Conversation
WalkthroughUpgraded Go toolchain from 1.24 → 1.25 across CI, Docker build, and module files; bumped go.mod toolchain and many dependencies (Kubernetes client libs to v0.34.x, Helm to v3.19.0, and numerous indirect libraries). Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes
Possibly related PRs
Suggested reviewers
Poem
Pre-merge checks and finishing touches✅ Passed checks (2 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (1)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)
🔇 Additional comments (4)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
go.sumis excluded by!**/*.sum
📒 Files selected for processing (4)
.github/workflows/release.yaml(1 hunks).github/workflows/run-tests.yaml(3 hunks)Dockerfile(1 hunks)go.mod(5 hunks)
🔇 Additional comments (11)
.github/workflows/release.yaml (1)
52-54: Version bump is consistent across the PR.The Go version update from 1.24 to 1.25 aligns with the broader upgrade across workflows, Docker build, and dependencies. No issues identified.
.github/workflows/run-tests.yaml (3)
16-18: CI workflows consistently updated.Go version bumps to 1.25 across Test, Build, and Dependency Check jobs are consistent with the PR objective and other files.
31-34: Build job version updated.Consistent with Test job changes.
43-46: Dependency Check job version updated.Consistent with other CI jobs.
Dockerfile (1)
2-2: Docker build base image aligned with new Go version.The update to golang:1.25 is consistent with CI and module configuration changes.
go.mod (6)
3-3: Verify godebug directive semantics and impact.The go directive bumped to 1.25.3 and godebug set to go1.25. Confirm that activating Go 1.25 compatibility semantics does not introduce unexpected behavioral changes in the operator. Document any known behavioral differences if applicable.
Also applies to: 5-5
14-14: Helm upgraded to v3.19.0 for security fix.The upgrade from v3.17.4 to v3.19.0 addresses CVE-2025-53547 as noted in PR objectives. This is a minor version bump and should maintain API compatibility.
Please verify that Helm v3.19.0 has no breaking changes affecting the operator's Helm integration.
15-18: Kubernetes client libraries bumped to v0.34.0.The upgrade to k8s.io/{api,apimachinery,client-go} v0.34.0 is a significant version change. Verify that the operator's code is compatible with any API deprecations, field removals, or behavioral changes in K8s v0.34.0. Also confirm that controller-runtime v0.20.0 is compatible with this K8s version.
121-129: OpenTelemetry dependencies updated coherently.The OTEL components (v1.35.0 and v1.34.0) are updated consistently. No version conflicts or compatibility issues apparent.
148-149: gRPC and Protobuf versions are current.gRPC v1.72.1 and Protobuf v1.36.5 are recent and compatible with Go 1.25.3.
1-169: Overall go.mod update appears sound for Go 1.25.3 upgrade.The module upgrades are comprehensive and address the stated CVE fixes. The changes maintain internal consistency (go mod tidy was run). Key recommendations before merge:
- Verify K8s v0.34.0 compatibility with operator code (API deprecations, field removals).
- Confirm godebug=go1.25 does not introduce unexpected behavioral changes.
- Verify golang.org/x/* package versions are current and include latest security patches.
Consider running full integration tests targeting the new dependency versions to validate operator functionality.
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
This PR is included in version 1.21.3 🎉 |
* chore: Upgrade go to 1.25.3 (#104) * chore: Upgrade go to 1.25.3 * chore: Upgrade go to 1.25.3 * chore: Upgrade helm to 3.19.2 (#105) * chore: initial scaffolding for application type * fix: Refactor webhooks to match the kubebuilder standard structure * fix: WIP on conversion webhooks * fix: Get existing tests to pass with v1 and v2 reconcile paths enabled * fix: Revert tiltfile changes and fix conversion webhooks to ensure v1 deploys still work, default v2 to enabled. * fix: reworked all the operator installs * chore: re-generate * chore: remove erroneous import * feat: additional application reconcile logic and validating webhooks actually fireing * fix: address some minor issues and merge from main * fix: address some minor issues and merge from main --------- Co-authored-by: Kevin Chen <140976422+wandb-kc@users.noreply.github.com>
* chore: Upgrade go to 1.25.3 (#104) * chore: Upgrade go to 1.25.3 * chore: Upgrade go to 1.25.3 * chore: Upgrade helm to 3.19.2 (#105) * fix: Upgrade helm to 3.19.2 (#106) * chore(release): version 1.21.3 [skip ci] ### [1.21.3](v1.21.2...v1.21.3) (2025-12-04) ### Bug Fixes * Upgrade helm to 3.19.2 ([#106](#106)) ([aa4ca21](aa4ca21)) * chore: Need to create the workflow in main so it can be updated and run in v2 branch (#127) * chore: Need to create the workflow in main so it can be updated and run in v2 branch * chore: Add newline * chore: Add empty workflow so it can be run in a branch (#131) * fix to clickhouse enum we vendored (but is unused) * work in progress on retention * work in progress * ONPREM-111 rentention/purge works for wandb delete * ONPREM-111 more consistent label handling for retention * ONPREM-111 more consistent label handling for retention * initial retention e2e tests * WIP: fix Redis PVC labeling for retention e2e tests - Remove ensurePodLabels (operator SA lacks RBAC to patch pods, caused rapid requeue loop) - Fix Redis PVC prefix: use crName-crName- pattern matching actual opstree PVC names - Bypass cache for PVC reads in client (PVCs not watched, caused ErrCacheNotStarted) - Add USE_EXISTING_CLUSTER=true to test-e2e-retention Makefile target - Improve retention_test.go: namespace isolation, verifyComponentResourcesExist checks Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * ONPREM-111 complete impl of retention DETACH/PURGE policies --------- Co-authored-by: Kevin Chen <140976422+wandb-kc@users.noreply.github.com> Co-authored-by: semantic-release-bot <semantic-release-bot@martynus.net> Co-authored-by: Daniel Panzella <daniel.panzella@wandb.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
3 participants
Go upgrade addresses a handful of stdlib vulns:
Helm upgrade addresses:
Summary by CodeRabbit