build(deps): bump google.golang.org/api from 0.279.0 to 0.280.0 in the misc-dependencies group across 1 directory

[dependabot]

Bumps the misc-dependencies group with 1 update in the / directory: google.golang.org/api.

Updates google.golang.org/api from 0.279.0 to 0.280.0

Release notes

Sourced from google.golang.org/api's releases.

v0.280.0

0.280.0 (2026-05-19)

Features

• all: Auto-regenerate discovery clients (#3591) (55ba2fa)
• all: Auto-regenerate discovery clients (#3593) (054d4b6)
• all: Auto-regenerate discovery clients (#3594) (0382916)
• all: Auto-regenerate discovery clients (#3595) (13e1ad2)
• all: Auto-regenerate discovery clients (#3596) (4c77865)
• all: Auto-regenerate discovery clients (#3598) (ae2f330)
• all: Auto-regenerate discovery clients (#3599) (f82d204)

Changelog

Sourced from google.golang.org/api's changelog.

0.280.0 (2026-05-19)

Features

• all: Auto-regenerate discovery clients (#3591) (55ba2fa)
• all: Auto-regenerate discovery clients (#3593) (054d4b6)
• all: Auto-regenerate discovery clients (#3594) (0382916)
• all: Auto-regenerate discovery clients (#3595) (13e1ad2)
• all: Auto-regenerate discovery clients (#3596) (4c77865)
• all: Auto-regenerate discovery clients (#3598) (ae2f330)
• all: Auto-regenerate discovery clients (#3599) (f82d204)

Commits

• 3887b09 chore(main): release 0.280.0 (#3592)
• f82d204 feat(all): auto-regenerate discovery clients (#3599)
• 13e7314 chore(all): update all (#3597)
• ae2f330 feat(all): auto-regenerate discovery clients (#3598)
• 4c77865 feat(all): auto-regenerate discovery clients (#3596)
• 13e1ad2 feat(all): auto-regenerate discovery clients (#3595)
• 0382916 feat(all): auto-regenerate discovery clients (#3594)
• 054d4b6 feat(all): auto-regenerate discovery clients (#3593)
• 55ba2fa feat(all): auto-regenerate discovery clients (#3591)
• See full diff in compare view

Summary by CodeRabbit

• Chores
  • Updated external dependencies as part of routine maintenance to improve stability and security.
  • No changes to public APIs or exported behavior; this is an internal dependency update with no user-facing feature changes.
  • Small maintenance tweak reducing future compatibility risk and keeping the application aligned with upstream fixes.

[openshift-merge-bot]

Pipeline controller notification
This repo is configured to use the pipeline controller. Second-stage tests will be triggered either automatically or after lgtm label is added, depending on the repository configuration. The pipeline controller will automatically detect which contexts are required and will utilize /test Prow commands to trigger the second stage.

For optional jobs, comment /test ? to see a list of all defined jobs. To trigger manually all jobs from second stage use /pipeline required command.

This repository is configured in: LGTM mode

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 469bcd37-33e9-4e62-9d4f-db184ab67f34

📥 Commits

Reviewing files that changed from the base of the PR and between 39fe344 and c55ec45.

⛔ Files ignored due to path filters (5)

• go.sum is excluded by !**/*.sum
• vendor/google.golang.org/api/compute/v1/compute-api.json is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/api/compute/v1/compute-gen.go is excluded by !vendor/**, !**/vendor/**
• vendor/google.golang.org/api/internal/version.go is excluded by !vendor/**, !**/vendor/**
• vendor/modules.txt is excluded by !vendor/**, !**/vendor/**

📒 Files selected for processing (1)

• go.mod

---

📝 Walkthrough

Walkthrough

This pull request updates two Go module dependencies in go.mod. The primary dependency google.golang.org/api is bumped from v0.279.0 to v0.280.0, and the indirect transitive dependency google.golang.org/genproto/googleapis/rpc is updated to a newer pseudo-version. No code or public API changes are introduced.

Possibly related PRs

• openshift/hypershift#8464: Updates google.golang.org/api and other Go module dependencies in go.mod.

Suggested reviewers

• sjenning
• muraee

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning)

Check name	Status	Explanation	Resolution
Stable And Deterministic Test Names	❌ Error	Ginkgo test names use fmt.Sprintf with dynamic content (workload names, feature sets). Found in control_plane_workloads_test.go, control_plane_infrastructure_test.go, and generator.go.	Replace fmt.Sprintf with static test names. Move dynamic values to test bodies for setup and assertions, not test titles.
Microshift Test Compatibility	⚠️ Warning	New Ginkgo e2e tests reference MicroShift-unavailable APIs (ClusterOperator, imageregistry) without protection tags or IsMicroShiftCluster() checks.	Add [apigroup:config.openshift.io] and [apigroup:imageregistry.operator.openshift.io] tags to test names, or guard with IsMicroShiftCluster() checks with g.Skip()

✅ Passed checks (10 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: bumping google.golang.org/api dependency version in go.mod, which matches the changeset.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Test Structure And Quality	✅ Passed	No test files were modified in this PR (verified 0 *_test.go files changed). The PR only bumps google.golang.org/api dependency in go.mod, so the test structure review check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	PR is a dependency-only update with no new or modified test files. SNO compatibility check applies only to new Ginkgo e2e tests, which are not present in this change.
Topology-Aware Scheduling Compatibility	✅ Passed	PR only updates go.mod dependencies (google.golang.org/api v0.280.0), not deployment manifests, operator code, or controllers. Check applies only when such entities are modified.
Ote Binary Stdout Contract	✅ Passed	PR only updates go.mod/go.sum dependencies; repo is HyperShift operator/service, not OTE test binary. OTE Binary Stdout Contract check not applicable.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	This PR is a dependency version bump with no new Ginkgo e2e tests added. The check applies only to PRs that add new It(), Describe(), Context(), or When() test functions.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch dependabot/go_modules/misc-dependencies-f5a908c034

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a openshift member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: dependabot[bot]
Once this PR has been reviewed and has the lgtm label, please assign bryan-cox for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[hypershift-jira-solve-ci]

Now I have all the information needed for a comprehensive report. Let me compile the final analysis.

Test Failure Analysis Complete

Job Information

• Prow Job: Red Hat Konflux / hypershift-operator-main-enterprise-contract / hypershift-operator-main
• Build ID: hypershift-operator-main-enterprise-contract-jpd4r (check run 76963194432)
• Second Job: Red Hat Konflux / hypershift-operator-enterprise-contract / hypershift-operator-main
• Second Build ID: hypershift-operator-enterprise-contract-fkg72 (check run 76963193056)
• PR: #8555 — build(deps): bump google.golang.org/api from 0.279.0 to 0.280.0
• Commit: d3a4216
• Snapshot: hypershift-operator-20260520-125814-000
• EC Verify Results: 254 successes, 24 warnings, 2 failures

Test Failure Analysis

Error

Integration test for component hypershift-operator-main snapshot
hypershift-operator-20260520-125814-000 and scenario
hypershift-operator-main-enterprise-contract has failed

Task: verify | Status: FAILURE | 254 success(es), 24 warning(s), 2 failure(s)

Summary

These two failures are not caused by PR #8555 (the google.golang.org/api dependency bump). They are pre-existing, intermittent Enterprise Contract (EC) policy violations specific to the hypershift-operator-main component image in the Konflux/Conforma supply-chain verification pipeline. The failures are non-blocking — they do not gate PR merges, and other PRs (e.g., #8552) have been merged successfully with the same EC checks showing neutral. All actual Prow CI tests passed ("all tests passed!" per the Prow bot). The EC verify task runs the ec validate image command against the built container image snapshot, and 2 of 256 policy rules are currently failing for the hypershift-operator-main component while the identical pipeline for control-plane-operator-main passes, indicating the violations are image-specific (likely CVE scan results or test result attestation issues) rather than a policy misconfiguration.

Root Cause

The 2 EC policy failures are a pre-existing, intermittent issue in the Konflux Enterprise Contract verification for the hypershift-operator-main component. Key findings:

1. Not caused by this PR: The dependency bump (google.golang.org/api 0.279.0 → 0.280.0) changes only go.mod/go.sum/vendor files. The Konflux build pipeline (hypershift-operator-main-on-pull-request) succeeded — only the post-build EC verification failed.

2. Systemic across all recent PRs: At least 13 PRs (CNTRLPLANE-3250, CNTRLPLANE-430: API-driven Azure topology and private connectivity (Phase 1) #8537–OCPBUGS-86329: cpo: turn off cluster-api crdmigrator controller #8556) show the same 2 EC failures. The pattern began appearing around May 19–20, 2026.

3. Intermittent, not deterministic: PR build(deps): bump google.golang.org/api from 0.279.0 to 0.280.0 in the misc-dependencies group across 1 directory #8555 (snapshot 20260520-125814, ran 12:58 UTC) shows failure, while PR OCPBUGS-86238: set limits for aro.openshift.io/swift-nic in request overrides for ARO swift #8552 (snapshot 20260520-135409, ran 13:53 UTC — less than 1 hour later) shows neutral (warnings only). This rules out a permanent policy or image defect.

4. Component-specific, not global: The control-plane-operator-main EC check passes on the same commits, despite using the same build pipeline (.tekton/pipelines/common-operator-build.yaml) and the same base images (ubi9/go-toolset:1.25.9 + ubi9/ubi-minimal:9.7). The hypershift-shared-ingress and hypershift-gomaxprocs-webhook EC checks also pass.

5. Most likely cause: The 2 failing rules are most likely related to one of:

   • CVE scan results (cve_results_found or cve.blocking_cve_check): The Clair scan of the hypershift-operator image may intermittently detect blocking CVEs in RPM packages that are borderline on severity thresholds.
   • Test result attestation (test.no_test_warnings or test.test_data_found): A build-time test task may produce intermittent results that sometimes satisfy the policy and sometimes don't.

   The exact 2 failing rule names cannot be determined without access to the Konflux pipeline logs (the Konflux UI at konflux-ui.apps.stone-prd-rh01.pg1f.p1.openshiftapps.com requires authentication).

6. Non-blocking check: These EC checks are not required for merge. Multiple PRs have been merged with these checks in neutral or even without them running at all.

Recommendations

1. No action needed for this PR: The dependency bump is safe. All actual CI tests passed. The EC failures are pre-existing and unrelated to the code change.

2. To unblock merge: Simply obtain lgtm and approve labels from reviewers — the EC failures do not block merging. The PR is currently waiting for /ok-to-test verification from an org member (it's a Dependabot PR).

3. To investigate the EC failures (for the Konflux/build team):

   • Access the Konflux UI pipeline run: hypershift-operator-main-enterprise-contract-jpd4r to see the exact 2 failing EC policy rules.
   • Compare the hypershift-operator-main EC scenario policy configuration with control-plane-operator to identify why one passes and the other fails.
   • Check if the intermittent nature is related to CVE database updates or Clair scan timing.

4. To prevent future noise: Consider adjusting the Konflux IntegrationTestScenario for hypershift-operator-main to demote the 2 failing rules from deny to warn severity if they are known acceptable risks, matching the behavior seen in neutral runs.

Evidence

Evidence	Detail
PR #8555 EC result	failure — 254 pass, 24 warn, 2 fail (snapshot 20260520-125814, ran 12:58 UTC)
PR #8552 EC result	neutral — warnings only (snapshot 20260520-135409, ran 13:53 UTC, merged successfully)
control-plane-operator EC	success — passes on the same commit and same base images
Prow CI tests	All passed ("all tests passed!" per openshift-ci bot)
Affected PRs	#8537–#8556 (13+ PRs) show the same 2 EC failures
First appearance	Between snapshots 20260515-234330 (neutral) and 20260519-182036 (failure)
Failing task	verify (EC policy validation via ec validate image)
Passing tasks	collect-keyless-params succeeded on both runs
Pipeline run 1	hypershift-operator-main-enterprise-contract-jpd4r
Pipeline run 2	hypershift-operator-enterprise-contract-fkg72
Build pipeline	Succeeded — hypershift-operator-main-on-pull-request: success
Base images	registry.access.redhat.com/ubi9/go-toolset:1.25.9-1778054913 (builder), ubi9/ubi-minimal:9.7-1777857961 (runtime)
Merge-blocking?	No — PRs merge successfully despite EC failures

---

[openshift-ci]

@dependabot[bot]: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.