Skip to content

Bump ubi9/ubi-minimal from 9.8-1782191395 to 1782797355 in /build#248

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/docker/build/ubi9/ubi-minimal-1782797355
Open

Bump ubi9/ubi-minimal from 9.8-1782191395 to 1782797355 in /build#248
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/docker/build/ubi9/ubi-minimal-1782797355

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps ubi9/ubi-minimal from 9.8-1782191395 to 1782797355.

Summary by CodeRabbit

  • Chores
    • Updated the app’s runtime base image to a newer minimal version, keeping the build environment current.
    • No visible feature changes or behavior updates were included in this release.

@dependabot dependabot Bot added area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test. labels Jul 1, 2026
@github-actions

github-actions Bot commented Jul 1, 2026

Copy link
Copy Markdown

🚨 Major Version Update Detected 🚨

This PR contains a major version update that requires manual review:

  • Dependency: ubi9/ubi-minimal
  • Previous version: 9.7-1776833838
  • New version: 1782797355

Please review the changelog and breaking changes before merging.

Auto-merge has been disabled for this PR.

@coderabbitai

coderabbitai Bot commented Jul 1, 2026

Copy link
Copy Markdown

Walkthrough

Updates the final runtime stage base image in build/Dockerfile to a new registry.access.redhat.com/ubi9/ubi-minimal tag. No other Dockerfile instructions change.

Changes

Dockerfile base image update

Layer / File(s) Summary
Base image tag bump
build/Dockerfile
The final runtime stage FROM reference for ubi-minimal is updated to 1782797355.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Possibly related PRs

  • openshift/ocm-agent#236: Also updates the build/Dockerfile runtime ubi-minimal image reference, making it directly related at the same line-level area.
🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed Only build/Dockerfile changed; no test files or Ginkgo titles were modified, so the test-name check is not applicable.
Test Structure And Quality ✅ Passed Only build/Dockerfile changed; no Ginkgo test code or test-related files were modified.
Microshift Test Compatibility ✅ Passed Only build/Dockerfile changed; no new Ginkgo tests or MicroShift-relevant APIs were added.
Single Node Openshift (Sno) Test Compatibility ✅ Passed Only build/Dockerfile changed for a UBI base image bump; no Ginkgo/e2e tests were added or modified.
Topology-Aware Scheduling Compatibility ✅ Passed Only build/Dockerfile changed, updating the runtime base image; no manifests, controllers, replicas, affinity, selectors, or PDBs were modified.
Ote Binary Stdout Contract ✅ Passed PR only bumps the UBI base image in build/Dockerfile; no process-level Go/test code or stdout writes were changed.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed Only build/Dockerfile changed; no new Ginkgo e2e tests or network-dependent test code was added, so this check is not applicable.
No-Weak-Crypto ✅ Passed PASS: The PR only changes the UBI base image tag in build/Dockerfile; no MD5/SHA1/DES/RC4/3DES/Blowfish/ECB, custom crypto, or secret comparisons are introduced.
Container-Privileges ✅ Passed Only build/Dockerfile changed; it sets USER 1000 in the final stage and adds no privileged/container security settings.
No-Sensitive-Data-In-Logs ✅ Passed The only changed file is build/Dockerfile, and the patch only bumps the base image tag; no logging or sensitive-data exposure was added.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title accurately describes the Docker base image bump in build/Dockerfile.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/docker/build/ubi9/ubi-minimal-1782797355

Comment @coderabbitai help to get the list of available commands.

@openshift-ci openshift-ci Bot requested review from TheUndeadKing and bmeng July 1, 2026 15:05
@openshift-ci

openshift-ci Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign rafael-azevedo for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🧹 Nitpick comments (1)
build/Dockerfile (1)

10-10: 🔒 Security & Privacy | 🔵 Trivial | ⚡ Quick win

Use a floating UBI tag here.

The new tag is still build-pinned, which conflicts with the container policy for Red Hat images and bypasses Red Hat-managed update flow. As per path instructions, "Red Hat images: use floating tags (Red Hat manages updates); non-RH images: pin by digest".

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@build/Dockerfile` at line 10, The base image in the Dockerfile is still
pinned to a specific UBI build, which conflicts with the Red Hat image policy.
Update the FROM line in the Dockerfile to use a floating UBI tag instead of the
build-specific tag, so Red Hat-managed updates continue to flow automatically.

Source: Path instructions

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@build/Dockerfile`:
- Line 10: The base image in the Dockerfile is still pinned to a specific UBI
build, which conflicts with the Red Hat image policy. Update the FROM line in
the Dockerfile to use a floating UBI tag instead of the build-specific tag, so
Red Hat-managed updates continue to flow automatically.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 37e79b0c-79c4-408e-a290-796a46ef94ed

📥 Commits

Reviewing files that changed from the base of the PR and between a7983be and e9eead4.

📒 Files selected for processing (1)
  • build/Dockerfile

@codecov-commenter

codecov-commenter commented Jul 1, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 55.67%. Comparing base (a1ce968) to head (6c32d72).

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##           master     #248   +/-   ##
=======================================
  Coverage   55.67%   55.67%           
=======================================
  Files          23       23           
  Lines        1895     1895           
=======================================
  Hits         1055     1055           
  Misses        785      785           
  Partials       55       55           
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@openshift-ci openshift-ci Bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 3, 2026
@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

rebase

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Bumps ubi9/ubi-minimal from 9.8-1782191395 to 1782797355.

---
updated-dependencies:
- dependency-name: ubi9/ubi-minimal
  dependency-version: '1782797355'
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title Bump ubi9/ubi-minimal from 9.7-1776833838 to 1782797355 in /build Bump ubi9/ubi-minimal from 9.8-1782191395 to 1782797355 in /build Jul 3, 2026
@dependabot dependabot Bot force-pushed the dependabot/docker/build/ubi9/ubi-minimal-1782797355 branch from e9eead4 to 6c32d72 Compare July 3, 2026 03:29
@openshift-ci openshift-ci Bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 3, 2026
@github-actions

github-actions Bot commented Jul 3, 2026

Copy link
Copy Markdown

🚨 Major Version Update Detected 🚨

This PR contains a major version update that requires manual review:

  • Dependency: ubi9/ubi-minimal
  • Previous version: 9.8-1782191395
  • New version: 1782797355

Please review the changelog and breaking changes before merging.

Auto-merge has been disabled for this PR.

@openshift-ci

openshift-ci Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

@dependabot[bot]: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area/dependency Issues or PRs related to dependency changes ok-to-test Indicates a non-member PR verified by an org member that is safe to test.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant