no-jira: images: bump upi to 5.0

[patrickdillon]

Followup to ART automated PRs to bump images to 5.0; the bot does not bump to a new version, so we need to do it.

Summary by CodeRabbit

• Chores
  • Updated container build infrastructure to use latest available versions.

[openshift-ci-robot]

@patrickdillon: This pull request explicitly references no jira issue.

Details

In response to this:

Followup to ART automated PRs to bump images to 5.0; the bot does not bump to a new version, so we need to do it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[coderabbitai]

Note

.coderabbit.yaml has unrecognized properties

CodeRabbit is using all valid settings from your configuration. Unrecognized properties (listed below) have been ignored and may indicate typos or deprecated fields that can be removed.

⚠️ Parsing warnings (1)

Validation error: Unrecognized key: "tools"

⚙️ Configuration instructions

• Please see the configuration documentation for more information.
• You can also validate your configuration using the online YAML validator.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 19497766-1022-42af-8486-bb5d7e11c12a

📥 Commits

Reviewing files that changed from the base of the PR and between 8e014ad and abe0c11.

📒 Files selected for processing (1)

• images/installer/Dockerfile.upi.ci

---

📝 Walkthrough

Walkthrough

This pull request updates the UPI CI Dockerfile to adopt OpenShift 5.0 artifact and builder images throughout the multi-stage build, replacing all 4.22 image references while retaining external tool sources unchanged.

Changes

OpenShift 5.0 CI Image Upgrade

Layer / File(s)	Summary
Artifact and builder stage image updates images/installer/Dockerfile.upi.ci	Artifact-copy stages and Go builder stage reference are switched from OpenShift 4.22 to 5.0 image tags, with the builder base image updated to the 5.0 variant.
Toolchain stage image updates images/installer/Dockerfile.upi.ci	Toolchain-related stages for CLI and base-rhel9 are updated to reference OpenShift 5.0 images instead of 4.22 variants; external tool images (govc, pwsh, yq) remain from their original registries.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 15

✅ Passed checks (15 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: bumping UPI Dockerfile images from 4.22 to OpenShift 5.0.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR modifies only Dockerfile.upi.ci with static image version references; no Ginkgo test files or test names are present, making this check inapplicable.
Test Structure And Quality	✅ Passed	PR modifies only Dockerfile.upi.ci (Docker image references), not Ginkgo test code. Custom check for test structure is inapplicable to infrastructure/build configuration changes.
Microshift Test Compatibility	✅ Passed	PR only modifies Dockerfile for CI infrastructure (images/installer/Dockerfile.upi.ci); no new Ginkgo e2e tests were added, so MicroShift test compatibility check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	This PR updates only Dockerfile image references (4.22→5.0) and includes no new Ginkgo e2e tests. The SNO compatibility check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR only modifies a Dockerfile's image version references (4.22→5.0); no deployment manifests, operator code, controllers, or scheduling constraints are added/modified.
Ote Binary Stdout Contract	✅ Passed	PR only modifies Dockerfile image references (4.22→5.0); no Go source code or executable binaries changed. OTE Binary Stdout Contract check is inapplicable to Dockerfile-only changes.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR modifies only Dockerfile.upi.ci with image version updates; no Ginkgo e2e tests are added, making the test compatibility check not applicable.
No-Weak-Crypto	✅ Passed	PR updates Dockerfile.upi.ci to OpenShift 5.0 images; no weak crypto patterns (MD5, SHA1, DES, RC4, etc.) detected. Uses modern cryptography and pyOpenSSL packages as required dependencies.
Container-Privileges	✅ Passed	Dockerfile contains no privileged, hostPID, hostNetwork, hostIPC, SYS_ADMIN, or allowPrivilegeEscalation directives; container runs as non-root user 1000:1000.
No-Sensitive-Data-In-Logs	✅ Passed	No logging exposing passwords, tokens, API keys, PII, or other sensitive data found. Existing logging statements (Google Cloud repo config, curl flags, version/plugin output) contain only non-sensi...

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign andfasano for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@patrickdillon: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/yaml-lint	abe0c11	link	true	/test yaml-lint
ci/prow/e2e-azure-ovn-upi	abe0c11	link	false	/test e2e-azure-ovn-upi
ci/prow/e2e-vsphere-ovn-upi-zones	abe0c11	link	false	/test e2e-vsphere-ovn-upi-zones
ci/prow/golint	abe0c11	link	true	/test golint
ci/prow/e2e-gcp-ovn-upi	abe0c11	link	true	/test e2e-gcp-ovn-upi

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[tthvo]

installer/images/installer/Dockerfile.ci

Line 8 in ba2b88b

FROM registry.ci.openshift.org/ocp/builder:rhel-9-golang-1.26-openshift-5.0 AS builder

Should we use go v1.26 image like others? It seems fine even though installer is on 1.25...