NO-JIRA: Switch container dependencies to Podman monorepo

[rh-roman]

Around August 2025 container containers/common, containers/storage, and containers/image were consolidated into containers/container-libs monorepo. All maintenance work has been happening in the monorepo since then.

Migrating from legacy container dependencies to the new Podman import paths.

Updating to newest version of image and storage dependencies

• github.com/containers/image/v5 v5.36.2 → go.podman.io/image/v5 v5.40.0
• github.com/containers/storage v1.59.1 → go.podman.io/storage v1.63.0

The migration automatically upgraded transitive dependencies:

• golang.org/x/crypto v0.49.0 → v0.51.0
• golang.org/x/net v0.52.0 → v0.54.0
• golang.org/x/sys v0.42.0 → v0.44.0
• golang.org/x/term v0.41.0 → v0.43.0

Summary by CodeRabbit

• Chores
  • Updated Go toolchain to version 1.25.6
  • Updated multiple dependencies across the project to latest versions for enhanced compatibility and stability

[coderabbitai]

Walkthrough

This PR updates the Go toolchain to version 1.25.6, bumps multiple module dependencies, and migrates import paths from the containers ecosystem (github.com/containers/) to Podman equivalents (go.podman.io/) across image handling and storage packages.

Changes

Dependency migration and version updates

Layer / File(s)	Summary
Go toolchain and dependency version bumps go.mod	Go toolchain updated from 1.25.0 to 1.25.6; all transitive and direct module versions bumped, including golang.org/x modules, container/docker registry libraries, OCI runtime/SELinux, security/signing (Sigstore, secure-systems-lab), observability (Prometheus, OpenTelemetry), and compression libraries.
Image library imports migration to Podman equivalents pkg/cli/admin/verifyimagesignature/verify-signature.go, pkg/cli/image/manifest/dockercredentials/auth_resolver.go, pkg/cli/image/manifest/dockercredentials/auth_resolver_test.go, pkg/cli/image/manifest/dockercredentials/credential_store_factory.go, pkg/cli/image/manifest/dockercredentials/credential_store_factory_test.go, pkg/cli/registry/login/login.go	Import paths for Docker reference, signature policy, authentication types, and image configuration switched from github.com/containers/image/v5 to go.podman.io/image/v5 across signature verification, credential resolution, and login workflows.
Storage library import migration to Podman equivalent pkg/cli/image/archive/archive_unix.go	Storage system package import updated from github.com/containers/storage/pkg/system to go.podman.io/storage/pkg/system.
Import statement reordering pkg/cli/image/imagesource/file.go	Manifest import reordered after distribution and go-digest imports with no functional changes.

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 11 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (11 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	Modified test files use standard Go testing.T with t.Run() and static test names. No Ginkgo framework (It/Describe/Context) detected in the PR. All test names are hardcoded, deterministic strings.
Test Structure And Quality	✅ Passed	PR modified 2 test files using Go's standard testing package, not Ginkgo framework. Custom check for Ginkgo test quality is not applicable to this PR.
Microshift Test Compatibility	✅ Passed	PR does not add any new Ginkgo e2e tests; it only updates imports and Go module dependencies for dependency migration to the Podman monorepo.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests are added in this PR; changes are only dependency updates and import path migrations to Podman monorepo in existing unit tests and source code.
Topology-Aware Scheduling Compatibility	✅ Passed	PR contains only Go module version updates and import path changes; no deployment manifests, operator code, controllers, or scheduling constraints introduced.
Ote Binary Stdout Contract	✅ Passed	PR only updates dependency import paths and versions with no changes to executable code, entry points, or stdout writing behavior.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No new Ginkgo e2e tests added. PR only updates dependency imports and go.mod; existing unit tests had imports updated without test logic changes.
Title check	✅ Passed	The title accurately describes the main change: migrating container dependencies from the legacy containers/* repositories to the Podman monorepo import paths.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[ardaguclu]

/retest
/payload 5.0 nightly blocking

[openshift-ci]

@ardaguclu: trigger 13 job(s) of type blocking for the nightly release of OCP 5.0

• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-upgrade-ovn-single-node
• periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-upgrade-fips
• periodic-ci-openshift-release-main-ci-5.0-e2e-azure-ovn-upgrade
• periodic-ci-openshift-release-main-ci-5.0-upgrade-from-stable-4.22-e2e-gcp-ovn-rt-upgrade
• periodic-ci-openshift-hypershift-release-5.0-periodics-e2e-aws-ovn-conformance
• periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-1of2
• periodic-ci-openshift-release-main-nightly-5.0-e2e-aws-ovn-serial-2of2
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-1of3
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-2of3
• periodic-ci-openshift-release-main-ci-5.0-e2e-aws-ovn-techpreview-serial-3of3
• periodic-ci-openshift-release-main-nightly-5.0-e2e-metal-ipi-ovn-ipv4
• periodic-ci-openshift-release-main-nightly-5.0-e2e-metal-ipi-ovn-ipv6

See details on https://pr-payload-tests.ci.openshift.org/runs/ci/5399bfe0-598a-11f1-8a21-e58e4f2b141f-0

[rh-roman]

/retest

[ardaguclu]

/retitle NO-JIRA: Switch container dependencies to Podman monorepo
/lgtm
/approve
/verified by CI
/hold
feel free to unhold, if we are sure that this won't compile if we set go.mod to 1.25.0.

[ardaguclu]

Did we test this PR with 1.25.0?. I assume that oc won't compile?.

[rh-roman]

go mod tidy set it to 1.25.6, probably because container-libs/image (go.mod) requires 1.25.6.

I installed 1.25.0 locally and manually set go.mod to 1.25.0, it does not build

GOTOOLCHAIN=go1.25.0 make oc
go: github.com/google/go-containerregistry in vendor/modules.txt requires go >= 1.25.6 (running go 1.25.0; GOTOOLCHAIN=go1.25.0)
vendor/github.c

[openshift-ci-robot]

@rh-roman: This pull request explicitly references no jira issue.

Details

In response to this:

Around August 2025 container containers/common, containers/storage, and containers/image were consolidated into containers/container-libs monorepo. All maintenance work has been happening in the monorepo since then.

Migrating from legacy container dependencies to the new Podman import paths.

Updating to newest version of image and storage dependencies

• github.com/containers/image/v5 v5.36.2 → go.podman.io/image/v5 v5.40.0
• github.com/containers/storage v1.59.1 → go.podman.io/storage v1.63.0

The migration automatically upgraded transitive dependencies:

• golang.org/x/crypto v0.49.0 → v0.51.0
• golang.org/x/net v0.52.0 → v0.54.0
• golang.org/x/sys v0.42.0 → v0.44.0
• golang.org/x/term v0.41.0 → v0.43.0

Summary by CodeRabbit

• Chores
• Updated Go toolchain to version 1.25.6
• Updated multiple dependencies across the project to latest versions for enhanced compatibility and stability

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

@ardaguclu: This PR has been marked as verified by CI.

Details

In response to this:

/retitle NO-JIRA: Switch container dependencies to Podman monorepo
/lgtm
/approve
/verified by CI
/hold
feel free to unhold, if we are sure that this won't compile if we set go.mod to 1.25.0.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ardaguclu, rh-roman

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [ardaguclu]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@rh-roman: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[ardaguclu]

/unhold

[rh-roman]

/unhold Confirmed it doesn't compile under 1.25.0