Skip to content

dependabot: Fix blocking k8s 1.36#314

Open
Jakob-Naucke wants to merge 1 commit into
trusted-execution-clusters:mainfrom
Jakob-Naucke:dep-block-k8s-36
Open

dependabot: Fix blocking k8s 1.36#314
Jakob-Naucke wants to merge 1 commit into
trusted-execution-clusters:mainfrom
Jakob-Naucke:dep-block-k8s-36

Conversation

@Jakob-Naucke

@Jakob-Naucke Jakob-Naucke commented Jul 16, 2026

Copy link
Copy Markdown
Member

Summary by Sourcery

Build:

  • Update Dependabot ignore rules to block k8s.io and sigs.k8s.io packages starting from newer major/minor versions aligned with current Kubernetes 1.36 concerns.

- Block version we don't want to upgrade to, not the one we're already
  on or Dependabot ignores it as seen on trusted-execution-clusters#311
- Changed the comment: Blocker is no longer RHEL, but still OpenShift CI

Signed-off-by: Jakob Naucke <jnaucke@redhat.com>
@openshift-ci

openshift-ci Bot commented Jul 16, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Jakob-Naucke

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Jakob-Naucke Jakob-Naucke marked this pull request as ready for review July 16, 2026 11:16
@sourcery-ai

sourcery-ai Bot commented Jul 16, 2026

Copy link
Copy Markdown
Reviewer's guide (collapsed on small PRs)

Reviewer's Guide

Adjusts Dependabot configuration to block Kubernetes and related controller dependencies at newer major/minor versions, and updates the explanatory comment to reflect OpenShift CI as the current blocker instead of RHEL/go 1.26.

Sequence diagram for Dependabot ignoring blocked Kubernetes versions

sequenceDiagram
    participant Dependabot
    participant GitHubRepo

    Dependabot->>GitHubRepo: scan go_modules
    GitHubRepo-->>Dependabot: latest k8s.io/api version 0.36.x
    alt [version >= 0.36]
        Dependabot->>Dependabot: apply ignore_rule_k8s_api_>=0_36
        Dependabot->>GitHubRepo: skip update for k8s.io/api
    else [version < 0.36]
        Dependabot->>GitHubRepo: create update PR for k8s.io/api
    end
Loading

File-Level Changes

Change Details Files
Update Dependabot ignore rules to target the next Kubernetes and controller-runtime/tooling minor versions rather than the versions currently in use.
  • Increase the ignored version threshold for k8s.io/api from >=0.35 to >=0.36.
  • Increase the ignored version threshold for k8s.io/apimachinery from >=0.35 to >=0.36.
  • Increase the ignored version threshold for sigs.k8s.io/controller-runtime from >=0.23 to >=0.24.
  • Increase the ignored version threshold for sigs.k8s.io/controller-tools from >=0.20 to >=0.21.
.github/dependabot.yml
Update the dependabot configuration comment to reflect OpenShift CI as the reason for blocking newer Kubernetes versions instead of RHEL/go 1.26 availability.
  • Replace the comment about blocking newer Kubernetes versions due to go 1.26 availability in RHEL with a comment indicating the blocker is the OpenShift CI bump.
.github/dependabot.yml

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

@sourcery-ai sourcery-ai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey - I've reviewed your changes and they look great!


Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant