/README.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/automaxprocs.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cgroup.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cgroups.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cgroups2.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cpu_quota_linux.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cpu_quota_unsupported.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/errors.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/mountpoint.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/runtime.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/subsys.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/build/build_command.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/command/abort.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/command/command.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/command/program.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/boostrap_templates.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/bootstrap_command.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_command.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_templates.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generators_common.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/compile.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/gocovmerge.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/profiles_and_reports.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/run.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/test_suite.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/utils.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/verify_version.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/labels/labels_command.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/main.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/ginkgo.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/import.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/outline.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/outline_command.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/run/run_command.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/unfocus/unfocus_command.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/delta.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/delta_tracker.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/dependencies.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hash.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hashes.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/suite.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/watch_command.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo_cli_dependencies.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo_t_dsl.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/around_node.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/counter.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/failer.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/focus.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/global/init.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/group.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/interrupt_handler/interrupt_handler.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/interrupt_handler/sigquit_swallower_unix.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/interrupt_handler/sigquit_swallower_windows.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/node.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/ordering.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor_unix.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor_wasm.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor_win.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/client_server.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/http_client.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/http_server.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/rpc_client.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/rpc_server.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/server_handler.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/progress_report.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/progress_report_bsd.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/progress_report_unix.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/progress_report_wasm.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/progress_report_win.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/progress_reporter_manager.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/report_entry.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/reporters/gojson.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/reporters/gojson_event_writer.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/reporters/gojson_reporter.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/spec.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/spec_context.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/suite.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/testingtproxy/testing_t_proxy.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/tree.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/writer.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/default_reporter.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/deprecated_reporter.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/gojson_report.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/json_report.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/reporter.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/teamcity_report.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporting_dsl.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/table_dsl.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/around_node.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/code_location.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/config.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/deprecated_types.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/deprecation_support.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/enum_support.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/errors.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/file_filter.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/flags.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/label_filter.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/report_entry.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/semver_filter.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/types.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/version.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/onsi/gomega/gcustom/make_matcher.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/opencontainers/go-digest/.mailmap is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/opencontainers/go-digest/.pullapprove.yml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/opencontainers/go-digest/.travis.yml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/opencontainers/go-digest/CONTRIBUTING.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/opencontainers/go-digest/LICENSE is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/opencontainers/go-digest/LICENSE.docs is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/opencontainers/go-digest/MAINTAINERS is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/opencontainers/go-digest/README.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/opencontainers/go-digest/algorithm.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/opencontainers/go-digest/digest.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/opencontainers/go-digest/digester.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/opencontainers/go-digest/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/opencontainers/go-digest/verifiers.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/robfig/cron/v3/.gitignore is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/robfig/cron/v3/.travis.yml is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/robfig/cron/v3/LICENSE is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/robfig/cron/v3/README.md is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/robfig/cron/v3/chain.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/robfig/cron/v3/constantdelay.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/robfig/cron/v3/cron.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/robfig/cron/v3/doc.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/robfig/cron/v3/logger.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/robfig/cron/v3/option.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/robfig/cron/v3/parser.go is excluded by !vendor/**, !**/vendor/**
• vendor/github.com/robfig/cron/v3/spec.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/crypto/blowfish/block.go is excluded by !vendor/**, !**/vendor/**
• vendor/golang.org/x/crypto/blowfish/cipher.go is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (6)

• .github/workflows/check-version.yml
• cmd/cloud-controller-manager/main.go
• metis/Makefile
• test/e2e/suite_test.go
• tools/check-kubernetes-version.sh
• tools/update_vendor.sh

💤 Files with no reviewable changes (2)

• test/e2e/suite_test.go
• cmd/cloud-controller-manager/main.go

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Hard-coding --provenance=false and --sbom=false weakens artifact security metadata.

Lines 101-102 unconditionally disable attestations for every build-tarball output. Make these flags configurable (and enable by default where possible) so pipelines can preserve supply-chain guarantees.

Proposed change

 OCI_TARBALL_PATH ?= metis.tar
+OCI_PROVENANCE ?= true
+OCI_SBOM ?= true
@@
 	docker buildx build --platform $(ALL_PLATFORMS) \
 		$(DOCKER_BUILD_ARGS) \
 		--output=type=oci,dest=$(OCI_TARBALL_PATH) \
-		--provenance=false \
-		--sbom=false .
+		--provenance=$(OCI_PROVENANCE) \
+		--sbom=$(OCI_SBOM) .

As per coding guidelines, "Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity."

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@metis/Makefile` around lines 101 - 102, The Makefile currently hard-codes
--provenance=false and --sbom=false for the build-tarball step; change these
into configurable Makefile variables (e.g., PROVENANCE and SBOM) defaulting to
true and use them in the build command (replace the literal flags with
--provenance=$(PROVENANCE) and --sbom=$(SBOM) or equivalent) so callers can
override them when needed and the defaults preserve attestations; also update
any README or target comment near the build-tarball target to document how to
override these variables.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

tmp="$(mktemp -d)"
trap 'rm -rf "$tmp"' EXIT

cat > "$tmp/go.mod" <<'EOF'
module example
go 1.25.0
require (
  k8s.io/api v0.35.1
)
EOF

echo "Reproducing current Line 39 behavior..."
if bash -c 'set -euo pipefail; VERSION_STRING=$(grep -E "k8s.io/client-go" "'"$tmp"'/go.mod" | grep -oE "v0\.[0-9]+\.[0-9]+" | head -n 1); echo "UNEXPECTED: reached";'; then
  echo "UNEXPECTED: pipeline did not fail"
else
  echo "Expected: shell exits before custom fallback block due errexit+pipefail"
fi

Repository: openshift/cloud-provider-gcp

Length of output: 183

---

🏁 Script executed:

# Check if the file exists and read the relevant lines
if [ -f tools/check-kubernetes-version.sh ]; then
  echo "=== File exists ==="
  wc -l tools/check-kubernetes-version.sh
  echo ""
  echo "=== Lines 35-50 ==="
  sed -n '35,50p' tools/check-kubernetes-version.sh
  echo ""
  echo "=== Lines 17-20 (errexit settings) ==="
  sed -n '17,20p' tools/check-kubernetes-version.sh
else
  echo "File not found: tools/check-kubernetes-version.sh"
fi

Repository: openshift/cloud-provider-gcp

Length of output: 775

---

errexit/pipefail can abort before your explicit error handling runs

At Line 39, a no-match grep exits the script immediately under set -e -o pipefail, so the intended fallback message at Lines 46-47 is skipped.

Suggested hardening

-# Get version from go.mod
-VERSION_STRING=$(grep -E 'k8s.io/client-go' go.mod | grep -oE 'v0\.[0-9]+\.[0-9]+' | head -n 1)
+# Get version from go.mod
+VERSION_STRING="$(awk '$1=="k8s.io/client-go"{print $2; exit}' go.mod || true)"
 echo "Found client-go version string: $VERSION_STRING"
 
-if [[ "$VERSION_STRING" =~ v0\.([0-9]+)\. ]]; then
+if [[ -z "${VERSION_STRING}" ]]; then
+    echo "Could not determine client-go version from go.mod"
+    exit 1
+fi
+
+if [[ "$VERSION_STRING" =~ ^v0\.([0-9]+)\.[0-9]+$ ]]; then
     ACTUAL_MINOR="${BASH_REMATCH[1]}"
     echo "Actual client-go minor version: $ACTUAL_MINOR"
 else

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tools/check-kubernetes-version.sh` around lines 39 - 47, The current
extraction of VERSION_STRING using piped grep can cause the script to exit early
under set -e -o pipefail if no match is found; update the logic around
VERSION_STRING (the grep pipeline that sets VERSION_STRING) to avoid causing a
fatal exit (e.g., run the pipeline with a safe fallback like appending "|| true"
or temporarily disable errexit around that command), then keep the existing
regex check against VERSION_STRING (the if [[ "$VERSION_STRING" =~
v0\.([0-9]+)\. ]], using BASH_REMATCH to set ACTUAL_MINOR) and retain the
fallback error message and exit 1 when no version is determined.

[coderabbitai]

🧹 Nitpick comments (2)

metis/Makefile (1)

77-77: Limit cleanup to the configured tarball path.

Line 77 removes all *.tar files in metis/, which can delete unrelated artifacts. Prefer deleting $(OCI_TARBALL_PATH) only.

Proposed adjustment

-	rm -rf *.tar
+	rm -f $(OCI_TARBALL_PATH)

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@metis/Makefile` at line 77, The Makefile target currently uses a broad
cleanup command "rm -rf *.tar" which can delete unrelated tar files; change it
to remove only the configured tarball variable by replacing that command with a
deletion of "$(OCI_TARBALL_PATH)" (use the OCI_TARBALL_PATH variable) so the
cleanup is limited to the intended artifact and avoids wiping other .tar files.

tools/auto-tag.sh (1)

44-54: Harden client-go version parsing to avoid false matches.

Line 44 matches any k8s.io/client-go occurrence in go.mod; a replace entry can accidentally drive tag generation.

Proposed adjustment

- VERSION_STRING=$(grep -E 'k8s.io/client-go' go.mod | grep -oE 'v0\.[0-9]+\.[0-9]+' | head -n 1)
+ VERSION_STRING=$(
+   awk '
+     $1=="require" && $2=="k8s.io/client-go" {print $3; exit}
+     $1=="k8s.io/client-go" {print $2; exit}
+   ' go.mod | grep -oE '^v0\.[0-9]+\.[0-9]+$' || true
+ )
  echo "Found client-go version string: $VERSION_STRING"
 
- if [[ "$VERSION_STRING" =~ v0\.([0-9]+)\.([0-9]+) ]]; then
+ if [[ -n "$VERSION_STRING" && "$VERSION_STRING" =~ v0\.([0-9]+)\.([0-9]+) ]]; then

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@tools/auto-tag.sh` around lines 44 - 54, The current VERSION_STRING
extraction can capture k8s.io/client-go from replace lines; update the
assignment that sets VERSION_STRING so it only considers go.mod lines that are
actual module requirements (not replace directives) — i.e., filter out lines
starting with "replace" and only match lines where k8s.io/client-go appears as a
required module or on its own module/require line, then extract the v0.x.y token
as before; update the pipeline that produces VERSION_STRING (and keep using
VERSION_STRING, MINOR, PATCH) so tag generation is driven by the first
non-replace require match.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@metis/Makefile`:
- Line 77: The Makefile target currently uses a broad cleanup command "rm -rf
*.tar" which can delete unrelated tar files; change it to remove only the
configured tarball variable by replacing that command with a deletion of
"$(OCI_TARBALL_PATH)" (use the OCI_TARBALL_PATH variable) so the cleanup is
limited to the intended artifact and avoids wiping other .tar files.

In `@tools/auto-tag.sh`:
- Around line 44-54: The current VERSION_STRING extraction can capture
k8s.io/client-go from replace lines; update the assignment that sets
VERSION_STRING so it only considers go.mod lines that are actual module
requirements (not replace directives) — i.e., filter out lines starting with
"replace" and only match lines where k8s.io/client-go appears as a required
module or on its own module/require line, then extract the v0.x.y token as
before; update the pipeline that produces VERSION_STRING (and keep using
VERSION_STRING, MINOR, PATCH) so tag generation is driven by the first
non-replace require match.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 4db79557-3c68-4112-8b5a-b551bad21d8b

📥 Commits

Reviewing files that changed from the base of the PR and between b80f80b and 2c93d75.

⛔ Files ignored due to path filters (288)

• go.work is excluded by !**/*.work
• metis/go.sum is excluded by !**/*.sum
• vendor/github.com/Masterminds/semver/v3/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/Masterminds/semver/v3/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/Masterminds/semver/v3/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/Masterminds/semver/v3/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/Masterminds/semver/v3/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/Masterminds/semver/v3/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/Masterminds/semver/v3/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/Masterminds/semver/v3/collection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/Masterminds/semver/v3/constraints.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/Masterminds/semver/v3/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/Masterminds/semver/v3/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/.gitattributes is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/CODE-OF-CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/GOVERNANCE.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/MAINTAINERS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/distribution-logo.svg is excluded by !**/*.svg, !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/helpers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/normalize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/reference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/regexp.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/distribution/reference/sort.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/.editorconfig is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/.gitattributes is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/LICENSE.txt is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/Taskfile.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/crypto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/date.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/defaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/dict.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/functions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/list.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/numeric.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/reflect.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/regex.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/strings.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-task/slim-sprig/v3/url.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/AUTHORS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/CONTRIBUTORS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/encode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/filter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/index.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/legacy_java_profile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/legacy_profile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/merge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/profile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/proto.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/google/pprof/profile/prune.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/AUTHORS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/compression.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/conn.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/join.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/json.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/mask.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/mask_safe.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/prepared.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/proxy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/server.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gorilla/websocket/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/.codecov.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/backup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/callback.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/convert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/error.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3-binding.c is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3-binding.h is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_func_crypt.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_go18.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_libsqlite3.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_load_extension.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_load_extension_omit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_allow_uri_authority.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_app_armor.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_column_metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_foreign_keys.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_fts5.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_icu.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_introspect.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_math_functions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_os_trace.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_percentile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_preupdate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_preupdate_hook.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_preupdate_omit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_secure_delete.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_secure_delete_fast.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_serialize.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_serialize_omit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_stat4.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_unlock_notify.c is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_unlock_notify.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_userauth_omit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_vacuum_full.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_vacuum_incr.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_opt_vtable.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_other.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_solaris.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_trace.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_type.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_usleep_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/sqlite3ext.h is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mattn/go-sqlite3/static_mock.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/MAINTAINERS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/connection.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/handlers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/priority.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/dictionary.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/read.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/spdy/write.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/moby/spdystream/utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mxk/go-flowrate/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mxk/go-flowrate/flowrate/flowrate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mxk/go-flowrate/flowrate/io.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/mxk/go-flowrate/flowrate/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/RELEASING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/config/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/core_dsl.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/decorator_dsl.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/deprecated_dsl.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/formatter/colorable_others.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/formatter/colorable_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/formatter/formatter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/automaxprocs.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cgroup.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cgroups.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cgroups2.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cpu_quota_linux.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/cpu_quota_unsupported.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/mountpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/runtime.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/automaxprocs/subsys.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/build/build_command.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/command/abort.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/command/command.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/command/program.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/boostrap_templates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/bootstrap_command.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_command.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generate_templates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/generators/generators_common.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/compile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/gocovmerge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/profiles_and_reports.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/run.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/test_suite.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/internal/verify_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/labels/labels_command.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/main.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/ginkgo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/import.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/outline.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/outline/outline_command.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/run/run_command.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/unfocus/unfocus_command.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/delta.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/delta_tracker.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/dependencies.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hash.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/package_hashes.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/suite.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo/watch/watch_command.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo_cli_dependencies.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/ginkgo_t_dsl.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/around_node.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/counter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/failer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/focus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/global/init.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/group.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/interrupt_handler/interrupt_handler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/interrupt_handler/sigquit_swallower_unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/interrupt_handler/sigquit_swallower_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/node.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/ordering.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor_unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor_wasm.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/output_interceptor_win.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/client_server.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/http_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/http_server.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/rpc_client.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/rpc_server.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/parallel_support/server_handler.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/progress_report.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/progress_report_bsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/progress_report_unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/progress_report_wasm.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/progress_report_win.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/progress_reporter_manager.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/report_entry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/reporters/gojson.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/reporters/gojson_event_writer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/reporters/gojson_reporter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/spec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/spec_context.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/suite.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/testingtproxy/testing_t_proxy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/tree.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/internal/writer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/default_reporter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/deprecated_reporter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/gojson_report.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/json_report.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/junit_report.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/reporter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporters/teamcity_report.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/reporting_dsl.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/table_dsl.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/around_node.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/code_location.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/deprecated_types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/deprecation_support.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/enum_support.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/file_filter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/flags.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/label_filter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/report_entry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/semver_filter.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/ginkgo/v2/types/version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/gcustom/make_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/opencontainers/go-digest/.mailmap is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/opencontainers/go-digest/.pullapprove.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/opencontainers/go-digest/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/opencontainers/go-digest/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/opencontainers/go-digest/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/opencontainers/go-digest/LICENSE.docs is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/opencontainers/go-digest/MAINTAINERS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/opencontainers/go-digest/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/opencontainers/go-digest/algorithm.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/opencontainers/go-digest/digest.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/opencontainers/go-digest/digester.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/opencontainers/go-digest/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/opencontainers/go-digest/verifiers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/robfig/cron/v3/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/robfig/cron/v3/.travis.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/robfig/cron/v3/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/robfig/cron/v3/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/robfig/cron/v3/chain.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/robfig/cron/v3/constantdelay.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/robfig/cron/v3/cron.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/robfig/cron/v3/doc.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (9)

• .github/workflows/auto-tag.yml
• .github/workflows/check-version.yml
• cmd/cloud-controller-manager/main.go
• metis/Makefile
• metis/install-plugin.sh
• test/e2e/suite_test.go
• tools/auto-tag.sh
• tools/check-kubernetes-version.sh
• tools/update_vendor.sh

💤 Files with no reviewable changes (2)

• test/e2e/suite_test.go
• cmd/cloud-controller-manager/main.go

✅ Files skipped from review due to trivial changes (3)

• tools/update_vendor.sh
• .github/workflows/auto-tag.yml
• .github/workflows/check-version.yml

🚧 Files skipped from review as they are similar to previous changes (1)

• tools/check-kubernetes-version.sh

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign elmiko for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@cloud-team-rebase-bot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/verify-vendor-work	9100b6a	link	true	/test verify-vendor-work
ci/prow/okd-scos-images	d24d895	link	true	/test okd-scos-images
ci/prow/e2e-gcp-ovn-upgrade	d24d895	link	true	/test e2e-gcp-ovn-upgrade
ci/prow/e2e-gcp-ovn	d24d895	link	true	/test e2e-gcp-ovn
ci/prow/verify-deps	d24d895	link	true	/test verify-deps
ci/prow/images	d24d895	link	true	/test images
ci/prow/regression-clusterinfra-gcp-ipi-ccm	d24d895	link	false	/test regression-clusterinfra-gcp-ipi-ccm
ci/prow/unit	d24d895	link	true	/test unit

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.