OCPBUGS-78075: Updating csi-attacher-container image to be consistent with ART for 4.22

[openshift-bot]

Updating csi-attacher-container image to be consistent with ART for 4.22
TLDR:
Product builds by ART can be configured for different base and builder images than corresponding CI
builds. This automated PR requests a change to CI configuration to align with ART's configuration;
please take steps to merge it quickly or contact ART to coordinate changes.

The configuration in the following ART component metadata is driving this alignment request:
csi-attacher.yml.

Detail:

This repository is out of sync with the downstream product builds for this component. The CI
configuration for at least one image differs from ART's expected product configuration. This should
be addressed to ensure that the component's CI testing accurate reflects what customers will
experience.

Most of these PRs are opened as an ART-driven proposal to migrate base image or builder(s) to a
different version, usually prior to GA. The intent is to effect changes in both configurations
simultaneously without breaking either CI or ART builds, so usually ART builds are configured to
consider CI as canonical and attempt to match CI config until the PR merges to align both. ART may
also configure changes in GA releases with CI remaining canonical for a brief grace period to enable
CI to succeed and the alignment PR to merge. In either case, ART configuration will be made
canonical at some point (typically at branch-cut before GA or release dev-cut after GA), so it is
important to align CI configuration as soon as possible.

PRs are also triggered when CI configuration changes without ART coordination, for instance to
change the number of builder images or to use a different golang version. These changes should be
coordinated with ART; whether ART configuration is canonical or not, preferably it would be updated
first to enable the changes to occur simultaneously in both CI and ART at the same time. This also
gives ART a chance to validate the intended changes first. For instance, ART compiles most
components with the Golang version being used by the control plane for a given OpenShift release.
Exceptions to this convention (i.e. you believe your component must be compiled with a Golang
version independent from the control plane) must be granted by the OpenShift staff engineers and
communicated to the ART team.

Roles & Responsibilities:

• Component owners are responsible for ensuring these alignment PRs merge with passing
  tests OR that necessary metadata changes are reported to the ART team: @release-artists
  in #forum-ocp-art on Slack. If necessary, the changes required by this pull request can be
  introduced with a separate PR opened by the component team. Once the repository is aligned,
  this PR will be closed automatically.
• In particular, it could be that a job like verify-deps is complaining. In that case, please open
  a new PR with the dependency issues addressed (and base images bumped). ART-9595 for reference.
• Patch-manager or those with sufficient privileges within this repository may add
  any required labels to ensure the PR merges once tests are passing. In cases where ART config is
  canonical, downstream builds are already being built with these changes, and merging this PR
  only improves the fidelity of our CI. In cases where ART config is not canonical, this provides
  a grace period for the component team to align their CI with ART's configuration before it becomes
  canonical in product builds.

ART has been configured to reconcile your CI build root image (see https://docs.ci.openshift.org/docs/architecture/ci-operator/#build-root-image).
In order for your upstream .ci-operator.yaml configuration to be honored, you must set the following in your openshift/release ci-operator configuration file:

build_root:
  from_repository: true

Change behavior of future PRs:

• In case you just want to follow the base images that ART suggests, you can configure additional labels to be
  set up automatically. This means that such a PR would merge without human intervention (and awareness!) in the future.
  To do so, open a PR to set the auto_label attribute in the image configuration. Example
• You can set a commit prefix, like UPSTREAM: <carry>: . An example.

If you have any questions about this pull request, please reach out to @release-artists in the #forum-ocp-art coreos slack channel.

[openshift-bot]

Created by ART pipeline job run https://art-jenkins.apps.prod-stable-spoke1-dc-iad2.itup.redhat.com/job/scheduled-builds/job/sync-ci-images/49573

[openshift-ci-robot]

@openshift-bot: An error was encountered updating to the POST state for bug OCPBUGS-78075 on the Jira server at https://issues.redhat.com. No known errors were detected, please see the full error message for details.

Full error message.

Error marking step #39001293 finished: root cause: Tried to update an entity that does not exist.: request failed. Please analyze the request body for more details. Status code: 400:

Please contact an administrator to resolve this issue, then request a bug refresh with /jira refresh.

Details

In response to this:

Updating csi-attacher-container image to be consistent with ART for 4.22
TLDR:
Product builds by ART can be configured for different base and builder images than corresponding CI
builds. This automated PR requests a change to CI configuration to align with ART's configuration;
please take steps to merge it quickly or contact ART to coordinate changes.

The configuration in the following ART component metadata is driving this alignment request:
csi-attacher.yml.

Detail:

This repository is out of sync with the downstream product builds for this component. The CI
configuration for at least one image differs from ART's expected product configuration. This should
be addressed to ensure that the component's CI testing accurate reflects what customers will
experience.

Most of these PRs are opened as an ART-driven proposal to migrate base image or builder(s) to a
different version, usually prior to GA. The intent is to effect changes in both configurations
simultaneously without breaking either CI or ART builds, so usually ART builds are configured to
consider CI as canonical and attempt to match CI config until the PR merges to align both. ART may
also configure changes in GA releases with CI remaining canonical for a brief grace period to enable
CI to succeed and the alignment PR to merge. In either case, ART configuration will be made
canonical at some point (typically at branch-cut before GA or release dev-cut after GA), so it is
important to align CI configuration as soon as possible.

PRs are also triggered when CI configuration changes without ART coordination, for instance to
change the number of builder images or to use a different golang version. These changes should be
coordinated with ART; whether ART configuration is canonical or not, preferably it would be updated
first to enable the changes to occur simultaneously in both CI and ART at the same time. This also
gives ART a chance to validate the intended changes first. For instance, ART compiles most
components with the Golang version being used by the control plane for a given OpenShift release.
Exceptions to this convention (i.e. you believe your component must be compiled with a Golang
version independent from the control plane) must be granted by the OpenShift staff engineers and
communicated to the ART team.

Roles & Responsibilities:

• Component owners are responsible for ensuring these alignment PRs merge with passing
  tests OR that necessary metadata changes are reported to the ART team: @release-artists
  in #forum-ocp-art on Slack. If necessary, the changes required by this pull request can be
  introduced with a separate PR opened by the component team. Once the repository is aligned,
  this PR will be closed automatically.
• In particular, it could be that a job like verify-deps is complaining. In that case, please open
  a new PR with the dependency issues addressed (and base images bumped). ART-9595 for reference.
• Patch-manager or those with sufficient privileges within this repository may add
  any required labels to ensure the PR merges once tests are passing. In cases where ART config is
  canonical, downstream builds are already being built with these changes, and merging this PR
  only improves the fidelity of our CI. In cases where ART config is not canonical, this provides
  a grace period for the component team to align their CI with ART's configuration before it becomes
  canonical in product builds.

ART has been configured to reconcile your CI build root image (see https://docs.ci.openshift.org/docs/architecture/ci-operator/#build-root-image).
In order for your upstream .ci-operator.yaml configuration to be honored, you must set the following in your openshift/release ci-operator configuration file:

build_root:
 from_repository: true

Change behavior of future PRs:

• In case you just want to follow the base images that ART suggests, you can configure additional labels to be
  set up automatically. This means that such a PR would merge without human intervention (and awareness!) in the future.
  To do so, open a PR to set the auto_label attribute in the image configuration. Example
• You can set a commit prefix, like UPSTREAM: <carry>: . An example.

If you have any questions about this pull request, please reach out to @release-artists in the #forum-ocp-art coreos slack channel.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@openshift-bot: This pull request references Jira Issue OCPBUGS-78075, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (wduan@redhat.com), skipping review request.

The bug has been updated to refer to the pull request using the external bug tracker.

Details

In response to this:

Updating csi-attacher-container image to be consistent with ART for 4.22
TLDR:
Product builds by ART can be configured for different base and builder images than corresponding CI
builds. This automated PR requests a change to CI configuration to align with ART's configuration;
please take steps to merge it quickly or contact ART to coordinate changes.

The configuration in the following ART component metadata is driving this alignment request:
csi-attacher.yml.

Detail:

This repository is out of sync with the downstream product builds for this component. The CI
configuration for at least one image differs from ART's expected product configuration. This should
be addressed to ensure that the component's CI testing accurate reflects what customers will
experience.

Most of these PRs are opened as an ART-driven proposal to migrate base image or builder(s) to a
different version, usually prior to GA. The intent is to effect changes in both configurations
simultaneously without breaking either CI or ART builds, so usually ART builds are configured to
consider CI as canonical and attempt to match CI config until the PR merges to align both. ART may
also configure changes in GA releases with CI remaining canonical for a brief grace period to enable
CI to succeed and the alignment PR to merge. In either case, ART configuration will be made
canonical at some point (typically at branch-cut before GA or release dev-cut after GA), so it is
important to align CI configuration as soon as possible.

PRs are also triggered when CI configuration changes without ART coordination, for instance to
change the number of builder images or to use a different golang version. These changes should be
coordinated with ART; whether ART configuration is canonical or not, preferably it would be updated
first to enable the changes to occur simultaneously in both CI and ART at the same time. This also
gives ART a chance to validate the intended changes first. For instance, ART compiles most
components with the Golang version being used by the control plane for a given OpenShift release.
Exceptions to this convention (i.e. you believe your component must be compiled with a Golang
version independent from the control plane) must be granted by the OpenShift staff engineers and
communicated to the ART team.

Roles & Responsibilities:

• Component owners are responsible for ensuring these alignment PRs merge with passing
  tests OR that necessary metadata changes are reported to the ART team: @release-artists
  in #forum-ocp-art on Slack. If necessary, the changes required by this pull request can be
  introduced with a separate PR opened by the component team. Once the repository is aligned,
  this PR will be closed automatically.
• In particular, it could be that a job like verify-deps is complaining. In that case, please open
  a new PR with the dependency issues addressed (and base images bumped). ART-9595 for reference.
• Patch-manager or those with sufficient privileges within this repository may add
  any required labels to ensure the PR merges once tests are passing. In cases where ART config is
  canonical, downstream builds are already being built with these changes, and merging this PR
  only improves the fidelity of our CI. In cases where ART config is not canonical, this provides
  a grace period for the component team to align their CI with ART's configuration before it becomes
  canonical in product builds.

ART has been configured to reconcile your CI build root image (see https://docs.ci.openshift.org/docs/architecture/ci-operator/#build-root-image).
In order for your upstream .ci-operator.yaml configuration to be honored, you must set the following in your openshift/release ci-operator configuration file:

build_root:
 from_repository: true

Change behavior of future PRs:

• In case you just want to follow the base images that ART suggests, you can configure additional labels to be
  set up automatically. This means that such a PR would merge without human intervention (and awareness!) in the future.
  To do so, open a PR to set the auto_label attribute in the image configuration. Example
• You can set a commit prefix, like UPSTREAM: <carry>: . An example.

If you have any questions about this pull request, please reach out to @release-artists in the #forum-ocp-art coreos slack channel.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: openshift-bot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by: openshift-bot

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Walkthrough

Updates Go version from 1.24 to 1.25 across CI/CD configuration files. Changes the build root image tag and builder stage image reference in OpenShift CI configuration and Dockerfile to use the newer Go version.

Changes

Cohort / File(s)	Summary
Go Version Update .ci-operator.yaml, Dockerfile.ocp	Updates Go runtime from version 1.24 to 1.25 in build root image and builder stage image references for OpenShift 4.22 compatibility.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title references updating images for consistency with ART for 4.22, which aligns with the changeset that updates build_root_image and builder stage image tags from golang-1.24 to golang-1.25.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Stable And Deterministic Test Names	✅ Passed	The repository uses standard Go testing with testing.T, not Ginkgo. The PR only modifies build configuration files containing no test code or test names.
Test Structure And Quality	✅ Passed	This check is not applicable to the pull request. The PR only modifies build configuration files to update Go toolchain versions from 1.24 to 1.25, with no changes to any test files.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci-robot]

@openshift-bot: This pull request references Jira Issue OCPBUGS-78075, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.22.0) matches configured target version for branch (4.22.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST)

No GitHub users were found matching the public email listed for the QA contact in Jira (wduan@redhat.com), skipping review request.

Details

In response to this:

Updating csi-attacher-container image to be consistent with ART for 4.22
TLDR:
Product builds by ART can be configured for different base and builder images than corresponding CI
builds. This automated PR requests a change to CI configuration to align with ART's configuration;
please take steps to merge it quickly or contact ART to coordinate changes.

The configuration in the following ART component metadata is driving this alignment request:
csi-attacher.yml.

Detail:

This repository is out of sync with the downstream product builds for this component. The CI
configuration for at least one image differs from ART's expected product configuration. This should
be addressed to ensure that the component's CI testing accurate reflects what customers will
experience.

Most of these PRs are opened as an ART-driven proposal to migrate base image or builder(s) to a
different version, usually prior to GA. The intent is to effect changes in both configurations
simultaneously without breaking either CI or ART builds, so usually ART builds are configured to
consider CI as canonical and attempt to match CI config until the PR merges to align both. ART may
also configure changes in GA releases with CI remaining canonical for a brief grace period to enable
CI to succeed and the alignment PR to merge. In either case, ART configuration will be made
canonical at some point (typically at branch-cut before GA or release dev-cut after GA), so it is
important to align CI configuration as soon as possible.

PRs are also triggered when CI configuration changes without ART coordination, for instance to
change the number of builder images or to use a different golang version. These changes should be
coordinated with ART; whether ART configuration is canonical or not, preferably it would be updated
first to enable the changes to occur simultaneously in both CI and ART at the same time. This also
gives ART a chance to validate the intended changes first. For instance, ART compiles most
components with the Golang version being used by the control plane for a given OpenShift release.
Exceptions to this convention (i.e. you believe your component must be compiled with a Golang
version independent from the control plane) must be granted by the OpenShift staff engineers and
communicated to the ART team.

Roles & Responsibilities:

• Component owners are responsible for ensuring these alignment PRs merge with passing
  tests OR that necessary metadata changes are reported to the ART team: @release-artists
  in #forum-ocp-art on Slack. If necessary, the changes required by this pull request can be
  introduced with a separate PR opened by the component team. Once the repository is aligned,
  this PR will be closed automatically.
• In particular, it could be that a job like verify-deps is complaining. In that case, please open
  a new PR with the dependency issues addressed (and base images bumped). ART-9595 for reference.
• Patch-manager or those with sufficient privileges within this repository may add
  any required labels to ensure the PR merges once tests are passing. In cases where ART config is
  canonical, downstream builds are already being built with these changes, and merging this PR
  only improves the fidelity of our CI. In cases where ART config is not canonical, this provides
  a grace period for the component team to align their CI with ART's configuration before it becomes
  canonical in product builds.

ART has been configured to reconcile your CI build root image (see https://docs.ci.openshift.org/docs/architecture/ci-operator/#build-root-image).
In order for your upstream .ci-operator.yaml configuration to be honored, you must set the following in your openshift/release ci-operator configuration file:

build_root:
 from_repository: true

Change behavior of future PRs:

• In case you just want to follow the base images that ART suggests, you can configure additional labels to be
  set up automatically. This means that such a PR would merge without human intervention (and awareness!) in the future.
  To do so, open a PR to set the auto_label attribute in the image configuration. Example
• You can set a commit prefix, like UPSTREAM: <carry>: . An example.

If you have any questions about this pull request, please reach out to @release-artists in the #forum-ocp-art coreos slack channel.

Summary by CodeRabbit

• Chores
• Updated CI/CD build system configuration to use Go runtime version 1.25, replacing version 1.24 to leverage performance improvements and stability enhancements available in the latest release
• Updated containerized build environment to use Go 1.25 for consistency across build infrastructure and to access latest language features and optimizations included in the newer version

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

Dockerfile.ocp (1)

6-8: Consider adding a non-root USER for improved security posture (optional, out of PR scope).

Trivy flagged that the container runs as root. While this is a pre-existing condition and outside the scope of this version-bump PR, consider addressing it in a follow-up PR for defense-in-depth.

🛡️ Example fix (for future PR)

 FROM registry.ci.openshift.org/ocp/4.22:base-rhel9
+USER 1001
 COPY --from=builder /go/src/github.com/kubernetes-csi/external-attacher/bin/csi-attacher /usr/bin/
 ENTRYPOINT ["/usr/bin/csi-attacher"]

Note: Verify the base image provides a non-root user and that csi-attacher doesn't require root privileges before applying.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@Dockerfile.ocp` around lines 6 - 8, Add a non-root user and switch to it in
the Dockerfile to improve security: create or use a non-root UID/GID, chown the
installed binary copied by the COPY --from=builder
/go/src/github.com/kubernetes-csi/external-attacher/bin/csi-attacher /usr/bin/
so the non-root user can execute it, add a USER instruction to switch to that
user before the ENTRYPOINT, and verify the ENTRYPOINT ["/usr/bin/csi-attacher"]
still works without root privileges; ensure any required directories are
writable by that user and confirm the base image supports creating or using a
non-root user.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.ci-operator.yaml:
- Around line 1-4: Update go.mod to match the CI image by changing the module's
Go version and toolchain: edit go.mod to set the "go" directive to 1.25 (e.g.
`go 1.25` or `go 1.25.0`) and update the toolchain comment/pragma (the
`toolchain` entry or go version comment such as `// toolchain go1.24.6`) to the
corresponding Go 1.25 toolchain (e.g. `go1.25.x`) so the module declaration and
toolchain match the CI image name `rhel-9-release-golang-1.25-openshift-4.22`.
Ensure you update the `go` directive and the `toolchain` identifier in go.mod
(search for the `go` line and any `toolchain` comment) and run `go mod tidy` to
keep dependencies consistent.

---

Nitpick comments:
In `@Dockerfile.ocp`:
- Around line 6-8: Add a non-root user and switch to it in the Dockerfile to
improve security: create or use a non-root UID/GID, chown the installed binary
copied by the COPY --from=builder
/go/src/github.com/kubernetes-csi/external-attacher/bin/csi-attacher /usr/bin/
so the non-root user can execute it, add a USER instruction to switch to that
user before the ENTRYPOINT, and verify the ENTRYPOINT ["/usr/bin/csi-attacher"]
still works without root privileges; ensure any required directories are
writable by that user and confirm the base image supports creating or using a
non-root user.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 8581b832-150c-40c0-ae3a-349b8133c575

📥 Commits

Reviewing files that changed from the base of the PR and between cb0b279 and 29504e3.

📒 Files selected for processing (2)

• .ci-operator.yaml
• Dockerfile.ocp

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Verify the build root image tag exists in the OpenShift registry

# Check if the image stream tag exists using oc (if available) or curl the registry API
curl -sL "https://registry.ci.openshift.org/v2/openshift/release/tags/list" 2>/dev/null | jq -r '.tags[]' | grep -E "rhel-9-release-golang-1.25-openshift-4.22" || echo "Could not verify via public API - image availability will be confirmed during CI run"

Repository: openshift/csi-external-attacher

Length of output: 234

---

🏁 Script executed:

# Find and examine Dockerfile.ocp to verify Go 1.25
fd -t f "Dockerfile.ocp" -o -name "*Dockerfile*"

Repository: openshift/csi-external-attacher

Length of output: 305

---

🏁 Script executed:

# Search for references to golang versions in the codebase
rg "golang-1\.(24|25)" -i

Repository: openshift/csi-external-attacher

Length of output: 177

---

🏁 Script executed:

# Check the actual content of .ci-operator.yaml
cat -n .ci-operator.yaml

Repository: openshift/csi-external-attacher

Length of output: 208

---

🏁 Script executed:

# Check git diff to see what changed in .ci-operator.yaml
git diff HEAD^ .ci-operator.yaml 2>/dev/null || git log -p -1 .ci-operator.yaml | head -50

Repository: openshift/csi-external-attacher

Length of output: 57

---

🏁 Script executed:

# Search for any 1.24 references in the repository
rg "1\.24" --type yaml --type dockerfile

Repository: openshift/csi-external-attacher

Length of output: 109

---

🏁 Script executed:

# Search for any 1.24 references without restricting file type
rg "1\.24"

Repository: openshift/csi-external-attacher

Length of output: 7327

---

🏁 Script executed:

# Check git log for any commits mentioning this file
git log --oneline .ci-operator.yaml 2>/dev/null | head -5

Repository: openshift/csi-external-attacher

Length of output: 306

---

🏁 Script executed:

# Show the actual commit that updated the .ci-operator.yaml
git show 29504e32:.ci-operator.yaml 2>/dev/null | head -10

Repository: openshift/csi-external-attacher

Length of output: 180

---

🏁 Script executed:

# Check what the go.mod file currently specifies
head -5 go.mod

Repository: openshift/csi-external-attacher

Length of output: 156

---

🏁 Script executed:

# Check git log for go.mod changes around the same commit
git log --oneline go.mod | head -10

Repository: openshift/csi-external-attacher

Length of output: 306

---

🏁 Script executed:

# Check if go.mod was modified in this commit or recent commits
git log -p --all -- go.mod | head -100

Repository: openshift/csi-external-attacher

Length of output: 57

---

Update go.mod to reflect Go 1.25 toolchain to match CI build image.

The .ci-operator.yaml change to rhel-9-release-golang-1.25-openshift-4.22 aligns with Dockerfile.ocp, but go.mod still declares go 1.24.0 with toolchain go1.24.6. This creates a mismatch: the CI will build with Go 1.25 while the module claims to require Go 1.24. Update go.mod to go 1.25.0 and adjust the toolchain version accordingly to ensure consistency across CI, Dockerfile, and module declarations.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.ci-operator.yaml around lines 1 - 4, Update go.mod to match the CI image by
changing the module's Go version and toolchain: edit go.mod to set the "go"
directive to 1.25 (e.g. `go 1.25` or `go 1.25.0`) and update the toolchain
comment/pragma (the `toolchain` entry or go version comment such as `//
toolchain go1.24.6`) to the corresponding Go 1.25 toolchain (e.g. `go1.25.x`) so
the module declaration and toolchain match the CI image name
`rhel-9-release-golang-1.25-openshift-4.22`. Ensure you update the `go`
directive and the `toolchain` identifier in go.mod (search for the `go` line and
any `toolchain` comment) and run `go mod tidy` to keep dependencies consistent.

[openshift-ci]

@openshift-bot: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/unit	29504e3	link	true	/test unit

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[jsafrane]

/close
in favor of #94

[openshift-ci]

@jsafrane: Closed this PR.

Details

In response to this:

/close
in favor of #94

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci-robot]

@openshift-bot: This pull request references Jira Issue OCPBUGS-78075. The bug has been updated to no longer refer to the pull request using the external bug tracker.

Details

In response to this:

Updating csi-attacher-container image to be consistent with ART for 4.22
TLDR:
Product builds by ART can be configured for different base and builder images than corresponding CI
builds. This automated PR requests a change to CI configuration to align with ART's configuration;
please take steps to merge it quickly or contact ART to coordinate changes.

The configuration in the following ART component metadata is driving this alignment request:
csi-attacher.yml.

Detail:

This repository is out of sync with the downstream product builds for this component. The CI
configuration for at least one image differs from ART's expected product configuration. This should
be addressed to ensure that the component's CI testing accurate reflects what customers will
experience.

Most of these PRs are opened as an ART-driven proposal to migrate base image or builder(s) to a
different version, usually prior to GA. The intent is to effect changes in both configurations
simultaneously without breaking either CI or ART builds, so usually ART builds are configured to
consider CI as canonical and attempt to match CI config until the PR merges to align both. ART may
also configure changes in GA releases with CI remaining canonical for a brief grace period to enable
CI to succeed and the alignment PR to merge. In either case, ART configuration will be made
canonical at some point (typically at branch-cut before GA or release dev-cut after GA), so it is
important to align CI configuration as soon as possible.

PRs are also triggered when CI configuration changes without ART coordination, for instance to
change the number of builder images or to use a different golang version. These changes should be
coordinated with ART; whether ART configuration is canonical or not, preferably it would be updated
first to enable the changes to occur simultaneously in both CI and ART at the same time. This also
gives ART a chance to validate the intended changes first. For instance, ART compiles most
components with the Golang version being used by the control plane for a given OpenShift release.
Exceptions to this convention (i.e. you believe your component must be compiled with a Golang
version independent from the control plane) must be granted by the OpenShift staff engineers and
communicated to the ART team.

Roles & Responsibilities:

• Component owners are responsible for ensuring these alignment PRs merge with passing
  tests OR that necessary metadata changes are reported to the ART team: @release-artists
  in #forum-ocp-art on Slack. If necessary, the changes required by this pull request can be
  introduced with a separate PR opened by the component team. Once the repository is aligned,
  this PR will be closed automatically.
• In particular, it could be that a job like verify-deps is complaining. In that case, please open
  a new PR with the dependency issues addressed (and base images bumped). ART-9595 for reference.
• Patch-manager or those with sufficient privileges within this repository may add
  any required labels to ensure the PR merges once tests are passing. In cases where ART config is
  canonical, downstream builds are already being built with these changes, and merging this PR
  only improves the fidelity of our CI. In cases where ART config is not canonical, this provides
  a grace period for the component team to align their CI with ART's configuration before it becomes
  canonical in product builds.

ART has been configured to reconcile your CI build root image (see https://docs.ci.openshift.org/docs/architecture/ci-operator/#build-root-image).
In order for your upstream .ci-operator.yaml configuration to be honored, you must set the following in your openshift/release ci-operator configuration file:

build_root:
 from_repository: true

Change behavior of future PRs:

• In case you just want to follow the base images that ART suggests, you can configure additional labels to be
  set up automatically. This means that such a PR would merge without human intervention (and awareness!) in the future.
  To do so, open a PR to set the auto_label attribute in the image configuration. Example
• You can set a commit prefix, like UPSTREAM: <carry>: . An example.

If you have any questions about this pull request, please reach out to @release-artists in the #forum-ocp-art coreos slack channel.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.