Dependabot-code-gen should be updating hack/tools/go.mod and hack/tools/go.sum

[nawazkh]

/kind bug

[Before submitting an issue, have you checked the Troubleshooting Guide?]

What steps did you take and what happened: [A clear and concise description of what the bug is.]

• Dependabot-code-gen is not updating hack/tools/go.mod and hack/tools/go.sum when Dependabot raises a version update PR.

What did you expect to happen:

• Dependabot-code-gen should be updating hack/tools/go.mod and hack/tools/go.sum when Dependabot raises a version update PR.
• CAPI is updating dependencies in CAPI/hack/tools/go.mod and CAPI/test/go.mod when CAPI/go.mod gets updated. Example: https://github.com/kubernetes-sigs/cluster-api/pull/7884 Notice that the second commit (Update Code Gen) gets applied by CAPI dependabot-workflow.. This doesn't seem to be happening at CAPZ.

Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]

Environment:

• cluster-api-provider-azure version:
• Kubernetes version: (use kubectl version):
• OS (e.g. from /etc/os-release):

[nawazkh]

I opened this issue to keep a track of dependabot-code-den investigation.

[CecileRobertMichon]

@nawazkh slightly tangent but I wonder if you have any ideas around how we could ensure we also keep the tools we install in the Makefile up to date https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/main/Makefile#L71, I noticed a lot of them have old versions

[nawazkh]

^note to self. dependabot-code-gen workflow should have updated the (direct/indirect) modules present in hack/tools/go.mod too.

• [ ] Why is dependabot-code-gen not updating hack/tools/go.mod?
• [ ] How are we using hack/tools/go.mod at CAPZ.

[nawazkh]

@nawazkh slightly tangent but I wonder if you have any ideas around how we could ensure we also keep the tools we install in the Makefile up to date https://github.com/kubernetes-sigs/cluster-api-provider-azure/blob/main/Makefile#L71, I noticed a lot of them have old versions

Great thought! We could probably implement something like tools.go to manage our dependencies. And also export/set those env variables (ex CONTROLLER_GEN) to be used in Makefile.

[nawazkh]

Also take a look at https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/3199#issuecomment-1447264709

[nawazkh]

Note to self: Also check if you can automate this in anyway https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/3214#issuecomment-1452367469

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[nawazkh]

/remove-lifecycle stale

[mboersma]

4121 is an example of dependabot updating the vendoring in hack/tools correctly. Although the big delta between versions seems to suggest it missed several releases before opening this PR.

Did something in our configuration for dependabot change, or maybe a bug got fixed upstream?

[nojnhuh]

https://github.com/kubernetes-sigs/cluster-api-provider-azure/pull/4199 Also falls into that category and the common thread there seems to be that both are fixing security alerts.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[nawazkh]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Reopen this issue with /reopen
• Mark this issue as fresh with /remove-lifecycle rotten
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

[k8s-ci-robot]

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to [this](https://github.com/kubernetes-sigs/cluster-api-provider-azure/issues/3032#issuecomment-2198322930): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue with `/reopen` >- Mark this issue as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close not-planned > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.