Upgrade Dependencies for APIM-APK Agent

[sgayangi]

Purpose

• Bumped go version
• Bumped grpc-health-probe version
• Bumped alpine version

Summary by CodeRabbit

• Chores

  • Updated Alpine base image to 3.22.1
  • Bumped Go toolchain to 1.25.4
  • Updated grpc-health-probe to 0.4.42

• Refactor

  • Standardized and simplified log message and timestamp formatting across the agent for more consistent logs

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Updates dependency baselines (Alpine, grpc-health-probe, Go toolchain, indirect Go modules) and standardizes log formatting to printf-style. TokenIssuer handling in the k8s client was adjusted to use Create in additional paths and some namespace/log formatting changes were applied.

Changes

Cohort / File(s)	Change Summary
Container base / tooling apim-apk-agent/Dockerfile	Bumped Alpine from 3.20.3 → 3.22.1; updated grpc-health-probe download from v0.4.37 → v0.4.42 (download path and checksum update).
Go toolchain & deps apim-apk-agent/go.mod	Bumped Go toolchain 1.23.6 → 1.25.4; updated several indirect golang.org/x/* module versions (crypto/net/term/text/sys).
Kubernetes client apim-apk-agent/internal/k8sClient/k8s_client.go	Switched some Update flows to Create for TokenIssuer-related resources; adjusted error messages and log formatting to use "%s"; changed a Get call to reference internalKeyTokenIssuer.Namespace.
Logging formatting changes apim-apk-agent/internal/logging/logging_test.go, apim-apk-agent/internal/synchronizer/aiproviders_fetcher.go, apim-apk-agent/internal/utils/apis_fetcher.go, apim-apk-agent/pkg/logging/log_format.go, apim-apk-agent/pkg/logging/package_logs.go	Replaced string concatenation with printf-style logging ("%s") and removed an unnecessary fmt.Sprintf wrapper in timestamp formatting; test callsite to PrintError now uses a format string (implying variadic format signature).

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Caller as Updater
    participant K8s as k8sClient
    participant K8sAPI as Kubernetes API

    Note over Caller,K8s: TokenIssuer reconciliation (high level)
    Caller->>K8s: Ensure TokenIssuer exists (Get)
    alt TokenIssuer found
        K8s->>K8sAPI: (optionally) Update TokenIssuer
        K8sAPI-->>K8s: 200 OK
        K8s-->>Caller: Log "updated" (or keep existing)
    else TokenIssuer missing
        K8s->>K8sAPI: Create TokenIssuer
        K8sAPI-->>K8s: 201 Created
        K8s-->>Caller: Log "created" (uses "%s" formatting)
    end
    Note right of K8s: Logging standardized to printf-style\nand namespace read from resource struct

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

• Pay special attention to apim-apk-agent/internal/k8sClient/k8s_client.go to confirm Create vs Update semantics and error message correctness.
• Verify PrintError signature change implied by test update (internal/logging/logging_test.go) and adjust callers if necessary.
• Validate compatibility of Go 1.25.4 and updated golang.org/x/* module versions with the codebase and CI.
• Confirm Dockerfile grpc-health-probe URL and checksum are correct for the new version.

Poem

🐰 I hopped through Dockerfiles and go.mod green,
Switched string stitches to pretty printf sheen,
Created a TokenIssuer where updates once stood,
Bumped Alpine and toolchains — all tidy and good,
A rabbit-approved patch, concise and keen. 🥕

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description is minimal and lacks required sections from the template, only listing version bumps without Purpose context, Goals, Approach, or other mandatory fields.	Expand the description to follow the template structure, including Purpose with issue links, Goals, Approach, Release notes, and other relevant sections as applicable.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change in the changeset - upgrading dependencies (Go, grpc-health-probe, and Alpine versions) for the APIM-APK Agent.
Docstring Coverage	✅ Passed	Docstring coverage is 80.00% which is sufficient. The required threshold is 80.00%.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5f916a1 and 74c6d95.

⛔ Files ignored due to path filters (1)

• apim-apk-agent/go.sum is excluded by !**/*.sum

📒 Files selected for processing (1)

• apim-apk-agent/go.mod (3 hunks)

🔇 Additional comments (2)

apim-apk-agent/go.mod (2)

3-3: Verify Go 1.25.4 compatibility with containerized runtime (GOMAXPROCS behavior change).

Go 1.25.4 was released on November 5, 2025, and the version bump from 1.23.6 to 1.25.4 spans two minor versions. This is a significant jump that introduces behavioral changes.

Go 1.25 changes the default GOMAXPROCS behavior: on Linux, the runtime now considers the CPU bandwidth limit of the cgroup containing the process, and will default to the lower limit if it's less than the number of logical CPUs available. Given that this agent runs in Kubernetes (inferred from the codebase), ensure that:

1. The updated GOMAXPROCS behavior is compatible with your Kubernetes resource limits and doesn't cause unexpected performance changes.
2. Any code that explicitly sets GOMAXPROCS or depends on the old behavior has been audited and updated if necessary.

Run your test suite against this Go version to ensure no regressions in container environments.

---

85-85: Verify indirect dependency updates are transitive and necessary.

The updates to indirect golang.org/x/* dependencies appear to be pulled in transitively by newer versions of direct dependencies (likely kubernetes client libraries and gRPC). Ensure these version changes:

1. Are driven by updates to the direct dependencies listed in the require block (lines 5–21), not manually pinned.
2. Don't introduce breaking changes in the crypto, net, term, text, or sys packages used by this codebase.
3. Align with the changes mentioned in the AI summary (k8s client, logging, and utils modules).

Verify the necessity of these updates by examining whether direct dependencies have been updated. You can inspect go.mod and go.sum changes to confirm these are transitive updates rather than manual pins.

Also applies to: 87-87, 89-89, 90-90, 111-111

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

apim-apk-agent/Dockerfile (1)

27-28: Critical: Checksums must be updated for the new grpc-health-probe version.

The grpc-health-probe version was updated from v0.4.37 to v0.4.42, but the checksums on lines 27-28 remain unchanged. This will cause the checksum verification to fail during the Docker build, resulting in a build failure.

Please update the checksums to match the v0.4.42 binaries:

#!/bin/bash
# Fetch the actual checksums for grpc-health-probe v0.4.42
echo "AMD64 checksum:"
curl -sL https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/v0.4.42/grpc_health_probe-linux-amd64 | sha256sum

echo "ARM64 checksum:"
curl -sL https://github.com/grpc-ecosystem/grpc-health-probe/releases/download/v0.4.42/grpc_health_probe-linux-arm64 | sha256sum

Also applies to: 50-50

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 4346fea and 5f916a1.

📒 Files selected for processing (8)

• apim-apk-agent/Dockerfile (2 hunks)
• apim-apk-agent/go.mod (1 hunks)
• apim-apk-agent/internal/k8sClient/k8s_client.go (4 hunks)
• apim-apk-agent/internal/logging/logging_test.go (1 hunks)
• apim-apk-agent/internal/synchronizer/aiproviders_fetcher.go (1 hunks)
• apim-apk-agent/internal/utils/apis_fetcher.go (1 hunks)
• apim-apk-agent/pkg/logging/log_format.go (1 hunks)
• apim-apk-agent/pkg/logging/package_logs.go (1 hunks)

🧰 Additional context used

🧬 Code graph analysis (4)

apim-apk-agent/internal/synchronizer/aiproviders_fetcher.go (1)

apim-apk-agent/internal/loggers/logger.go (1)

• LoggerSynchronizer (51-51)

apim-apk-agent/internal/utils/apis_fetcher.go (2)

apim-apk-agent/pkg/loggers/logger.go (1)

• LoggerUtils (53-53)

apim-apk-agent/internal/loggers/logger.go (1)

• LoggerUtils (52-52)

apim-apk-agent/pkg/logging/package_logs.go (1)

apim-apk-agent/pkg/logging/log_constants.go (2)

• SEVERITY (41-41)
• ERRORCODE (42-42)

apim-apk-agent/internal/k8sClient/k8s_client.go (1)

apim-apk-agent/internal/loggers/logger.go (1)

• LoggerK8sClient (48-48)

🔇 Additional comments (10)

apim-apk-agent/internal/utils/apis_fetcher.go (1)

78-81: LGTM: Printf-style formatting improves consistency.

The change from string concatenation to printf-style formatting is a good improvement that aligns with Go best practices and improves consistency across the codebase.

apim-apk-agent/pkg/logging/log_format.go (1)

74-74: LGTM: Removes unnecessary fmt.Sprintf wrapper.

The change correctly removes the redundant fmt.Sprintf call since entry.Time.Format() already returns a string.

apim-apk-agent/pkg/logging/package_logs.go (1)

42-43: LGTM: Format string prevents injection vulnerabilities.

Using an explicit format string "%s" prevents potential format string injection if e.Message contains format specifiers. This is a security improvement.

apim-apk-agent/internal/logging/logging_test.go (1)

51-51: LGTM: Test updated to match new PrintError signature.

The test correctly reflects the API change where PrintError now accepts a format string and variadic arguments.

apim-apk-agent/internal/k8sClient/k8s_client.go (2)

669-669: LGTM: Printf-style formatting improves consistency.

The logging changes use printf-style formatting with %s instead of string concatenation, which is more idiomatic and consistent with other changes in this PR.

Also applies to: 712-712

---

703-703: LGTM: Direct field access is cleaner.

Accessing internalKeyTokenIssuer.Namespace directly instead of internalKeyTokenIssuer.ObjectMeta.Namespace is cleaner since Namespace is promoted to the top level.

apim-apk-agent/internal/synchronizer/aiproviders_fetcher.go (1)

118-118: LGTM: Printf-style formatting improves consistency.

The change from string concatenation to printf-style formatting aligns with Go best practices and is consistent with other logging improvements in this PR.

apim-apk-agent/Dockerfile (2)

17-17: No issues found—Alpine 3.22.1 is a valid, available release.

The verification confirms that Alpine 3.22.1 exists and is available in the official Alpine Linux repository. The Dockerfile base image reference is correct.

---

50-50: Version v0.4.42 is confirmed to exist and be available.

grpc-health-probe v0.4.42 is published on GitHub Releases (released 12 Nov 2025). The URL and version in the Dockerfile are valid.

apim-apk-agent/go.mod (1)

3-3: No issues found — Go 1.25.4 is valid and current.

The latest stable Go release as of November 2025 is Go 1.25.4 (released November 5, 2025). The code change in apim-apk-agent/go.mod is correct and uses the current stable version. The original concern was based on outdated information from early 2025.

Likely an incorrect or invalid review comment.