Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .ci-operator.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
build_root_image:
name: release
namespace: openshift
tag: rhel-9-release-golang-1.25-openshift-4.22
tag: rhel-9-release-golang-1.26-openshift-5.0
4 changes: 2 additions & 2 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.25-openshift-4.22 AS builder
FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.26-openshift-5.0 AS builder
WORKDIR /go/src/github.com/openshift/route-controller-manager
COPY . .

@coderabbitai coderabbitai Bot Jun 24, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🔒 Security & Privacy | 🟠 Major | ⚡ Quick win

Avoid COPY . . in the builder stage.

Line 3 copies the full context, which can unintentionally include sensitive or irrelevant files and expands attack surface. Copy only required files/directories.

Suggested fix
 WORKDIR /go/src/github.com/openshift/route-controller-manager
-COPY . .
+COPY go.mod go.sum ./
+COPY cmd/ ./cmd/
+COPY pkg/ ./pkg/
+COPY Makefile ./
 RUN make build --warn-undefined-variables

As per path instructions, Dockerfiles should "COPY specific files, not entire context."

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
COPY . .
WORKDIR /go/src/github.com/openshift/route-controller-manager
COPY go.mod go.sum ./
COPY cmd/ ./cmd/
COPY pkg/ ./pkg/
COPY Makefile ./
RUN make build --warn-undefined-variables
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@Dockerfile` at line 3, Replace the COPY . . command in the builder stage with
specific COPY statements that only copy the files and directories required for
the build. Instead of copying the entire context, identify which files are
necessary (such as package.json, source code directories, configuration files,
etc.) and use individual COPY commands for each required item. This reduces the
image size, improves build security by excluding unnecessary files, and
minimizes the attack surface.

Source: Path instructions

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@CodeRabbit this is outside the scope of this PR. We can address in a followup.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@candita, understood — that's a reasonable call for a targeted version-bump PR. Would you like me to open a GitHub issue to track the COPY . . improvement as a follow-up task?

RUN make build --warn-undefined-variables

FROM registry.ci.openshift.org/ocp/4.22:base-rhel9
FROM registry.ci.openshift.org/ocp/5.0:base-rhel9
COPY --from=builder /go/src/github.com/openshift/route-controller-manager/route-controller-manager /usr/bin/
LABEL io.k8s.display-name="OpenShift Route Controller Manager Command" \
io.k8s.description="OpenShift is a platform for developing, building, and deploying containerized applications." \
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/openshift/route-controller-manager

go 1.25.0
go 1.26.3

require (
github.com/blang/semver/v4 v4.0.0
Expand Down