Skip to content

chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.17#180

Open
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/github.com-googleapis-enterprise-certificate-proxy-0.x
Open

chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.17#180
red-hat-konflux[bot] wants to merge 1 commit into
mainfrom
konflux/mintmaker/main/github.com-googleapis-enterprise-certificate-proxy-0.x

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Mar 3, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
github.com/googleapis/enterprise-certificate-proxy v0.3.2v0.3.17 age confidence

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Release Notes

googleapis/enterprise-certificate-proxy (github.com/googleapis/enterprise-certificate-proxy)

v0.3.17

Compare Source

What's Changed

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.16...v0.3.17

v0.3.16

Compare Source

What's Changed

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.15...v0.3.16

v0.3.15

Compare Source

What's Changed

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.14...v0.3.15

v0.3.14

Compare Source

What's Changed

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.13...v0.3.14

v0.3.13

Compare Source

What's Changed

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.12...v0.3.13

v0.3.12

Compare Source

What's Changed

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.11...v0.3.12

v0.3.11

Compare Source

What's Changed

New Contributors

Full Changelog: googleapis/enterprise-certificate-proxy@0.3.10...v0.3.11

v0.3.9

Compare Source

What's Changed

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.8...v0.3.9

v0.3.8

Compare Source

What's Changed

New Contributors

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.7...v0.3.8

v0.3.7

Compare Source

This release creates ECP Http Proxy

What's Changed

New Contributors

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.6...v0.3.7

v0.3.6

Compare Source

New Feature Update!

This update includes support for keychain type selection on MacOS. The universal cert config now supports a new field "keychain_type" with the following possible values: "login", "system", or "all". If this field is missing or empty, we will assume "all", which is the current behavior. For devices with custom keychains, such as test keychains, the value "all" should be used to include the custom keychains in the search space.

Example config snippet:
{
"cert_configs": {
"macos_keychain": {
"issuer": "Google Endpoint Verification",
"keychain_type": "system"
},
...
}

The "darwin-specific" client has also been updated with a new API "NewSecureKeyWithOptions" that can be used to specify the keychain type.

Change Log

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.5...v0.3.6

v0.3.5

Compare Source

This release bumps Golang version to 1.23 and crypto to 0.35.0 to be compliant with CVE scanner.

What's Changed

New Contributors

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.4...v0.3.5

v0.3.4: Post-GA Release

Compare Source

This is strictly a version bump release to fix github mirrors issue associated with v0.3.3 (due incorrectly tagged commit id). No code changes between v0.3.3 and v0.3.4.

What's Changed

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.3...v0.3.4

v0.3.3: Post-GA Release

Compare Source

What's Changed

New Contributors

Full Changelog: googleapis/enterprise-certificate-proxy@v0.3.2...v0.3.3


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@snyk-io

snyk-io Bot commented Mar 3, 2026

Copy link
Copy Markdown

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-googleapis-enterprise-certificate-proxy-0.x branch from 44f1ec8 to a5b769f Compare March 3, 2026 14:15
@red-hat-konflux

Copy link
Copy Markdown
Contributor Author

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 8 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.21 -> 1.24.11
golang.org/x/tools v0.21.0 -> v0.40.0
golang.org/x/crypto v0.23.0 -> v0.47.0
golang.org/x/mod v0.17.0 -> v0.31.0
golang.org/x/net v0.25.0 -> v0.48.0
golang.org/x/sync v0.7.0 -> v0.19.0
golang.org/x/sys v0.29.0 -> v0.40.0
golang.org/x/term v0.20.0 -> v0.39.0
golang.org/x/text v0.15.0 -> v0.33.0

@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-googleapis-enterprise-certificate-proxy-0.x branch from a5b769f to b7e7ae4 Compare March 4, 2026 05:45
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.12 chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.13 Mar 4, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-googleapis-enterprise-certificate-proxy-0.x branch from b7e7ae4 to 93fc238 Compare March 6, 2026 01:38
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.13 chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 Mar 6, 2026
@codecov-commenter

codecov-commenter commented Mar 6, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 36.96%. Comparing base (794dda6) to head (6be0ab4).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##             main     #180   +/-   ##
=======================================
  Coverage   36.96%   36.96%           
=======================================
  Files          23       23           
  Lines        1220     1220           
=======================================
  Hits          451      451           
  Misses        744      744           
  Partials       25       25           
Flag Coverage Δ
e2e-tests 15.16% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.


Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 794dda6...6be0ab4. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@red-hat-konflux

red-hat-konflux Bot commented Apr 2, 2026

Copy link
Copy Markdown
Contributor Author

ℹ️ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

  • 8 additional dependencies were updated
  • The go directive was updated for compatibility reasons

Details:

Package Change
go 1.23.0 -> 1.25.0
golang.org/x/tools v0.30.0 -> v0.40.0
golang.org/x/crypto v0.33.0 -> v0.47.0
golang.org/x/mod v0.23.0 -> v0.31.0
golang.org/x/net v0.35.0 -> v0.48.0
golang.org/x/sync v0.11.0 -> v0.19.0
golang.org/x/sys v0.30.0 -> v0.40.0
golang.org/x/term v0.29.0 -> v0.39.0
golang.org/x/text v0.22.0 -> v0.33.0

@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 - autoclosed Apr 4, 2026
@red-hat-konflux red-hat-konflux Bot closed this Apr 4, 2026
@red-hat-konflux red-hat-konflux Bot deleted the konflux/mintmaker/main/github.com-googleapis-enterprise-certificate-proxy-0.x branch April 4, 2026 22:04
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 - autoclosed chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 Apr 5, 2026
@red-hat-konflux red-hat-konflux Bot reopened this Apr 5, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-googleapis-enterprise-certificate-proxy-0.x branch from 93fc238 to 70b7126 Compare April 5, 2026 01:48
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 - autoclosed Apr 5, 2026
@red-hat-konflux red-hat-konflux Bot closed this Apr 5, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 - autoclosed chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 Apr 6, 2026
@red-hat-konflux red-hat-konflux Bot reopened this Apr 6, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-googleapis-enterprise-certificate-proxy-0.x branch 2 times, most recently from 70b7126 to ea32e7f Compare April 6, 2026 01:54
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 - autoclosed Apr 11, 2026
@red-hat-konflux red-hat-konflux Bot closed this Apr 11, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 - autoclosed chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 Apr 12, 2026
@red-hat-konflux red-hat-konflux Bot reopened this Apr 12, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-googleapis-enterprise-certificate-proxy-0.x branch 3 times, most recently from 137c622 to 570dc4d Compare April 15, 2026 21:52
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.14 chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.15 Apr 15, 2026
@red-hat-konflux red-hat-konflux Bot closed this May 24, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.16 - autoclosed chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.16 May 24, 2026
@red-hat-konflux red-hat-konflux Bot reopened this May 24, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-googleapis-enterprise-certificate-proxy-0.x branch 2 times, most recently from 2e3f8ed to 7a250a2 Compare May 24, 2026 10:05
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.16 chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.16 - autoclosed May 30, 2026
@red-hat-konflux red-hat-konflux Bot closed this May 30, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.16 - autoclosed chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.16 May 30, 2026
@red-hat-konflux red-hat-konflux Bot reopened this May 30, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-googleapis-enterprise-certificate-proxy-0.x branch 2 times, most recently from eb3ab78 to 4cfc54f Compare June 2, 2026 20:30
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.16 chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.16 - autoclosed Jun 5, 2026
@red-hat-konflux red-hat-konflux Bot closed this Jun 5, 2026
@red-hat-konflux red-hat-konflux Bot changed the title chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.16 - autoclosed chore(deps): update module github.com/googleapis/enterprise-certificate-proxy to v0.3.16 Jun 5, 2026
@red-hat-konflux red-hat-konflux Bot reopened this Jun 5, 2026
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-googleapis-enterprise-certificate-proxy-0.x branch 2 times, most recently from 4cfc54f to ea15409 Compare June 5, 2026 18:36
@red-hat-konflux red-hat-konflux Bot force-pushed the konflux/mintmaker/main/github.com-googleapis-enterprise-certificate-proxy-0.x branch from ea15409 to 414597e Compare June 25, 2026 21:48
@fullsend-ai-review

fullsend-ai-review Bot commented Jun 25, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 9:51 PM UTC · Completed 10:03 PM UTC
Commit: ec21706 · View workflow run →

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 25, 2026

Copy link
Copy Markdown

Review

Findings

Critical

  • [api-contract] go.mod:3 — The go directive is bumped from 1.23.0 to 1.25.0, but CI workflows are pinned to Go 1.23.x. In .github/workflows/test.yml, the test matrix uses go-version: [1.23.x] (line 15) and the e2e job uses go-version: '1.23' (line 53). In .github/workflows/lint.yml, linting uses go-version: '1.23' (line 19). The Dockerfile uses ubi9/go-toolset:9.8 which ships a Go version well below 1.25. While Go 1.21+ supports GOTOOLCHAIN=auto for automatic toolchain downloads, this behavior is not guaranteed in all environments: the UBI go-toolset container image likely does not set GOTOOLCHAIN=auto, and actions/setup-go installs a specific version. The mismatch will cause build failures unless GOTOOLCHAIN=auto is explicitly set or all CI/container references are updated.
    Remediation: Either (a) update all CI workflow files (.github/workflows/test.yml, .github/workflows/lint.yml) and the Dockerfile base image to use Go >= 1.25, or (b) keep the go directive at 1.23.0 and only bump the dependencies that are compatible with Go 1.23. If relying on GOTOOLCHAIN=auto, set it explicitly in CI and verify the Dockerfile build environment supports it.

Low

  • [edge-case] go.mod — A new indirect dependency golang.org/x/tools/go/expect v0.1.1-deprecated is being pulled in, explicitly tagged as deprecated by upstream. While it is an indirect dependency and functionally harmless now, it signals that golang.org/x/tools v0.40.0 may have restructured its modules in a way that drags in legacy packages.
Previous run

Review

Findings

Critical

  • [api-contract] go.mod:4 — The go directive is bumped from 1.22.0 to 1.25.0, but every CI workflow and the Dockerfile use Go 1.22. Specifically: .github/workflows/test.yml uses go-version: [1.22.x], .github/workflows/lint.yml uses go-version: '1.22', .github/workflows/pre-commit.yml uses go-version: '1.22', .github/workflows/release.yml uses goversion: '1.22', and the Dockerfile uses registry.access.redhat.com/ubi9/go-toolset:9.8 which ships Go 1.22.x. Since Go 1.21+, the go directive is a minimum version requirement enforced by the toolchain — Go 1.22 will refuse to build this module. This will break all CI pipelines and the container build.
    Remediation: Either (a) keep the go directive at 1.22.0, or (b) update all CI workflows and the Dockerfile to use Go 1.25+. Option (a) is strongly recommended for a dependency-only PR.

  • [scope-mismatch] go.mod:3 — PR title claims to update only enterprise-certificate-proxy to v0.3.17, but the diff also includes a Go version bump from 1.22.0 to 1.25.0, golang.org/x/tools (a direct dependency) from v0.30.0 to v0.40.0, and numerous indirect golang.org/x dependency bumps. These are not mechanical transitive dependency updates from bumping enterprise-certificate-proxy alone.
    Remediation: Split this PR into separate changes: (1) Go version bump with justification and CI updates, (2) enterprise-certificate-proxy update, (3) golang.org/x/tools update. Alternatively, regenerate go.mod/go.sum with Go 1.22 to isolate only the enterprise-certificate-proxy changes.

Medium

  • [logic-error] go.mod:160 — A new indirect dependency golang.org/x/tools/go/expect v0.1.1-deprecated is introduced. The version tag explicitly contains -deprecated, indicating upstream has deprecated this module.
    Remediation: Investigate why golang.org/x/tools v0.40.0 pulls in this deprecated module. Consider whether this is a sign of misconfigured dependency resolution.

Low

  • [commit-prefix-mismatch] go.mod — PR uses chore(deps): prefix, but .github/dependabot.yml specifies that gomod updates should use feat prefix. However, this PR is authored by red-hat-konflux[bot], not dependabot, so the dependabot convention may not strictly apply.

Labels: Dependency-only PR updating Go modules.

Previous run (2)

Review

Findings

High

  • [architectural-inconsistency] go.mod:3 — Go version bumped to 1.25.0, but all CI workflows (.github/workflows/test.yml, lint.yml, pre-commit.yml, release.yml, slack-message.yml) explicitly use Go 1.22 or 1.22.x. This creates a mismatch between the declared minimum Go version and the version used in CI. CLAUDE.md line 149 documents this as a known pitfall.
    Remediation: Either revert the Go version to 1.22.0 to maintain consistency with CI, or update all CI workflow files to use Go 1.25.x in this PR.

Medium

  • [scope-creep] go.mod:3 — PR title claims only an enterprise-certificate-proxy update, but the diff also bumps the Go version from 1.22.0 to 1.25.0 and golang.org/x/tools from v0.30.0 to v0.40.0 (a direct dependency). These changes are beyond the stated scope. While this is typical for Renovate bot PRs when go mod tidy runs with a newer toolchain, the Go version and direct dependency bumps should be documented.
    Remediation: Update the PR description to note the Go version and golang.org/x/tools bumps. Consider whether the Go version bump to 1.25.0 is intentional or an artifact of the bot's toolchain.

  • [api-contract] go.mod:25golang.org/x/tools is bumped from v0.30.0 to v0.40.0 (a 10-minor-version jump) as a direct dependency used by tools/tools.go for goimports. This is a large version leap that could introduce behavioral changes in goimports output.
    Remediation: Verify that goimports behavior has not changed in a way that affects the project by running go generate ./tools/... and checking for formatting differences.

Low

  • [dependency-integrity] go.mod:160 — Two new indirect dependencies introduced: golang.org/x/telemetry and golang.org/x/tools/go/expect (marked deprecated). These are transitive dependencies pulled in by golang.org/x/tools v0.40.0 and are expected behavior for this update.

  • [scope-authorization] go.mod — No linked issue for this change. The scope has expanded beyond a simple transitive dependency update to include Go version changes and direct dependency updates.

Previous run (3)

Review

Findings

Critical

  • [logic-error] go.mod:4 — The go directive is changed from 1.22.0 to 1.25.8. Since Go 1.21+, the go directive acts as a minimum version requirement. CI workflows (test.yml, lint.yml) pin Go 1.22.x, and the Dockerfile uses ubi9/go-toolset:9.8 which ships an older Go version. Builds will fail because Go 1.22 < Go 1.25.8 triggers a toolchain download requirement or outright failure depending on GOTOOLCHAIN settings.
    Remediation: Do not accept the go 1.25.8 directive change. Keep go 1.22.0 or update all CI workflows and Dockerfile to match. If Renovate auto-propagated the upstream go directive, its configuration should be adjusted to skip go directive updates.

High

  • [unauthorized-scope-change] go.mod:3 — The PR title claims to update only enterprise-certificate-proxy to v0.3.16, but the diff includes a Go version bump from 1.22.0 to 1.25.8 and a direct dependency bump of golang.org/x/tools from v0.30.0 to v0.40.0. These are scope changes beyond what was authorized.
    Remediation: Separate the Go version upgrade and x/tools major bump into dedicated PRs with proper review.

  • [architectural-misalignment] go.mod:3 — The go directive bump to 1.25.8 conflicts with the documented project architecture. CLAUDE.md explicitly documents "Go version mismatch" as a known pitfall. The project has standardized on Go 1.22 across CI workflows.
    Remediation: Revert the go directive to 1.22.0. Any Go version upgrade requires updating all CI workflow files, validating Dockerfile base image compatibility, and updating documentation.

Medium

  • [missing-authorization] go.mod:3 — No linked issue exists for the Go version upgrade from 1.22.0 to 1.25.8. A Go version upgrade is a significant platform change.
    Remediation: Create an issue documenting the rationale for upgrading Go versions, impact analysis on CI/CD pipelines, and migration timeline.

  • [api-contract] go.mod:25golang.org/x/tools bump from v0.30.0 to v0.40.0 is a large version jump. This is a direct dependency used in tools/tools.go. The x/tools module likely requires Go >= 1.23+, which is incompatible with the project's Go 1.22 CI toolchain if the go directive is reverted.
    Remediation: If the go directive is kept at 1.22.0, verify x/tools v0.40.0 compatibility. If not compatible, pin x/tools to the latest version supporting Go 1.22.

Low

  • [dependency-scope-expansion] go.mod:158 — The diff adds new indirect dependencies (golang.org/x/telemetry, golang.org/x/tools/go/expect v0.1.1-deprecated) as transitive dependencies of golang.org/x/tools v0.40.0.

  • [logic-error] go.mod:159golang.org/x/tools/go/expect v0.1.1-deprecated is introduced as a transitive dependency. The -deprecated suffix signals the module is abandoned.

  • [logic-error] go.mod:156golang.org/x/telemetry is introduced as a new transitive dependency. Go telemetry is opt-in by default.

  • [transitive-update-bundling] go.mod:148 — The PR bundles updates to 8+ golang.org/x/* indirect packages with large version jumps (e.g., crypto v0.33.0→v0.47.0, net v0.35.0→v0.48.0). These are likely pulled in by the x/tools v0.40.0 bump rather than directly by enterprise-certificate-proxy.


Labels: Dependency update PR modifying go.mod/go.sum.

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 26, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 9:27 PM UTC · Completed 9:36 PM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-retro

fullsend-ai-retro Bot commented Jun 29, 2026

Copy link
Copy Markdown

🤖 Finished Retro · ✅ Success · Started 6:11 PM UTC · Completed 6:16 PM UTC
Commit: ec21706 · View workflow run →

@fullsend-ai-retro

Copy link
Copy Markdown

Retro: PR #180 — Automated dependency update (enterprise-certificate-proxy)

What happened: PR #180 was an automated Renovate/MintMaker dependency update that bumped enterprise-certificate-proxy from v0.3.2 to v0.3.17. However, go get caused cascading side effects: the Go directive jumped from 1.22.0 to 1.25.0, golang.org/x/tools bumped from v0.30.0 to v0.40.0, and 8+ transitive dependencies were updated. The PR cycled through ~12 close/reopen events over 4 months before being autoclosed on 2026-06-29.

The review agent ran twice (on force pushes from 2026-06-25 and 2026-06-26), correctly identifying the Go version mismatch with CI (1.25.0 vs 1.22.x) as a critical/high issue, plus scope creep and new transitive dependencies. Both reviews submitted CHANGES_REQUESTED. No human ever interacted with the PR.

Review quality: Good. The review agent correctly identified the most important problem — the Go version bump would break CI — and appropriately flagged scope creep. The severity was sensibly downgraded between reviews when Go went from 1.25.8 to 1.25.0.

Token cost concern: Two full review runs (~14 min and ~12 min) plus a retro run were spent on a bot PR that was never going to be merged and had no human engagement. This represents avoidable token spend.

No new proposals. All improvement opportunities identified are already covered by existing open issues in fullsend-ai/fullsend:

Prioritizing #1371 (skip review for bot-authored PRs) and #2461 (skip retro for autoclosed bot PRs) would have the highest impact — they would have prevented all agent token spend on this PR entirely.

@fullsend-ai-review

fullsend-ai-review Bot commented Jun 30, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 1:29 AM UTC · Completed 1:39 AM UTC
Commit: ec21706 · View workflow run →

fullsend-ai-review[bot]

This comment was marked as outdated.

…te-proxy to v0.3.17

Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 2, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 10:49 AM UTC · Completed 10:57 AM UTC
Commit: ec21706 · View workflow run →

@fullsend-ai-review fullsend-ai-review Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See the review comment for full details.

Comment thread go.mod
module github.com/konflux-ci/qe-tools

go 1.23.0
go 1.25.0

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[critical] api-contract

The go directive is bumped from 1.23.0 to 1.25.0, but CI workflows are pinned to Go 1.23.x. In .github/workflows/test.yml, the test matrix uses go-version: [1.23.x] (line 15) and the e2e job uses go-version: 1.23 (line 53). In .github/workflows/lint.yml, linting uses go-version: 1.23 (line 19). The Dockerfile uses ubi9/go-toolset:9.8 which ships a Go version well below 1.25. While Go 1.21+ supports GOTOOLCHAIN=auto for automatic toolchain downloads, this behavior is not guaranteed in all environments. The mismatch will cause build failures unless GOTOOLCHAIN=auto is explicitly set or all CI/container references are updated.

Suggested fix: Either (a) update all CI workflow files and the Dockerfile base image to use Go >= 1.25, or (b) keep the go directive at 1.23.0 and only bump the dependencies that are compatible with Go 1.23.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant