Skip to content

Update docker images (release-v0.7)#3377

Open
red-hat-konflux[bot] wants to merge 1 commit into
release-v0.7from
konflux/mintmaker/release-v0.7-release-v0.7/docker-images
Open

Update docker images (release-v0.7)#3377
red-hat-konflux[bot] wants to merge 1 commit into
release-v0.7from
konflux/mintmaker/release-v0.7-release-v0.7/docker-images

Conversation

@red-hat-konflux

@red-hat-konflux red-hat-konflux Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Type Update Change
registry.access.redhat.com/ubi9/ubi-minimal final digest 463cae3062c52f

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM (* 0-3 * * *)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

To execute skipped test pipelines write comment /ok-to-test.


Documentation

Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.

@fullsend-ai-review

fullsend-ai-review Bot commented Jul 2, 2026

Copy link
Copy Markdown

🤖 Finished Review · ✅ Success · Started 2:04 AM UTC · Completed 2:11 AM UTC
Commit: 47d3320 · View workflow run →

@codecov

codecov Bot commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

Flag Coverage Δ
generative 68.07% <ø> (-1.48%) ⬇️
integration 69.55% <ø> (ø)
unit 69.55% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 107 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@fullsend-ai-review

fullsend-ai-review Bot commented Jul 2, 2026

Copy link
Copy Markdown

Review

Verdict: Approve ✅

Summary

This is an automated dependency update from MintMaker/Renovate (red-hat-konflux[bot]) that bumps the SHA256 digest of the registry.access.redhat.com/ubi9/ubi-minimal:latest base image used in the final stage of both Dockerfile and Dockerfile.dist.

Change: sha256:463cae3...sha256:062c52f...

Analysis

Dimension Assessment
Correctness ✅ Both Dockerfiles are updated consistently to the identical new digest. The change is limited to the base image pin — no build logic, COPY instructions, or runtime behavior is affected.
Security ✅ Updating a pinned base image digest is a security-positive operation — it pulls in the latest Red Hat UBI security patches. The digest-pinning convention (image:tag@sha256:...) is correctly maintained, ensuring reproducible builds.
Intent & coherence ✅ The change matches the PR title, description, and automated bot scope. It targets the release-v0.7 branch as expected for a release-branch maintenance update.
Style/conventions ✅ Format is consistent with the existing Dockerfile conventions. No style issues.
Documentation ✅ No documentation updates needed for a base image digest bump.
Cross-repo contracts ✅ No API, schema, or interface changes. The CLI's public surface is unaffected.

PR body injection check

The PR body contains standard Renovate bot output. The embedded base64 renovate-debug comment decodes to benign metadata ({"createdInVer":"43.210.0-rpm",...}). No instruction-injection patterns detected.

No findings.


Protected paths detected — this PR modifies files under one or more
protected paths. The review agent cannot approve PRs that touch these paths.
A human reviewer must approve this PR.

Protected files in this PR:

  • Dockerfile
  • Dockerfile.dist
Previous run

Review

Findings

High

  • [protected-path] Dockerfile, Dockerfile.dist — Both Dockerfiles are protected infrastructure files that require human approval. This PR has no linked issue providing explicit authorization for modifying these files. While the change is a mechanical Renovate bot digest bump (UBI9 minimal 5b74fce463cae3) and the repository's renovate.json implicitly authorizes this update pattern, protected-path changes always require human review regardless of automation source.
    Remediation: A human maintainer should review and approve this PR. No code changes are needed — the digest update itself is correct and consistent across both Dockerfiles.

Labels: PR modifies Dockerfiles with a dependency digest update

fullsend-ai-review[bot]

This comment was marked as outdated.

@fullsend-ai-review fullsend-ai-review Bot added docker Pull requests that update Docker code dependencies Pull requests that update a dependency file labels Jul 2, 2026
Signed-off-by: red-hat-konflux <126015336+red-hat-konflux[bot]@users.noreply.github.com>
@red-hat-konflux
red-hat-konflux Bot force-pushed the konflux/mintmaker/release-v0.7-release-v0.7/docker-images branch from e522f60 to af50ff0 Compare July 17, 2026 02:00
@fullsend-ai-review

fullsend-ai-review Bot commented Jul 17, 2026

Copy link
Copy Markdown

🤖 Review · ❌ Terminated · Started 2:01 AM UTC · Ended 2:04 AM UTC
Commit: 87c4a29 · View workflow run →

@fullsend-ai-review
fullsend-ai-review Bot dismissed their stale review July 17, 2026 02:04

Superseded by updated review

@fullsend-ai-review fullsend-ai-review Bot added the requires-manual-review Review requires human judgment label Jul 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file docker Pull requests that update Docker code release-v0.7 renovate requires-manual-review Review requires human judgment size: XS

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants