WIP: CORENET-7047: CNCC K8s rebase to 1.36.1

[vinnie1110]

CNCC K8s rebase to 1.36.1

1. Sweep the go.mod for modules needing an update

# rg 'k8s.io|openshift' go.mod | rg -v 'indirect|module' | awk '{print "go get -u",$1}' | sh

go: upgraded github.com/fxamacker/cbor/v2 v2.9.0 => v2.9.2
go: upgraded github.com/openshift/api v0.0.0-20260126183958-606bd613f9f7 => v0.0.0-20260521125114-09730f85d883
go: upgraded go.yaml.in/yaml/v2 v2.4.3 => v2.4.4
go: upgraded golang.org/x/crypto v0.48.0 => v0.51.0
go: upgraded golang.org/x/net v0.50.0 => v0.55.0
go: upgraded golang.org/x/sys v0.41.0 => v0.45.0
go: upgraded golang.org/x/term v0.40.0 => v0.43.0
go: upgraded golang.org/x/text v0.34.0 => v0.37.0
go: upgraded google.golang.org/protobuf v1.36.11 => v1.36.12-0.20260120151049-f2248ac996af
go: upgraded k8s.io/api v0.35.0 => v0.36.1
go: upgraded k8s.io/apimachinery v0.35.0 => v0.36.1
go: upgraded k8s.io/klog/v2 v2.130.1 => v2.140.0
go: upgraded k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4 => v0.0.0-20260520065146-aa012df4f4af
go: upgraded k8s.io/utils v0.0.0-20260108192941-914a6e750570 => v0.0.0-20260507154919-ff6756f316d2
go: upgraded sigs.k8s.io/structured-merge-diff/v6 v6.3.2 => v6.4.0
go: upgraded github.com/openshift/client-go v0.0.0-20260108185524-48f4ccfc4e13 => v0.0.0-20260512113608-deb4dc54551a
go: upgraded k8s.io/client-go v0.35.0 => v0.35.1
go: upgraded github.com/openshift/library-go v0.0.0-20260209094534-b6adacbfccda => v0.0.0-20260526221523-b67ee3926ad5
go: upgraded k8s.io/apiextensions-apiserver v0.35.0 => v0.35.1
go: upgraded k8s.io/apiserver v0.35.0 => v0.35.1
go: upgraded k8s.io/component-base v0.35.0 => v0.35.1
go: upgraded k8s.io/kube-aggregator v0.34.1 => v0.35.1
go: upgraded k8s.io/client-go v0.35.1 => v0.36.1
go: upgraded cloud.google.com/go/compute/metadata v0.6.0 => v0.9.0
go: upgraded github.com/go-openapi/jsonpointer v0.22.4 => v0.23.1
go: upgraded github.com/go-openapi/jsonreference v0.21.4 => v0.21.5
go: upgraded github.com/go-openapi/swag v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/cmdutils v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/conv v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/fileutils v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/jsonname v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/jsonutils v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/loading v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/mangling v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/netutils v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/stringutils v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/typeutils v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/yamlutils v0.25.4 => v0.26.0
go: upgraded go.opentelemetry.io/auto/sdk v1.1.0 => v1.2.1
go: upgraded go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 => v0.65.0
go: upgraded go.opentelemetry.io/otel v1.36.0 => v1.41.0
go: upgraded go.opentelemetry.io/otel/metric v1.36.0 => v1.41.0
go: upgraded go.opentelemetry.io/otel/trace v1.36.0 => v1.41.0
go: upgraded golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 => v0.0.0-20251219203646-944ab1f22d93
go: upgraded golang.org/x/oauth2 v0.35.0 => v0.36.0
go: upgraded golang.org/x/time v0.14.0 => v0.15.0
go: upgraded google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb => v0.0.0-20260128011058-8636f8732409
go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a => v0.0.0-20260128011058-8636f8732409
go: upgraded google.golang.org/grpc v1.72.2 => v1.79.3
go: upgraded k8s.io/apiserver v0.35.1 => v0.36.1
go: upgraded k8s.io/cloud-provider v0.35.0 => v0.36.1
go: upgraded k8s.io/component-base v0.35.1 => v0.36.1
go: upgraded github.com/fsnotify/fsnotify v1.9.0 => v1.10.1
go: upgraded github.com/onsi/gomega v1.38.2 => v1.39.0
go: upgraded github.com/prometheus/procfs v0.19.2 => v0.20.1
go: upgraded gomodules.xyz/jsonpatch/v2 v2.4.0 => v2.5.0
go: upgraded k8s.io/apiextensions-apiserver v0.35.1 => v0.36.1
go: upgraded sigs.k8s.io/controller-runtime v0.23.1 => v0.24.1

2. Update vendored mods

# go mod tidy
# go mod vendor

3. Add a temporary replace at the end of go.mod to use a openshift/library-go version awaiting to be merged
4. Update the .ci-operator.yaml and Dockerfile to conform to Go 1.26/OCP 5.0 versions
5. Verify local build and unit tests

# make build

# make test

go test ./... -count=1
?       github.com/openshift/cloud-network-config-controller/cmd/cloud-network-config-controller        [no test files]
ok      github.com/openshift/cloud-network-config-controller/pkg/cloudprivateipconfig   0.009s
ok      github.com/openshift/cloud-network-config-controller/pkg/cloudprovider  0.187s
?       github.com/openshift/cloud-network-config-controller/pkg/controller     [no test files]
ok      github.com/openshift/cloud-network-config-controller/pkg/controller/cloudprivateipconfig        0.086s
?       github.com/openshift/cloud-network-config-controller/pkg/controller/configmap   [no test files]
?       github.com/openshift/cloud-network-config-controller/pkg/controller/node        [no test files]
?       github.com/openshift/cloud-network-config-controller/pkg/controller/secret      [no test files]
?       github.com/openshift/cloud-network-config-controller/pkg/signals        [no test files]

6. Update .snyk with the additional exclusions

Summary by CodeRabbit

• Chores

  • Updated Go toolchain from version 1.25 to 1.26
  • Updated base images and build configuration to support OpenShift 5.0 (previously 4.22)
  • Refreshed project dependencies including Kubernetes and controller-runtime components

• Tests

  • Updated test infrastructure initialization for cloud private IP configuration tests

[openshift-ci]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[openshift-ci-robot]

@vinnie1110: This pull request references CORENET-7047 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "5.0.0" version, but no target version was set.

Details

In response to this:

CNCC K8s rebase to 1.36.1

1. Swept the go.mod for modules needing an update

rg 'k8s.io|openshift' go.mod | rg -v 'indirect|module' | awk '{print "go get -u",$1}' | sh

go: upgraded github.com/fxamacker/cbor/v2 v2.9.0 => v2.9.2
go: upgraded github.com/openshift/api v0.0.0-20260126183958-606bd613f9f7 => v0.0.0-20260521125114-09730f85d883
go: upgraded go.yaml.in/yaml/v2 v2.4.3 => v2.4.4
go: upgraded golang.org/x/crypto v0.48.0 => v0.51.0
go: upgraded golang.org/x/net v0.50.0 => v0.55.0
go: upgraded golang.org/x/sys v0.41.0 => v0.45.0
go: upgraded golang.org/x/term v0.40.0 => v0.43.0
go: upgraded golang.org/x/text v0.34.0 => v0.37.0
go: upgraded google.golang.org/protobuf v1.36.11 => v1.36.12-0.20260120151049-f2248ac996af
go: upgraded k8s.io/api v0.35.0 => v0.36.1
go: upgraded k8s.io/apimachinery v0.35.0 => v0.36.1
go: upgraded k8s.io/klog/v2 v2.130.1 => v2.140.0
go: upgraded k8s.io/kube-openapi v0.0.0-20260127142750-a19766b6e2d4 => v0.0.0-20260520065146-aa012df4f4af
go: upgraded k8s.io/utils v0.0.0-20260108192941-914a6e750570 => v0.0.0-20260507154919-ff6756f316d2
go: upgraded sigs.k8s.io/structured-merge-diff/v6 v6.3.2 => v6.4.0
go: upgraded github.com/openshift/client-go v0.0.0-20260108185524-48f4ccfc4e13 => v0.0.0-20260512113608-deb4dc54551a
go: upgraded k8s.io/client-go v0.35.0 => v0.35.1
go: upgraded github.com/openshift/library-go v0.0.0-20260209094534-b6adacbfccda => v0.0.0-20260526221523-b67ee3926ad5
go: upgraded k8s.io/apiextensions-apiserver v0.35.0 => v0.35.1
go: upgraded k8s.io/apiserver v0.35.0 => v0.35.1
go: upgraded k8s.io/component-base v0.35.0 => v0.35.1
go: upgraded k8s.io/kube-aggregator v0.34.1 => v0.35.1
go: upgraded k8s.io/client-go v0.35.1 => v0.36.1
go: upgraded cloud.google.com/go/compute/metadata v0.6.0 => v0.9.0
go: upgraded github.com/go-openapi/jsonpointer v0.22.4 => v0.23.1
go: upgraded github.com/go-openapi/jsonreference v0.21.4 => v0.21.5
go: upgraded github.com/go-openapi/swag v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/cmdutils v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/conv v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/fileutils v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/jsonname v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/jsonutils v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/loading v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/mangling v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/netutils v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/stringutils v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/typeutils v0.25.4 => v0.26.0
go: upgraded github.com/go-openapi/swag/yamlutils v0.25.4 => v0.26.0
go: upgraded go.opentelemetry.io/auto/sdk v1.1.0 => v1.2.1
go: upgraded go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 => v0.65.0
go: upgraded go.opentelemetry.io/otel v1.36.0 => v1.41.0
go: upgraded go.opentelemetry.io/otel/metric v1.36.0 => v1.41.0
go: upgraded go.opentelemetry.io/otel/trace v1.36.0 => v1.41.0
go: upgraded golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 => v0.0.0-20251219203646-944ab1f22d93
go: upgraded golang.org/x/oauth2 v0.35.0 => v0.36.0
go: upgraded golang.org/x/time v0.14.0 => v0.15.0
go: upgraded google.golang.org/genproto/googleapis/api v0.0.0-20250303144028-a0af3efb3deb => v0.0.0-20260128011058-8636f8732409
go: upgraded google.golang.org/genproto/googleapis/rpc v0.0.0-20250528174236-200df99c418a => v0.0.0-20260128011058-8636f8732409
go: upgraded google.golang.org/grpc v1.72.2 => v1.79.3
go: upgraded k8s.io/apiserver v0.35.1 => v0.36.1
go: upgraded k8s.io/cloud-provider v0.35.0 => v0.36.1
go: upgraded k8s.io/component-base v0.35.1 => v0.36.1
go: upgraded github.com/fsnotify/fsnotify v1.9.0 => v1.10.1
go: upgraded github.com/onsi/gomega v1.38.2 => v1.39.0
go: upgraded github.com/prometheus/procfs v0.19.2 => v0.20.1
go: upgraded gomodules.xyz/jsonpatch/v2 v2.4.0 => v2.5.0
go: upgraded k8s.io/apiextensions-apiserver v0.35.1 => v0.36.1
go: upgraded sigs.k8s.io/controller-runtime v0.23.1 => v0.24.1

2. Added a temporary replace at the end to use a openshift/library-go version awaiting to be merged

3. go mod tidy

4. go mod vendor

make build

go test ./... -count=1
?       github.com/openshift/cloud-network-config-controller/cmd/cloud-network-config-controller        [no test files]
ok      github.com/openshift/cloud-network-config-controller/pkg/cloudprivateipconfig   0.009s
ok      github.com/openshift/cloud-network-config-controller/pkg/cloudprovider  0.187s
?       github.com/openshift/cloud-network-config-controller/pkg/controller     [no test files]
ok      github.com/openshift/cloud-network-config-controller/pkg/controller/cloudprivateipconfig        0.086s
?       github.com/openshift/cloud-network-config-controller/pkg/controller/configmap   [no test files]
?       github.com/openshift/cloud-network-config-controller/pkg/controller/node        [no test files]
?       github.com/openshift/cloud-network-config-controller/pkg/controller/secret      [no test files]
?       github.com/openshift/cloud-network-config-controller/pkg/signals        [no test files]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Walkthrough

This PR upgrades the project to Go 1.26 and OpenShift 5.0 with corresponding dependency updates. Build infrastructure (CI config and Dockerfile) moves to Go 1.26 and OpenShift 5.0 base images, go.mod updates the toolchain and refreshes primary and indirect dependencies, and test initialization methods are updated to use the new fake client constructor.

Changes

Go 1.26 and OpenShift 5.0 Upgrade

Layer / File(s)	Summary
Build infrastructure upgrade to Go 1.26 and OpenShift 5.0 .ci-operator.yaml, Dockerfile	CI operator build root image tag and Docker builder and runtime stages updated to use rhel-9-golang-1.26-openshift-5.0 and ocp/5.0:base-rhel9 respectively.
Go module and dependency updates go.mod	Go toolchain directive updated from 1.25.0 to 1.26.0; primary require block refreshed for OpenShift API, client-go, library-go, Kubernetes, and controller-runtime; large indirect dependency set advanced for OpenTelemetry, Google, Kubernetes, and Prometheus modules, with a commented replace directive added for a WIP library-go version.
Test fake client initialization updates pkg/controller/cloudprivateipconfig/cloudprivateipconfig_controller_test.go, pkg/controller/cloudprivateipconfig/cloudprivateipconfig_controller_racy_test.go	Both test fixtures switched fake CloudNetwork client initialization from NewSimpleClientset() to NewClientset().

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 13 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Test Structure And Quality	❓ Inconclusive	Custom check is for Ginkgo tests (It/Describe/Eventually), but modified test files use standard Go testing.T, not Ginkgo patterns.	Clarify if check applies to Go testing.T tests. If so, review for context timeouts, cleanup patterns, and error messages in these tests.

✅ Passed checks (13 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'WIP: CORENET-7047: CNCC K8s rebase to 1.36.1' accurately describes the main objective of the pull request—upgrading Kubernetes dependencies to version 1.36.1—as evidenced by the comprehensive go.mod updates and base image changes across the codebase.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR does not modify any Ginkgo tests; changes are only to standard Go tests (controller_test.go, controller_racy_test.go) which have stable, static test names not covered by this Ginkgo-specific check.
Microshift Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR. Only existing unit test setup was modified; the custom check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR does not add new Ginkgo e2e tests. Only unit tests with standard testing.T using controller setup helpers were modified. No SNO compatibility check needed.
Topology-Aware Scheduling Compatibility	✅ Passed	PR updates build/test config only; no deployment manifests or scheduling constraints are introduced or modified.
Ote Binary Stdout Contract	✅ Passed	This is not an OTE binary; it's a standalone controller deployed as a pod. klog v2 writes to stderr by default, and there are no fmt.Print* or stdout writes in process-level code.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests were added in this PR. The check only applies when new e2e tests are added; this PR only modifies existing unit tests and dependency/configuration files.
No-Weak-Crypto	✅ Passed	No weak cryptographic algorithms (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB mode), custom crypto implementations, or non-constant-time secret comparisons were found in the codebase or PR changes.
Container-Privileges	✅ Passed	PR does not introduce container privilege escalation settings (privileged, hostPID/Network/IPC, SYS_ADMIN, allowPrivilegeEscalation); only updates base image tags.
No-Sensitive-Data-In-Logs	✅ Passed	PR changes do not introduce logging that exposes passwords, tokens, API keys, PII, session IDs, or customer data. Changes are infrastructure/dependency updates with no new logging statements.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Dockerfile (1)

1-15: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Run container as non-root user.

This Dockerfile defines no USER, so the final image runs as root by default. Please add a non-root USER in the runtime stage and ensure binary/file ownership supports execution.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 1 - 15, The final image currently runs as root
because no USER is set; update the runtime stage to add and switch to a non-root
user and ensure the controller binary is owned and executable by that user.
Specifically, after COPY --from=builder
/go/src/github.com/openshift/cloud-network-config-controller/_output/bin/cloud-network-config-controller
/usr/bin/ make the binary executable and change its ownership to a non-root
UID/GID you create (or an existing non-root user), then add a USER declaration
(e.g., create a user/group and use USER <user> or USER <uid>) so the container
runs non-root and the binary at /usr/bin/cloud-network-config-controller is
runnable by that user.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Dockerfile`:
- Line 1: The Dockerfile uses a builder image set to
"registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.26-openshift-5.0" but the
runtime stage still references the older "ocp/4.22:base-rhel9"; update the
runtime FROM to the matching OpenShift 5.0 base image so builder and runtime
share the same rebase target (ensure the runtime base image string replacing
"ocp/4.22:base-rhel9" aligns with the "openshift-5.0" tag), and verify both
stages (builder and the final runtime stage) consistently reference the
OpenShift 5.0 images.

In `@go.mod`:
- Around line 137-138: The go.mod contains a non-upstream replace directive
swapping github.com/openshift/library-go to a private pseudo-version (replace
github.com/openshift/library-go => github.com/jubittajohn/library-go
v0.0.0-20260523185030-8af7f5bef8e1) which breaks reproducible builds and is used
by imports in cmd/cloud-network-config-controller/main.go
(github.com/openshift/library-go/pkg/operator/configobserver/featuregates and
github.com/openshift/library-go/pkg/operator/events); remove or revert this
replace before merging and instead point to the upstream commit/tag once
available, or confine the override to a short-lived integration branch (i.e.,
delete the replace line or wrap it behind branch-specific gating so mainline
only references the official github.com/openshift/library-go module).

---

Outside diff comments:
In `@Dockerfile`:
- Around line 1-15: The final image currently runs as root because no USER is
set; update the runtime stage to add and switch to a non-root user and ensure
the controller binary is owned and executable by that user. Specifically, after
COPY --from=builder
/go/src/github.com/openshift/cloud-network-config-controller/_output/bin/cloud-network-config-controller
/usr/bin/ make the binary executable and change its ownership to a non-root
UID/GID you create (or an existing non-root user), then add a USER declaration
(e.g., create a user/group and use USER <user> or USER <uid>) so the container
runs non-root and the binary at /usr/bin/cloud-network-config-controller is
runnable by that user.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 7b27060a-4764-4d3e-a40d-a7e17f31a179

📥 Commits

Reviewing files that changed from the base of the PR and between 2d69ad9 and 0755baa.

⛔ Files ignored due to path filters (297)

• go.sum is excluded by !**/*.sum
• vendor/cloud.google.com/go/compute/metadata/CHANGES.md is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/syscheck.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/syscheck_linux.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/syscheck_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/.cirrus.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_fen.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_inotify.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_kqueue.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/fsnotify.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/darwin.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/freebsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/unix2.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/decode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/decode_map_utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/diagnose.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/encode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/simplevalue.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/structfields.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/tag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/valid.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/ifaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/.cliff.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/reference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/ifaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/BENCHMARK.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/AUTHORS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/CONTRIBUTORS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/clone.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/custom_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/decode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/discard.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/duration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/duration_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/encode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/encode_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/equal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/extensions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/extensions_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/lib.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/lib_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/message_set.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_reflect.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/properties_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/skip_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_marshal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_merge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_unmarshal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/text.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/text_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/text_parser.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/timestamp.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/wrappers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/sortkeys/sortkeys.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/format/format.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/have_key_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.coderabbit.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/AGENTS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apps/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/authorization/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/authorization/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/build/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/build/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/cloudnetwork/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/cloudnetwork/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_operator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_image.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/console/v1/types_console_plugin.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/install.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/features.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/legacyfeaturegates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/image/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/image/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/install.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/network/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/network/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/networkoperator/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/networkoperator/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/oauth/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/oauth/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/project/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/project/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/route/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/samples/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/samples/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/template/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/template/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/user/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/user/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/cloudnetwork/v1/cloudprivateipconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/cloudnetwork/v1/cloudprivateipconfigspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/cloudnetwork/v1/cloudprivateipconfigstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/clientset/versioned/fake/clientset_generated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/informers/externalversions/cloudnetwork/v1/cloudprivateipconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/informers/externalversions/factory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consoleauthentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/consolespec.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (3)

• .ci-operator.yaml
• Dockerfile
• go.mod

[coderabbitai]

♻️ Duplicate comments (1)

Dockerfile (1)

7-15: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Add a non-root runtime user in the final stage.

The final image still defaults to root because there is no USER instruction (see Line 7 onward). This is a container security violation and is still unresolved.

🔒 Minimal fix

 FROM registry.ci.openshift.org/ocp/5.0:base-rhel9
 
 COPY --from=builder /go/src/github.com/openshift/cloud-network-config-controller/_output/bin/cloud-network-config-controller /usr/bin/
 
 LABEL io.k8s.display-name="Cloud Network Config Controller" \
       io.k8s.description="Controller performing cloud level network modification" \
       io.openshift.tags="openshift" \
       maintainer="Alexander Constantinescu <aconstan@redhat.com>"
+
+USER 65532

As per coding guidelines: USER non-root; never run as root.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 7 - 15, The final Dockerfile stage currently copies
the controller binary (COPY --from=builder ... /usr/bin/) but never switches
from root; add a non-root runtime user and ensure the binary and any required
dirs are owned by that user, then set USER to that non-root user in the final
stage; specifically, create a user/group (e.g., adduser or groupadd/useradd
commands) or use an existing non-root UID, chown
/usr/bin/cloud-network-config-controller to that user, and add a USER
<username-or-uid> line after the COPY so the container no longer runs as root.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Duplicate comments:
In `@Dockerfile`:
- Around line 7-15: The final Dockerfile stage currently copies the controller
binary (COPY --from=builder ... /usr/bin/) but never switches from root; add a
non-root runtime user and ensure the binary and any required dirs are owned by
that user, then set USER to that non-root user in the final stage; specifically,
create a user/group (e.g., adduser or groupadd/useradd commands) or use an
existing non-root UID, chown /usr/bin/cloud-network-config-controller to that
user, and add a USER <username-or-uid> line after the COPY so the container no
longer runs as root.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 6a7a9312-51ad-4f3a-8bc5-cd31c86aa604

📥 Commits

Reviewing files that changed from the base of the PR and between 0755baa and b0312e2.

⛔ Files ignored due to path filters (295)

• go.sum is excluded by !**/*.sum
• vendor/cloud.google.com/go/compute/metadata/CHANGES.md is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/syscheck.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/syscheck_linux.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/syscheck_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/.cirrus.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_fen.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_inotify.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_kqueue.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/fsnotify.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/darwin.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/freebsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/unix2.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/decode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/decode_map_utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/diagnose.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/encode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/simplevalue.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/structfields.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/tag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/valid.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/ifaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/.cliff.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/reference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/ifaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/BENCHMARK.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/AUTHORS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/CONTRIBUTORS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/clone.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/custom_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/decode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/discard.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/duration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/duration_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/encode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/encode_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/equal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/extensions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/extensions_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/lib.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/lib_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/message_set.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_reflect.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/properties_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/skip_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_marshal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_merge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_unmarshal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/text.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/text_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/text_parser.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/timestamp.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/wrappers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/sortkeys/sortkeys.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/format/format.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/have_key_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.coderabbit.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/AGENTS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apps/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/authorization/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/authorization/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/build/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/build/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/cloudnetwork/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/cloudnetwork/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_operator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_image.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/console/v1/types_console_plugin.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/install.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/features.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/legacyfeaturegates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/image/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/image/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/install.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/network/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/network/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/networkoperator/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/networkoperator/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/oauth/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/oauth/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/project/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/project/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/route/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/samples/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/samples/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/template/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/template/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/user/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/user/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/cloudnetwork/v1/cloudprivateipconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/cloudnetwork/v1/cloudprivateipconfigspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/cloudnetwork/v1/cloudprivateipconfigstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/clientset/versioned/fake/clientset_generated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/informers/externalversions/cloudnetwork/v1/cloudprivateipconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/informers/externalversions/factory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (5)

• .ci-operator.yaml
• Dockerfile
• go.mod
• pkg/controller/cloudprivateipconfig/cloudprivateipconfig_controller_racy_test.go
• pkg/controller/cloudprivateipconfig/cloudprivateipconfig_controller_test.go

✅ Files skipped from review due to trivial changes (1)

• .ci-operator.yaml

🚧 Files skipped from review as they are similar to previous changes (1)

• go.mod

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

Dockerfile (1)

1-15: Consider addressing pre-existing container security guideline gaps.

While the base image updates are correct, the Dockerfile still has pre-existing gaps relative to the prodsec-skills container security guidelines:

1. Missing USER directive: No non-root user is specified. The runtime should include USER <non-root-uid> before the entrypoint.
2. Broad COPY: Line 4 copies the entire build context (.). Consider copying only necessary files/directories.
3. Missing HEALTHCHECK: No health check is defined for the runtime container.

Since this is a major rebase, it may be a good opportunity to align with these security standards. As per coding guidelines: "USER non-root; never run as root", "COPY specific files, not entire context", and "HEALTHCHECK defined".

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 1 - 15, Update the Dockerfile to follow container
security guidelines: replace the broad build-context copy in the builder stage
(the COPY . . step used to produce /_output/bin/cloud-network-config-controller)
with explicit COPY instructions for only the files and directories needed for
make build (e.g., go.mod, go.sum, cmd/, pkg/, etc.), add a non-root runtime user
and switch to it before runtime execution by adding a USER directive in the
final stage (create the user UID/GID if needed during the builder stage or via
RUN in the final stage), and add a HEALTHCHECK instruction to the final image
that probes the running controller (use an appropriate command or HTTP probe
matching the controller’s health endpoint).

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@Dockerfile`:
- Around line 1-15: Update the Dockerfile to follow container security
guidelines: replace the broad build-context copy in the builder stage (the COPY
. . step used to produce /_output/bin/cloud-network-config-controller) with
explicit COPY instructions for only the files and directories needed for make
build (e.g., go.mod, go.sum, cmd/, pkg/, etc.), add a non-root runtime user and
switch to it before runtime execution by adding a USER directive in the final
stage (create the user UID/GID if needed during the builder stage or via RUN in
the final stage), and add a HEALTHCHECK instruction to the final image that
probes the running controller (use an appropriate command or HTTP probe matching
the controller’s health endpoint).

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: b74cabea-1adc-4ff2-9f6d-8688c92e6561

📥 Commits

Reviewing files that changed from the base of the PR and between b0312e2 and 9f53f26.

⛔ Files ignored due to path filters (294)

• go.sum is excluded by !**/*.sum
• vendor/cloud.google.com/go/compute/metadata/CHANGES.md is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/syscheck.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/syscheck_linux.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/syscheck_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/.cirrus.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_fen.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_inotify.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_kqueue.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/fsnotify.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/darwin.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/freebsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/unix2.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/decode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/decode_map_utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/diagnose.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/encode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/simplevalue.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/structfields.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/tag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/valid.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/ifaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/.cliff.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/reference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/ifaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/BENCHMARK.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/AUTHORS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/CONTRIBUTORS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/clone.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/custom_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/decode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/discard.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/duration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/duration_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/encode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/encode_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/equal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/extensions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/extensions_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/lib.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/lib_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/message_set.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_reflect.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/properties_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/skip_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_marshal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_merge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_unmarshal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/text.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/text_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/text_parser.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/timestamp.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/wrappers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/sortkeys/sortkeys.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/format/format.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/have_key_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.coderabbit.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/AGENTS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apps/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/authorization/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/authorization/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/build/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/build/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/cloudnetwork/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/cloudnetwork/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_operator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_image.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/console/v1/types_console_plugin.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/install.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/features.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/legacyfeaturegates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/image/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/image/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/install.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/network/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/network/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/networkoperator/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/networkoperator/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/oauth/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/oauth/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/project/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/project/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/route/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/samples/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/samples/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/template/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/template/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/user/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/user/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/cloudnetwork/v1/cloudprivateipconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/cloudnetwork/v1/cloudprivateipconfigspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/cloudnetwork/v1/cloudprivateipconfigstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/clientset/versioned/fake/clientset_generated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/informers/externalversions/cloudnetwork/v1/cloudprivateipconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/informers/externalversions/factory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (6)

• .ci-operator.yaml
• .snyk
• Dockerfile
• go.mod
• pkg/controller/cloudprivateipconfig/cloudprivateipconfig_controller_racy_test.go
• pkg/controller/cloudprivateipconfig/cloudprivateipconfig_controller_test.go

🚧 Files skipped from review as they are similar to previous changes (4)

• pkg/controller/cloudprivateipconfig/cloudprivateipconfig_controller_racy_test.go
• pkg/controller/cloudprivateipconfig/cloudprivateipconfig_controller_test.go
• .ci-operator.yaml
• go.mod

[vinnie1110]

/retest

[tssurya]

/assign @pperiyasamy

[pperiyasamy]

can you update the commit message with all the steps you did for k8s bump ?

[pperiyasamy]

can this be separate commit with list of security warings it skips from the scanning ? it may help to revert the change when those libraries are fixed later.

[vinnie1110]

Sure, commits are now separate

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: vinnie1110
Once this PR has been reviewed and has the lgtm label, please ask for approval from pperiyasamy. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

Dockerfile (1)

1-15: ⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

Container must not run as root.

The Dockerfile lacks a USER directive, causing the container to run as root. This violates the container security guideline "USER non-root; never run as root" and is flagged by static analysis (Trivy DS-0002).

🔒 Proposed fix

Add a non-root user directive before copying the binary. OpenShift base images typically include user ID 1001:

 FROM registry.ci.openshift.org/ocp/5.0:base-rhel9
 
+USER 1001
+
 COPY --from=builder /go/src/github.com/openshift/cloud-network-config-controller/_output/bin/cloud-network-config-controller /usr/bin/

If user 1001 does not exist in the base image, create it:

 FROM registry.ci.openshift.org/ocp/5.0:base-rhel9
 
+RUN useradd -r -u 1001 -g 0 cloud-network-config-controller
+USER 1001
+
 COPY --from=builder /go/src/github.com/openshift/cloud-network-config-controller/_output/bin/cloud-network-config-controller /usr/bin/

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 1 - 15, The container currently runs as root because
the Dockerfile omits a USER directive; update the Dockerfile to switch to a
non-root user after the final base image is selected (before or immediately
after copying the binary). Ensure you reference the final stage image (the
second FROM) and the copied binary /usr/bin/cloud-network-config-controller: if
the base image already exposes UID 1001 use USER 1001, otherwise create or
ensure a non-root user/group exists and set ownership of the binary (and any
runtime dirs) to that user before switching with USER so the process does not
run as root.

Sources: Coding guidelines, Linters/SAST tools

🧹 Nitpick comments (1)

Dockerfile (1)

1-15: ⚡ Quick win

Add HEALTHCHECK directive.

The Dockerfile lacks a HEALTHCHECK directive, violating the container security guideline. A healthcheck enables the orchestrator to detect and restart unhealthy containers.

🏥 Proposed fix

If the controller exposes a health endpoint (e.g., on port 8081):

 LABEL io.k8s.display-name="Cloud Network Config Controller" \
       io.k8s.description="Controller performing cloud level network modification" \
       io.openshift.tags="openshift" \
       maintainer="Alexander Constantinescu <aconstan@redhat.com>"
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD ["/usr/bin/curl", "-f", "http://localhost:8081/healthz"]

If no health endpoint exists, verify the process is running:

 LABEL io.k8s.display-name="Cloud Network Config Controller" \
       io.k8s.description="Controller performing cloud level network modification" \
       io.openshift.tags="openshift" \
       maintainer="Alexander Constantinescu <aconstan@redhat.com>"
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD ["pgrep", "-x", "cloud-network-config-controller"]

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` around lines 1 - 15, Add a HEALTHCHECK to the Dockerfile so the
orchestrator can detect and restart unhealthy containers: if the controller
exposes an HTTP health endpoint (e.g., /health on port 8081) add a HEALTHCHECK
that curls that URL and fails on non-2xx/timeout; if no HTTP endpoint exists add
a HEALTHCHECK that verifies the main process (binary name
cloud-network-config-controller) is alive (e.g., via pgrep) and returns non-zero
on failure. Update the Dockerfile after the COPY of
/usr/bin/cloud-network-config-controller to include the appropriate HEALTHCHECK
CMD-SHELL invocation and sensible interval/retry/timeout values.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@Dockerfile`:
- Line 4: The Dockerfile currently uses a broad COPY . . which pulls the entire
build context into the image; replace this with explicit COPY directives for
only the needed artifacts (e.g., COPY package.json package-lock.json ., COPY
yarn.lock ., COPY src/ ./src or COPY dist/ ./dist) and ensure a .dockerignore
excludes secrets and dev-only files; update the Dockerfile to reference those
explicit filenames/dirs instead of '.' and add or tighten .dockerignore entries
to prevent sensitive or large files from being included.
- Line 1: Dockerfile currently runs as root, copies the entire build context,
lacks a HEALTHCHECK and uses images from registry.ci.openshift.org without
documented policy; fix by adding a non-root USER directive (create/drop to a
dedicated uid/gid and use USER <uid>), replace COPY . . with targeted COPY of
only required files/directories (e.g., COPY go.mod go.sum ./ and COPY cmd/ ./ or
similar) and use a multi-stage build to limit context, add a HEALTHCHECK
instruction that probes the running service (e.g., curl or tcp check) with
sensible interval/retries, and verify or switch the FROM image references
(registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.26-openshift-5.0 and
ocp/5.0:base-rhel9) to an approved registry such as catalog.redhat.com or
document an exception in the repo policy.

---

Outside diff comments:
In `@Dockerfile`:
- Around line 1-15: The container currently runs as root because the Dockerfile
omits a USER directive; update the Dockerfile to switch to a non-root user after
the final base image is selected (before or immediately after copying the
binary). Ensure you reference the final stage image (the second FROM) and the
copied binary /usr/bin/cloud-network-config-controller: if the base image
already exposes UID 1001 use USER 1001, otherwise create or ensure a non-root
user/group exists and set ownership of the binary (and any runtime dirs) to that
user before switching with USER so the process does not run as root.

---

Nitpick comments:
In `@Dockerfile`:
- Around line 1-15: Add a HEALTHCHECK to the Dockerfile so the orchestrator can
detect and restart unhealthy containers: if the controller exposes an HTTP
health endpoint (e.g., /health on port 8081) add a HEALTHCHECK that curls that
URL and fails on non-2xx/timeout; if no HTTP endpoint exists add a HEALTHCHECK
that verifies the main process (binary name cloud-network-config-controller) is
alive (e.g., via pgrep) and returns non-zero on failure. Update the Dockerfile
after the COPY of /usr/bin/cloud-network-config-controller to include the
appropriate HEALTHCHECK CMD-SHELL invocation and sensible interval/retry/timeout
values.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository: openshift/coderabbit/.coderabbit.yaml

Review profile: CHILL

Plan: Enterprise

Run ID: 05fdd655-3fcc-41bc-9479-f5883d6d18e9

📥 Commits

Reviewing files that changed from the base of the PR and between 9f53f26 and 1578c83.

⛔ Files ignored due to path filters (295)

• go.sum is excluded by !**/*.sum
• vendor/cloud.google.com/go/compute/metadata/CHANGES.md is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/metadata.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/retry.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/syscheck.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/syscheck_linux.go is excluded by !**/vendor/**, !vendor/**
• vendor/cloud.google.com/go/compute/metadata/syscheck_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/.cirrus.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/CONTRIBUTING.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_fen.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_inotify.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_kqueue.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/backend_windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/fsnotify.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/darwin.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_darwin.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_dragonfly.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_freebsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_kqueue.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_netbsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/debug_openbsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/freebsd.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/unix.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/unix2.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fsnotify/fsnotify/internal/windows.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/cache.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/decode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/decode_map_utils.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/diagnose.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/encode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/simplevalue.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/stream.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/structfields.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/tag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/fxamacker/cbor/v2/valid.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.cliff.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/errors.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/ifaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/options.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonpointer/pointer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/.cliff.toml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/.golangci.yml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/NOTICE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/jsonreference/reference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/.gitignore is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/CODE_OF_CONDUCT.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/CONTRIBUTORS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/SECURITY.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/go.work is excluded by !**/*.work, !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/go_name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/ifaces.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonname/name_provider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/jsonutils/README.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/go-openapi/swag/mangling/BENCHMARK.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/AUTHORS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/CONTRIBUTORS is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/LICENSE is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/clone.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/custom_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/decode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/deprecated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/discard.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/duration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/duration_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/encode.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/encode_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/equal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/extensions.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/extensions_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/lib.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/lib_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/message_set.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_reflect.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_reflect_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_unsafe.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/pointer_unsafe_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/properties.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/properties_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/skip_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_marshal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_marshal_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_merge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_unmarshal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/table_unmarshal_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/text.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/text_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/text_parser.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/timestamp.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/timestamp_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/wrappers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/proto/wrappers_gogo.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/gogo/protobuf/sortkeys/sortkeys.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/CHANGELOG.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/format/format.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/gomega_dsl.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/have_key_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/have_key_with_value_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/match_error_strictly_matcher.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/onsi/gomega/matchers/support/goraph/edge/edge.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.ci-operator.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.coderabbit.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/.golangci.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/AGENTS.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Dockerfile.ocp is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/types_compatibilityrequirement.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apiextensions/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/apps/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/apps/v1/zz_prerelease_lifecycle_generated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/authorization/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/authorization/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/build/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/build/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/cloudnetwork/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/cloudnetwork/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_operator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_cluster_version.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_dns.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_image.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_infrastructure.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_kmsencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/types_tlssecurityprofile.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_cluster_monitoring.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_crio_credential_provider_config.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/types_pki.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/config/v1alpha2/types_insights.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/config/v1alpha2/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/console/v1/types_console_plugin.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/console/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/envtest-releases.yaml is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/install.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/Makefile is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/doc.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/etcd/v1alpha1/types_pacemakercluster.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/etcd/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/features.md is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/features.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/legacyfeaturegates.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/features/util.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/image/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/image/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/install.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1beta1/types_awsprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/machine/v1beta1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/network/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/network/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/networkoperator/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/networkoperator/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/oauth/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/oauth/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_ingress.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/types_network.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/register.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1alpha1/types_clusterapi.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.deepcopy.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/project/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/project/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/quota/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/route/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/samples/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/samples/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/generated.proto is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/types.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/security/v1/zz_generated.featuregated-crd-manifests.yaml is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/security/v1/zz_generated.swagger_doc_generated.go is excluded by !**/vendor/**, !vendor/**, !**/zz_generated*
• vendor/github.com/openshift/api/template/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/template/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/user/v1/generated.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/api/user/v1/generated.protomessage.pb.go is excluded by !**/*.pb.go, !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/cloudnetwork/v1/cloudprivateipconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/cloudnetwork/v1/cloudprivateipconfigspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/cloudnetwork/v1/cloudprivateipconfigstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/applyconfigurations/internal/internal.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/clientset/versioned/fake/clientset_generated.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/informers/externalversions/cloudnetwork/v1/cloudprivateipconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/cloudnetwork/informers/externalversions/factory.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/acceptrisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/alibabacloudresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserver.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverencryption.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiservernamedservingcert.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverservingcerts.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/apiserverspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/audit.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/auditcustomrule.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authentication.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/authenticationstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsdnsspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsingressspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awskmsconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/awsserviceendpoint.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/azureresourcetag.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformloadbalancer.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/baremetalplatformstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/basicauthidentityprovider.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/build.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/builddefaults.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildoverrides.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/buildspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudcontrollermanagerstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerconfig.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/cloudloadbalancerips.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clustercondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicy.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicyspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterimagepolicystatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusternetworkentry.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperator.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusteroperatorstatuscondition.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversion.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversioncapabilitiesstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionspec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/clusterversionstatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentoverride.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutespec.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/componentroutestatus.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdate.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/conditionalupdaterisk.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapfilereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/configmapnamereference.go is excluded by !**/vendor/**, !vendor/**
• vendor/github.com/openshift/client-go/config/applyconfigurations/config/v1/console.go is excluded by !**/vendor/**, !vendor/**

📒 Files selected for processing (5)

• .ci-operator.yaml
• Dockerfile
• go.mod
• pkg/controller/cloudprivateipconfig/cloudprivateipconfig_controller_racy_test.go
• pkg/controller/cloudprivateipconfig/cloudprivateipconfig_controller_test.go

✅ Files skipped from review due to trivial changes (1)

• .ci-operator.yaml

🚧 Files skipped from review as they are similar to previous changes (3)

• pkg/controller/cloudprivateipconfig/cloudprivateipconfig_controller_test.go
• pkg/controller/cloudprivateipconfig/cloudprivateipconfig_controller_racy_test.go
• go.mod

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Search for base image policies or security documentation

# Check for security or container documentation
fd -i -e md -e txt . | xargs rg -i "base.?image|catalog.redhat|registry.ci.openshift" -C 2

# Check for other Dockerfiles in the repo using catalog.redhat.com
fd -t f "Dockerfile" | xargs rg "FROM.*catalog.redhat.com"

# Check CI operator config for image policies
rg "base.*image|catalog" .ci-operator.yaml -A 2 -B 2

Repository: openshift/cloud-network-config-controller

Length of output: 67

---

Harden Dockerfile per container security guidelines (non-root + least-context + HEALTHCHECK) and confirm base image registry policy.

• ./Dockerfile (lines 1-15): Missing USER directive; container runs as root (DS-0002).
• ./Dockerfile (line 4): COPY . . copies the full build context; copy only required files/dirs.
• ./Dockerfile (lines 1, 7): Base images use registry.ci.openshift.org (ocp/builder... and ocp/5.0:base-rhel9); no repo policy/docs exception for registry.ci.openshift.org vs catalog.redhat.com was located—confirm this is allowed or switch to catalog.redhat.com.
• ./Dockerfile (lines 1-15): Missing HEALTHCHECK.

🧰 Tools

🪛 Trivy (0.69.3)

[error] 1-1: Image user should not be 'root'

Specify at least 1 USER command in Dockerfile with non-root user as argument

Rule: DS-0002

Learn more

(IaC/Dockerfile)

---

[error] 1-1: Image user should not be 'root'

Specify at least 1 USER command in Dockerfile with non-root user as argument

Rule: DS-0002

Learn more

(IaC/Dockerfile)

---

[error] 1-1: Image user should not be 'root'

Specify at least 1 USER command in Dockerfile with non-root user as argument

Rule: DS-0002

Learn more

(IaC/Dockerfile)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` at line 1, Dockerfile currently runs as root, copies the entire
build context, lacks a HEALTHCHECK and uses images from
registry.ci.openshift.org without documented policy; fix by adding a non-root
USER directive (create/drop to a dedicated uid/gid and use USER <uid>), replace
COPY . . with targeted COPY of only required files/directories (e.g., COPY
go.mod go.sum ./ and COPY cmd/ ./ or similar) and use a multi-stage build to
limit context, add a HEALTHCHECK instruction that probes the running service
(e.g., curl or tcp check) with sensible interval/retries, and verify or switch
the FROM image references
(registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.26-openshift-5.0 and
ocp/5.0:base-rhel9) to an approved registry such as catalog.redhat.com or
document an exception in the repo policy.

Source: Coding guidelines

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Copy specific files instead of entire build context.

Line 4 copies the entire build context (.), violating the container security guideline "COPY specific files, not entire context". This can bloat the builder layer and risks including sensitive files.

🔒 Proposed fix

-COPY . .
+COPY go.mod go.sum ./
+COPY vendor/ vendor/
+COPY pkg/ pkg/
+COPY cmd/ cmd/
+COPY Makefile ./

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	COPY . .
	COPY go.mod go.sum ./
	COPY vendor/ vendor/
	COPY pkg/ pkg/
	COPY cmd/ cmd/
	COPY Makefile ./

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` at line 4, The Dockerfile currently uses a broad COPY . . which
pulls the entire build context into the image; replace this with explicit COPY
directives for only the needed artifacts (e.g., COPY package.json
package-lock.json ., COPY yarn.lock ., COPY src/ ./src or COPY dist/ ./dist) and
ensure a .dockerignore excludes secrets and dev-only files; update the
Dockerfile to reference those explicit filenames/dirs instead of '.' and add or
tighten .dockerignore entries to prevent sensitive or large files from being
included.

Source: Coding guidelines

[vinnie1110]

/retest

[openshift-ci]

@vinnie1110: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.