Skip to content

WIP: CORENET-7045: INFW K8s rebase to 1.36.1#713

Open
vinnie1110 wants to merge 2 commits into
openshift:masterfrom
vinnie1110:CORENET-7045
Open

WIP: CORENET-7045: INFW K8s rebase to 1.36.1#713
vinnie1110 wants to merge 2 commits into
openshift:masterfrom
vinnie1110:CORENET-7045

Conversation

@vinnie1110

@vinnie1110 vinnie1110 commented May 27, 2026
edited by coderabbitai Bot
Loading

Copy link
Copy Markdown

INFW K8s rebase to 1.36.1

Updated go mods:
Go: 1.25.0 -> 1.26.0
K8s: 1.32.3 -> 1.36.1

Updated tools:
Controller tools: 0.20.1 -> 0.21.0
Operator SDK: 1.33.0 -> 1.42.2
Golangci linter: 1.54.2 -> 1.64.8

Reviewed a few tests which were failing after updating the linter version.

Updated manifests to reflect the above references.

Summary by CodeRabbit

  • Chores
    • Operator version upgraded to 5.0.0
    • Go runtime updated from 1.25 to 1.26
    • OpenShift base images updated to version 5.0
    • Build tooling dependencies updated (operator-sdk, controller-tools, golangci-lint)
    • Code quality improvements and internal cleanup

@vinnie1110
K8s update to 1.36.1
3730c83 
Signed-off-by: Vincenzo Palmieri <287618728+vinnie1110@users.noreply.github.com>
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 27, 2026
@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 27, 2026
@openshift-ci-robot

openshift-ci-robot commented May 27, 2026
edited by openshift-ci Bot
Loading

Copy link
Copy Markdown

@vinnie1110: This pull request references CORENET-7045 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

INFW K8s rebase to 1.36.1

Updated go mods:
Go: 1.25.0 -> 1.26.0
K8s: 1.32.3 -> 1.36.1

Updated tools:
Controller tools: 0.20.1 -> 0.21.0
Operator SDK: 1.33.0 -> 1.42.2
Golangci linter: 1.54.2 -> 1.64.8

Reviewed a few tests which were failing after updating the linter version.

Updated manifests to reflect the above references.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci Bot requested review from abhat and martinkennelly May 27, 2026 19:09
@openshift-ci

openshift-ci Bot commented May 27, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: vinnie1110
Once this PR has been reviewed and has the lgtm label, please assign knobunc for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai

coderabbitai Bot commented May 27, 2026
edited
Loading

Copy link
Copy Markdown

Warning

Review limit reached

@vinnie1110, we couldn't start this review because you've reached your PR review rate limit.

More reviews will be available in 12 minutes and 27 seconds. Learn how PR review limits work.

Your organization has run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans include higher PR review limits than trial, open-source, and free plans. In all cases, reviews become available again over time. During sustained high-volume PR review activity, CodeRabbit may temporarily slow when the next review becomes available.

Please see our Fair Usage Limits Policy for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 1fc4ad7b-638d-483a-ba68-747d9e64f1d3

📥 Commits

Reviewing files that changed from the base of the PR and between 3730c83 and 1db5a8d.

📒 Files selected for processing (1)
  • test/e2e/events/events.go

Walkthrough

This PR upgrades the ingress-node-firewall operator from version 4.22.0 to 5.0.0, including Go 1.25 → 1.26, operator-sdk 1.33 → 1.42, and controller-tools v0.20 → v0.21. The changes span version strings across manifests, build tooling updates, eBPF map field refactoring, webhook registration pattern modernization, and widespread code cleanup including deprecated API replacements and explicit error handling.

Version Bump and Build Tooling

Layer / File(s) Summary
Version string updates
pkg/version/version.go, Makefile, manifests/ingress-node-firewall.package.yaml, openshift-ci/wait_for_csv.sh		 Version constant and defaults updated to 5.0.0; bundle metadata and wait scripts reflect new version.
Dockerfile and image tag updates
Dockerfile, Dockerfile.daemon, Dockerfile.daemon.openshift, Dockerfile.openshift, .ci-operator.yaml, hack/generators.Dockerfile		 Go builder images bumped from 1.25 to 1.26; OpenShift base images upgraded from 4.22 to 5.0.
Makefile build tool pinning
Makefile, README.md, hack/lint.sh		 ENVTEST_K8S_VERSION, CONTROLLER_TOOLS_VERSION, OPERATOR_SDK_VERSION, and GOLANGCI_LINT_VERSION updated; operator-sdk target now installs to LOCALBIN instead of GOBIN.
Go dependencies and toolchain
go.mod		 Go toolchain updated to 1.26; direct and indirect dependencies refreshed for logr, gomega, Prometheus, Kubernetes, controller-runtime, and utility modules.

CRD and Operator Manifests

Layer / File(s) Summary
CRD generator annotations
bundle/manifests/ingressnodefirewall.openshift.io_*.yaml, config/crd/bases/ingressnodefirewall.openshift.io_*.yaml, manifests/stable/ingressnodefirewall.openshift.io_*.yaml		 controller-gen.kubebuilder.io/version annotations bumped from v0.14.0/v0.20.1 to v0.21.0 across all CRD manifests; OpenAPI description text simplified for status.conditions fields.
CSV metadata and RBAC updates
bundle/manifests/ingress-node-firewall.clusterserviceversion.yaml, manifests/stable/ingress-node-firewall.clusterserviceversion.yaml, config/manifests/bases/ingress-node-firewall.clusterserviceversion.yaml		 CSV version, createdAt, olm.skipRange, and olm-status-descriptors updated to v5.0.0; clusterPermissions reorganized to explicitly include ingressnodefirewallconfigs/finalizers and status subresources.
OLM metadata and bundle configuration
bundle.Dockerfile, bundle/metadata/annotations.yaml, manifests/art.yaml, config/olm-install/install-resources.yaml		 operator-sdk builder annotation updated to v1.42.2; CatalogSource image tag bumped to v5.0.0; olm.skipRange search bound updated in transformation directives.

Core Code Refactoring

Layer / File(s) Summary
eBPF map field access refactoring
pkg/ebpf/ingress_node_firewall_loader.go		 Map access changed from objs.BpfMaps.IngressNodeFirewall* to direct objs.IngressNodeFirewall* fields throughout loader; import alias updated to ingressnodefwiov1alpha1 in exported method signature; error message capitalization normalized.
BpfApplication Spec restructuring
pkg/bpf-mgr/lib-bpfman.go		 prepareBpfApplication assigns GlobalData and ByteCode to top-level Spec fields instead of BpfAppCommon nested paths.
Webhook registration and validation
pkg/webhook/webhook.go, pkg/webhook/webhook_suite_test.go		 Webhook registration updated to ctrl.NewWebhookManagedBy builder pattern with WithCustomValidator; protocol selection refactored from if/else to switch statements for TCP/UDP/SCTP handling.
eBPFSyncer updates
pkg/ebpfsyncer/ebpfsyncer.go, pkg/ebpfsyncer/ebpfsyncer_test.go		 Import alias updated to infv1alpha1; error message capitalization normalized; error assertions updated to match new casing.
Controller reconciliation cleanup
controllers/ingressnodefirewall_controller.go, controllers/ingressnodefirewallconfig_controller.go, controllers/ingressnodefirewallnodestate_controller.go		 BPFMAN detachment simplified by passing nil instead of constructed interfaces list; namespace accessor consolidated; DeletionTimestamp field access promoted.

Code Modernization and Testing Infrastructure

Layer / File(s) Summary
Deprecated API replacements
pkg/render/render.go, pkg/ebpf/ingress_node_firewall_loader.go, test/e2e/namespaces/namespaces.go, test/e2e/functional/tests/e2e.go, test/e2e/validation/tests/validation.go, test/e2e/ingress-node-firewall/ingress-node-firewall.go		 ioutil.ReadFile → os.ReadFile, ioutil.ReadDir → os.ReadDir; errors.IsNotFound → k8serrors.IsNotFound; nolint:staticcheck directives added to Ginkgo/Gomega dotimports.
Explicit error handling in tests and logging
controllers/ingressnodefirewall_controller_rules_test.go, controllers/ingressnodefirewall_controller_test.go, test/e2e/events/events.go, test/e2e/exec/exec.go, test/e2e/k8sreporter/reporter.go		 fmt.Fprintf return values explicitly assigned; file/stream/connection closes wrapped in deferred error-ignoring closures; event action parsing refactored to switch statements.
Kubernetes e2e reporter improvements
test/e2e/k8sreporter/reporter.go		 Deferred file closes added to SpecDidComplete, logPods, logNodes, logLogs; switched from v1 alias to corev1 for Kubernetes API types; JSON output formatted with fmt.Fprintln.
Error message improvements
pkg/utils/utils.go, pkg/ebpf/ingress_node_firewall_events.go		 GetRange error reporting includes actual port string value; ingress_node_firewall_events and other utilities normalize error message capitalization.
Schema and API linting
api/v1alpha1/groupversion_info.go		 nolint:staticcheck directive added to SchemeBuilder assignment.

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 12 | ❌ 3

❌ Failed checks (3 warnings)

Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%. Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Structure And Quality ⚠️ Warning Test files have resource leaks (deferred closes in loops in k8sreporter), unformatted error messages in namespaces.go, missing assertion messages, and malformed comment in hack/lint.sh. Fix resource leaks by closing files per-iteration; use %w for error wrapping; add meaningful assertion messages to failing tests; fix comment in hack/lint.sh line 5 to remove #1.54.2 suffix.
Topology-Aware Scheduling Compatibility ⚠️ Warning Daemon DaemonSet uses broad toleration (operator: Exists) that schedules to all nodes including resource-constrained arbiter nodes on Two-Node Arbiter topology. Replace broad toleration with topology-aware rules excluding arbiter nodes (node-role.kubernetes.io/arbiter). Update default nodeSelector example to not assume worker node existence.
✅ Passed checks (12 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'WIP: CORENET-7045: INFW K8s rebase to 1.36.1' is directly related to the main change in the PR: rebasing the ingress-node-firewall project to use Kubernetes 1.36.1 and updating related tooling (Go 1.26, controller-tools, Operator SDK, golangci-lint).
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed All Ginkgo test names are stable and deterministic. Tests using fmt.Sprintf reference only static constants or static test case keys defined in code.
Microshift Test Compatibility ✅ Passed No new Ginkgo e2e test declarations (It, Describe, Context, When) were added. All test file changes are modifications to infrastructure, linter annotations, and error handling only.
Single Node Openshift (Sno) Test Compatibility ✅ Passed No new Ginkgo e2e tests added. All test file changes are existing code modifications (refactoring, error handling), not test definitions.
Ote Binary Stdout Contract ✅ Passed PR has no OTE Stdout Contract violations: main binaries clean, logger config via zap, suite setup files clean, ginkgo imports nolint-annotated, E2E writer calls spec-level.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No new Ginkgo e2e tests were added. All test file changes are code style refactoring (annotations, switch statements, error handling) without new test blocks.
No-Weak-Crypto ✅ Passed PR contains no weak crypto (MD5, SHA1, DES, RC4, etc.), no custom crypto implementations, and no unsafe secret comparisons. TLS usage is secure, and only uses InsecureSkipVerify in tests.
Container-Privileges ✅ Passed PR does not introduce privileged settings. Pre-existing hostNetwork/hostPID justified for network firewall daemon. No privileged: true or allowPrivilegeEscalation found.
No-Sensitive-Data-In-Logs ✅ Passed PR contains no logging of passwords, tokens, API keys, PII, session IDs, hostnames, or customer data. Changes are error message style updates and error handling pattern improvements only.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed May 27, 2026
View reviewed changes

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 8

🧹 Nitpick comments (2)
pkg/webhook/webhook.go (1)

37-45: ⚡ Quick win

Use the typed validator path instead of adding new deprecation suppressions.

webhook.CustomValidator and WebhookBuilder.WithCustomValidator are already deprecated in controller-runtime v0.24.1, and the typed replacement is admission.Validator[T] wired with WithValidator. Carrying fresh //nolint:staticcheck suppressions into the rebase makes the next controller-runtime bump harder for no real gain. (pkg.go.dev)

♻️ Suggested direction 
- _          webhook.CustomValidator = &IngressNodeFirewallWebhook{ingressnodefwv1alpha1.IngressNodeFirewall{}} //nolint:staticcheck
+ _          admission.Validator[*ingressnodefwv1alpha1.IngressNodeFirewall] = &IngressNodeFirewallWebhook{}
...
- return ctrl.NewWebhookManagedBy(mgr, &ingressnodefwv1alpha1.IngressNodeFirewall{}). //nolint:staticcheck
- 												WithCustomValidator(&IngressNodeFirewallWebhook{}). //nolint:staticcheck
+ return ctrl.NewWebhookManagedBy(mgr, &ingressnodefwv1alpha1.IngressNodeFirewall{}).
+ 												WithValidator(&IngressNodeFirewallWebhook{}).
 												Complete()

You'll also need to switch ValidateCreate, ValidateUpdate, and ValidateDelete to the typed *ingressnodefwv1alpha1.IngressNodeFirewall signatures.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/webhook/webhook.go` around lines 37 - 45, Replace the deprecated untyped
webhook wiring: remove the webhook.CustomValidator assignment and the
WithCustomValidator calls in SetupWebhookWithManager and instead implement the
typed admission.Validator[ingressnodefwv1alpha1.IngressNodeFirewall] on
IngressNodeFirewallWebhook and register it via ctrl.NewWebhookManagedBy(mgr,
&ingressnodefwv1alpha1.IngressNodeFirewall{}).WithValidator(&IngressNodeFirewallWebhook{}).Complete();
update the method signatures for ValidateCreate, ValidateUpdate, and
ValidateDelete to accept *ingressnodefwv1alpha1.IngressNodeFirewall (typed
versions) so they satisfy admission.Validator[T], and drop the
//nolint:staticcheck suppressions related to
CustomValidator/WithCustomValidator.
pkg/webhook/webhook_suite_test.go (1)

585-600: ⚡ Quick win

Fail fast on unsupported protocols in this test helper.

This still silently builds a TCP-shaped rule for any unexpected protocol value. A typo or future enum addition will produce a misleading fixture instead of failing the spec at the callsite.

🧪 Suggested guard 
-	switch protocol {
-	case ingressnodefwv1alpha1.ProtocolTypeUDP:
+	switch protocol {
+	case ingressnodefwv1alpha1.ProtocolTypeTCP:
+		// keep the preinitialized TCP rule
+	case ingressnodefwv1alpha1.ProtocolTypeUDP:
 		rule = ingressnodefwv1alpha1.IngressNodeFirewallRules{
 			SourceCIDRs: []string{cidr},
 			FirewallProtocolRules: []ingressnodefwv1alpha1.IngressNodeFirewallProtocolRule{
 				getUDPRule(order, protocol, ports, action),
 			},
 		}
 	case ingressnodefwv1alpha1.ProtocolTypeSCTP:
 		rule = ingressnodefwv1alpha1.IngressNodeFirewallRules{
 			SourceCIDRs: []string{cidr},
 			FirewallProtocolRules: []ingressnodefwv1alpha1.IngressNodeFirewallProtocolRule{
 				getSCTPRule(order, protocol, ports, action),
 			},
 		}
+	default:
+		Fail(fmt.Sprintf("unsupported transport protocol %q", protocol))
 	}
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/webhook/webhook_suite_test.go` around lines 585 - 600, The test helper
silently builds a TCP-shaped rule for unknown protocols; update the switch on
variable protocol (which currently handles ingressnodefwv1alpha1.ProtocolTypeUDP
and ProtocolTypeSCTP and constructs rule as
ingressnodefwv1alpha1.IngressNodeFirewallRules using getUDPRule/getSCTPRule) to
include a default case that fails fast (e.g., t.Fatalf or panic) reporting the
unexpected protocol value so typos or new enum values cause the test to fail
rather than produce a misleading fixture.
🤖 Prompt for all review comments with AI agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Dockerfile`:
- Line 2: Replace tag-based base images with digest-pinned references: change
the builder FROM golang:1.26 to the corresponding digest-pinned form
(golang:1.26@sha256:...) and the final stage FROM
gcr.io/distroless/static:nonroot to its digest-pinned form
(gcr.io/distroless/static:nonroot@sha256:...); obtain the canonical sha256
digests using a registry inspect command (e.g., docker pull + docker image
inspect or skopeo inspect) for each image and update the Dockerfile to use those
`@sha256` digests to make builds reproducible and reduce supply-chain risk.

In `@Dockerfile.daemon`:
- Line 1: Replace the two unpinned base images in Dockerfile.daemon — the FROM
golang:1.26 stage and the FROM quay.io/centos/centos:stream8 stage — with
digest-pinned references (e.g., FROM golang:1.26@sha256:<digest> and FROM
quay.io/centos/centos:stream8@sha256:<digest>); fetch the exact sha256 digests
from the respective registries (Docker Hub for golang, Quay for quay.io/centos)
or by pulling the images and inspecting manifest digests, then update the
Dockerfile lines to use those `@sha256` digests so the builds are reproducible.

In `@hack/lint.sh`:
- Line 5: The comment string "# pin golangci-lint version to 1.64.8#1.54.2" is
malformed; replace the concatenated version token "1.64.8#1.54.2" with the
intended single version (e.g., "1.64.8") so the comment reads "# pin
golangci-lint version to 1.64.8" (update the comment text wherever the exact
malformed token appears).

In `@Makefile`:
- Around line 374-375: The curl invocation that downloads the operator-sdk
binary uses the insecure -k flag; update the Makefile command that references
OPERATOR_SDK_VERSION and writes to $(OPERATOR_SDK) to remove -k and use a safer
curl invocation (e.g., keep -L, add --fail and --show-error) so TLS cert
verification is enforced and failures are visible; ensure the subsequent chmod
u+x $(OPERATOR_SDK) step remains unchanged.

In `@pkg/webhook/webhook_suite_test.go`:
- Around line 147-148: The readiness probe closure currently ignores the return
value of conn.Close() (using "_ = conn.Close()" and returning nil), which hides
errors from the Eventually check; update the closure used by the readiness probe
(the function passed to Eventually in webhook_suite_test.go) to propagate the
TLS close error by returning conn.Close() (or checking the error and returning
it) instead of discarding it so Eventually receives and fails on any Close()
error.

In `@README.md`:
- Around line 71-73: README lists mismatched tool versions: it shows
"operator-sdk 1.42.2" and "controller-gen v0.20.1+" while the Makefile was
bumped to v0.21.0; update the README entry for "controller-gen v0.20.1+" to
"controller-gen v0.21.0" so the README's prerequisite versions match the
Makefile defaults.

In `@test/e2e/k8sreporter/reporter.go`:
- Around line 95-96: The defer f.Close() inside the loop keeps many files open
until function exit; change to close each file immediately after writing:
replace "defer func() { _ = f.Close() }()" with a direct close call (e.g., err
:= f.Close(); if err != nil { /* log or handle */ }) right after the fmt.Fprintf
calls that write to f (the variable f used with fmt.Fprintf), and do the same
fix for the other occurrence (the writes around lines 144-145) so each opened
file is closed per iteration and errors from Close are handled or logged.

In `@test/e2e/namespaces/namespaces.go`:
- Line 68: Replace the fmt.Errorf call that currently formats the error with %v
(the call containing the message "failed to delete pods" and the variable err)
so it wraps the underlying error using %w (e.g., fmt.Errorf("failed to delete
pods: %w", err)); update the return in the function in namespaces.go to use %w
to preserve error-chain semantics when returning err.

---

Nitpick comments:
In `@pkg/webhook/webhook_suite_test.go`:
- Around line 585-600: The test helper silently builds a TCP-shaped rule for
unknown protocols; update the switch on variable protocol (which currently
handles ingressnodefwv1alpha1.ProtocolTypeUDP and ProtocolTypeSCTP and
constructs rule as ingressnodefwv1alpha1.IngressNodeFirewallRules using
getUDPRule/getSCTPRule) to include a default case that fails fast (e.g.,
t.Fatalf or panic) reporting the unexpected protocol value so typos or new enum
values cause the test to fail rather than produce a misleading fixture.

In `@pkg/webhook/webhook.go`:
- Around line 37-45: Replace the deprecated untyped webhook wiring: remove the
webhook.CustomValidator assignment and the WithCustomValidator calls in
SetupWebhookWithManager and instead implement the typed
admission.Validator[ingressnodefwv1alpha1.IngressNodeFirewall] on
IngressNodeFirewallWebhook and register it via ctrl.NewWebhookManagedBy(mgr,
&ingressnodefwv1alpha1.IngressNodeFirewall{}).WithValidator(&IngressNodeFirewallWebhook{}).Complete();
update the method signatures for ValidateCreate, ValidateUpdate, and
ValidateDelete to accept *ingressnodefwv1alpha1.IngressNodeFirewall (typed
versions) so they satisfy admission.Validator[T], and drop the
//nolint:staticcheck suppressions related to
CustomValidator/WithCustomValidator.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 2dfd9c4e-d13e-41cf-90c8-d0f376b014f7

📥 Commits

Reviewing files that changed from the base of the PR and between 2394cf2 and 3730c83.

⛔ Files ignored due to path filters (249)
  • go.sum is excluded by !**/*.sum
  • vendor/github.com/emicklei/go-restful/v3/.travis.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/emicklei/go-restful/v3/CHANGES.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/emicklei/go-restful/v3/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/emicklei/go-restful/v3/curly.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/emicklei/go-restful/v3/custom_verb.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/emicklei/go-restful/v3/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/emicklei/go-restful/v3/jsr311.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/emicklei/go-restful/v3/route.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/.cirrus.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/.editorconfig is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/.gitattributes is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/.gitignore is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/backend_fen.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/backend_inotify.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/backend_kqueue.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/backend_other.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/backend_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/fsnotify.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/darwin.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/debug_linux.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/debug_solaris.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/debug_windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/freebsd.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/internal.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/unix.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/unix2.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/internal/windows.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/mkdoc.zsh is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/shared.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/staticcheck.conf is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/system_bsd.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fsnotify/fsnotify/system_darwin.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/bytestring.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/cache.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/common.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/decode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/encode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/encode_map.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/encode_map_go117.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/omitzero_go124.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/omitzero_pre_go124.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/simplevalue.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/stream.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/structfields.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/fxamacker/cbor/v2/tag.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/go-logr/logr/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/AUTHORS is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/CONTRIBUTORS is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/Makefile is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/clone.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/custom_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/decode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/deprecated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/discard.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/duration.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/duration_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/encode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/encode_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/equal.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/extensions.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/extensions_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/lib.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/lib_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/message_set.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/pointer_reflect.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/properties.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/properties_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/skip_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/table_marshal.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/table_merge.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/table_unmarshal.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/text.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/text_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/text_parser.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/timestamp.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/wrappers.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gogo/protobuf/sortkeys/sortkeys.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/AUTHORS is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/CONTRIBUTORS is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/proto/buffer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/proto/defaults.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/proto/deprecated.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/proto/discard.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/proto/extensions.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/proto/properties.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/proto/proto.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/proto/registry.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/proto/text_decode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/proto/text_encode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/proto/wire.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/proto/wrappers.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/ptypes/any.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/ptypes/any/any.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/ptypes/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/ptypes/duration.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/ptypes/duration/duration.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/ptypes/timestamp.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/golang/protobuf/ptypes/timestamp/timestamp.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/github.com/google/btree/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/btree/btree.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/btree/btree_generic.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/compiler/context.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/compiler/extensions.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/compiler/helpers.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/compiler/reader.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/extensions/extension.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/extensions/extensions.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/jsonschema/models.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/jsonschema/reader.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/jsonschema/writer.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/openapiv2/OpenAPIv2.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/openapiv2/document.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/openapiv3/OpenAPIv3.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/openapiv3/annotations.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/openapiv3/annotations.proto is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gnostic-models/openapiv3/document.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gofuzz/.travis.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gofuzz/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gofuzz/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gofuzz/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/google/gofuzz/fuzz.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/client.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/compression.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/conn.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/proxy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/server.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/tls_handshake.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/tls_handshake_116.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/util.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/gorilla/websocket/x_net_proxy.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/NOTICE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/connection.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/PATENTS is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/dictionary.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/options.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/read.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/types.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/moby/spdystream/spdy/write.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/modern-go/reflect2/safe_type.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/flowrate/flowrate.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/flowrate/io.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/mxk/go-flowrate/flowrate/util.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/format/format.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/internal/async_assertion.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/matchers.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/matchers/be_comparable_to_matcher.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/matchers/have_key_matcher.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/matchers/match_yaml_matcher.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/pmezard/go-difflib/LICENSE is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/pmezard/go-difflib/difflib/difflib.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/client_golang/prometheus/desc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/client_golang/prometheus/internal/difflib.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/client_golang/prometheus/internal/go_runtime_metrics.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/client_golang/prometheus/labels.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/client_golang/prometheus/metric.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/client_golang/prometheus/process_collector_darwin.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/client_golang/prometheus/process_collector_mem_nocgo_darwin.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/client_golang/prometheus/process_collector_procfsenabled.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/client_golang/prometheus/promhttp/instrument_server.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/client_golang/prometheus/testutil/testutil.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/client_golang/prometheus/vec.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/client_golang/prometheus/wrap.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/expfmt/decode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/expfmt/encode.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/expfmt/expfmt.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/expfmt/fuzz.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/expfmt/openmetrics_create.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/expfmt/text_create.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/expfmt/text_parse.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/model/labels.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/model/labelset.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/model/metric.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/model/time.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/model/value.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/model/value_histogram.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/common/model/value_type.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/.golangci.yml is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/Makefile is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/Makefile.common is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/README.md is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/arp.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/buddyinfo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/cmdline.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/cpuinfo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/cpuinfo_armx.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/cpuinfo_loong64.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/cpuinfo_mipsx.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/cpuinfo_others.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/cpuinfo_ppcx.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/cpuinfo_riscvx.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/cpuinfo_s390x.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/cpuinfo_x86.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/crypto.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/doc.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/fs.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/fs_statfs_notype.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/fs_statfs_type.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/fscache.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/internal/fs/fs.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/internal/util/parse.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/internal/util/readfile.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/internal/util/sysreadfile.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/internal/util/sysreadfile_compat.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/internal/util/valueparser.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/ipvs.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/kernel_hung.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/kernel_random.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/loadavg.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/mdstat.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/meminfo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/mountinfo.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/mountstats.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/net_conntrackstat.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/net_dev.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/net_dev_snmp6.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/net_ip_socket.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/net_protocols.go is excluded by !**/vendor/**, !vendor/**
  • vendor/github.com/prometheus/procfs/net_route.go is excluded by !**/vendor/**, !vendor/**
📒 Files selected for processing (51)
  • .ci-operator.yaml
  • Dockerfile
  • Dockerfile.daemon
  • Dockerfile.daemon.openshift
  • Dockerfile.openshift
  • Makefile
  • README.md
  • api/v1alpha1/groupversion_info.go
  • bundle.Dockerfile
  • bundle/manifests/ingress-node-firewall.clusterserviceversion.yaml
  • bundle/manifests/ingressnodefirewall.openshift.io_ingressnodefirewallconfigs.yaml
  • bundle/manifests/ingressnodefirewall.openshift.io_ingressnodefirewallnodestates.yaml
  • bundle/manifests/ingressnodefirewall.openshift.io_ingressnodefirewalls.yaml
  • bundle/metadata/annotations.yaml
  • config/crd/bases/ingressnodefirewall.openshift.io_ingressnodefirewallconfigs.yaml
  • config/crd/bases/ingressnodefirewall.openshift.io_ingressnodefirewallnodestates.yaml
  • config/crd/bases/ingressnodefirewall.openshift.io_ingressnodefirewalls.yaml
  • config/manifests/bases/ingress-node-firewall.clusterserviceversion.yaml
  • config/olm-install/install-resources.yaml
  • controllers/ingressnodefirewall_controller.go
  • controllers/ingressnodefirewall_controller_rules_test.go
  • controllers/ingressnodefirewall_controller_test.go
  • controllers/ingressnodefirewallconfig_controller.go
  • controllers/ingressnodefirewallnodestate_controller.go
  • go.mod
  • hack/generators.Dockerfile
  • hack/lint.sh
  • manifests/art.yaml
  • manifests/ingress-node-firewall.package.yaml
  • manifests/stable/ingress-node-firewall.clusterserviceversion.yaml
  • manifests/stable/ingressnodefirewall.openshift.io_ingressnodefirewallconfigs.yaml
  • manifests/stable/ingressnodefirewall.openshift.io_ingressnodefirewallnodestates.yaml
  • manifests/stable/ingressnodefirewall.openshift.io_ingressnodefirewalls.yaml
  • openshift-ci/wait_for_csv.sh
  • pkg/bpf-mgr/lib-bpfman.go
  • pkg/ebpf/ingress_node_firewall_events.go
  • pkg/ebpf/ingress_node_firewall_loader.go
  • pkg/ebpfsyncer/ebpfsyncer.go
  • pkg/ebpfsyncer/ebpfsyncer_test.go
  • pkg/render/render.go
  • pkg/utils/utils.go
  • pkg/version/version.go
  • pkg/webhook/webhook.go
  • pkg/webhook/webhook_suite_test.go
  • test/e2e/events/events.go
  • test/e2e/exec/exec.go
  • test/e2e/functional/tests/e2e.go
  • test/e2e/ingress-node-firewall/ingress-node-firewall.go
  • test/e2e/k8sreporter/reporter.go
  • test/e2e/namespaces/namespaces.go
  • test/e2e/validation/tests/validation.go

Comment thread Dockerfile
@@ -1,5 +1,5 @@
# Build the manager binary
FROM golang:1.25 as builder
FROM golang:1.26 as builder

@coderabbitai coderabbitai Bot May 27, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify unpinned non-Red Hat base images in Dockerfiles
rg -n '^\s*FROM\s+(golang|gcr\.io|docker\.io|ghcr\.io)/[^@[:space:]]+:[^[:space:]]+' --iglob 'Dockerfile*'

Repository: openshift/ingress-node-firewall

Length of output: 127

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Locate Dockerfiles/Containerfiles
echo "== Dockerfiles =="
fd -a -t f -g 'Dockerfile*' -g 'Containerfile*' . | sort

echo
echo "== FROM lines (all Dockerfile* and Containerfile*) =="
fd -a -t f -g 'Dockerfile*' -g 'Containerfile*' . -x \
  rg -n --no-heading '^\s*FROM\s+' | sort

echo
echo "== FROM golang:* (all Dockerfile* and Containerfile*) =="
fd -a -t f -g 'Dockerfile*' -g 'Containerfile*' . -x \
  rg -n --no-heading '^\s*FROM\s+golang:[^@[:space:]]+' --hidden | sort

echo
echo "== Initial targeted regex again (for mutable tags) =="
rg -n '^\s*FROM\s+(golang|gcr\.io|docker\.io|ghcr\.io)/[^@[:space:]]+:[^[:space:]]+' --iglob 'Dockerfile*' || true

Repository: openshift/ingress-node-firewall

Length of output: 1178

🏁 Script executed:

#!/bin/bash
set -euo pipefail

fd -a -t f -g 'Dockerfile*' . | sort | while read -r f; do
  echo "== $f =="
  nl -ba "$f" | rg -n '^\s*FROM\s+' || true
  echo
done

echo "== Focus: golang:1.26 FROM lines (all Dockerfiles) =="
fd -a -t f -g 'Dockerfile*' . | sort | xargs -I{} sh -c 'rg -n "^\s*FROM\s+golang:1\.26\b" "{}" || true'

Repository: openshift/ingress-node-firewall

Length of output: 750

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== Occurrences of exact lowercase variant =="
rg -n --with-filename '^\s*FROM\s+golang:1\.26\s+as\s+builder\b' Dockerfile* Dockerfile* 2>/dev/null || true
rg -n --with-filename '^\s*FROM\s+golang:1\.26\s+as\s+builder\b' . -g 'Dockerfile*' || true

echo
echo "== Occurrences of exact uppercase variant =="
rg -n --with-filename '^\s*FROM\s+golang:1\.26\s+AS\s+builder\b' . -g 'Dockerfile*' || true

Repository: openshift/ingress-node-firewall

Length of output: 341

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "== ./Dockerfile: line 1-40 =="
awk 'NR>=1 && NR<=40 {printf "%d:%s\n", NR, $0}' Dockerfile

echo
echo "== ./Dockerfile: FROM lines (full) =="
awk 'match($0,/^\s*FROM/){print NR ":" $0}' Dockerfile

echo
echo "== ./Dockerfile.daemon: FROM lines (full) =="
awk 'match($0,/^\s*FROM/){print NR ":" $0}' Dockerfile.daemon

Repository: openshift/ingress-node-firewall

Length of output: 1319

Review comment

File: Dockerfile
Lines: 2-2

Snippet showing the final state of code at these lines

FROM golang:1.26 as builder

Comment

Pin non-Red Hat base images by digest.

golang:1.26 (builder, line 2) and gcr.io/distroless/static:nonroot (final stage, line 24) are non-Red Hat tag-based images; pin them by @sha256:... to keep builds reproducible and reduce supply-chain risk.

As per coding guidelines for **/{Dockerfile,Containerfile}*: "non-RH images: pin by digest".

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` at line 2, Replace tag-based base images with digest-pinned
references: change the builder FROM golang:1.26 to the corresponding
digest-pinned form (golang:1.26@sha256:...) and the final stage FROM
gcr.io/distroless/static:nonroot to its digest-pinned form
(gcr.io/distroless/static:nonroot@sha256:...); obtain the canonical sha256
digests using a registry inspect command (e.g., docker pull + docker image
inspect or skopeo inspect) for each image and update the Dockerfile to use those
`@sha256` digests to make builds reproducible and reduce supply-chain risk.

Comment thread Dockerfile.daemon
@@ -1,4 +1,4 @@
FROM golang:1.25 AS builder
FROM golang:1.26 AS builder

@coderabbitai coderabbitai Bot May 27, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# List all FROM lines so pinned vs unpinned bases can be checked quickly
rg -n '^\s*FROM\s+' --iglob 'Dockerfile*'

Repository: openshift/ingress-node-firewall

Length of output: 750

Pin non-RH FROM images in Dockerfile.daemon by digest

  • Dockerfile.daemon:1 uses golang:1.26 without a digest.
  • Dockerfile.daemon:7 uses quay.io/centos/centos:stream8 without a digest.
    Update both to FROM ...@sha256:<digest> as required for non-RH images.
🧰 Tools
🪛 Trivy (0.69.3)

[error] 1-1: Image user should not be 'root'

Specify at least 1 USER command in Dockerfile with non-root user as argument

Rule: DS-0002

Learn more

(IaC/Dockerfile)

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile.daemon` at line 1, Replace the two unpinned base images in
Dockerfile.daemon — the FROM golang:1.26 stage and the FROM
quay.io/centos/centos:stream8 stage — with digest-pinned references (e.g., FROM
golang:1.26@sha256:<digest> and FROM
quay.io/centos/centos:stream8@sha256:<digest>); fetch the exact sha256 digests
from the respective registries (Docker Hub for golang, Quay for quay.io/centos)
or by pulling the images and inspecting manifest digests, then update the
Dockerfile lines to use those `@sha256` digests so the builds are reproducible.

Comment thread hack/lint.sh

# pin golangci-lint version to 1.54.2
VERSION=v1.54.2
# pin golangci-lint version to 1.64.8#1.54.2

@coderabbitai coderabbitai Bot May 27, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Fix the malformed version comment.

The comment includes an accidental concatenation (1.64.8#1.54.2), which is misleading during maintenance.

Suggested fix 
-# pin golangci-lint version to 1.64.8#1.54.2
+# pin golangci-lint version to 1.64.8
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# pin golangci-lint version to 1.64.8#1.54.2
# pin golangci-lint version to 1.64.8
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@hack/lint.sh` at line 5, The comment string "# pin golangci-lint version to
1.64.8#1.54.2" is malformed; replace the concatenated version token
"1.64.8#1.54.2" with the intended single version (e.g., "1.64.8") so the comment
reads "# pin golangci-lint version to 1.64.8" (update the comment text wherever
the exact malformed token appears).

Comment thread Makefile
Comment on lines +374 to +375
curl -Lk https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_linux_amd64 > $(OPERATOR_SDK) ;\
chmod u+x $(OPERATOR_SDK) ;\

@coderabbitai coderabbitai Bot May 27, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Remove curl -k when downloading operator-sdk binary.

Using -k disables TLS cert verification for a supply-chain download path and enables MITM risk in CI/dev environments.

Suggested fix 
-	curl -Lk https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_linux_amd64 > $(OPERATOR_SDK) ;\
+	curl -L https://github.com/operator-framework/operator-sdk/releases/download/$(OPERATOR_SDK_VERSION)/operator-sdk_linux_amd64 > $(OPERATOR_SDK) ;\
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Makefile` around lines 374 - 375, The curl invocation that downloads the
operator-sdk binary uses the insecure -k flag; update the Makefile command that
references OPERATOR_SDK_VERSION and writes to $(OPERATOR_SDK) to remove -k and
use a safer curl invocation (e.g., keep -L, add --fail and --show-error) so TLS
cert verification is enforced and failures are visible; ensure the subsequent
chmod u+x $(OPERATOR_SDK) step remains unchanged.

Comment thread pkg/webhook/webhook_suite_test.go
Comment on lines +147 to 148
_ = conn.Close()
return nil

@coderabbitai coderabbitai Bot May 27, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Propagate the TLS close error from the readiness probe.

If conn.Close() starts failing here, Eventually still returns nil and hides the signal. Returning the close error keeps the probe honest.

🔧 Small fix 
-		_ = conn.Close()
-		return nil
+		return conn.Close()

As per coding guidelines "Never ignore error returns".

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
_ = conn.Close()
return nil
return conn.Close()
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@pkg/webhook/webhook_suite_test.go` around lines 147 - 148, The readiness
probe closure currently ignores the return value of conn.Close() (using "_ =
conn.Close()" and returning nil), which hides errors from the Eventually check;
update the closure used by the readiness probe (the function passed to
Eventually in webhook_suite_test.go) to propagate the TLS close error by
returning conn.Close() (or checking the error and returning it) instead of
discarding it so Eventually receives and fails on any Close() error.

Comment thread README.md
Comment on lines +71 to 73
operator-sdk 1.42.2

controller-gen v0.20.1+

@coderabbitai coderabbitai Bot May 27, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Keep tool prerequisite versions aligned with Makefile defaults.

README now lists operator-sdk 1.42.2, but still advertises controller-gen v0.20.1+ while Makefile was bumped to v0.21.0. Please update this line to avoid contributor environment drift.

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@README.md` around lines 71 - 73, README lists mismatched tool versions: it
shows "operator-sdk 1.42.2" and "controller-gen v0.20.1+" while the Makefile was
bumped to v0.21.0; update the README entry for "controller-gen v0.20.1+" to
"controller-gen v0.21.0" so the README's prerequisite versions match the
Makefile defaults.

Comment thread test/e2e/k8sreporter/reporter.go
Comment on lines +95 to +96
defer func() { _ = f.Close() }()
_, _ = fmt.Fprintf(f, "-----------------------------------\n")

@coderabbitai coderabbitai Bot May 27, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Close files per iteration; avoid defer in the outer loop body.

These defer calls execute only when the whole function returns, so many files can stay open at once and exhaust descriptors on large pod sets.

💡 Suggested fix 
 for _, pod := range pods.Items {
 	f, err := logFileFor(r.reportPath, dirName, pod.Namespace+"-pods_specs")
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "failed to open pods_specs file: %v\n", dirName)
 		return
 	}
-	defer func() { _ = f.Close() }()
-	_, _ = fmt.Fprintf(f, "-----------------------------------\n")
-	j, err := json.MarshalIndent(pod, "", "    ")
-	if err != nil {
-		fmt.Println("Failed to marshal pods", err)
-		return
-	}
-	_, _ = fmt.Fprintln(f, string(j))
+	_, _ = fmt.Fprintf(f, "-----------------------------------\n")
+	j, err := json.MarshalIndent(pod, "", "    ")
+	if err != nil {
+		_ = f.Close()
+		fmt.Println("Failed to marshal pods", err)
+		return
+	}
+	_, _ = fmt.Fprintln(f, string(j))
+	_ = f.Close()
 }
 for _, pod := range pods.Items {
 	...
 	f, err := logFileFor(r.reportPath, dirName, pod.Namespace+"-pods_logs")
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "failed to open pods_logs file: %v\n", dirName)
 		return
 	}
-	defer func() { _ = f.Close() }()
 	containersToLog := make([]corev1.Container, 0)
 	...
 	for _, container := range containersToLog {
 		logs, err := r.clients.Pods(pod.Namespace).GetLogs(pod.Name, &corev1.PodLogOptions{Container: container.Name}).DoRaw(context.Background())
 		if err == nil {
 			_, _ = fmt.Fprintf(f, "-----------------------------------\n")
 			_, _ = fmt.Fprintf(f, "Dumping logs for pod %s-%s-%s\n", pod.Namespace, pod.Name, container.Name)
 			_, _ = fmt.Fprintln(f, string(logs))
 		}
 	}
+	_ = f.Close()
 }

Also applies to: 144-145

🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/e2e/k8sreporter/reporter.go` around lines 95 - 96, The defer f.Close()
inside the loop keeps many files open until function exit; change to close each
file immediately after writing: replace "defer func() { _ = f.Close() }()" with
a direct close call (e.g., err := f.Close(); if err != nil { /* log or handle */
}) right after the fmt.Fprintf calls that write to f (the variable f used with
fmt.Fprintf), and do the same fix for the other occurrence (the writes around
lines 144-145) so each opened file is closed per iteration and errors from Close
are handled or logged.

Comment thread test/e2e/namespaces/namespaces.go
}, metav1.ListOptions{})
if err != nil {
return fmt.Errorf("Failed to delete pods %v", err)
return fmt.Errorf("failed to delete pods %v", err)

@coderabbitai coderabbitai Bot May 27, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor | ⚡ Quick win

Wrap the underlying error with %w to keep error-chain semantics.

Using %v loses structured error unwrapping for callers.

💡 Suggested fix 
-		return fmt.Errorf("failed to delete pods %v", err)
+		return fmt.Errorf("failed to delete pods: %w", err)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
return fmt.Errorf("failed to delete pods %v", err)
return fmt.Errorf("failed to delete pods: %w", err)
🤖 Prompt for AI Agents 
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@test/e2e/namespaces/namespaces.go` at line 68, Replace the fmt.Errorf call
that currently formats the error with %v (the call containing the message
"failed to delete pods" and the variable err) so it wraps the underlying error
using %w (e.g., fmt.Errorf("failed to delete pods: %w", err)); update the return
in the function in namespaces.go to use %w to preserve error-chain semantics
when returning err.

@vinnie1110

vinnie1110 commented Jun 2, 2026

Copy link
Copy Markdown
Author

/retest

@openshift-ci

openshift-ci Bot commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

@vinnie1110: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@taanyas

taanyas commented Jun 2, 2026

Copy link
Copy Markdown

@danwinship @miheer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@abhat abhat Awaiting requested review from abhat

@martinkennelly martinkennelly Awaiting requested review from martinkennelly

Assignees

No one assigned

Labels

do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vinnie1110 @openshift-ci-robot @taanyas