MGMT-24455: upgrade to golang 1.26

[shay23bra]

Summary

• Upgrade Go version from 1.25 to 1.26 in go.mod and Dockerfiles
• Update toolchain to go1.26.2
• Bump golangci-lint from v2.8.0 to v2.11.4

https://redhat.atlassian.net/browse/MGMT-24455

[openshift-ci-robot]

@shay23bra: This pull request references MGMT-24455 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

• Upgrade Go version from 1.25 to 1.26 in go.mod and Dockerfiles
• Update toolchain to go1.26.2
• Bump golangci-lint from v2.8.0 to v2.12.2

https://redhat.atlassian.net/browse/MGMT-24455

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

Go toolchain directives and builder-stage images are upgraded to Go 1.26; golangci-lint version in the helper script is bumped to 2.11.4.

Changes

Go 1.26 Toolchain Upgrade

Layer / File(s)	Summary
Go version directives and builder images go.mod, Dockerfile, Dockerfile.konflux	go.mod updated to go 1.26.0 and toolchain go1.26.2; Dockerfile and Dockerfile.konflux builder-stage base images changed to Go 1.26 tags.
golangci-lint version hack/golangci-lint.sh	VERSION constant updated from 2.8.0 to 2.11.4 in the lint install/run script.

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 5 | ❌ 10

❌ Failed checks (10 inconclusive)

Check name	Status	Explanation	Resolution
Stable And Deterministic Test Names	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Test Structure And Quality	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Microshift Test Compatibility	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Single Node Openshift (Sno) Test Compatibility	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Topology-Aware Scheduling Compatibility	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Ote Binary Stdout Contract	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Ipv6 And Disconnected Network Test Compatibility	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
No-Weak-Crypto	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
Container-Privileges	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.
No-Sensitive-Data-In-Logs	❓ Inconclusive	Repository clone failed, so this custom check could not run with code access.	Retry the review run. If this persists, inspect pre-merge custom-check logs for infrastructure or agent runtime failures.

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and accurately summarizes the main change: upgrading Go from version 1.25 to 1.26, which is reflected across all modified files (Dockerfile, Dockerfile.konflux, go.mod, and golangci-lint.sh).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: shay23bra
Once this PR has been reviewed and has the lgtm label, please assign jc-rh for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

Dockerfile.konflux (1)

20-53: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Add HEALTHCHECK directive for runtime container.

The Dockerfile is missing a HEALTHCHECK instruction. As per coding guidelines, container images should define a HEALTHCHECK to enable Kubernetes/OpenShift to monitor application health and perform automatic restarts when needed.

🏥 Proposed HEALTHCHECK addition

Consider adding a health check before the ENTRYPOINT:

 USER 65532:65532
 ENV GODEBUG=madvdontneed=1
 ENV GOGC=50
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD ["/usr/local/bin/manager", "healthz"] || exit 1

 ENTRYPOINT ["/usr/local/bin/manager"]

Note: Adjust the healthcheck command to match the actual health endpoint exposed by the manager.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile.konflux` around lines 20 - 53, Add a HEALTHCHECK instruction to
the Dockerfile (placed before ENTRYPOINT) that runs a lightweight command
against the manager process (the /usr/local/bin/manager binary started by
ENTRYPOINT) to verify liveness/readiness (e.g., an HTTP call to the manager's
health endpoint or an exec script that returns 0 on success); configure sensible
options (interval, timeout, start-period, retries) so Kubernetes/OpenShift can
detect failures and restart the container when the health probe fails.

Dockerfile (1)

22-37: 🛠️ Refactor suggestion | 🟠 Major | ⚡ Quick win

Add HEALTHCHECK directive for runtime container.

The Dockerfile is missing a HEALTHCHECK instruction. As per coding guidelines, container images should define a HEALTHCHECK to enable container orchestrators to monitor application health and restart unhealthy containers.

🏥 Proposed HEALTHCHECK addition

Consider adding a health check before the ENTRYPOINT. The exact endpoint will depend on what the manager exposes:

 USER 65532:65532
 ENV GODEBUG=madvdontneed=1
 ENV GOGC=50
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD ["/usr/local/bin/manager", "healthz"] || exit 1

 ENTRYPOINT ["/usr/local/bin/manager"]

Note: Adjust the healthcheck command based on the actual health endpoint provided by the manager binary.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 22 - 37, Add a Docker HEALTHCHECK instruction
immediately before the ENTRYPOINT to allow orchestrators to monitor the manager
process; call the manager's health endpoint or run a lightweight probe that
verifies the binary started correctly (for example an HTTP GET against the
manager's /health or an exec that checks responsiveness), and include
conservative interval, timeout and retries options (e.g., --interval, --timeout,
--start-period, --retries) so failures cause container to be marked unhealthy;
ensure the probe command targets the same binary referenced by ENTRYPOINT
("/usr/local/bin/manager") and works with the non-root USER 65532:65532 in the
image.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Outside diff comments:
In `@Dockerfile`:
- Around line 22-37: Add a Docker HEALTHCHECK instruction immediately before the
ENTRYPOINT to allow orchestrators to monitor the manager process; call the
manager's health endpoint or run a lightweight probe that verifies the binary
started correctly (for example an HTTP GET against the manager's /health or an
exec that checks responsiveness), and include conservative interval, timeout and
retries options (e.g., --interval, --timeout, --start-period, --retries) so
failures cause container to be marked unhealthy; ensure the probe command
targets the same binary referenced by ENTRYPOINT ("/usr/local/bin/manager") and
works with the non-root USER 65532:65532 in the image.

In `@Dockerfile.konflux`:
- Around line 20-53: Add a HEALTHCHECK instruction to the Dockerfile (placed
before ENTRYPOINT) that runs a lightweight command against the manager process
(the /usr/local/bin/manager binary started by ENTRYPOINT) to verify
liveness/readiness (e.g., an HTTP call to the manager's health endpoint or an
exec script that returns 0 on success); configure sensible options (interval,
timeout, start-period, retries) so Kubernetes/OpenShift can detect failures and
restart the container when the health probe fails.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 8fc1e25b-7aed-44ec-932d-5e11f1405687

📥 Commits

Reviewing files that changed from the base of the PR and between ba0f520 and d78d800.

📒 Files selected for processing (4)

• Dockerfile
• Dockerfile.konflux
• go.mod
• hack/golangci-lint.sh

[shay23bra]

/retest

[openshift-ci]

@shay23bra: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.