Skip to content

Update Go version to 1.26.5 across all modules and workflows#2537

Open
Thushani-Jayasekera wants to merge 8 commits into
wso2:mainfrom
Thushani-Jayasekera:fix-vulenrabilities
Open

Update Go version to 1.26.5 across all modules and workflows#2537
Thushani-Jayasekera wants to merge 8 commits into
wso2:mainfrom
Thushani-Jayasekera:fix-vulenrabilities

Conversation

@Thushani-Jayasekera

Copy link
Copy Markdown
Contributor

Update Go version to 1.26.5 across all modules and workflows , ensuring compatibility and leveraging the latest features and fixes.

…g compatibility and leveraging the latest features and fixes.
@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9796f9e4-c36a-449d-9ee9-f8732271392a

📥 Commits

Reviewing files that changed from the base of the PR and between af92267 and 10e7dd9.

📒 Files selected for processing (1)
  • .github/workflows/ai-workspace-pr-check.yml

📝 Walkthrough

Walkthrough

This PR updates Go 1.26.2 to 1.26.5 across CI workflows, module files, and Dockerfiles, refreshes several runtime base images, and changes one AI Workspace readiness probe URL in a workflow.

Changes

Go 1.26.5 toolchain rollout

Layer / File(s) Summary
CI workflow Go version bumps
.github/workflows/cli-gw-build-periodic.yml, .github/workflows/cli-release.yml, .github/workflows/codecov.yml, .github/workflows/copilot-setup-steps.yml, .github/workflows/event-gateway-*.yml, .github/workflows/gateway-*.yml, .github/workflows/go-scan.yaml, .github/workflows/operator-integration-test.yml, .github/workflows/platform-api-*.yml, .github/workflows/sample-service-*.yml, .github/workflows/sdk-integration-test.yml
All actions/setup-go steps update Go from 1.26.2 to 1.26.5.
go.mod toolchain directive bumps
cli/*/go.mod, common/go.mod, event-gateway/*/go.mod, gateway/*/go.mod, httpkit/go.mod, kubernetes/gateway-operator/go.mod, platform-api/go.mod, portals/ai-workspace/bff/go.mod, samples/sample-service/go.mod, sdk/*/go.mod, tests/*/go.mod
All listed modules update the go directive to 1.26.5; platform-api/go.mod also removes and refreshes several indirect dependencies.
Dockerfile and compose base image bumps
event-gateway/*/Dockerfile, gateway/*/Dockerfile, kubernetes/gateway-operator/Dockerfile, platform-api/Dockerfile, portals/ai-workspace/Dockerfile, samples/sample-service/Dockerfile, tests/mock-servers/*/Dockerfile, gateway/it/docker-compose.test.yaml
Builder images move to Go 1.26.5, some Alpine runtime images move to 3.24, and a few build steps add apt-get upgrade -y before package installs.

AI Workspace readiness probe

Layer / File(s) Summary
Readiness probe endpoint change
.github/workflows/ai-workspace-pr-check.yml
The workflow changes the URL polled for AI Workspace readiness from the api-proxy/v1 organizations endpoint to the api/proxy/v0.9 organizations endpoint.

Estimated code review effort: 2 (Simple) | ~10 minutes

Possibly related PRs

Suggested reviewers: malinthaprasan, Tharsanan1, Krishanx92, VirajSalaka

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The description is only a one-line summary and omits the required template sections like Purpose, Goals, Approach, tests, and security checks. Expand it to fill the repository template: Purpose, Goals, Approach, User stories, Documentation, Automation tests, Security checks, Samples, Related PRs, and Test environment.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: upgrading Go to 1.26.5 across modules and workflows.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Warning

Review ran into problems

🔥 Problems

Git: Failed to clone repository. Please run the @coderabbitai full review command to re-trigger a full review. If the issue persists, set path_filters to include or exclude specific files.


Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

…untime images, ensuring consistency with the latest Debian release.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
platform-api/Dockerfile (1)

90-91: 📐 Maintainability & Code Quality | 🔵 Trivial | 💤 Low value

apt-get upgrade -y makes runtime builds non-reproducible.

Adding apt-get upgrade -y between update and install applies all available package upgrades at build time, meaning the same Dockerfile can produce different images depending on when it's built. While this improves security patching, it also risks pulling in unexpected package versions that could break the application.

Consider whether this is intentional. If security patching is the goal, this is acceptable but should be documented. If reproducibility matters more, pin specific package versions or use a dated base image tag instead.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@platform-api/Dockerfile` around lines 90 - 91, The Dockerfile build step
includes apt-get upgrade -y, which makes the image non-reproducible because
package versions can change between builds. Review the RUN instruction that
chains apt-get update, apt-get upgrade, and apt-get install, and either remove
the upgrade step for deterministic builds or document that it is intentional for
security patching. If reproducibility is required, prefer pinned package
versions or a dated base image in the Dockerfile.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@kubernetes/gateway-operator/Dockerfile`:
- Line 2: The debug build Dockerfile is still using an older Go base image than
the main operator Dockerfile, causing a toolchain mismatch. Update
Dockerfile.debug to use the same golang:1.26.5-alpine image as the builder stage
in the main Dockerfile so debug and production builds compile with the same Go
version.

---

Nitpick comments:
In `@platform-api/Dockerfile`:
- Around line 90-91: The Dockerfile build step includes apt-get upgrade -y,
which makes the image non-reproducible because package versions can change
between builds. Review the RUN instruction that chains apt-get update, apt-get
upgrade, and apt-get install, and either remove the upgrade step for
deterministic builds or document that it is intentional for security patching.
If reproducibility is required, prefer pinned package versions or a dated base
image in the Dockerfile.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 813b025d-6454-48c8-bc4d-4cd6d8704335

📥 Commits

Reviewing files that changed from the base of the PR and between 95c0c5e and f4ff503.

⛔ Files ignored due to path filters (3)
  • go.work is excluded by !**/*.work
  • go.work.sum is excluded by !**/*.sum
  • platform-api/go.sum is excluded by !**/*.sum
📒 Files selected for processing (62)
  • .github/workflows/cli-gw-build-periodic.yml
  • .github/workflows/cli-release.yml
  • .github/workflows/codecov.yml
  • .github/workflows/copilot-setup-steps.yml
  • .github/workflows/event-gateway-integration-test-postgres.yml
  • .github/workflows/event-gateway-integration-test-sqlserver.yml
  • .github/workflows/event-gateway-integration-test.yml
  • .github/workflows/event-gateway-release.yml
  • .github/workflows/gateway-integration-test-postgres.yml
  • .github/workflows/gateway-integration-test-sqlserver.yml
  • .github/workflows/gateway-integration-test.yml
  • .github/workflows/gateway-release.yml
  • .github/workflows/go-scan.yaml
  • .github/workflows/operator-integration-test.yml
  • .github/workflows/platform-api-devportal-e2e.yml
  • .github/workflows/platform-api-gateway-e2e.yml
  • .github/workflows/platform-api-pr-check.yml
  • .github/workflows/platform-api-release.yml
  • .github/workflows/sample-service-pr-check.yml
  • .github/workflows/sample-service-release.yml
  • .github/workflows/sdk-integration-test.yml
  • cli/it/go.mod
  • cli/src/go.mod
  • common/go.mod
  • event-gateway/gateway-runtime/Dockerfile
  • event-gateway/gateway-runtime/go.mod
  • event-gateway/webhook-listener/Dockerfile
  • event-gateway/webhook-listener/go.mod
  • gateway/gateway-builder/Dockerfile
  • gateway/gateway-builder/go.mod
  • gateway/gateway-controller/Dockerfile
  • gateway/gateway-controller/go.mod
  • gateway/gateway-runtime/Dockerfile
  • gateway/gateway-runtime/policy-engine/go.mod
  • gateway/it/docker-compose.test.yaml
  • gateway/it/go.mod
  • gateway/sample-policies/transform-payload-case/go.mod
  • gateway/system-policies/analytics/go.mod
  • httpkit/go.mod
  • kubernetes/gateway-operator/Dockerfile
  • kubernetes/gateway-operator/go.mod
  • platform-api/Dockerfile
  • platform-api/go.mod
  • portals/ai-workspace/Dockerfile
  • portals/ai-workspace/bff/go.mod
  • samples/sample-service/Dockerfile
  • samples/sample-service/go.mod
  • sdk/ai/go.mod
  • sdk/core/go.mod
  • tests/integration-e2e/go.mod
  • tests/mock-servers/mock-analytics-collector/Dockerfile
  • tests/mock-servers/mock-analytics-collector/go.mod
  • tests/mock-servers/mock-aws-bedrock-guardrail/Dockerfile
  • tests/mock-servers/mock-aws-bedrock-guardrail/go.mod
  • tests/mock-servers/mock-azure-content-safety/Dockerfile
  • tests/mock-servers/mock-azure-content-safety/go.mod
  • tests/mock-servers/mock-embedding-provider/Dockerfile
  • tests/mock-servers/mock-embedding-provider/go.mod
  • tests/mock-servers/mock-jwks/Dockerfile
  • tests/mock-servers/mock-jwks/go.mod
  • tests/mock-servers/mock-platform-api/Dockerfile
  • tests/mock-servers/mock-platform-api/go.mod

Comment thread kubernetes/gateway-operator/Dockerfile
…tage, aligning with the latest Go version updates.
coderabbitai[bot]
coderabbitai Bot previously approved these changes Jul 8, 2026
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Dependency Validation Results

⚠️ Please verify the scope of the dependencies usage is necessary

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Dependency Validation Results

⚠️ Please verify the scope of the dependencies usage is necessary

1 similar comment
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Dependency Validation Results

⚠️ Please verify the scope of the dependencies usage is necessary

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
gateway/gateway-builder/Dockerfile (1)

79-91: 🩺 Stability & Availability | 🔵 Trivial | 💤 Low value

apt-get upgrade -y improves security but reduces build reproducibility.

Adding apt-get upgrade -y before installing runtime dependencies is a sound security practice — it pulls in Debian security fixes that may have shipped after the base image was published. However, it makes builds non-reproducible: the exact package versions depend on when the build runs, which can cause drift across CI runs and make debugging harder.

If reproducibility is a priority, consider pinning the base image by digest (e.g., golang:1.26.5-bookworm@sha256:...) so the starting point is fixed, and accept that upgrade adds a layer of non-determinism on top. If security is the higher priority (likely the case here), the current approach is fine.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@gateway/gateway-builder/Dockerfile` around lines 79 - 91, The Dockerfile’s
use of apt-get upgrade -y in the runtime-deps install step makes builds drift
over time; if reproducibility matters, either remove the upgrade from the
Dockerfile or pin the FROM golang:1.26.5-bookworm image by digest so the
starting point stays fixed. Keep the change localized to the runtime dependency
install block and the base image reference in the Dockerfile.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@gateway/gateway-builder/Dockerfile`:
- Around line 79-91: The Dockerfile’s use of apt-get upgrade -y in the
runtime-deps install step makes builds drift over time; if reproducibility
matters, either remove the upgrade from the Dockerfile or pin the FROM
golang:1.26.5-bookworm image by digest so the starting point stays fixed. Keep
the change localized to the runtime dependency install block and the base image
reference in the Dockerfile.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 1d87bb68-2e07-4ac2-bd03-6f6342f7144a

📥 Commits

Reviewing files that changed from the base of the PR and between f4ff503 and af92267.

📒 Files selected for processing (2)
  • gateway/gateway-builder/Dockerfile
  • kubernetes/gateway-operator/Dockerfile.debug
✅ Files skipped from review due to trivial changes (1)
  • kubernetes/gateway-operator/Dockerfile.debug

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Dependency Validation Results

⚠️ Please verify the scope of the dependencies usage is necessary

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Dependency Validation Results

⚠️ Please verify the scope of the dependencies usage is necessary

1 similar comment
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Dependency Validation Results

⚠️ Please verify the scope of the dependencies usage is necessary

This commit modifies the API proxy endpoint in the GitHub Actions workflow file to use the updated version path, ensuring compatibility with the latest API changes.
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Dependency Validation Results

⚠️ Please verify the scope of the dependencies usage is necessary

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Dependency Validation Results

⚠️ Please verify the scope of the dependencies usage is necessary

@github-actions

github-actions Bot commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Dependency Validation Results

⚠️ Please verify the scope of the dependencies usage is necessary

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants