Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

argo-rollouts/1.8.0 package update #40935

Merged
merged 2 commits into from
Jan 31, 2025
Merged

argo-rollouts/1.8.0 package update #40935

merged 2 commits into from
Jan 31, 2025

Conversation

octo-sts[bot]
Copy link
Contributor

@octo-sts octo-sts bot commented Jan 30, 2025

@octo-sts octo-sts bot added request-version-update request for a newer version of a package automated pr labels Jan 30, 2025
@octo-sts Octo STS
Copy link
Contributor Author

octo-sts bot commented Jan 30, 2025

⚠️ EXPERIMENTAL

Please use 👍 or 👎 on this comment to indicate if you agree or disagree with the recommendation.

To provide more detailed feedback please comment on the recommendation prefixed with /ai-verify:

e.g. /ai-verify partially helpful but I also added bash to the build environment

Gen AI suggestions to solve the build error:

Based on the error output, I'll provide a detailed analysis and solution:

• Detected Error:

Error: failed to run update. Error: package go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc with version 'v0.46.0' is already at version v0.47.0

• Error Category: Dependency Version Conflict

• Failure Point:
The go/bump step in the kubectl-argo-rollouts subpackage pipeline

• Root Cause Analysis:
The build is failing because there's a version conflict with the OpenTelemetry gRPC instrumentation package. The melange file is trying to pin version v0.46.0, but the project's dependencies are already using v0.47.0.

• Suggested Fix:
Update the dependency version in the melange YAML file's go/bump section for kubectl-argo-rollouts. Change:

deps: |-
  ...
  go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/[email protected]

to:

deps: |-
  ...
  go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/[email protected]

• Explanation:
The error occurs because we're trying to downgrade a package that's already required at a higher version by other dependencies. Using the newer version (v0.47.0) will resolve the version conflict while maintaining compatibility with other dependencies.

• Additional Notes:

  • This type of error is common when dependencies have been updated in the upstream project
  • It's generally safer to use the newer version when there's a minor version conflict
  • The error occurs in the kubectl-argo-rollouts subpackage, not the main package
  • The OpenTelemetry packages often need to be updated together to maintain compatibility

• References:

@octo-sts octo-sts bot added the ai/skip-comment Stop AI from commenting on PR label Jan 30, 2025
@hbh7 hbh7 self-assigned this Jan 30, 2025
@octo-sts octo-sts bot added the bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. label Jan 30, 2025
@hbh7
Copy link
Member

hbh7 commented Jan 30, 2025
edited
Loading

Remaining GHSA-29qp-crvh-w22m CVE cannot be remediated at this time.

@hbh7 hbh7 requested a review from a team January 30, 2025 23:27
@philroche philroche merged commit 4794ef3 into main Jan 31, 2025
14 of 15 checks passed
@philroche philroche deleted the wolfictl-b255a71a-4a6e-4d0e-a855-f8ca3307d29a branch January 31, 2025 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@philroche philroche philroche approved these changes

Assignees

@hbh7 hbh7

Labels
ai/skip-comment Stop AI from commenting on PR automated pr bincapz/pass bincapz/pass Bincapz (aka. malcontent) scan didn't detect any CRITICALs on the scanned packages. manual/review-needed request-version-update request for a newer version of a package
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hbh7 @philroche @wolfi-bot