Skip to content

fix: Artifact Hub email consistency and disable Docker Dependabot #65

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 18, 2025
Merged

fix: Artifact Hub email consistency and disable Docker Dependabot #65

merged 1 commit into from
Nov 18, 2025

Conversation

@vivekr-splunk
Copy link
Collaborator

@vivekr-splunk vivekr-splunk commented Nov 18, 2025
edited
Loading

Summary

This PR contains follow-up fixes after PR #64 was merged:

  1. Artifact Hub email consistency - Uses consistent email across all configs
  2. Disable Docker Dependabot - Prevents errors from private ECR access

Changes

1. Artifact Hub Email Consistency

  • Changed all Artifact Hub emails from opensource@splunk.com to splunkai@cisco.com
  • Ensures consistency with existing Chart.yaml maintainers
  • Updated files:
    • artifacthub-repo.yml
    • helm-chart/splunk-ai-operator/Chart.yaml
    • helm-chart/splunk-ai-platform/Chart.yaml

2. Disable Docker Dependabot Checks

  • Commented out docker package-ecosystem in Dependabot config
  • Root cause: Docker images reference private ECR repositories:
    • 667741767953.dkr.ecr.us-west-2.amazonaws.com/ml-platform/ray/*
    • 667741767953.dkr.ecr.us-west-2.amazonaws.com/ml-platform/saia/*
  • Dependabot cannot access private ECR without AWS credentials
  • Result: Resolves "The updater encountered one or more errors"

Dependabot Configuration After This PR

Still Enabled:

  • ✅ Go module dependency updates (gomod ecosystem)
  • ✅ GitHub Actions updates (github-actions ecosystem)
  • ✅ Dependency grouping by category (k8s, cloud providers, observability, testing)
  • ✅ Monthly scheduling to reduce noise
  • ✅ Go toolchain ignore rules (manual version management for security)

Now Disabled:

  • ❌ Docker base image updates (due to private ECR access limitation)

Why These Changes

Email Consistency: Copilot identified that the email address was inconsistent. Using splunkai@cisco.com matches the existing maintainer email in Chart.yaml files.

Docker Dependabot: Dependabot runs were failing because it tries to scan Docker images referenced in the repository, but cannot access private ECR repositories without AWS credentials. Disabling Docker checks allows Go module and GitHub Actions updates to continue working.

Context

Test Plan

  • Email addresses consistent across all Artifact Hub files
  • Dependabot config validates (YAML syntax correct)
  • Helm charts lint successfully
  • Next Dependabot run succeeds without Docker ecosystem (will verify after merge)

Related

🤖 Generated with Claude Code

Co-Authored-By: Claude noreply@anthropic.com

@claude
fix: disable Docker Dependabot to avoid private ECR access errors
ecc74b5 
- Comment out docker package-ecosystem in Dependabot config
- Docker images reference private ECR repos that Dependabot cannot access
- Keeps gomod and github-actions ecosystem checks enabled
- Resolves: 'The updater encountered one or more errors' for Dependabot

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
Copilot finished reviewing on behalf of vivekr-splunk November 18, 2025 23:13
Copilot AI reviewed Nov 18, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR disables the Docker package ecosystem in Dependabot configuration to prevent update errors. The configuration is commented out rather than deleted, preserving the settings for potential future use.

  • Commented out the entire Docker ecosystem section in .github/dependabot.yml
  • Added an explanatory comment about private ECR repository access issues
  • Maintains gomod and github-actions ecosystem checks as active

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/dependabot.yml
commit-message:
prefix: "chore(deps)"
include: "scope"
# Disabled: Images reference private ECR repositories that Dependabot cannot access
Copy link

Copilot AI Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment states "Images reference private ECR repositories," but the Dockerfiles (Dockerfile and Dockerfile.debug) actually use public images:

  • docker.io/golang:1.24 (builder stage)
  • gcr.io/distroless/static:nonroot (runtime stage)
  • gcr.io/distroless/base-debian12:debug (debug runtime)

While the codebase does reference private ECR images (e.g., 667741767953.dkr.ecr.us-west-2.amazonaws.com/ml-platform/ray/*), these are in environment variables and configuration files, not in the Dockerfiles that Dependabot's docker ecosystem would scan.

Consider either:

  1. Updating the comment to accurately reflect the reason for disabling (e.g., "Disabled to reduce noise" or another valid reason), or
  2. If there are specific Dependabot errors, mention those in the comment
Suggested change
# Disabled: Images reference private ECR repositories that Dependabot cannot access
# Disabled: To reduce noise from frequent base image updates. Dockerfiles use public images.

Copilot uses AI. Check for mistakes.
@coveralls
Copy link

coveralls commented Nov 18, 2025

Pull Request Test Coverage Report for Build 19483635287

Details

  • 0 of 0 changed or added relevant lines in 0 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage remained the same at 36.822%
Totals Coverage Status
Change from base Build 19483438113: 0.0%
Covered Lines: 2336
Relevant Lines: 6344
💛 - Coveralls

@vivekr-splunk vivekr-splunk changed the title fix: disable Docker Dependabot to avoid private ECR access errors fix: Artifact Hub email consistency and disable Docker Dependabot Nov 18, 2025
@vivekr-splunk vivekr-splunk merged commit 6552627 into main Nov 18, 2025
14 checks passed
@vivekr-splunk vivekr-splunk deleted the feat/add-bom-sbom-generation branch November 18, 2025 23:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@scai-splunk scai-splunk scai-splunk approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vivekr-splunk @coveralls @scai-splunk