Update Go version to 1.26.5 across all modules and workflows#2537
Update Go version to 1.26.5 across all modules and workflows#2537Thushani-Jayasekera wants to merge 8 commits into
Conversation
…g compatibility and leveraging the latest features and fixes.
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughThis PR updates Go 1.26.2 to 1.26.5 across CI workflows, module files, and Dockerfiles, refreshes several runtime base images, and changes one AI Workspace readiness probe URL in a workflow. ChangesGo 1.26.5 toolchain rollout
AI Workspace readiness probe
Estimated code review effort: 2 (Simple) | ~10 minutes Possibly related PRs
Suggested reviewers: 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Warning Review ran into problems🔥 ProblemsGit: Failed to clone repository. Please run the Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
…untime images, ensuring consistency with the latest Debian release.
There was a problem hiding this comment.
Actionable comments posted: 1
🧹 Nitpick comments (1)
platform-api/Dockerfile (1)
90-91: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value
apt-get upgrade -ymakes runtime builds non-reproducible.Adding
apt-get upgrade -ybetweenupdateandinstallapplies all available package upgrades at build time, meaning the same Dockerfile can produce different images depending on when it's built. While this improves security patching, it also risks pulling in unexpected package versions that could break the application.Consider whether this is intentional. If security patching is the goal, this is acceptable but should be documented. If reproducibility matters more, pin specific package versions or use a dated base image tag instead.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@platform-api/Dockerfile` around lines 90 - 91, The Dockerfile build step includes apt-get upgrade -y, which makes the image non-reproducible because package versions can change between builds. Review the RUN instruction that chains apt-get update, apt-get upgrade, and apt-get install, and either remove the upgrade step for deterministic builds or document that it is intentional for security patching. If reproducibility is required, prefer pinned package versions or a dated base image in the Dockerfile.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@kubernetes/gateway-operator/Dockerfile`:
- Line 2: The debug build Dockerfile is still using an older Go base image than
the main operator Dockerfile, causing a toolchain mismatch. Update
Dockerfile.debug to use the same golang:1.26.5-alpine image as the builder stage
in the main Dockerfile so debug and production builds compile with the same Go
version.
---
Nitpick comments:
In `@platform-api/Dockerfile`:
- Around line 90-91: The Dockerfile build step includes apt-get upgrade -y,
which makes the image non-reproducible because package versions can change
between builds. Review the RUN instruction that chains apt-get update, apt-get
upgrade, and apt-get install, and either remove the upgrade step for
deterministic builds or document that it is intentional for security patching.
If reproducibility is required, prefer pinned package versions or a dated base
image in the Dockerfile.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 813b025d-6454-48c8-bc4d-4cd6d8704335
⛔ Files ignored due to path filters (3)
go.workis excluded by!**/*.workgo.work.sumis excluded by!**/*.sumplatform-api/go.sumis excluded by!**/*.sum
📒 Files selected for processing (62)
.github/workflows/cli-gw-build-periodic.yml.github/workflows/cli-release.yml.github/workflows/codecov.yml.github/workflows/copilot-setup-steps.yml.github/workflows/event-gateway-integration-test-postgres.yml.github/workflows/event-gateway-integration-test-sqlserver.yml.github/workflows/event-gateway-integration-test.yml.github/workflows/event-gateway-release.yml.github/workflows/gateway-integration-test-postgres.yml.github/workflows/gateway-integration-test-sqlserver.yml.github/workflows/gateway-integration-test.yml.github/workflows/gateway-release.yml.github/workflows/go-scan.yaml.github/workflows/operator-integration-test.yml.github/workflows/platform-api-devportal-e2e.yml.github/workflows/platform-api-gateway-e2e.yml.github/workflows/platform-api-pr-check.yml.github/workflows/platform-api-release.yml.github/workflows/sample-service-pr-check.yml.github/workflows/sample-service-release.yml.github/workflows/sdk-integration-test.ymlcli/it/go.modcli/src/go.modcommon/go.modevent-gateway/gateway-runtime/Dockerfileevent-gateway/gateway-runtime/go.modevent-gateway/webhook-listener/Dockerfileevent-gateway/webhook-listener/go.modgateway/gateway-builder/Dockerfilegateway/gateway-builder/go.modgateway/gateway-controller/Dockerfilegateway/gateway-controller/go.modgateway/gateway-runtime/Dockerfilegateway/gateway-runtime/policy-engine/go.modgateway/it/docker-compose.test.yamlgateway/it/go.modgateway/sample-policies/transform-payload-case/go.modgateway/system-policies/analytics/go.modhttpkit/go.modkubernetes/gateway-operator/Dockerfilekubernetes/gateway-operator/go.modplatform-api/Dockerfileplatform-api/go.modportals/ai-workspace/Dockerfileportals/ai-workspace/bff/go.modsamples/sample-service/Dockerfilesamples/sample-service/go.modsdk/ai/go.modsdk/core/go.modtests/integration-e2e/go.modtests/mock-servers/mock-analytics-collector/Dockerfiletests/mock-servers/mock-analytics-collector/go.modtests/mock-servers/mock-aws-bedrock-guardrail/Dockerfiletests/mock-servers/mock-aws-bedrock-guardrail/go.modtests/mock-servers/mock-azure-content-safety/Dockerfiletests/mock-servers/mock-azure-content-safety/go.modtests/mock-servers/mock-embedding-provider/Dockerfiletests/mock-servers/mock-embedding-provider/go.modtests/mock-servers/mock-jwks/Dockerfiletests/mock-servers/mock-jwks/go.modtests/mock-servers/mock-platform-api/Dockerfiletests/mock-servers/mock-platform-api/go.mod
…tage, aligning with the latest Go version updates.
Dependency Validation Results |
Dependency Validation Results |
1 similar comment
Dependency Validation Results |
There was a problem hiding this comment.
🧹 Nitpick comments (1)
gateway/gateway-builder/Dockerfile (1)
79-91: 🩺 Stability & Availability | 🔵 Trivial | 💤 Low value
apt-get upgrade -yimproves security but reduces build reproducibility.Adding
apt-get upgrade -ybefore installing runtime dependencies is a sound security practice — it pulls in Debian security fixes that may have shipped after the base image was published. However, it makes builds non-reproducible: the exact package versions depend on when the build runs, which can cause drift across CI runs and make debugging harder.If reproducibility is a priority, consider pinning the base image by digest (e.g.,
golang:1.26.5-bookworm@sha256:...) so the starting point is fixed, and accept thatupgradeadds a layer of non-determinism on top. If security is the higher priority (likely the case here), the current approach is fine.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@gateway/gateway-builder/Dockerfile` around lines 79 - 91, The Dockerfile’s use of apt-get upgrade -y in the runtime-deps install step makes builds drift over time; if reproducibility matters, either remove the upgrade from the Dockerfile or pin the FROM golang:1.26.5-bookworm image by digest so the starting point stays fixed. Keep the change localized to the runtime dependency install block and the base image reference in the Dockerfile.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@gateway/gateway-builder/Dockerfile`:
- Around line 79-91: The Dockerfile’s use of apt-get upgrade -y in the
runtime-deps install step makes builds drift over time; if reproducibility
matters, either remove the upgrade from the Dockerfile or pin the FROM
golang:1.26.5-bookworm image by digest so the starting point stays fixed. Keep
the change localized to the runtime dependency install block and the base image
reference in the Dockerfile.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
Run ID: 1d87bb68-2e07-4ac2-bd03-6f6342f7144a
📒 Files selected for processing (2)
gateway/gateway-builder/Dockerfilekubernetes/gateway-operator/Dockerfile.debug
✅ Files skipped from review due to trivial changes (1)
- kubernetes/gateway-operator/Dockerfile.debug
Dependency Validation Results |
Dependency Validation Results |
1 similar comment
Dependency Validation Results |
This commit modifies the API proxy endpoint in the GitHub Actions workflow file to use the updated version path, ensuring compatibility with the latest API changes.
Dependency Validation Results |
Dependency Validation Results |
Dependency Validation Results |
Update Go version to 1.26.5 across all modules and workflows , ensuring compatibility and leveraging the latest features and fixes.