Skip to content

ROSA-745: MintMaker gomod batch + automerge via boilerplate renovate#748

Draft
MitaliBhalla wants to merge 1 commit into
openshift:masterfrom
MitaliBhalla:draft/rosa-745-gomod-batch-monday
Draft

ROSA-745: MintMaker gomod batch + automerge via boilerplate renovate#748
MitaliBhalla wants to merge 1 commit into
openshift:masterfrom
MitaliBhalla:draft/rosa-745-gomod-batch-monday

Conversation

@MitaliBhalla
Copy link
Copy Markdown
Contributor

@MitaliBhalla MitaliBhalla commented May 29, 2026
edited by coderabbitai Bot
Loading

Summary

Re-introduces ROSA-745 MintMaker gomod batching + tide automerge via shared boilerplate config, after revert #747.

  • Enable gomod in .github/renovate.json with grouped minor/patch updates and production UTC schedule (02:00–04:59, Mon–Fri).
  • Pre-apply lgtm / approved on gomod + Tekton rules so Prow/tide merges when required checks pass (not a new GHA workflow).
  • Add lgtm / approved to golang-osd-operator Dependabot docker /build template.

Lessons from #741 / #746 rollback (#747)

Issue (why we reverted) Fix in this PR
#746 used a narrow Thu 06:00 UTC pilot window Mon–Fri 02:00–04:59 UTC production window from day one
#741 had no groupName → stream of individual gomod PRs "groupName": "gomod dependencies"
Missing timezone / updateNotScheduled "timezone": "UTC", "updateNotScheduled": false
Automerge without clear CI gate expectation Rule descriptions note merge requires Prow + Konflux via branch protection (DPP ticket)
Push for per-repo GHA auto-merge workflows Out of scope — tide + labels only (per platform review)
Optional Konflux checks (EC, pr-group, e2e, pko) blocking operators Documented in DPP: require only *-on-pull-request + ci/prow/*; operators must remove extra required checks if already set

Out of scope

  • Per-operator GitHub Action auto-merge workflows.
  • dependency-pr-automerge.yml or boilerplate update-script workflow install.

Prerequisites before fleet impact

  • DPP applies required ci/prow/* + primary Konflux *-on-pull-request per repo (see ROSA-745 DPP handoff).
  • Operators run boilerplate-update to pick up dependabot.yml label changes.

Test plan (after merge)

  • Validate on one Phase 1 operator with extends boilerplate renovate (e.g. aws-account-operator).
  • Expect one grouped gomod PR per cycle in the UTC window (not many individual PRs).
  • gh pr checks <pr> --state all — merge only when required Prow + Konflux are green; neutral optional Konflux checks must not be required in branch protection.
  • Confirm tide merges with lgtm + approved after required checks pass.

Related

Summary by CodeRabbit

  • Chores
    • Improved dependency update automation with enhanced grouping and scheduling rules
    • Enabled automatic merging of dependency updates after required checks pass
    • Added structured management for Go module dependencies with scheduled automerge windows and standardized labeling
    • Updated Tekton dependency configuration with improved descriptions and automerge policies

@MitaliBhalla @cursoragent
ROSA-745: MintMaker gomod batch + automerge (production schedule)
719cee9 
Enable grouped gomod updates on a Mon-Fri UTC window with lgtm/approved
for tide after required Prow/Konflux checks. Extend Dependabot docker
labels for golang-osd-operator. No per-repo GHA workflow.

Co-authored-by: Cursor <cursoragent@cursor.com>
@openshift-ci openshift-ci Bot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label May 29, 2026
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 29, 2026
@openshift-ci-robot
Copy link
Copy Markdown

openshift-ci-robot commented May 29, 2026
edited by openshift-ci Bot
Loading

@MitaliBhalla: This pull request references ROSA-745 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the initiative to target the "5.0.0" version, but no target version was set.

Details

In response to this:

Summary

Re-introduces ROSA-745 MintMaker gomod batching + tide automerge via shared boilerplate config, after revert #747.

  • Enable gomod in .github/renovate.json with grouped minor/patch updates and production UTC schedule (02:00–04:59, Mon–Fri).
  • Pre-apply lgtm / approved on gomod + Tekton rules so Prow/tide merges when required checks pass (not a new GHA workflow).
  • Add lgtm / approved to golang-osd-operator Dependabot docker /build template.

Lessons from #741 / #746 rollback (#747)

Issue (why we reverted) Fix in this PR
#746 used a narrow Thu 06:00 UTC pilot window Mon–Fri 02:00–04:59 UTC production window from day one
#741 had no groupName → stream of individual gomod PRs "groupName": "gomod dependencies"
Missing timezone / updateNotScheduled "timezone": "UTC", "updateNotScheduled": false
Automerge without clear CI gate expectation Rule descriptions note merge requires Prow + Konflux via branch protection (DPP ticket)
Push for per-repo GHA auto-merge workflows Out of scope — tide + labels only (per platform review)
Optional Konflux checks (EC, pr-group, e2e, pko) blocking operators Documented in DPP: require only *-on-pull-request + ci/prow/*; operators must remove extra required checks if already set

Out of scope

  • Per-operator GitHub Action auto-merge workflows.
  • dependency-pr-automerge.yml or boilerplate update-script workflow install.

Prerequisites before fleet impact

  • DPP applies required ci/prow/* + primary Konflux *-on-pull-request per repo (see ROSA-745 DPP handoff).
  • Operators run boilerplate-update to pick up dependabot.yml label changes.

Test plan (after merge)

  • Validate on one Phase 1 operator with extends boilerplate renovate (e.g. aws-account-operator).
  • Expect one grouped gomod PR per cycle in the UTC window (not many individual PRs).
  • gh pr checks <pr> --state all — merge only when required Prow + Konflux are green; neutral optional Konflux checks must not be required in branch protection.
  • Confirm tide merges with lgtm + approved after required checks pass.

Related

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 29, 2026
edited by atlassian Bot
Loading

Walkthrough

Renovate configuration is updated to automate Tekton and Gomod dependency management. The Tekton package rules description now clarifies automerge criteria for patch/minor updates. A new Gomod manager is enabled and configured with grouped minor/patch/digest updates, weekday-scheduled automerge, and standardized labels.

Changes

Renovate Automation Rules

Layer / File(s) Summary
Tekton automerge rules
.github/renovate.json		 Tekton packageRules description updated to specify automerge criteria and labeling behavior for patch/minor version updates.
Gomod manager enablement and configuration
.github/renovate.json		 Gomod manager added to enabledManagers, then configured with grouped dependency updates (minor/patch/digest), scheduled automerge windows (Monday–Friday, specific UTC hour range), automerge enabled, and standardized labels.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Possibly related PRs

  • openshift/boilerplate#746: Modifies .github/renovate.json Gomod manager packageRules with grouping name, schedule/automergeSchedule, automerge, and labels configuration.
  • openshift/boilerplate#747: Modifies .github/renovate.json for Tekton and Gomod manager configuration changes, potentially conflicting or complementary to this PR's automation rules.

Suggested labels

approved, lgtm

Suggested reviewers

  • smarthall
  • rafael-azevedo
  • clcollins
🚥 Pre-merge checks | ✅ 15
✅ Passed checks (15 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly references ROSA-745 and accurately describes the main change: introducing gomod batch updates with automerge via Renovate configuration, which aligns with the detailed PR objectives.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names ✅ Passed PR modifies Renovate configuration and boilerplate files only; contains one Ginkgo test suite file with no actual test cases (It/Describe/Context) defined, so check is not applicable.
Test Structure And Quality ✅ Passed PR adds Renovate config and test boilerplate only. No Ginkgo test implementations (It blocks) are present, so test quality check is not applicable.
Microshift Test Compatibility ✅ Passed No new Ginkgo e2e test cases (It/Describe/Context/When blocks) are added in this PR. The only test file added is a test fixture setup scaffold with no actual test definitions.
Single Node Openshift (Sno) Test Compatibility ✅ Passed PR updates Renovate configuration and boilerplate files but does not add any Ginkgo e2e tests. SNO Test Compatibility check only applies when new e2e tests are added.
Topology-Aware Scheduling Compatibility ✅ Passed PR modifies Renovate config and test templates only. The deployment.yaml is in test/projects/ for testing, not production; uses preferred affinity which is topology-aware.
Ote Binary Stdout Contract ✅ Passed PR modifies only configuration (.github/renovate.json, .tekton, .gitignore, CLAUDE.md) and test project files; no OTE binary stdout violations exist. The check is not applicable.
Ipv6 And Disconnected Network Test Compatibility ✅ Passed No new Ginkgo e2e tests are added in this PR. Changes are limited to .github/renovate.json configuration and dependency management rules. The check is not applicable.
No-Weak-Crypto ✅ Passed PR contains only configuration changes to Renovate and Dependabot settings. No weak crypto algorithms, custom implementations, or insecure secret comparisons detected.
Container-Privileges ✅ Passed Comprehensive search found no privileged: true, hostPID, hostNetwork, hostIPC, SYS_ADMIN, allowPrivilegeEscalation: true, or runAsUser: 0 in container manifests.
No-Sensitive-Data-In-Logs ✅ Passed PR modifies only configuration files with no logging statements containing sensitive data like passwords, tokens, API keys, or PII.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands and usage tips.

@openshift-ci
Copy link
Copy Markdown
Contributor

openshift-ci Bot commented May 29, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: MitaliBhalla
Once this PR has been reviewed and has the lgtm label, please assign dustman9000 for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MitaliBhalla @openshift-ci-robot