Update go-openapi packages#148
Closed
red-hat-konflux-kflux-prd-rh02[bot] wants to merge 1 commit into
Closed
Conversation
Signed-off-by: red-hat-konflux-kflux-prd-rh02 <190377777+red-hat-konflux-kflux-prd-rh02[bot]@users.noreply.github.com>
Author
|
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Hi @red-hat-konflux-kflux-prd-rh02[bot]. Thanks for your PR. I'm waiting for a openshift-hyperfleet member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
📝 WalkthroughSummary by CodeRabbit
WalkthroughThis pull request updates two indirect Go module dependencies in Estimated code review effort🎯 1 (Trivial) | ⏱️ ~3 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@go.mod`:
- Around line 82-83: go.mod lists github.com/go-openapi/jsonpointer v0.23.1 and
github.com/go-openapi/swag v0.26.0 but those versions are not present in go.sum,
breaking module integrity; either run `go mod tidy` to update go.sum (so
jsonpointer@v0.23.1 and swag@v0.26.0 are recorded) or revert/remove the explicit
requirements for github.com/go-openapi/jsonpointer and
github.com/go-openapi/swag if the bump was accidental, and while fixing, verify
why these explicit version pins were added (check for compatibility across
consumers like sentinel/adapter) to avoid forcing newer transitive versions
unnecessarily.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Central YAML (base), Organization UI (inherited)
Review profile: ASSERTIVE
Plan: Enterprise
Run ID: a56bd795-4584-48fd-a51f-15b2562b1e72
📒 Files selected for processing (1)
go.mod
Comment on lines
+82
to
+83
| github.com/go-openapi/jsonpointer v0.23.1 // indirect | ||
| github.com/go-openapi/swag v0.26.0 // indirect |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check lines 82-83 and surrounding context in go.mod
echo "=== hyperfleet-api go.mod lines 80-85 ==="
sed -n '80,85p' go.modRepository: openshift-hyperfleet/hyperfleet-api
Length of output: 434
🏁 Script executed:
#!/bin/bash
# Check the .bingo/oapi-codegen.sum file for go-openapi versions
echo "=== hyperfleet-sentinel .bingo/oapi-codegen.sum ==="
cat .bingo/oapi-codegen.sum 2>/dev/null | head -20 || echo "File not found"Repository: openshift-hyperfleet/hyperfleet-sentinel
Length of output: 2125
🏁 Script executed:
#!/bin/bash
# Check go.mod for comparison
echo "=== hyperfleet-adapter go.mod go-openapi entries ==="
grep -n "go-openapi" go.mod || echo "No go-openapi found"Repository: openshift-hyperfleet/hyperfleet-adapter
Length of output: 305
🏁 Script executed:
#!/bin/bash
# Check if oapi-codegen is used and where generated code lives
echo "=== Searching for oapi-codegen usage in hyperfleet-api ==="
find . -name "*.mod" -o -name "*.sum" -o -name "*.toml" | xargs grep -l "oapi-codegen" 2>/dev/null || echo "No oapi-codegen found"
echo ""
echo "=== Searching for OpenAPI spec files ==="
find . -name "*.yaml" -o -name "*.yml" -o -name "*.json" | grep -i "openapi\|swagger" | head -10 || echo "No OpenAPI specs found"
echo ""
echo "=== Checking if go-openapi deps are direct or transitive ==="
head -100 go.mod | grep -A5 "require ("Repository: openshift-hyperfleet/hyperfleet-api
Length of output: 1175
🏁 Script executed:
#!/bin/bash
# Check oapi-codegen bingo tooling and its purpose
echo "=== hyperfleet-sentinel .bingo directory ==="
ls -la .bingo/ 2>/dev/null || echo ".bingo not found"
echo ""
echo "=== Checking go.mod for oapi-codegen ==="
grep -n "oapi-codegen" go.mod 2>/dev/null || echo "oapi-codegen not in go.mod"Repository: openshift-hyperfleet/hyperfleet-sentinel
Length of output: 925
🏁 Script executed:
#!/bin/bash
# Check if hyperfleet-adapter uses generated code or oapi-codegen
echo "=== Searching for oapi-codegen references ==="
find . -type f \( -name "*.mod" -o -name "*.sum" -o -name "Makefile" -o -name "*.sh" \) | xargs grep -l "oapi-codegen" 2>/dev/null || echo "No oapi-codegen references"
echo ""
echo "=== Check go.mod require section ==="
head -80 go.mod | tail -30Repository: openshift-hyperfleet/hyperfleet-adapter
Length of output: 1768
🏁 Script executed:
#!/bin/bash
# Check what oapi-codegen tool itself pins for go-openapi versions
echo "=== hyperfleet-api .bingo/oapi-codegen.mod ==="
cat .bingo/oapi-codegen.mod
echo ""
echo "=== hyperfleet-api .bingo/oapi-codegen.sum (go-openapi entries) ==="
grep "go-openapi" .bingo/oapi-codegen.sum | head -10
echo ""
echo "=== Check direct vs indirect in main go.mod ==="
echo "Direct requires:"
sed -n '/^require (/,/^)/p' go.mod | grep -i "go-openapi" || echo "None in direct requires"
echo ""
echo "=== Check if swag/jsonpointer come from another direct dependency ==="
grep -n "^require (" go.mod
head -40 go.modRepository: openshift-hyperfleet/hyperfleet-api
Length of output: 2598
🏁 Script executed:
#!/bin/bash
# Check if openapi.yaml or oapi-codegen.yaml were changed
echo "=== Check OpenAPI spec files ==="
cat openapi/openapi.yaml | head -20
echo ""
echo "=== Check oapi-codegen.yaml config ==="
cat openapi/oapi-codegen.yaml 2>/dev/null || echo "File not found"
echo ""
echo "=== Check if any generated code exists and needs regeneration ==="
find . -type f -name "*.go" -path "*/openapi*" -o -name "*oapi*.go" | head -20Repository: openshift-hyperfleet/hyperfleet-api
Length of output: 1321
🏁 Script executed:
#!/bin/bash
# Check if hyperfleet-sentinel generates code from specs
echo "=== Check if sentinel uses generated openapi code ==="
find . -type f -name "*.go" | xargs grep -l "github.com/oapi-codegen" 2>/dev/null | head -5 || echo "No oapi-codegen usage in generated code found"
echo ""
echo "=== Check .bingo/oapi-codegen.sum vs main go.mod ==="
echo "Codegen tool versions:"
grep "go-openapi" .bingo/oapi-codegen.sum | grep -E "^github" | sort -u
echo ""
echo "Main go.mod versions:"
grep "go-openapi" go.mod || echo "None in main go.mod"Repository: openshift-hyperfleet/hyperfleet-sentinel
Length of output: 618
🏁 Script executed:
#!/bin/bash
# Check what go-openapi versions oapi-codegen/v2 v2.6.0 actually requires
echo "=== What is in .bingo/oapi-codegen.sum (full go-openapi lines) ==="
grep "go-openapi" .bingo/oapi-codegen.sum
echo ""
echo "=== Check kin-openapi v0.133.0 to understand transitive chain ==="
grep "getkin/kin-openapi" go.sum | head -3
echo ""
echo "=== Full go.sum entries for go-openapi (what was resolved) ==="
grep "go-openapi" go.sum | sort -u
echo ""
echo "=== Which direct dependency brings in go-openapi to main go.mod ==="
# getkin/kin-openapi v0.133.0 likely brings in go-openapi
echo "Checking if generated openapi.gen.go exists and matches current config..."
ls -la pkg/api/openapi/openapi.gen.go 2>/dev/null && echo "Generated code file exists" || echo "Generated code not found"Repository: openshift-hyperfleet/hyperfleet-api
Length of output: 1346
🏁 Script executed:
#!/bin/bash
# Critical check: verify go.mod vs go.sum consistency for these specific packages
echo "=== Go.mod lines 82-83 (as claimed in PR) ==="
sed -n '82,83p' go.mod
echo ""
echo "=== Actual corresponding entries in go.sum ==="
grep "github.com/go-openapi/jsonpointer\|github.com/go-openapi/swag" go.sum
echo ""
echo "=== Check if go.mod has been edited but go.sum not synced ==="
wc -l go.mod go.sum
echo ""
echo "=== Full context: lines 80-95 of go.mod to see the pattern ==="
sed -n '80,95p' go.mod
echo ""
echo "=== Is there a go.mod.backup or recent git history? ==="
git log --oneline -5 go.mod go.sum 2>/dev/null || echo "Git history not available"
</parameter>Repository: openshift-hyperfleet/hyperfleet-api
Length of output: 1869
🏁 Script executed:
#!/bin/bash
# Verify the go.mod/go.sum mismatch is real
echo "=== Check for ALL go-openapi entries in go.sum ==="
grep "go-openapi" go.sum | wc -l
echo "Total entries:"
grep "go-openapi" go.sum
echo ""
echo "=== Check for ALL go-openapi entries in go.mod ==="
grep "go-openapi" go.mod
echo ""
echo "=== Verify this is actually lines 82-83 and not a different location ==="
grep -n "go-openapi" go.mod
echo ""
echo "=== Is the go.sum corrupted or incomplete? Run validation ==="
go mod tidy --dry-run 2>&1 | head -20 || echo "Go command not available"Repository: openshift-hyperfleet/hyperfleet-api
Length of output: 1058
🏁 Script executed:
#!/bin/bash
# Critical discovery: go.mod declares versions not in go.sum
# Let's verify the git history to understand what happened
echo "=== Recent git log for go.mod and go.sum ==="
git log --oneline -10 go.mod go.sum 2>/dev/null || echo "Git not available"
echo ""
echo "=== Check the last commit that touched these files ==="
git log -1 --format="%H %s" -- go.mod 2>/dev/null || echo "Git history unavailable"
echo ""
echo "=== Check if go.sum has entries for v0.23.1 or v0.26.0 anywhere ==="
grep -E "v0.23.1|v0.26.0" go.sum || echo "No v0.23.1 or v0.26.0 found in go.sum"
echo ""
echo "=== What's the git diff status ==="
git status --short go.mod go.sum 2>/dev/null || echo "Git status unavailable"
echo ""
echo "=== Try to see if go.mod changes are staged but uncommitted ==="
git diff go.mod 2>/dev/null | head -30 || echo "No uncommitted changes"
</parameter>Repository: openshift-hyperfleet/hyperfleet-api
Length of output: 662
🏁 Script executed:
#!/bin/bash
# This is critical - go.mod declares versions not in go.sum
# This breaks the build. Let's verify the actual state
echo "=== Git show the actual commit content ==="
git show 887d96c:go.mod 2>/dev/null | sed -n '82,83p' || echo "Cannot access commit"
echo ""
echo "=== Git show go.sum from that commit ==="
git show 887d96c:go.sum 2>/dev/null | grep "go-openapi" || echo "Cannot access go.sum from commit"
echo ""
echo "=== What version of Go is being used? ==="
head -3 go.mod
echo ""
echo "=== Are there any indirect dependencies that would pull these versions? ==="
grep -A2 -B2 "getkin/kin-openapi\|oapi-codegen" go.mod
echo ""
echo "=== Final check: will this build? Test go mod verify ==="
go mod verify 2>&1 || echo "Go mod verify failed - likely indicates sync issue"Repository: openshift-hyperfleet/hyperfleet-api
Length of output: 1313
🏁 Script executed:
#!/bin/bash
# The critical discovery: go.mod declares versions NOT in go.sum
# But go mod verify passes. Let's understand what's actually happening
echo "=== Check go.mod line 82-83 once more ==="
sed -n '82,83p' go.mod
echo ""
echo "=== Now check if kin-openapi v0.133.0 actually REQUIRES these newer versions ==="
# Search upstream to see what kin-openapi depends on
echo "Checking what getkin/kin-openapi v0.133.0 depends on..."
grep -A10 "getkin/kin-openapi v0.133.0" go.sum || echo "Cannot infer from go.sum"
echo ""
echo "=== The real question: are lines 82-83 correct or stale/manual edits? ==="
echo "If go.sum has v0.21.0/v0.23.0 but go.mod declares v0.23.1/v0.26.0,"
echo "this indicates incomplete dependency update (go.mod manually edited without go mod tidy)"
echo ""
echo "=== Verify: what does go mod graph show for these packages? ==="
go mod graph 2>/dev/null | grep "go-openapi" | head -5 || echo "go mod graph unavailable"
echo ""
echo "=== List all indirect requires marked in go.mod ==="
grep "// indirect" go.mod | wc -l
echo "Total indirect: shown above"
</parameter>Repository: openshift-hyperfleet/hyperfleet-api
Length of output: 2327
go.mod declares versions not present in go.sum — module integrity broken.
Lines 82-83 explicitly require jsonpointer v0.23.1 and swag v0.26.0, but go.sum contains only v0.21.0 and v0.23.0 (transitive from getkin/kin-openapi v0.133.0). This creates a dependency mismatch that breaks reproducible builds. Either run go mod tidy to update go.sum with the new versions, or revert lines 82-83 if the version bump was unintended. Additionally, verify why you're explicitly forcing versions beyond what upstream dependencies require — this introduces unnecessary compatibility risk across HyperFleet repos (sentinel, adapter) that may not expect these newer versions.
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@go.mod` around lines 82 - 83, go.mod lists github.com/go-openapi/jsonpointer
v0.23.1 and github.com/go-openapi/swag v0.26.0 but those versions are not
present in go.sum, breaking module integrity; either run `go mod tidy` to update
go.sum (so jsonpointer@v0.23.1 and swag@v0.26.0 are recorded) or revert/remove
the explicit requirements for github.com/go-openapi/jsonpointer and
github.com/go-openapi/swag if the bump was accidental, and while fixing, verify
why these explicit version pins were added (check for compatibility across
consumers like sentinel/adapter) to avoid forcing newer transitive versions
unnecessarily.
Contributor
|
Closing: superseded by renovate.json config in #158 (HYPERFLEET-1095). MintMaker will re-create grouped updates on the next Monday cycle. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v0.21.0→v0.23.1v0.23.0→v0.26.0Warning
Some dependencies could not be looked up. Check the warning logs for more information.
Release Notes
go-openapi/jsonpointer (github.com/go-openapi/jsonpointer)
v0.23.1Compare Source
0.23.1 - 2026-04-18
Full Changelog: go-openapi/jsonpointer@v0.23.0...v0.23.1
5 commits in this release.
Fixed bugs
Documentation
Updates
People who contributed to this release
jsonpointer license terms
v0.23.0Compare Source
0.23.0 - 2026-04-15
Support for known limitations
Full Changelog: go-openapi/jsonpointer@v0.22.5...v0.23.0
16 commits in this release.
Implemented enhancements
"-"array suffix is now supported by @fredbi in #121 ...Fixed bugs
Documentation
Miscellaneous tasks
Updates
People who contributed to this release
New Contributors
in #118
jsonpointer license terms
v0.22.5Compare Source
0.22.5 - 2026-03-02
Full Changelog: go-openapi/jsonpointer@v0.22.4...v0.22.5
15 commits in this release.
Documentation
Code quality
Miscellaneous tasks
Updates
People who contributed to this release
New Contributors
in #97
jsonpointer license terms
v0.22.4Compare Source
0.22.4 - 2025-12-06
Full Changelog: go-openapi/jsonpointer@v0.22.3...v0.22.4
1 commits in this release.
Miscellaneous tasks
People who contributed to this release
jsonpointer license terms
v0.22.3Compare Source
0.22.3 - 2025-11-17
Full Changelog: go-openapi/jsonpointer@v0.22.2...v0.22.3
8 commits in this release.
Documentation
Code quality
Miscellaneous tasks
People who contributed to this release
New Contributors
in #76
jsonpointer license terms
v0.22.2Compare Source
0.22.2 - 2025-11-14
Full Changelog: go-openapi/jsonpointer@v0.22.1...v0.22.2
12 commits in this release.
Documentation
Code quality
Testing
Miscellaneous tasks
Security
Updates
People who contributed to this release
jsonpointer license terms
v0.22.1Compare Source
v0.22.0Compare Source
v0.21.2Compare Source
v0.21.1Compare Source
go-openapi/swag (github.com/go-openapi/swag)
v0.26.0Compare Source
0.26.0 - 2026-04-15
Full Changelog: go-openapi/swag@v0.25.5...v0.26.0
14 commits in this release.
Implemented enhancements
Documentation
Code quality
Miscellaneous tasks
Updates
People who contributed to this release
swag license terms
Per-module changes
cmdutils (0.26.0)
Miscellaneous tasks
conv (0.26.0)
Miscellaneous tasks
Updates
fileutils (0.26.0)
Miscellaneous tasks
Updates
jsonname (0.26.0)
Implemented enhancements
Miscellaneous tasks
Updates
jsonutils/adapters/easyjson (0.26.0)
Miscellaneous tasks
Updates
jsonutils/adapters/testintegration/benchmarks (0.26.0)
Miscellaneous tasks
Updates
jsonutils/adapters/testintegration (0.26.0)
Miscellaneous tasks
Updates
jsonutils/fixtures_test (0.26.0)
Miscellaneous tasks
Updates
jsonutils (0.26.0)
Miscellaneous tasks
Updates
loading (0.26.0)
Miscellaneous tasks
Updates
mangling (0.26.0)
Miscellaneous tasks
Updates
netutils (0.26.0)
Miscellaneous tasks
Updates
stringutils (0.26.0)
Miscellaneous tasks
Updates
typeutils (0.26.0)
Miscellaneous tasks
Updates
yamlutils (0.26.0)
Miscellaneous tasks
Updates
v0.25.5Compare Source
0.25.5 - 2026-03-02
Full Changelog: go-openapi/swag@v0.25.4...v0.25.5
16 commits in this release.
Documentation
Code quality
Testing
Miscellaneous tasks
Updates
People who contributed to this release
New Contributors
swag license terms
Per-module changes
cmdutils (0.25.5)
Testing
conv (0.25.5)
Testing
Miscellaneous tasks
Updates
fileutils (0.25.5)
Testing
Upd
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
To execute skipped test pipelines write comment
/ok-to-test.Documentation
Find out how to configure dependency updates in MintMaker documentation or see all available configuration options in Renovate documentation.