fix: consolidate Renovate Go groups and restrict Fedora to stable

[raballew]

Summary

• Consolidate all Go module groups (go-deps-other, grpc-protobuf-go, kubernetes, go-testing, golang-x, golang-version) into a single kubernetes group -- any Go dependency can bump the minimum Go version (verified: k8s.io/api v0.36.1 requires go 1.26.0, grpc/gin deps require go 1.25.0), so they must ship together with the Go toolchain (.go-version, go.mod directives, go-toolset container image)
• Restrict Fedora base image to <=44 to prevent Renovate from proposing rawhide (Fedora 45)
• Add versioning regex for ubi9/go-toolset so only Go-version-style tags (1.x.y) are tracked, not UBI/RHEL build tags (9.8-1780490420)

Renovate PRs affected

Once merged, Renovate will consolidate these into one PR:

• fix(deps): update kubernetes #764 (kubernetes)
• fix(deps): update grpc-protobuf-go - autoclosed #763 (grpc-protobuf-go)
• fix(deps): update go-testing to v1.41.0 - autoclosed #762 (go-testing)
• fix(deps): update golang-x - autoclosed #757 (golang-x)
• fix(deps): update go-deps-other - autoclosed #756 (go-deps-other)

And #765 (docker-base-images) will no longer propose Fedora 45 or go-toolset UBI tags.

Test plan

• Verify Renovate validates the config (the validate-renovate CI job)
• After merge, confirm Renovate closes the redundant Go PRs and opens a single consolidated one
• Confirm Fedora stays at <=44 in future docker-base-images PRs

🤖 Generated with Claude Code

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR consolidates Go-related dependency grouping in renovate.json under a single kubernetes group, removing granular Go-specific rules. It reassigns Go version directives and tooling (go-version, UBI9 Go-toolset) to use the new group alignment and adds Fedora stable release tracking.

Changes

Renovate dependency grouping reorganization

Layer / File(s)	Summary
Go module grouping consolidation renovate.json	Replaced granular Go module update rules with a unified rule grouping all Go modules under kubernetes group, removing prior Kubernetes/controller, test framework, and stdlib extension-specific grouping rules.
Go tooling and version directive consolidation renovate.json	Reassigned "Go version directives" grouping from golang-version to kubernetes, updated .go-version grouping to match, and added a rule to group the UBI9 Go-toolset Docker image with a versioning regex under the same kubernetes group.
Fedora stable release tracking renovate.json	Added a package rule to track Fedora stable releases using the latest tag.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Renovate now flows with harmony,
Go modules dance under one family—
Kubernetes grouped, version tools aligned,
Fedora tracking, all dependencies refined!
Configuration now makes perfect sense. ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main changes: consolidating Go dependency groups and restricting Fedora to stable releases, matching the core objectives.
Description check	✅ Passed	The description comprehensively covers the changeset objectives including Go group consolidation rationale, Fedora restrictions, versioning regex additions, affected PRs, and test plan.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[raballew]

the problem is that fedora will always have a rawhide stream which will be picked up. it seems though, that latest always points to rawhide minus 1 (in this case f44 instead of f45) so i am just telling it to pull latest

[raballew]

ubi images are a problem their versioning scheme tracks two independent problems (ubi version and go version) you can update one automatically but not both in combination

[coderabbitai]

🧹 Nitpick comments (1)

renovate.json (1)

202-213: Refine go-toolset regex and image reference

• registry.access.redhat.com/ubi9/go-toolset is the correct image reference and is used by controller/Dockerfile and controller/Dockerfile.operator (current tag :1.24.6), and matches the renovate.json rule.
• The versioning regex ^(?<major>\\d+)\\.(?<minor>\\d+)\\.(?<patch>\\d+)$ matches 3-part numeric tags from the registry (e.g., 1.17.12, 1.18.10) and excludes dash-suffixed build/revision tags (e.g., 1.17.12-12, 1.18.9-2.*), preventing build-variant tags from being treated as semver updates.
• This regex won’t match 2-part tags like 1.17—update behavior will depend on whether those tags should be included.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@renovate.json` around lines 202 - 213, The current renovate rule correctly
targets matchPackageNames "registry.access.redhat.com/ubi9/go-toolset" (used by
controller/Dockerfile and controller/Dockerfile.operator) but the versioning
regex under the "versioning" key only matches three-part numeric semver and
excludes dash-suffixed build tags and two-part tags; update the "versioning"
value to a regex that also accepts optional dash-suffixed build/revision
segments and optionally supports two-part tags (e.g., allow patterns like 1.18,
1.18.9-2) so Renovate will detect those image tag variants as updates while
keeping automerge false.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@renovate.json`:
- Around line 202-213: The current renovate rule correctly targets
matchPackageNames "registry.access.redhat.com/ubi9/go-toolset" (used by
controller/Dockerfile and controller/Dockerfile.operator) but the versioning
regex under the "versioning" key only matches three-part numeric semver and
excludes dash-suffixed build tags and two-part tags; update the "versioning"
value to a regex that also accepts optional dash-suffixed build/revision
segments and optionally supports two-part tags (e.g., allow patterns like 1.18,
1.18.9-2) so Renovate will detect those image tag variants as updates while
keeping automerge false.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e2c5a10f-6c20-410d-b0a8-e2c22be4bdca

📥 Commits

Reviewing files that changed from the base of the PR and between be78b3b and a14157e.

📒 Files selected for processing (1)

• renovate.json