Skip to content

Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.4-1783628461 (main)#3368

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x
Open

Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.4-1783628461 (main)#3368
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Jun 27, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
registry.access.redhat.com/ubi9/go-toolset stage patch 1.26.31.26.4-1783628461

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@red-hat-konflux red-hat-konflux Bot enabled auto-merge June 27, 2026 02:00
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x branch from a1fc84c to 76c8528 Compare June 27, 2026 02:03
@fullsend-ai-review

fullsend-ai-review Bot commented Jun 27, 2026

Copy link
Copy Markdown

🤖 Review · ⚠️ Cancelled · Started 2:06 AM UTC · Ended 2:09 AM UTC
Commit: 47d3320 · View workflow run →

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x branch from 76c8528 to 0148438 Compare June 27, 2026 02:08
@fullsend-ai-review

fullsend-ai-review Bot commented Jun 27, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:12 AM UTC · Completed 2:18 AM UTC
Commit: 47d3320 · View workflow run →

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 27, 2026

Copy link
Copy Markdown

Review

Outcome: Approve ✅

Summary

This is an automated Renovate dependency update that bumps the ubi9/go-toolset Docker base image in Dockerfile.dist from 1.26.3 to 1.26.4-1783628461, with an updated digest pin.

Analysis

Dimension Assessment
Correctness ✅ Single-line tag+digest update. No logic, build script, or configuration changes.
Security ✅ Image remains digest-pinned (@sha256:9748bb...) from Red Hat's official registry (registry.access.redhat.com). Supply chain integrity is preserved.
Compatibility go.mod specifies go 1.26.3. The Go 1.26.4 toolset is backward-compatible for building 1.26.3-targeting modules — Go's patch-level compatibility guarantees apply.
Scope ✅ Only Dockerfile.dist (the distribution/production Dockerfile) is modified. The development Dockerfile uses a separate docker.io/library/golang image and is not affected.
Documentation ✅ No documentation changes needed for a build image version bump.
Cross-repo contracts ✅ No API, schema, or interface changes.

No findings.


Protected paths detected — this PR modifies files under one or more
protected paths. The review agent cannot approve PRs that touch these paths.
A human reviewer must approve this PR.

Protected files in this PR:

  • Dockerfile.dist
Previous run

Review

Verdict: ✅ Approve

This is a routine, bot-generated Docker base image tag and digest bump in Dockerfile.dist:

  • Image: registry.access.redhat.com/ubi9/go-toolset
  • Tag: 1.26.31.26.4-1783628461
  • Digest: Updated from sha256:17c888d...sha256:9748bb0b...

Analysis

Dimension Result
Correctness ✅ No issues. The tag update is consistent with the file structure. The separate Dockerfile uses a different base image (docker.io/library/golang:1.26.3) and is not affected by this change.
Security ✅ No issues. Digest pinning is preserved, ensuring image immutability. No secrets, injection patterns, or permission changes.
Intent & coherence ✅ Mechanical change by Renovate bot — scope authorization is implicit.
Style & conventions ✅ Follows existing FROM image:tag@sha256:digest AS stage pattern.
Documentation ✅ No documentation impact — no public API, CLI, or behavioral changes.
Cross-repo contracts ⏭ Skipped — no exported interfaces modified.

No findings at or above the reporting threshold.


Protected paths detected — this PR modifies files under one or more
protected paths. The review agent cannot approve PRs that touch these paths.
A human reviewer must approve this PR.

Protected files in this PR:

  • Dockerfile.dist
Previous run (2)

Review — Approve

PR: #3368 — Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.4-1783442369 (main)

Summary

This is an automated MintMaker/Renovate PR that updates the go-toolset base image in Dockerfile.dist from 1.26.3 to 1.26.4-1783442369. The change is a single-line patch-level version bump with the sha256 digest pin properly updated alongside the tag.

Analysis

Dimension Result
Correctness ✅ Both tag and digest updated together — the standard pattern for digest-pinned images. Go 1.26.4 is a patch release, backward compatible with the go 1.26.3 directive in go.mod.
Security ✅ Digest pinning is maintained, ensuring reproducible builds. Patch updates to the Go toolset typically include security fixes. Image sourced from Red Hat's official registry.
Intent & coherence ✅ Standard automated dependency update from the configured MintMaker bot. Scope is minimal and appropriate.
Style & conventions ✅ The FROM image:tag@sha256:digest format is consistent with the existing Dockerfile pattern.
Documentation ✅ No documentation impact — build-time dependency only.
Cross-repo contracts ✅ No API, schema, or interface changes.

Notes

  • Dockerfile (local dev) uses docker.io/library/golang:1.26.3 — a different image managed by a separate Renovate rule. No inconsistency.
  • The requires-manual-review label indicates this repo's policy expects human sign-off on dependency updates.

No findings.


Protected paths detected — this PR modifies files under one or more
protected paths. The review agent cannot approve PRs that touch these paths.
A human reviewer must approve this PR.

Protected files in this PR:

  • Dockerfile.dist
Previous run (3)

Review of #3368

Verdict: ✅ Approve

Summary

Automated Renovate bot update of the ubi9/go-toolset Docker base image in Dockerfile.dist from 1.26.3 to 1.26.4-1783442369 with updated SHA256 digest pinning. This is a mechanical, value-only dependency bump.

Dimensions reviewed

Dimension Result
Correctness ✅ No findings — tag and digest properly updated together; Go 1.26.4 toolchain is backward-compatible with the project's go 1.26.3 module directive
Security ✅ No findings — digest pinning maintained, no secrets or permission changes
Intent & coherence ✅ Mechanical change — scope authorization implicit from automated dependency update
Style & conventions ✅ No findings — FROM line follows same tag@sha256:digest pattern
Documentation currency ✅ No findings — no behavioral changes requiring doc updates
Cross-repo contracts ⏭ Skipped — no exported interfaces or API surface modified

No findings above the reporting threshold.


Protected paths detected — this PR modifies files under one or more
protected paths. The review agent cannot approve PRs that touch these paths.
A human reviewer must approve this PR.

Protected files in this PR:

  • Dockerfile.dist
Previous run (4)

Review

Findings

High

  • [protected-path] Dockerfile.dist:19 — This file is under a protected path (Dockerfile). The PR modifies a governance/infrastructure file but has no linked issue justifying the change. While this is an automated Renovate dependency update (go-toolset 1.26.3 → 1.26.4-1782980183 with pinned digest), protected-path changes always require human approval regardless of the change's nature.
    Remediation: A human maintainer must review and approve this protected-path change. Consider linking a tracking issue or policy that authorizes automated Dockerfile base image updates to streamline future Renovate PRs.
Previous run (5)

Review

Findings

High

  • [protected-path] Dockerfile.dist:19 — This PR modifies Dockerfile.dist, which falls under the Dockerfile protected path. The PR has no linked issue providing authorization for the change. While the PR is an automated Renovate/MintMaker dependency update (Docker tag bump from 1.26.3 to 1.26.4-1782980183 with updated digest), and renovate.json is configured in the repository, human approval is always required for protected-path changes.
    Remediation: A maintainer should review and approve this Dockerfile change. No code changes are needed — this is a governance gate, not a code defect.
Previous run (6)

Review

Findings

High

  • [protected-path] Dockerfile.dist:19 — This file matches the Dockerfile protected path. The PR modifies a governance/infrastructure file but has no linked issue justifying the change. While the PR is a Renovate-managed Docker image tag bump (go-toolset 1.26.3 → 1.26.4-1782910875) with a pinned digest, human approval is always required for protected-path changes.
    Remediation: Obtain explicit human approval for this Dockerfile change. Consider linking a tracking issue that authorizes Renovate-managed Dockerfile updates.
Previous run (7)

Review

Findings

Medium

  • [protected-path] Dockerfile.dist — This file matches a protected path (Dockerfile). The PR is an automated Renovate dependency update bumping the ubi9/go-toolset base image from 1.26.3 to 1.26.4-1782910875 with an updated digest pin. The rationale is clear from the PR description and labels. Human approval is always required for protected-path changes, regardless of context.
Previous run (8)

Review

Findings

High

  • [protected-path] Dockerfile.dist:19Dockerfile.dist is under the protected path Dockerfile. This PR has no linked issue justifying the modification of governance/infrastructure files. Protected-path changes always require human reviewer approval regardless of the nature of the change.
    Remediation: Link an authorizing issue or obtain explicit human reviewer approval for this protected-path change.
Previous run (9)

Review

Findings

High

  • [protected-path] Dockerfile.dist:19 — This PR modifies Dockerfile.dist, which falls under the Dockerfile protected path. The PR has no linked issue providing authorization for modifying governance/infrastructure files. Human approval is required for all protected-path changes.
    Remediation: Link an issue that authorizes this Dockerfile change, or obtain explicit human maintainer approval.
Previous run (10)

Review

Findings

High

  • [protected-path] Dockerfile.dist:19 — This file matches the Dockerfile protected path. The PR modifies a governance/infrastructure file (Dockerfile.dist) but has no linked issue providing authorization or justification for the change. While this is an automated dependency version bump from MintMaker/Renovate, protected-path changes always require human approval regardless of the change's nature.
    Remediation: A maintainer should review and approve this protected-path change. No code changes are needed — this finding is a governance gate, not a code quality issue.
Previous run (11)

Review

Findings

High

  • [protected-path] Dockerfile.dist — This file falls under the Dockerfile protected path. The PR has no linked issue providing authorization for changes to governance/infrastructure files. While the change itself is a trivial Docker tag update (1.26.31.26.3-1782377916) with an unchanged image digest, human approval is always required for protected-path modifications.
    Remediation: Obtain explicit human maintainer approval for this Dockerfile change.

Labels: PR modifies a Dockerfile (build infrastructure) and is a dependency version bump

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review fullsend-ai-review Bot added docker Pull requests that update Docker code dependencies Pull requests that update a dependency file labels Jun 27, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x branch from 0148438 to 0a0bd15 Compare June 30, 2026 01:57
@red-hat-konflux red-hat-konflux Bot changed the title Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.3-1782377916 (main) Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.4-1782736563 (main) Jun 30, 2026
@fullsend-ai-review

fullsend-ai-review Bot commented Jun 30, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:00 AM UTC · Completed 2:06 AM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x branch from 0a0bd15 to a3fb045 Compare June 30, 2026 02:08
@fullsend-ai-review

fullsend-ai-review Bot commented Jun 30, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:12 AM UTC · Completed 2:17 AM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@red-hat-konflux red-hat-konflux Bot changed the title Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.4-1782736563 (main) Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.4-1782852234 (main) Jul 1, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x branch from a3fb045 to 9c2a747 Compare July 1, 2026 02:02
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 1, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:05 AM UTC · Completed 2:11 AM UTC
Commit: 47d3320 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x branch from 9c2a747 to 7d0d6a4 Compare July 2, 2026 02:01
@red-hat-konflux red-hat-konflux Bot changed the title Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.4-1782852234 (main) Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.4-1782910875 (main) Jul 2, 2026
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 2, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:04 AM UTC · Completed 2:09 AM UTC
Commit: 47d3320 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot dismissed stale reviews from themself July 2, 2026 02:08

Superseded by updated review

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x branch 3 times, most recently from b38f322 to cdf1b2a Compare July 8, 2026 02:11
@red-hat-konflux red-hat-konflux Bot changed the title Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.4-1782980183 (main) Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.4-1783442369 (main) Jul 8, 2026
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 8, 2026

Copy link
Copy Markdown

🤖 Review · ⚠️ Cancelled · Started 2:12 AM UTC · Ended 2:14 AM UTC
Commit: 7c8ccca · View workflow run →

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x branch from cdf1b2a to 1a4c857 Compare July 8, 2026 02:14
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 8, 2026

Copy link
Copy Markdown

🤖 Review · ⚠️ Cancelled · Started 2:15 AM UTC · Ended 2:20 AM UTC
Commit: 7c8ccca · View workflow run →

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x branch from 1a4c857 to 2daa899 Compare July 8, 2026 02:19
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 8, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:20 AM UTC · Completed 2:27 AM UTC
Commit: 7c8ccca · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot dismissed stale reviews from themself July 8, 2026 02:27

Superseded by updated review

@fullsend-ai-review fullsend-ai-review Bot added the requires-manual-review Review requires human judgment label Jul 8, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x branch 2 times, most recently from f004d2e to 2193f52 Compare July 9, 2026 02:06
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 9, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:07 AM UTC · Completed 2:11 AM UTC
Commit: 8f05d87 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot added requires-manual-review Review requires human judgment and removed requires-manual-review Review requires human judgment labels Jul 9, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x branch 2 times, most recently from b3978ff to 90d3b64 Compare July 10, 2026 02:03
@red-hat-konflux red-hat-konflux Bot changed the title Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.4-1783442369 (main) Update registry.access.redhat.com/ubi9/go-toolset Docker tag to v1.26.4-1783628461 (main) Jul 10, 2026
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 10, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:04 AM UTC · Completed 2:10 AM UTC
Commit: 87c4a29 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot added requires-manual-review Review requires human judgment and removed requires-manual-review Review requires human judgment labels Jul 10, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x branch from 90d3b64 to a748c4a Compare July 10, 2026 02:11
….4-1783628461

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main-main/registry.access.redhat.com-ubi9-go-toolset-1.26.x branch from a748c4a to 867efe8 Compare July 10, 2026 02:11
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 10, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:12 AM UTC · Completed 2:16 AM UTC
Commit: 87c4a29 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot added requires-manual-review Review requires human judgment and removed requires-manual-review Review requires human judgment labels Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file docker Pull requests that update Docker code main renovate requires-manual-review Review requires human judgment size: XS

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants