govulncheck: bump go builder image

[AlexNPavel]

Use openshift_release_rhel-9-release-golang-1.26-openshift-5.0 for govulncheck image.

Summary by CodeRabbit

This PR updates the govulncheck supplemental CI image build configuration to use a newer OpenShift go builder image. The change upgrades the base builder image from rhel-9-release-golang-1.24-openshift-4.21 to rhel-9-release-golang-1.26-openshift-5.0, which means the govulncheck image will now build with Go 1.26 instead of Go 1.24.

The update affects the OpenShift CI infrastructure's supplemental container image used for vulnerability checking. The Dockerfile FROM reference and the associated BuildConfig source and trigger ImageStreamTag references in clusters/app.ci/supplemental-ci-images/crt/govulncheck.yaml have all been updated to point to the new builder image tag.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: bc65e44c-2082-43ef-8a87-5dc0d47bdd94

📥 Commits

Reviewing files that changed from the base of the PR and between ccedf8e and 2ea112f.

📒 Files selected for processing (1)

• clusters/app.ci/supplemental-ci-images/crt/govulncheck.yaml

---

Walkthrough

The govulncheck supplemental CI image BuildConfig is updated to track a newer OpenShift CI base image. The Dockerfile FROM image and Docker strategy ImageStreamTag references are changed from rhel-9-release-golang-1.24-openshift-4.21 to rhel-9-release-golang-1.26-openshift-5.0.

Changes

govulncheck BuildConfig Image Tag Update

Layer / File(s)	Summary
Update BuildConfig to newer base image tag clusters/app.ci/supplemental-ci-images/crt/govulncheck.yaml	Dockerfile base image and Docker strategy ImageStreamTag references are updated from Go 1.24 with OpenShift 4.21 to Go 1.26 with OpenShift 5.0.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

Possibly related PRs

• openshift/release#79713: Updates image tag references from rhel-9-release-golang-1.24-openshift-4.21 to rhel-9-release-golang-1.26-openshift-5.0 for fulfillment service build root image stream.
• openshift/release#79664: Adds GitOps go-toolset 1.26.2 image, part of the same wave of CI toolchain updates.
• openshift/release#79494: Adjusts CI build configuration image tags to bump Go version from 1.24 to 1.25.

Suggested labels

lgtm, approved, rehearsals-ack

Suggested reviewers

• pruan-rht
• psalajova
• trewest
• akshaynadkarni

🚥 Pre-merge checks | ✅ 12

✅ Passed checks (12 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'govulncheck: bump go builder image' clearly summarizes the main change: updating the Go builder image version for the govulncheck supplemental CI image.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	PR only modifies a YAML BuildConfig file with no Ginkgo tests, so the test names check is not applicable.
Test Structure And Quality	✅ Passed	PR modifies only govulncheck.yaml, a YAML BuildConfig file. The custom check for Ginkgo test structure is not applicable since the PR contains no test code.
Microshift Test Compatibility	✅ Passed	PR only updates a CI build configuration file (govulncheck.yaml) with a new image tag; no Ginkgo e2e tests are added, so MicroShift test compatibility check is not applicable.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No Ginkgo e2e tests were added. This PR only updates build config metadata for a supplemental CI image, not test code.
Topology-Aware Scheduling Compatibility	✅ Passed	This PR modifies only a BuildConfig file for CI image building. It contains no deployment manifests, operator code, controllers, or scheduling constraints.
Ote Binary Stdout Contract	✅ Passed	PR modifies only a BuildConfig YAML file for building a govulncheck utility image; no source code changes that could violate OTE stdout contract.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR; it only updates a BuildConfig YAML file for a supplemental CI image. Check is not applicable.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-merge-bot]

[REHEARSALNOTIFIER]
@AlexNPavel: no rehearsable tests are affected by this change

Note: If this PR includes changes to step registry files (ci-operator/step-registry/) and you expected jobs to be found, try rebasing your PR onto the base branch. This helps pj-rehearse accurately detect changes when the base branch has moved forward.

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: AlexNPavel, bradmwilliams

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• clusters/app.ci/supplemental-ci-images/crt/OWNERS [AlexNPavel,bradmwilliams]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@AlexNPavel: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.