Skip to content

chore (deps): bump go version to v1.26.4#1667

Open
rohanKanojia wants to merge 1 commit into
devfile:mainfrom
rohankanojia-forks:pr/bump-go-version-1-26-4
Open

chore (deps): bump go version to v1.26.4#1667
rohanKanojia wants to merge 1 commit into
devfile:mainfrom
rohankanojia-forks:pr/bump-go-version-1-26-4

Conversation

@rohanKanojia

@rohanKanojia rohanKanojia commented Jun 29, 2026

Copy link
Copy Markdown
Member

What does this PR do?

  • Updates go.mod toolchain directive to go1.26.4
    • Updates GitHub Actions workflows (pr.yml, code-coverage.yml, release.yml) to use Go 1.26.4
    • Updates .ci/oci.Dockerfile to install Go 1.26.4
    • Updates builder images in build/Dockerfile and project-clone/Dockerfile to Red Hat UBI9 go-toolset
      9.8-1783442369 pinned by digest: sha256:c451b481b8f26205bd34eab98a3566a559466cc8de125b4e7057a13f53d96cd3

What issues does this PR fix or reference?

Fixes CVEs:

Is it tested? How?

PR Checklist

  • E2E tests pass (when PR is ready, comment /test v8-devworkspace-operator-e2e, v8-che-happy-path to trigger)
    • v8-devworkspace-operator-e2e: DevWorkspace e2e test
    • v8-che-happy-path: Happy path for verification integration with Che

Summary by CodeRabbit

  • Chores
    • Updated the Go toolchain to 1.26.4 across build and CI environments.
    • Updated the Go toolchain directive in go.mod to match 1.26.4.
    • Refreshed pinned container base images used for building and validation.
    • Updated workflow setup for code coverage, PR validation, and releases to use 1.26.4.

@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

Go toolchain version was updated from 1.26.3 to 1.26.4 across go.mod, three GitHub Actions workflows, .ci/oci.Dockerfile, build/Dockerfile, and project-clone/Dockerfile.

Changes

Go 1.26.4 Toolchain Bump

Layer / File(s) Summary
Go 1.26.4 across go.mod, workflows, and Dockerfiles
go.mod, .github/workflows/code-coverage.yml, .github/workflows/pr.yml, .github/workflows/release.yml, .ci/oci.Dockerfile, build/Dockerfile, project-clone/Dockerfile
Updates the go.mod toolchain directive, go-version in all three workflow actions/setup-go steps, GO_VERSION in .ci/oci.Dockerfile, and pinned ubi9/go-toolset base image digests in both Dockerfiles.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Possibly related PRs

Suggested reviewers: ibuziuk, akurinnoy, dkwon17, btjd

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and accurately summarizes the main change: bumping the Go toolchain to v1.26.4.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

@tolusha

tolusha commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Hi! I'm che-ai-assistant — I help with your pull requests.

Available commands:

  • /che-ai-assistant generate-che-doc — Generate a documentation PR based on this PR's changes
  • /che-ai-assistant ok-pr-review — Run a comprehensive PR review (summary, code review, deep review, impact analysis)
  • /che-ai-assistant ok-pr-readiness — Ensure PR has validation steps
  • /che-ai-assistant help — Show this help message

@rohanKanojia rohanKanojia marked this pull request as ready for review June 30, 2026 04:23
@tolusha

tolusha commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

/che-ai-assistant ok-pr-readiness

Review is complete. Please check the review comments below.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.ci/oci.Dockerfile:
- Line 28: Update the comment in the Dockerfile so it matches the current source
of truth from go.mod: the stale reference to go 1.26.0 should be replaced with
the actual toolchain directive version go1.26.4. Keep the comment aligned with
the dependency/version guidance by referring to the toolchain requirement
declared in go.mod, not an old version string.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b766e12d-579c-4376-9013-dc109c97e22b

📥 Commits

Reviewing files that changed from the base of the PR and between 6807a49 and 0274531.

📒 Files selected for processing (7)
  • .ci/oci.Dockerfile
  • .github/workflows/code-coverage.yml
  • .github/workflows/pr.yml
  • .github/workflows/release.yml
  • build/Dockerfile
  • go.mod
  • project-clone/Dockerfile

Comment thread .ci/oci.Dockerfile
SHELL ["/bin/bash", "-c"]

# Install Go 1.26.3 to satisfy go.mod toolchain requirement (go 1.26.0)
# Install Go 1.26.4 to satisfy go.mod toolchain requirement (go 1.26.0)

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

📐 Maintainability & Code Quality | 🟡 Minor | ⚡ Quick win

Fix the stale toolchain reference in the comment.

Line 28 still says the "toolchain requirement" is go 1.26.0, but go.mod now declares toolchain go1.26.4. Please point the comment at the actual source-of-truth directive.

As per coding guidelines, "Use versions from go.mod as the source of truth for Go, Kubernetes, controller-runtime, and Devfile dependency versions."

Suggested fix
-# Install Go 1.26.4 to satisfy go.mod toolchain requirement (go 1.26.0)
+# Install Go 1.26.4 to satisfy the go.mod toolchain directive
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Install Go 1.26.4 to satisfy go.mod toolchain requirement (go 1.26.0)
# Install Go 1.26.4 to satisfy the go.mod toolchain directive
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.ci/oci.Dockerfile at line 28, Update the comment in the Dockerfile so it
matches the current source of truth from go.mod: the stale reference to go
1.26.0 should be replaced with the actual toolchain directive version go1.26.4.
Keep the comment aligned with the dependency/version guidance by referring to
the toolchain requirement declared in go.mod, not an old version string.

Source: Coding guidelines

@tolusha

tolusha commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

PR Readiness Assessment: PR #1667 — chore (deps): bump go version to v1.26.4

Repository: devfile/devworkspace-operator
Linked Issue: None found (routine maintenance)


# Criterion Verdict Notes
1 Problem Statement PASS Clearly stated as routine Go toolchain maintenance; updates from 1.26.3 to 1.26.4
2 Reproduction Steps PASS Not applicable for toolchain version bump
3 Expected Behavior After Fix PASS Implicit: project builds and runs with Go 1.26.4; appropriate for dependency update
4 Scope of Changes PASS Well-scoped: go.mod, 3 GitHub Actions workflows, 3 Dockerfiles; all changes align with Go version update
5 Test Evidence WARN E2E tests mentioned in PR checklist but no explicit test results or manual verification provided
6 Deployment & Verification Notes WARN No guidance on verifying the operator runs with new Go version in deployed environments

Overall: NEEDS WORK


Missing Information

  • Add test evidence: Include results from local testing or CI runs showing the operator builds and tests pass with Go 1.26.4
  • Provide verification guidance: Document how to verify the deployed operator is running with Go 1.26.4 (e.g., checking version in logs or runtime info)
  • Note any behavioral changes: If Go 1.26.4 introduces any relevant changes from 1.26.3, mention whether they affect the operator

What's Good

  • Clear, focused scope: All changes directly related to the Go version bump; no scope creep
  • Comprehensive coverage: Updates all relevant locations (go.mod, CI workflows, build Dockerfiles, OCI Dockerfile)
  • SHA-pinned images: Builder images updated with digest pins for security and reproducibility
  • Detailed description: Lists exactly which files and values changed
  • E2E test checklist: PR includes checklist for running e2e and integration tests before merge

Assessment completed by ok-pr-readiness

@rohanKanojia rohanKanojia force-pushed the pr/bump-go-version-1-26-4 branch from 0274531 to fd0cca5 Compare July 9, 2026 15:31
Update Go toolchain to 1.26.4 and use Red Hat UBI9 go-toolset:9.8-1783442369
with digest sha256:d8eac0270096b713aba910727e17937adaa46e6bc84c142b90fd3b3d086854d1

Assisted-by: Cursor
Signed-off-by: Rohan Kumar <rohaan@redhat.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
@rohanKanojia rohanKanojia force-pushed the pr/bump-go-version-1-26-4 branch from fd0cca5 to 5f5b72f Compare July 9, 2026 15:51

@btjd btjd left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci openshift-ci Bot added the lgtm label Jul 9, 2026
@openshift-ci

openshift-ci Bot commented Jul 9, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: btjd, rohanKanojia
Once this PR has been reviewed and has the lgtm label, please assign dkwon17 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants