Fix: pending SystemCertPool() deprecation

[aramprice]

In docker/go-connections/tlsconfig this method has become deprecated causing dependency bumps to fail. Switching to the recommended crypto/x509 method instead.

Fixes:

cpi/factory.go:144:19: SA1019: dkrtlsconfig.SystemCertPool is deprecated: use [x509.SystemCertPool] instead. (staticcheck)
	certPool, err := dkrtlsconfig.SystemCertPool()

^ https://bosh.ci.cloudfoundry.org/teams/main/pipelines/bosh-docker-cpi/jobs/bump-deps/builds/92#L69ba586e:224:225

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 5c0124ba-130b-4991-891e-fed607d3848c

📥 Commits

Reviewing files that changed from the base of the PR and between e533069 and 4b7425d.

📒 Files selected for processing (1)

• src/bosh-docker-cpi/cpi/factory.go

---

Walkthrough

The pull request modifies the TLS configuration in the HTTP client setup. Specifically, the system CA certificate pool is now obtained directly from the standard library's x509.SystemCertPool() function instead of from dkrtlsconfig.SystemCertPool(). The change maintains the existing control flow and error handling patterns. The cert pool continues to have configured CA PEMs appended to it and is then assigned to tlsConfig.RootCAs as before. No public or exported entity declarations were altered. The modification spans 2 added lines and 1 removed line.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly identifies the main change: fixing a pending deprecation of SystemCertPool(), which matches the core objective of the PR.
Description check	✅ Passed	The description is directly related to the changeset, explaining the deprecation issue and the solution of switching to x509.SystemCertPool().
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix-pending-deprecation

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

This PR updates the Docker CPI TLS setup to avoid the deprecated docker/go-connections/tlsconfig.SystemCertPool() API by switching to the standard library crypto/x509.SystemCertPool().

Changes:

• Replace dkrtlsconfig.SystemCertPool() with x509.SystemCertPool() in the CPI HTTP client TLS configuration.
• Add the crypto/x509 import to support the new call.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.